last executing test programs:

3m19.788327381s ago: executing program 1 (id=29):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x4, 0x8, 0x3d, 0x41}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000180), 0x1003, r0}, 0x38)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
openat$procfs(0xffffff9c, 0x0, 0x0, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x62, 0x0)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
socket$kcm(0x29, 0x5, 0x0)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44010}, 0x40000)

3m14.473857778s ago: executing program 1 (id=36):
eventfd2(0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
sync()

3m7.631431067s ago: executing program 1 (id=46):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x1, 0x4}, 0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$PTRACE_GETSIGMASK(0x420a, r2, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x0, 0x3, r1, 0x230d}, 0xc)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0xa, 0x4)
r3 = add_key$user(&(0x7f00000036c0), &(0x7f0000003700)={'syz', 0x0}, &(0x7f00000004c0)="c2", 0xf, 0xfffffffffffffffb)
keyctl$setperm(0x5, r3, 0x1010)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000000)=0x3)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="84000000180010002abd7000fedbdf251c10206e0002ff9e00200000140012002c00b62c30055cf709ec0cff4ed4b1690c00090000000201", @ANYRES32=r1, @ANYBLOB="140012000100af5bd5e76a000000000000000000080001000000000008000400", @ANYRES32=r1, @ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x20004085}, 0x4044)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x4000080)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
close(r4)

3m1.705099373s ago: executing program 1 (id=56):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x3e, 0x0, 0x0)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x890d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000540)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
symlinkat(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mount$overlay(0x0, &(0x7f0000000a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0)

2m59.474083887s ago: executing program 1 (id=60):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r1 = open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xfffffffffffffffe, 0x0, {{0x6, 0x0, 0x5, 0x81, 0x1, 0x1, {0x6, 0xff, 0x5, 0x8, 0xe, 0xd615, 0x9, 0x1, 0xfffffffe, 0x1000, 0x4000000, 0x0, 0xffffffffffffffff, 0x5, 0x2000000}}, {0x0, 0x19}}}, 0xa0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
semop(0x0, 0x0, 0x0)
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x5, 0x210001)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
madvise(&(0x7f0000568000/0x3000)=nil, 0x3000, 0x19)
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)

2m52.441484592s ago: executing program 1 (id=67):
io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r3, 0xffff)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r4, 0x80046402, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x80000)

2m35.177863693s ago: executing program 32 (id=67):
io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r3, 0xffff)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r4, 0x80046402, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x80000)

2m18.370038533s ago: executing program 5 (id=113):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x341800, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r3, 0x4004510f, &(0x7f0000000100)=0x9)
socket$netlink(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000000000fffd000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc980000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000006c0003806800008008000340000000025c000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000100002c0001800a0001006c696d69740000"], 0xfc}, 0x1, 0x0, 0x0, 0x4000850}, 0x844)

2m14.543281172s ago: executing program 5 (id=117):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x100, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x1ff, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x8, 0xf6, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x2, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x4, 0xffffffff, 0x7, 0x1fd, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0x7, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x2], [0x8, 0x7, 0xffffffff, 0xfffffffc, 0x8000, 0x2, 0x74d6, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x0, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a0, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x7ffffffd, 0x8, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
listen(r1, 0x90004)
syz_emit_vhci(&(0x7f0000001180)=ANY=[@ANYBLOB="043e130100c900", @ANYRESHEX], 0x16)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x81, 0x0, 0x4000, 0x1}, 0x10)

2m9.793459246s ago: executing program 5 (id=122):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
pipe(&(0x7f0000000100))
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha224)\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x80000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
socket(0x2c, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x50)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000140)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r2}, 0x0, &(0x7f0000000940)=r3}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, 0x0, &(0x7f0000000080)=@tcp6, 0x1}, 0x20)
r4 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0})
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2m7.9622828s ago: executing program 5 (id=126):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r4, 0x0, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x4, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x2}, {&(0x7f00000000c0)=""/160, 0xa0}, &(0x7f0000000340)=[{&(0x7f0000000240)=""/109, 0x6d}], 0x1, 0x60, 0xfdfffffefffffffe}}, @mask_fadd={0x58, 0x114, 0x8, {{0x7, 0x1}, 0x0, 0x0, 0x8, 0x3, 0x9f, 0x5e7, 0x73, 0x7fff}}], 0xa0, 0x4800}, 0x0)

2m5.402568762s ago: executing program 5 (id=129):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000f15800000000000000000000000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000058000000060a010400000000000000000100000808000b4000000000300004802c0001800c00010062697477697365001c0002800800064000000001080001400000001408000240000000120900010073797a3000000000140000010000000000000000000700e909000000fd7fb19b9241e11482191e4ee059879db9485feff8bd1485cc2902cc01c2623ed2fbc5795824a6875f23031e03b457e8f388cfe8727725ac93c9ba04e10c2610b6f2c2d988a9026fec8ab9100336b4da55824c04d161618bb1df2954f2f40121d65274b843958adb32e777bc88a4"], 0xcc}}, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
shutdown(r3, 0x1)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000000c0)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r5=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r6, <r7=>0xffffffffffffffff})
ppoll(&(0x7f00000001c0)=[{r7}], 0x1, 0x0, 0x0, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000600)=[{0x6, 0x7, 0x0, 0x7fff8000}]})
close_range(r8, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000100001002cbd7000ffdbdf2500000000aa411c853c852aeeaf9b6f8a8d4b1db9c8814fdef48ec676a5d0b3e7c77869ed35c3bcb1cdcd88bc3c5fcc02c4674d11bd0fa0d0a6a2591e3b0b0dfaaab4d82b5a1d476f0c2732f1b4691cc351c397fea5f57d5c2249a4e398d2b71bb56845c776bb99e36cd1d48a36a2bf02", @ANYRES32=0x0, @ANYBLOB="4db20200241a0100140003006e657464657673696d300000000000000c0016800800018004000c"], 0x40}, 0x1, 0x0, 0x0, 0x408c1}, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r9 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x194)
quotactl_fd$Q_QUOTAOFF(r9, 0xffffffff80000301, 0x0, 0x0)

2m4.128810921s ago: executing program 5 (id=131):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x100000000005, &(0x7f0000000180), 0x106, 0x9}}, 0x20)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000001c0), 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x4e23, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000340)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="64656275672c757466383d312c757466383d302c757466383d312c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c002bc08d8cca74e8ecafb48437094fe1a4a2383bd9d85bff651d1101fd722e01b9b5d22f08b5fc0ac7cbf33fb553a90ae4d01d71ddeeb089f517aeaaa271899287d5b8949b02b23c2807b7d81714b89e9682f6c3faa6107733a77a4cf985560ed64ec24e255dee3654aa2ba55be4bf3ae257adba34bed8e52e4122bb46aa57a75dab0288098e42f886f09bdf63537db28a454b02a4204a7e7dac3c30a6d4b5c814916b02d7147f667ec516545366cc56018bc1b563b100a2e4c51c06546a25a2005847c9fcede77362f54890e96075086110ee9cec7a20b139d819c94dc4c36c0b9ae55721f33f037cf92f2c4941a4bc36eb6c79859a1e120eb2c9ff5210b7cf35bf5d1d0b61a8fc3c5f55888eca4c844ed0436afaa9e9ca1a8fa1ffbbdf0fd03a6263fc21bcaaeae592a90fd64085944d4b5de552f49e2ff3a09de62f85d0c6020cdb7ef052a53afe", @ANYRES32=0x0], 0x3, 0x26f, &(0x7f0000000680)="$eJzs2s9rHGUYB/BnY2I3KelG/EUL4ose1MvS5OyhRSKIAUWNUAXp1Ex0zbgbMktgRUxOevVP8CwevQnSo5dc/As8eMslxx7Ekd3Z1CQWWjHdhPr5HIaHyXxn3nnf8PLssvuvfvv5xnrZXs/6MdVoxNS12I07jViIqTi0G6+8dOOX59698cGb11dWmuOzSymlS8///OGXP7xwu3/x/R8v/XQh9hY+2j9Y+n3vmb3L+3++92mnTJ0ydXv9lKVbvV4/u1Xkaa1TbrRTervIszJPnW6Zbx37+3rR29wcpKy7Nj+3uZWXZcq6g7SRD1K/l/pbg5R9knW6qd1up/m54L9Y/f5OVcVBNXMzqqqa/S4u3o7536IVjSdS48lrjadvNp7dbVw+qKrWyejs2YyY01Wv/+Pxr9efR8J4U19+J6VmTA+3hO3ViOKb4TGiGdfXoxNF5HE1ZuOP0b/JWF2//sbK8tU0shBfFzvbdX5ne/Wx0f3v5hejFQv3zi/W+XSYvxARw+Pc0fxStOKpe+eXTuTr5zfj5ReP5NvRil8/jl4UsRbDbOyMp2D5q8WUXntr5UT+yug6AIBHTbtunWai7t+GTdux/q09vuCf/V2dP9Iftu7TH57or6bjyvTZvjsR5eCLjawo8q3hB7xRcffMKRQz46ec2g0nUcwenZYHKQ6/Cnl4A5s6tmbnZaL+v8Xu+RjGQy0iPpv4bsSk/b3o9720OZEBAQAAAAAAAAAA8EAm8XPCs35HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfPsrAAD//6c2uyA=")
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@getqdisc={0x24, 0x26, 0x100, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x1, 0xf}, {0x9, 0x4}, {0xfff3, 0x7}}}, 0x24}}, 0x801)

1m44.052705159s ago: executing program 33 (id=131):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x100000000005, &(0x7f0000000180), 0x106, 0x9}}, 0x20)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000001c0), 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x4e23, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000340)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="64656275672c757466383d312c757466383d302c757466383d312c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c002bc08d8cca74e8ecafb48437094fe1a4a2383bd9d85bff651d1101fd722e01b9b5d22f08b5fc0ac7cbf33fb553a90ae4d01d71ddeeb089f517aeaaa271899287d5b8949b02b23c2807b7d81714b89e9682f6c3faa6107733a77a4cf985560ed64ec24e255dee3654aa2ba55be4bf3ae257adba34bed8e52e4122bb46aa57a75dab0288098e42f886f09bdf63537db28a454b02a4204a7e7dac3c30a6d4b5c814916b02d7147f667ec516545366cc56018bc1b563b100a2e4c51c06546a25a2005847c9fcede77362f54890e96075086110ee9cec7a20b139d819c94dc4c36c0b9ae55721f33f037cf92f2c4941a4bc36eb6c79859a1e120eb2c9ff5210b7cf35bf5d1d0b61a8fc3c5f55888eca4c844ed0436afaa9e9ca1a8fa1ffbbdf0fd03a6263fc21bcaaeae592a90fd64085944d4b5de552f49e2ff3a09de62f85d0c6020cdb7ef052a53afe", @ANYRES32=0x0], 0x3, 0x26f, &(0x7f0000000680)="$eJzs2s9rHGUYB/BnY2I3KelG/EUL4ose1MvS5OyhRSKIAUWNUAXp1Ex0zbgbMktgRUxOevVP8CwevQnSo5dc/As8eMslxx7Ekd3Z1CQWWjHdhPr5HIaHyXxn3nnf8PLssvuvfvv5xnrZXs/6MdVoxNS12I07jViIqTi0G6+8dOOX59698cGb11dWmuOzSymlS8///OGXP7xwu3/x/R8v/XQh9hY+2j9Y+n3vmb3L+3++92mnTJ0ydXv9lKVbvV4/u1Xkaa1TbrRTervIszJPnW6Zbx37+3rR29wcpKy7Nj+3uZWXZcq6g7SRD1K/l/pbg5R9knW6qd1up/m54L9Y/f5OVcVBNXMzqqqa/S4u3o7536IVjSdS48lrjadvNp7dbVw+qKrWyejs2YyY01Wv/+Pxr9efR8J4U19+J6VmTA+3hO3ViOKb4TGiGdfXoxNF5HE1ZuOP0b/JWF2//sbK8tU0shBfFzvbdX5ne/Wx0f3v5hejFQv3zi/W+XSYvxARw+Pc0fxStOKpe+eXTuTr5zfj5ReP5NvRil8/jl4UsRbDbOyMp2D5q8WUXntr5UT+yug6AIBHTbtunWai7t+GTdux/q09vuCf/V2dP9Iftu7TH57or6bjyvTZvjsR5eCLjawo8q3hB7xRcffMKRQz46ec2g0nUcwenZYHKQ6/Cnl4A5s6tmbnZaL+v8Xu+RjGQy0iPpv4bsSk/b3o9720OZEBAQAAAAAAAAAA8EAm8XPCs35HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfPsrAAD//6c2uyA=")
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@getqdisc={0x24, 0x26, 0x100, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x1, 0xf}, {0x9, 0x4}, {0xfff3, 0x7}}}, 0x24}}, 0x801)

25.643817223s ago: executing program 0 (id=245):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000200)={0x6, @local, 0x4e23, 0x3, 'rr\x00', 0x20, 0x3, 0x28}, 0x2c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x88}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000300)={0x28, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r7, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010101}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x44080)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

22.968964224s ago: executing program 0 (id=248):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xffff24d6, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xd, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x1, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x5, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x9, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0xf, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0x3, 0x1, 0x0, 0x0, 0x2, 0x5, 0x8, 0x3, 0x0, 0x802, 0x2, 0x8, 0x7ff, 0x1, 0x9, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x5, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x40000, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x6, 0x3, 0x9, 0x9a6, 0xe4cb, 0x2, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x0, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x200, 0x2]}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x9, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x9888, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x8, 0x9, 0x6, 0x80000001, 0x3, 0x1, 0xd4, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x6, 0xb, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0xbf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x4, 0x1000, 0x1, 0x8, 0x1, 0x7ff, 0x4, 0x8, 0xd, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0x9, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f0, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x800004, 0xfffffffe, 0xffffff7f, 0x3, 0x8, 0x6, 0xd, 0x3, 0xa, 0xd0, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x5, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x1, 0x807, 0x1ff, 0x3, 0x400, 0x80000000, 0x1040, 0x3, 0xfffffffa, 0x9a5, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x6, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x2, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x1, 0x4, 0x8001, 0x3]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r8, &(0x7f0000000200)="2478546ca4fa3b0bfe4ddf30cc5a", 0xe, 0x4000050, &(0x7f00000001c0)={0x11, 0xf7, r7, 0x1, 0xd8, 0x6, @multicast}, 0x14)
r9 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r10, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)

17.416862095s ago: executing program 2 (id=254):
syz_mount_image$minix(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x2004000, &(0x7f0000000640)=ANY=[@ANYRES16=0x0, @ANYBLOB="76e6299582673a17dc165b52126d9b5ebefaffce7591b3e858ec5ed1c0bcfbb28bb8b0771b9d7bafda74268d068808dfeb2186c0cb22ce6d409cafb470c8dbeee8adbd992946fcbac0d8526cacf256ba422844b1f83d45e058a5c282098be693631c1a9abe0347be4d78f840ad5fe1b5b66ec21a3649b537497775cba62faf8223fa64df6cc1c3ff32e60c28cc9db40351dbc9460f90ff5c82bfc19be3daf82609d615a9d272f9693791b73c9265ccca96d673ec071275dfc825d56bb3ae3b200390", @ANYRES32=0x0, @ANYRESHEX], 0x9, 0x226, &(0x7f0000000140)="$eJzs20tu00Acx/GfU8epy/u1YQMSSLAhKWmk0B09ABdgV6VuVeFSRNm0QqorJO7BHRASO24CSxYUwQmM/EriEjuOTR7A9yOl+Wfk38wo6riTKiMA/63L4U9Dhuph5fv+8W1JT59IMnOj1kwmCGBqfCNa9Fms6On7h3Tzcn4KwN9h6cfo9kbmAv+YFLX+XcCawsQATNnpxlK4D/hkSJ9/vu59ix/1gvuH042atKQvphe9TvKWtFwof2KEzzfNQTZ4NJTuwPAy9i/vovw9pfN20fnH46+cya+MCwYfmSRbJ7Xw5f076fw5SeclXZB0UdKl+LPWFUlXkx7k9cffOjP+jYLzB6oIfvuaqZZCyzadb+Zc0MjPB6tne9d1VicadaAe5x9OkLk7VFtxvl1y/CS/VjLfiPPN3r67lXnV45K9A/lqUseokC+d3e/2yyrr3yyx/gFEDg6Pnm26brLdd52Xccv4opZ/jV20n2qFPdGcM4pkz2NoJnMeVRzPY9DRhe9Lf6Cf5E0NWkzf0/jU24mGCG79QXErHmcR3rrihb0Y08guBveI92+S1QHgX9J6tfeidXB49GB3b3PH2XGetzvrjzpr7U53vbXddZ3VVpXdOYBFNvijLxX5n3n+V4IAAAAAAAAAAAAAAMA8XJN0fd6TAAAAADAT5U4IGfFRoKTla0+/nZzzhr5ZPIRDRAAAAAAAAAAAAAAAAAAAAEBpvwIAAP//cZUsSg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x2001, 0x4, 0x1}, 0x10)
bind$tipc(r4, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r6, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0x0, 0x1}}}}, 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000000)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xe7c)

15.997244012s ago: executing program 3 (id=257):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x104}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000080)={0x0, 0x1, 0x7, 0x10001, 0x5, "1afa86d32101b58680cdda128ed251c679583d", 0x3f, 0x80000004})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r4, 0x410, &(0x7f0000000080)={0x0, 0x1, 0x6, 0x1fd})
unlink(&(0x7f0000000100)='./file0\x00')

15.418976057s ago: executing program 0 (id=258):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x11, r0)
r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x11, r0)
ptrace(0x10, r2)
ptrace(0x11, r2)
r3 = landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
ptrace(0x10, r0)
ptrace(0x11, r0)
ptrace(0x10, r2)
ptrace(0x11, r2)
ptrace(0xffffffffffffffff, 0x0)

14.252145264s ago: executing program 3 (id=259):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r0 = getpid()
getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_adjtime(0x0, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$getregset(0x4204, r3, 0x2, 0x0)
r4 = socket$inet(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)

14.189582693s ago: executing program 4 (id=260):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
openat$rtc(0xffffff9c, &(0x7f0000000040), 0xc2440, 0x0)
socket(0x28, 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000500100001"], 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}}, &(0x7f00000003c0)='syzkaller\x00', 0x5}, 0x94)
socket$alg(0x26, 0x5, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x200142, 0x18)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e24, @private=0xa0100fe}, {0x2, 0x200, @local}, {0x2, 0x4e21, @private=0xa010101}, 0x0, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x6})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48881)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

12.720737381s ago: executing program 2 (id=261):
openat$sndseq(0xffffffffffffff9c, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4043, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r3)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', 0x0]})
syz_open_dev$I2C(0x0, 0x1, 0x402)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

11.955478185s ago: executing program 3 (id=262):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x20000)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045731, &(0x7f0000000000))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_complete(0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$pokeuser(0x6, r4, 0x388, 0x41d9fda7)

11.806527617s ago: executing program 4 (id=263):
r0 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0xff5d, &(0x7f0000000240)=0x7834bcc6)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x11)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000000240)={0x1, @sdr={0x56555959, 0xfffffff7}})
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000006c0)=@generic={0x1, 0x4, 0x7})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
syz_emit_ethernet(0xfdef, 0x0, 0x0)

10.487187557s ago: executing program 0 (id=264):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7)
r2 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x9000)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={0x0}}, 0x4)
timer_create(0x3e295f6bdcf3ea24, 0x0, &(0x7f0000000000))

9.833430809s ago: executing program 2 (id=265):
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev={0xfe, 0x80, '\x00', 0xfe}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
prctl$PR_SET_IO_FLUSHER(0x34, 0x2)

9.537291441s ago: executing program 3 (id=266):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x10, 0x3, 0x7e7b)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x119)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
capget(&(0x7f0000000040), 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000400)='.\x00', 0xa4000921)
read(r1, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x50400, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r3})
close_range(r0, 0xffffffffffffffff, 0x0)

8.095218597s ago: executing program 2 (id=267):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000029a, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)
r4 = dup(r3)
r5 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x3, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x1, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ftruncate(r5, 0x200004)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)

7.417463376s ago: executing program 4 (id=268):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001080)="91d4d01c1fbb069b1faefa5f00444700449ce6086d5e162286", 0x19}], 0x1, 0x0, 0x0, 0x4991}, 0x4000880)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)=ANY=[], 0x20)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000040)="39000000130003474cbb65e1c3e4ffff06000d00010000000700000025000000040016000c0014000800001f000006060400180000008cdb25", 0x39}], 0x1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc000000010902"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000080)={0x0, 0x0})
sched_setattr(0x0, 0x0, 0x0)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000003)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x10)
r3 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)
sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)

5.842143349s ago: executing program 2 (id=269):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r3=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002440)=ANY=[], 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@other={'unlock', ' ', 'mem'}, 0xb)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000002e00190027bd7000000000040000000800180009ac0f00dc97b62898a857effbda9273b150669914fef0fcfd2c30050010661ec6b4fc790ab89744f067012e87a8a65e570352a03e88eb9ef3ed38a8f293e6f5"], 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="010000000300000004000000ff"], 0x48)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r2, 0x331, 0x2000, 0x40000000, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400400c}, 0x0)

5.368531562s ago: executing program 0 (id=270):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x12, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller0\x00', @broadcast})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200504, 0x0)
close(r7)
r8 = socket$unix(0x1, 0x2, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {0x3, 0xb}, {0xfff3, 0x6}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xb, 0x8, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x6008000)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

4.892114838s ago: executing program 3 (id=271):
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$nvram(0xffffffffffffff9c, 0x0, 0x20001, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
gettid()
mremap(&(0x7f000046d000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1a, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000280)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @tracing, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000002b40)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000007a00)={0x38, 0x26, 0x723, 0x0, 0x0, "", [@nested={0x28, 0xa9, 0x0, 0x1, [@nested={0x21, 0xeb, 0x0, 0x1, [@typed={0x8, 0x20, 0x0, 0x0, @fd=r1}, @generic="2db88f6f88ebb2fd1bd786312d0c165c579777e85d"]}]}]}, 0x38}], 0x1, 0x0, 0x0, 0x24008015}, 0x0)

3.905063648s ago: executing program 2 (id=272):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
dup(r0)
syz_io_uring_setup(0x3c05, &(0x7f0000000280)={0x0, 0x98bf, 0x0, 0x1, 0xad}, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$l2tp6(0xa, 0x2, 0x73)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
userfaultfd(0x801)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r3}, &(0x7f0000000240), &(0x7f0000000340)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000008c0)={r4, r2, 0x25, 0x2, @val=@tracing={0x0, 0x2e5b}}, 0x20)
syz_emit_ethernet(0x11, &(0x7f0000000800)=ANY=[], 0x0)

2.559393834s ago: executing program 4 (id=273):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x3c, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000040)=0x2c1, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
recvmmsg(r3, 0x0, 0x0, 0x40000000, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x4b8, 0x348, 0x18c, 0x203, 0x0, 0x19030000, 0x410, 0x2e0, 0x2e0, 0x410, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x6}]}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/13], 0x0}, 0x94)

1.491729757s ago: executing program 4 (id=274):
futex(0x0, 0x18d, 0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
gettid()
setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x4e21, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r3, 0x8)
r4 = accept4(r3, 0x0, 0x0, 0x0)
write(r4, &(0x7f00000002c0)="04", 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000100)={0x3, 0x0, 0x2}, 0x10)

1.296019762s ago: executing program 3 (id=275):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
clock_adjtime(0x17, &(0x7f0000000040)={0xd51, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x201, 0x0, 0x0, 0x1, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x100, 0x3, 0x0, 0xe438, 0x0, 0x0, 0xe0})
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000043c0)=""/4074, 0xfea}, {&(0x7f0000000c80)=""/4135, 0x1027}, {0x0}, {0x0}], 0x4}, 0x40000120)

15.468049ms ago: executing program 0 (id=276):
r0 = syz_open_dev$loop(0x0, 0xffff, 0x40)
ioctl$BLKGETSIZE64(r0, 0x80081272, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r1, 0x0, 0x801)
dup(r1)
getdents64(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
socket(0x1e, 0x805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r2, 0x3)
accept4$bt_l2cap(r2, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

0s ago: executing program 4 (id=277):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7)
socket(0x2, 0x3, 0xff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.160' (ED25519) to the list of known hosts.
[   91.293846][   T24] cfg80211: failed to load regulatory.db
[   94.713434][ T5819] cgroup: Unknown subsys name 'net'
[   94.863061][ T5819] cgroup: Unknown subsys name 'cpuset'
[   94.873176][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   96.611681][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   99.331501][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.340968][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   99.353382][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   99.360864][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.370815][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   99.382672][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.391330][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   99.399573][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   99.416092][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   99.432686][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   99.441266][ T5852] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   99.443136][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   99.452612][ T5852] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   99.457748][ T5858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   99.465062][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   99.477832][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.482275][ T5859] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   99.486114][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   99.493886][ T5858] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   99.502190][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   99.509449][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   99.520113][ T5861] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   99.521547][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   99.528643][ T5861] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.547331][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   99.549293][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   99.556518][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   99.564084][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   99.580873][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   99.588454][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  100.464546][ T5847] chnl_net:caif_netlink_parms(): no params data found
[  100.712458][ T5850] chnl_net:caif_netlink_parms(): no params data found
[  100.766823][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.774276][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.781758][ T5847] bridge_slave_0: entered allmulticast mode
[  100.790317][ T5847] bridge_slave_0: entered promiscuous mode
[  100.800031][ T5843] chnl_net:caif_netlink_parms(): no params data found
[  100.828291][ T5839] chnl_net:caif_netlink_parms(): no params data found
[  100.842190][ T5848] chnl_net:caif_netlink_parms(): no params data found
[  100.864037][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.871305][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.878611][ T5847] bridge_slave_1: entered allmulticast mode
[  100.886201][ T5847] bridge_slave_1: entered promiscuous mode
[  100.901500][ T5840] chnl_net:caif_netlink_parms(): no params data found
[  101.111612][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.169665][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.370174][ T5847] team0: Port device team_slave_0 added
[  101.388627][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.395881][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.403564][ T5843] bridge_slave_0: entered allmulticast mode
[  101.411803][ T5843] bridge_slave_0: entered promiscuous mode
[  101.420065][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.427211][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.434613][ T5850] bridge_slave_0: entered allmulticast mode
[  101.442246][ T5850] bridge_slave_0: entered promiscuous mode
[  101.449903][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.457055][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.464600][ T5848] bridge_slave_0: entered allmulticast mode
[  101.472291][ T5848] bridge_slave_0: entered promiscuous mode
[  101.480031][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.487244][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.495154][ T5839] bridge_slave_0: entered allmulticast mode
[  101.503077][ T5839] bridge_slave_0: entered promiscuous mode
[  101.513204][ T5847] team0: Port device team_slave_1 added
[  101.549222][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.556570][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.564002][ T5843] bridge_slave_1: entered allmulticast mode
[  101.571933][ T5843] bridge_slave_1: entered promiscuous mode
[  101.580857][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.588372][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.595736][ T5850] bridge_slave_1: entered allmulticast mode
[  101.603856][ T5850] bridge_slave_1: entered promiscuous mode
[  101.608771][ T5849] Bluetooth: hci3: command tx timeout
[  101.615476][ T5861] Bluetooth: hci2: command tx timeout
[  101.628428][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.635563][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.643560][ T5848] bridge_slave_1: entered allmulticast mode
[  101.651238][ T5848] bridge_slave_1: entered promiscuous mode
[  101.659304][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.666535][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.674012][ T5839] bridge_slave_1: entered allmulticast mode
[  101.681959][ T5839] bridge_slave_1: entered promiscuous mode
[  101.696370][ T5849] Bluetooth: hci5: command tx timeout
[  101.702818][ T5861] Bluetooth: hci4: command tx timeout
[  101.709829][ T5844] Bluetooth: hci1: command tx timeout
[  101.709849][ T5842] Bluetooth: hci0: command tx timeout
[  101.725191][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.732493][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.740102][ T5840] bridge_slave_0: entered allmulticast mode
[  101.748000][ T5840] bridge_slave_0: entered promiscuous mode
[  101.807100][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.814419][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.840619][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.853210][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.860684][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.868371][ T5840] bridge_slave_1: entered allmulticast mode
[  101.876060][ T5840] bridge_slave_1: entered promiscuous mode
[  101.898620][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.925488][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.935676][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.942889][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.968955][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.996619][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.009298][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.021714][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.034143][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.069537][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.096081][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.138483][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.206232][ T5839] team0: Port device team_slave_0 added
[  102.215070][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.240341][ T5850] team0: Port device team_slave_0 added
[  102.262267][ T5848] team0: Port device team_slave_0 added
[  102.270653][ T5839] team0: Port device team_slave_1 added
[  102.290909][ T5843] team0: Port device team_slave_0 added
[  102.299318][ T5850] team0: Port device team_slave_1 added
[  102.321106][ T5848] team0: Port device team_slave_1 added
[  102.354602][ T5843] team0: Port device team_slave_1 added
[  102.380950][ T5847] hsr_slave_0: entered promiscuous mode
[  102.387563][ T5847] hsr_slave_1: entered promiscuous mode
[  102.438433][ T5840] team0: Port device team_slave_0 added
[  102.470873][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.478316][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.504357][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.527669][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.535333][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.562208][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.575065][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.582654][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.610023][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.623329][ T5840] team0: Port device team_slave_1 added
[  102.654372][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.661582][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.687629][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.700248][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.707235][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.734000][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.745935][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.752945][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.779406][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.817585][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.825109][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.851256][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.891660][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.898915][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.925839][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.947592][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.954799][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.980996][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.007266][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.014489][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.040685][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.189404][ T5843] hsr_slave_0: entered promiscuous mode
[  103.196112][ T5843] hsr_slave_1: entered promiscuous mode
[  103.203374][ T5843] debugfs: 'hsr0' already exists in 'hsr'
[  103.209216][ T5843] Cannot create hsr debugfs directory
[  103.293406][ T5850] hsr_slave_0: entered promiscuous mode
[  103.300104][ T5850] hsr_slave_1: entered promiscuous mode
[  103.306312][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[  103.312102][ T5850] Cannot create hsr debugfs directory
[  103.324496][ T5848] hsr_slave_0: entered promiscuous mode
[  103.331124][ T5848] hsr_slave_1: entered promiscuous mode
[  103.337525][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[  103.343540][ T5848] Cannot create hsr debugfs directory
[  103.356462][ T5839] hsr_slave_0: entered promiscuous mode
[  103.363455][ T5839] hsr_slave_1: entered promiscuous mode
[  103.369883][ T5839] debugfs: 'hsr0' already exists in 'hsr'
[  103.375742][ T5839] Cannot create hsr debugfs directory
[  103.458900][ T5840] hsr_slave_0: entered promiscuous mode
[  103.465428][ T5840] hsr_slave_1: entered promiscuous mode
[  103.471939][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[  103.477851][ T5840] Cannot create hsr debugfs directory
[  103.690237][ T5861] Bluetooth: hci2: command tx timeout
[  103.695975][ T5844] Bluetooth: hci3: command tx timeout
[  103.773889][ T5844] Bluetooth: hci1: command tx timeout
[  103.779605][ T5861] Bluetooth: hci4: command tx timeout
[  103.785139][ T5849] Bluetooth: hci5: command tx timeout
[  103.785378][ T5842] Bluetooth: hci0: command tx timeout
[  104.072590][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  104.085841][ T5847] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.094934][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  104.105436][ T5847] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.157244][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  104.170306][ T5847] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.179218][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  104.190952][ T5847] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.342133][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.355786][ T5839] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.364421][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.375682][ T5839] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.391206][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.402341][ T5839] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.410646][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.422305][ T5839] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.527586][ T5843] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  104.540804][ T5843] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.550764][ T5843] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  104.561759][ T5843] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.575682][ T5843] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  104.589935][ T5843] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.604520][ T5843] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  104.616089][ T5843] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.747215][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.758406][ T5850] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.766505][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  104.778814][ T5850] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.798295][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  104.813968][ T5850] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.822695][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.834215][ T5850] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.907892][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.995556][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[  105.006240][ T5848] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.017038][ T5848] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  105.025570][ T5848] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.037158][ T5848] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  105.046760][ T5848] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.058187][ T5848] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  105.075078][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.085343][ T5848] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.096692][ T5848] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  105.132987][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.140719][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.152363][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.159535][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.255931][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[  105.316353][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  105.327181][ T5840] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  105.349301][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.356542][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.369490][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  105.381565][ T5840] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  105.396982][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  105.406918][ T5840] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  105.415766][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  105.429881][ T5840] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  105.458208][  T199] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.465558][  T199] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.493695][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.600674][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.645042][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[  105.700151][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.707349][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.767149][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.774369][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.785074][ T5842] Bluetooth: hci3: command tx timeout
[  105.785106][ T5861] Bluetooth: hci2: command tx timeout
[  105.815410][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[  105.848669][ T5861] Bluetooth: hci4: command tx timeout
[  105.848696][ T5842] Bluetooth: hci5: command tx timeout
[  105.848715][ T5849] Bluetooth: hci1: command tx timeout
[  105.859398][ T5842] Bluetooth: hci0: command tx timeout
[  105.891812][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.921160][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.928396][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.983359][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.990619][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.063095][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[  106.084872][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.127470][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.134741][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.186155][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.193316][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.330551][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.366060][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.473605][ T5847] veth0_vlan: entered promiscuous mode
[  106.529691][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  106.609310][  T199] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.617233][  T199] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.660326][ T5847] veth1_vlan: entered promiscuous mode
[  106.700120][  T199] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.707374][  T199] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.794000][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.833937][ T5839] veth0_vlan: entered promiscuous mode
[  106.900780][ T5847] veth0_macvtap: entered promiscuous mode
[  106.943692][ T5847] veth1_macvtap: entered promiscuous mode
[  106.956002][ T5839] veth1_vlan: entered promiscuous mode
[  107.014191][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.044963][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.067095][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.089621][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.154464][   T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.181280][   T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.221774][   T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.233417][   T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.255227][ T5839] veth0_macvtap: entered promiscuous mode
[  107.304599][ T5839] veth1_macvtap: entered promiscuous mode
[  107.464194][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.520443][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.545218][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.555214][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.595955][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.626865][ T5850] veth0_vlan: entered promiscuous mode
[  107.633035][   T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.673443][ T5850] veth1_vlan: entered promiscuous mode
[  107.685086][   T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.699658][   T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.712263][ T5848] veth0_vlan: entered promiscuous mode
[  107.725130][   T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.752560][  T199] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.765983][  T199] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.796467][ T5843] veth0_vlan: entered promiscuous mode
[  107.848236][ T5842] Bluetooth: hci2: command tx timeout
[  107.850381][ T5861] Bluetooth: hci3: command tx timeout
[  107.872468][ T5848] veth1_vlan: entered promiscuous mode
[  107.931984][ T5861] Bluetooth: hci4: command tx timeout
[  107.932014][ T5842] Bluetooth: hci1: command tx timeout
[  107.932052][ T5842] Bluetooth: hci0: command tx timeout
[  107.937463][ T5849] Bluetooth: hci5: command tx timeout
[  107.969983][ T5843] veth1_vlan: entered promiscuous mode
[  107.980030][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  108.001707][ T5850] veth0_macvtap: entered promiscuous mode
[  108.045517][ T5850] veth1_macvtap: entered promiscuous mode
[  108.143075][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.145499][ T5848] veth0_macvtap: entered promiscuous mode
[  108.179838][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.220483][ T5848] veth1_macvtap: entered promiscuous mode
[  108.277827][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.310618][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.337495][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.348660][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.361321][   T86] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.382217][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.402670][   T86] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.414345][   T86] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.446529][   T86] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.465988][ T5843] veth0_macvtap: entered promiscuous mode
[  108.486880][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.592848][ T5843] veth1_macvtap: entered promiscuous mode
[  108.744166][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.837308][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.099871][ T5986] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET)
[  109.162757][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.492284][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.866431][ T5840] veth0_vlan: entered promiscuous mode
[  111.276619][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.679241][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.730282][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.763930][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.019739][ T5840] veth1_vlan: entered promiscuous mode
[  112.854886][   T86] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.878419][   T86] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.950107][ T1091] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.993427][ T1091] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.018529][  T801] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  113.032590][ T1091] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.124208][ T1091] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.198707][  T801] usb 3-1: Using ep0 maxpacket: 16
[  113.303833][  T801] usb 3-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  113.332561][  T801] usb 3-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[  113.994324][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.014178][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.099927][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.118918][ T5840] veth0_macvtap: entered promiscuous mode
[  114.130537][  T801] usb 3-1: config 0 interface 0 has no altsetting 0
[  114.139880][  T801] usb 3-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[  114.140161][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.150430][  T801] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.171451][  T801] usb 3-1: config 0 descriptor??
[  114.224540][ T5840] veth1_macvtap: entered promiscuous mode
[  114.309117][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.343270][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.545077][ T5985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.587664][ T5985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.625789][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.620298][  T801] usbhid 3-1:0.0: can't add hid device: -71
[  115.631789][  T801] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  115.743578][  T801] usb 3-1: USB disconnect, device number 2
[  116.092630][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.370326][ T6016] Zero length message leads to an empty skb
[  116.383940][ T6016] loop0: detected capacity change from 0 to 16
[  116.520166][ T6016] erofs (device loop0): invalid ishare xattr prefix id 0
[  117.025584][ T1091] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.064734][ T6019] netlink: 'syz.1.14': attribute type 1 has an invalid length.
[  117.074403][ T1091] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.126390][ T1091] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.171145][ T1091] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.300222][ T5985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.360063][ T5985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.917299][ T6045] loop0: detected capacity change from 0 to 40427
[  121.969734][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.550486][ T6045] F2FS-fs (loop0): invalid crc value
[  122.661924][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.768520][ T6045] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  122.783730][ T6045] F2FS-fs (loop0): Start checkpoint disabled!
[  122.825460][ T6045] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  122.848381][ T6045] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  123.566617][ T6056] syz.0.19: attempt to access beyond end of device
[  123.566617][ T6056] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  123.568786][   T30] audit: type=1800 audit(1776958995.202:2): pid=6045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file1" dev="loop0" ino=10 res=0 errno=0
[  123.586158][ T6056] syz.0.19: attempt to access beyond end of device
[  123.586158][ T6056] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  123.616562][ T6056] syz.0.19: attempt to access beyond end of device
[  123.616562][ T6056] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  123.630795][ T6056] syz.0.19: attempt to access beyond end of device
[  123.630795][ T6056] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  123.644997][ T6056] syz.0.19: attempt to access beyond end of device
[  123.644997][ T6056] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  123.661191][ T6056] syz.0.19: attempt to access beyond end of device
[  123.661191][ T6056] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  123.676379][ T6056] syz.0.19: attempt to access beyond end of device
[  123.676379][ T6056] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  123.691195][ T6056] syz.0.19: attempt to access beyond end of device
[  123.691195][ T6056] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  123.878271][ T6056] syz.0.19: attempt to access beyond end of device
[  123.878271][ T6056] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  123.892614][ T6056] syz.0.19: attempt to access beyond end of device
[  123.892614][ T6056] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  125.592752][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23'.
[  126.182656][ T6066] nbd: socks must be embedded in a SOCK_ITEM attr
[  126.820104][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  126.820158][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  126.820184][ T5985] Workqueue: writeback wb_workfn (flush-7:0)
[  126.820259][ T5985] Call Trace:
[  126.820271][ T5985]  <TASK>
[  126.820291][ T5985]  dump_stack_lvl+0x100/0x190
[  126.820337][ T5985]  f2fs_stop_checkpoint+0x600/0x9b0
[  126.820398][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.820447][ T5985]  ? errseq_set+0xe3/0x150
[  126.820507][ T5985]  ? errseq_set+0xe3/0x150
[  126.820567][ T5985]  f2fs_write_end_io+0xf59/0x1340
[  126.820654][ T5985]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  126.820725][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.820782][ T5985]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  126.820846][ T5985]  bio_endio+0x78f/0x8f0
[  126.820897][ T5985]  submit_bio_noacct+0x64c/0x2000
[  126.820972][ T5985]  f2fs_submit_write_bio+0x135/0x340
[  126.821045][ T5985]  __submit_merged_bio+0x331/0x780
[  126.821117][ T5985]  __submit_merged_write_cond+0x3fe/0x510
[  126.821192][ T5985]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  126.821270][ T5985]  ? __pfx___might_resched+0x10/0x10
[  126.821324][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.821381][ T5985]  f2fs_sync_node_pages+0x13c6/0x1690
[  126.821460][ T5985]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  126.821527][ T5985]  ? f2fs_balance_fs_bg+0xabc/0xfa0
[  126.821608][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.821656][ T5985]  ? mark_held_locks+0x40/0x70
[  126.821704][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.821750][ T5985]  ? rcu_is_watching+0x12/0xc0
[  126.821814][ T5985]  f2fs_write_node_pages+0x27d/0x760
[  126.821872][ T5985]  ? trace_sched_exit_tp+0x11c/0x160
[  126.821916][ T5985]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  126.821974][ T5985]  ? hrtimer_start_range_ns+0x860/0x1a50
[  126.822059][ T5985]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  126.822123][ T5985]  do_writepages+0x278/0x600
[  126.822191][ T5985]  ? __pfx_do_writepages+0x10/0x10
[  126.822256][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.822310][ T5985]  __writeback_single_inode+0x164/0x1350
[  126.822369][ T5985]  ? preempt_schedule_common+0x42/0xc0
[  126.822432][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.822485][ T5985]  ? __pfx___writeback_single_inode+0x10/0x10
[  126.822549][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.822603][ T5985]  writeback_sb_inodes+0x766/0x1c60
[  126.822682][ T5985]  ? trace_hrtimer_start+0x79/0x230
[  126.822736][ T5985]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  126.822796][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.822843][ T5985]  ? hrtimer_start_range_ns+0x860/0x1a50
[  126.822959][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.823014][ T5985]  ? rcu_is_watching+0x12/0xc0
[  126.823069][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.823116][ T5985]  ? queue_io+0x287/0x540
[  126.823170][ T5985]  wb_writeback+0x1bf/0xb90
[  126.823241][ T5985]  ? __pfx_wb_writeback+0x10/0x10
[  126.823312][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.823359][ T5985]  ? mark_held_locks+0x40/0x70
[  126.823405][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  126.823466][ T5985]  wb_workfn+0x14f/0xc00
[  126.823528][ T5985]  ? __pfx___schedule+0x10/0x10
[  126.823582][ T5985]  ? __pfx_wb_workfn+0x10/0x10
[  126.823647][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.823697][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.823745][ T5985]  ? preempt_schedule_thunk+0x16/0x30
[  126.823821][ T5985]  process_one_work+0xa0e/0x1980
[  126.823888][ T5985]  ? __pfx_process_one_work+0x10/0x10
[  126.823931][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.823996][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.824049][ T5985]  worker_thread+0x5ef/0xe50
[  126.824109][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  126.824158][ T5985]  ? kthread+0x13a/0x450
[  126.824197][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  126.824241][ T5985]  kthread+0x370/0x450
[  126.824280][ T5985]  ? __pfx_kthread+0x10/0x10
[  126.824324][ T5985]  ret_from_fork+0x72b/0xd50
[  126.824372][ T5985]  ? __pfx_ret_from_fork+0x10/0x10
[  126.824419][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.824466][ T5985]  ? __switch_to+0x800/0x1100
[  126.824520][ T5985]  ? __switch_to_asm+0x39/0x70
[  126.824571][ T5985]  ? __pfx_kthread+0x10/0x10
[  126.824615][ T5985]  ret_from_fork_asm+0x1a/0x30
[  126.824690][ T5985]  </TASK>
[  127.537825][ T5985] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  127.552133][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  127.552184][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  127.552209][ T5985] Workqueue: writeback wb_workfn (flush-7:0)
[  127.552281][ T5985] Call Trace:
[  127.552293][ T5985]  <TASK>
[  127.552307][ T5985]  dump_stack_lvl+0x100/0x190
[  127.552351][ T5985]  f2fs_stop_checkpoint+0x600/0x9b0
[  127.552409][ T5985]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  127.552449][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.552496][ T5985]  ? errseq_set+0xe3/0x150
[  127.552560][ T5985]  ? errseq_set+0xe3/0x150
[  127.552618][ T5985]  f2fs_write_end_io+0xf59/0x1340
[  127.552685][ T5985]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  127.552752][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.552807][ T5985]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  127.552868][ T5985]  bio_endio+0x78f/0x8f0
[  127.552917][ T5985]  submit_bio_noacct+0x64c/0x2000
[  127.552991][ T5985]  f2fs_submit_write_bio+0x135/0x340
[  127.553061][ T5985]  __submit_merged_bio+0x331/0x780
[  127.553130][ T5985]  __submit_merged_write_cond+0x3fe/0x510
[  127.553204][ T5985]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  127.553279][ T5985]  ? __pfx___might_resched+0x10/0x10
[  127.553328][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.553384][ T5985]  f2fs_sync_node_pages+0x13c6/0x1690
[  127.553461][ T5985]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  127.553555][ T5985]  ? f2fs_balance_fs_bg+0xabc/0xfa0
[  127.553657][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.553704][ T5985]  ? mark_held_locks+0x40/0x70
[  127.553751][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.553796][ T5985]  ? rcu_is_watching+0x12/0xc0
[  127.553859][ T5985]  f2fs_write_node_pages+0x27d/0x760
[  127.553914][ T5985]  ? trace_sched_exit_tp+0x11c/0x160
[  127.553957][ T5985]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  127.554025][ T5985]  ? hrtimer_start_range_ns+0x860/0x1a50
[  127.554098][ T5985]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  127.554160][ T5985]  do_writepages+0x278/0x600
[  127.554225][ T5985]  ? __pfx_do_writepages+0x10/0x10
[  127.554288][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.554340][ T5985]  __writeback_single_inode+0x164/0x1350
[  127.554399][ T5985]  ? preempt_schedule_common+0x42/0xc0
[  127.554460][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.554511][ T5985]  ? __pfx___writeback_single_inode+0x10/0x10
[  127.554574][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.554625][ T5985]  writeback_sb_inodes+0x766/0x1c60
[  127.554703][ T5985]  ? trace_hrtimer_start+0x79/0x230
[  127.554755][ T5985]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  127.554814][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.554860][ T5985]  ? hrtimer_start_range_ns+0x860/0x1a50
[  127.554973][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.555027][ T5985]  ? rcu_is_watching+0x12/0xc0
[  127.555082][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.555128][ T5985]  ? queue_io+0x287/0x540
[  127.555181][ T5985]  wb_writeback+0x1bf/0xb90
[  127.555250][ T5985]  ? __pfx_wb_writeback+0x10/0x10
[  127.555319][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.555365][ T5985]  ? mark_held_locks+0x40/0x70
[  127.555411][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  127.555468][ T5985]  wb_workfn+0x14f/0xc00
[  127.555531][ T5985]  ? __pfx___schedule+0x10/0x10
[  127.555588][ T5985]  ? __pfx_wb_workfn+0x10/0x10
[  127.555650][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.555699][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.555741][ T5985]  ? preempt_schedule_thunk+0x16/0x30
[  127.555812][ T5985]  process_one_work+0xa0e/0x1980
[  127.555877][ T5985]  ? __pfx_process_one_work+0x10/0x10
[  127.555919][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.555979][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.556039][ T5985]  worker_thread+0x5ef/0xe50
[  127.556098][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  127.556147][ T5985]  ? kthread+0x13a/0x450
[  127.556186][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  127.556229][ T5985]  kthread+0x370/0x450
[  127.556268][ T5985]  ? __pfx_kthread+0x10/0x10
[  127.556325][ T5985]  ret_from_fork+0x72b/0xd50
[  127.556373][ T5985]  ? __pfx_ret_from_fork+0x10/0x10
[  127.556420][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  127.556464][ T5985]  ? __switch_to+0x800/0x1100
[  127.556516][ T5985]  ? __switch_to_asm+0x39/0x70
[  127.556567][ T5985]  ? __pfx_kthread+0x10/0x10
[  127.556611][ T5985]  ret_from_fork_asm+0x1a/0x30
[  127.556687][ T5985]  </TASK>
[  128.051151][ T5985] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  130.195710][ T6090] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  130.536477][ T6087] loop3: detected capacity change from 0 to 32768
[  130.544302][ T6087] btrfs: Deprecated parameter 'usebackuproot'
[  130.550847][ T6087] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  130.573292][ T6087] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.28 (6087)
[  130.642775][ T6087] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  130.653499][ T6087] BTRFS info (device loop3): using crc32c checksum algorithm
[  130.661213][ T6087] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  130.844559][ T6076] BTRFS warning (device loop3): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb0e5ffa5 level 0
[  130.878193][ T5995] udevd[5995]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  130.925325][ T6087] BTRFS warning (device loop3): couldn't read tree root
[  130.933603][ T6087] BTRFS warning (device loop3): try to load backup roots slot 1
[  130.943176][ T6071] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x32d10ca2 level 0
[  130.965597][ T5827] udevd[5827]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  131.030775][ T6107] loop4: detected capacity change from 0 to 512
[  131.047100][ T6087] BTRFS warning (device loop3): couldn't read tree root
[  131.054814][ T6087] BTRFS warning (device loop3): try to load backup roots slot 2
[  131.064819][ T6071] BTRFS warning (device loop3): checksum verify failed on logical 5255168 mirror 1 wanted 0x9df47653 found 0x6344b7f5 level 1
[  131.224340][ T6087] BTRFS warning (device loop3): couldn't read tree root
[  131.233221][ T6087] BTRFS warning (device loop3): try to load backup roots slot 3
[  131.364319][ T6087] BTRFS info (device loop3): rebuilding free space tree
[  131.884575][ T6087] BTRFS info (device loop3): disabling free space tree
[  131.892065][ T6087] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  131.902139][ T6087] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  131.942364][ T6087] BTRFS info (device loop3): checking UUID tree
[  131.977138][ T6087] BTRFS info (device loop3): enabling ssd optimizations
[  131.986093][ T6087] BTRFS info (device loop3): turning off barriers
[  131.992795][ T6087] BTRFS info (device loop3): turning on sync discard
[  131.999674][ T6087] BTRFS info (device loop3): enabling disk space caching
[  132.006738][ T6087] BTRFS info (device loop3): force clearing of disk cache
[  132.016815][ T6087] BTRFS info (device loop3): enabling auto defrag
[  132.023366][ T6087] BTRFS info (device loop3): trying to use backup root at mount time
[  132.031579][ T6087] BTRFS info (device loop3): max_inline set to 0
[  132.088602][ T6107] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  132.263721][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  132.276430][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  132.426209][ T6107] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[  132.838008][ T6107] EXT4-fs (loop4): 1 truncate cleaned up
[  133.530580][ T6129] capability: warning: `syz.0.25' uses deprecated v2 capabilities in a way that may be insecure
[  134.812649][ T6107] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.970153][ T6117] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1314: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  135.042969][ T6135] loop0: detected capacity change from 0 to 128
[  135.056722][ T5848] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  135.169835][ T6135] =======================================================
[  135.169835][ T6135] WARNING: The mand mount option has been deprecated and
[  135.169835][ T6135]          and is ignored by this kernel. Remove the mand
[  135.169835][ T6135]          option from the mount to silence this warning.
[  135.169835][ T6135] =======================================================
[  135.392750][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.082143][ T6157] loop2: detected capacity change from 0 to 32768
[  138.096476][ T6157] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.38 (6157)
[  138.116993][ T6157] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  138.127514][ T6157] BTRFS info (device loop2): using sha256 checksum algorithm
[  138.345789][ T6157] BTRFS info (device loop2): setting nodatasum
[  138.352290][ T6157] BTRFS info (device loop2): enabling ssd optimizations
[  138.359426][ T6157] BTRFS info (device loop2): turning on async discard
[  138.366499][ T6157] BTRFS info (device loop2): enabling free space tree
[  139.518600][   T30] audit: type=1800 audit(1776959011.502:3): pid=6183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.38" name="file1" dev="loop2" ino=260 res=0 errno=0
[  140.756854][ T6189] netlink: 16 bytes leftover after parsing attributes in process `syz.5.42'.
[  141.898416][ T5847] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  143.288858][ T6195] pim6reg: entered allmulticast mode
[  146.704528][ T6229] IPv6: NLM_F_CREATE should be specified when creating new route
[  152.253759][ T6258] bridge_slave_0: left allmulticast mode
[  152.259763][ T6258] bridge_slave_0: left promiscuous mode
[  152.276396][ T6258] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.313641][ T6278] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  154.909168][ T6270] loop5: detected capacity change from 0 to 40427
[  154.910346][ T6269] loop1: detected capacity change from 0 to 40427
[  155.088128][ T6269] F2FS-fs (loop1): invalid crc value
[  155.113643][ T6270] F2FS-fs (loop5): invalid crc value
[  155.200530][ T6269] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  155.214392][ T6269] F2FS-fs (loop1): Start checkpoint disabled!
[  155.220301][ T6270] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  155.231476][ T6258] bridge_slave_1: left allmulticast mode
[  155.241326][ T6270] F2FS-fs (loop5): Start checkpoint disabled!
[  155.251604][ T6269] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  155.252307][ T6270] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  155.259616][ T6269] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  155.275235][ T6270] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  155.583626][ T6258] bridge_slave_1: left promiscuous mode
[  155.591922][   T30] audit: type=1800 audit(1776959027.612:4): pid=6269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.60" name="file1" dev="loop1" ino=10 res=0 errno=0
[  155.941798][ T6286] bio_check_eod: 176 callbacks suppressed
[  155.941853][ T6286] syz.1.60: attempt to access beyond end of device
[  155.941853][ T6286] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  155.967093][ T6286] syz.1.60: attempt to access beyond end of device
[  155.967093][ T6286] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  155.986828][ T6286] syz.1.60: attempt to access beyond end of device
[  155.986828][ T6286] loop1: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  156.005498][ T6286] syz.1.60: attempt to access beyond end of device
[  156.005498][ T6286] loop1: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  156.025480][ T6286] syz.1.60: attempt to access beyond end of device
[  156.025480][ T6286] loop1: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  156.044954][ T6286] syz.1.60: attempt to access beyond end of device
[  156.044954][ T6286] loop1: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  156.063100][ T6286] syz.1.60: attempt to access beyond end of device
[  156.063100][ T6286] loop1: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  156.081306][ T6286] syz.1.60: attempt to access beyond end of device
[  156.081306][ T6286] loop1: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  156.099840][ T6286] syz.1.60: attempt to access beyond end of device
[  156.099840][ T6286] loop1: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  156.119679][ T6286] syz.1.60: attempt to access beyond end of device
[  156.119679][ T6286] loop1: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  156.588125][ T6258] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.277777][   T30] audit: type=1800 audit(1776959027.632:5): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.63" name="file1" dev="loop5" ino=10 res=0 errno=0
[  157.352037][   T86] CPU: 1 UID: 0 PID: 86 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  157.352088][   T86] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  157.352112][   T86] Workqueue: writeback wb_workfn (flush-7:1)
[  157.352188][   T86] Call Trace:
[  157.352200][   T86]  <TASK>
[  157.352213][   T86]  dump_stack_lvl+0x100/0x190
[  157.352257][   T86]  f2fs_stop_checkpoint+0x600/0x9b0
[  157.352315][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.352363][   T86]  ? errseq_set+0xe3/0x150
[  157.352421][   T86]  ? errseq_set+0xe3/0x150
[  157.352479][   T86]  f2fs_write_end_io+0xf59/0x1340
[  157.352545][   T86]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  157.352613][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.352669][   T86]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  157.352731][   T86]  bio_endio+0x78f/0x8f0
[  157.352778][   T86]  submit_bio_noacct+0x64c/0x2000
[  157.352856][   T86]  f2fs_submit_write_bio+0x135/0x340
[  157.352915][   T86]  __submit_merged_bio+0x331/0x780
[  157.352982][   T86]  __submit_merged_write_cond+0x3fe/0x510
[  157.353053][   T86]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  157.353126][   T86]  ? __pfx___might_resched+0x10/0x10
[  157.353177][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.353230][   T86]  f2fs_write_cache_pages+0x20e9/0x2630
[  157.353293][   T86]  ? lockdep_hardirqs_on+0x78/0x100
[  157.353352][   T86]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  157.353398][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.353443][   T86]  ? kfree+0x223/0x6c0
[  157.353488][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.353533][   T86]  ? ieee80211_inform_bss+0x8da/0x1150
[  157.353595][   T86]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[  157.353636][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.353744][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.353790][   T86]  ? rcu_is_watching+0x12/0xc0
[  157.353862][   T86]  f2fs_write_data_pages+0x799/0x16d0
[  157.353905][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.353962][   T86]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.354020][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354067][   T86]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.354113][   T86]  do_writepages+0x278/0x600
[  157.354178][   T86]  ? __pfx_do_writepages+0x10/0x10
[  157.354240][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354292][   T86]  __writeback_single_inode+0x164/0x1350
[  157.354350][   T86]  ? find_held_lock+0x2b/0x80
[  157.354412][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354461][   T86]  ? __pfx___writeback_single_inode+0x10/0x10
[  157.354520][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354567][   T86]  ? do_raw_spin_unlock+0x145/0x1e0
[  157.354621][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354674][   T86]  writeback_sb_inodes+0x766/0x1c60
[  157.354752][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354801][   T86]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  157.354865][   T86]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  157.354923][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.354969][   T86]  ? debug_object_assert_init+0x1c4/0x300
[  157.355084][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355131][   T86]  ? rcu_is_watching+0x12/0xc0
[  157.355186][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355232][   T86]  ? queue_io+0x287/0x540
[  157.355285][   T86]  wb_writeback+0x1bf/0xb90
[  157.355354][   T86]  ? __pfx_wb_writeback+0x10/0x10
[  157.355424][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355470][   T86]  ? mark_held_locks+0x40/0x70
[  157.355520][   T86]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.355579][   T86]  wb_workfn+0x14f/0xc00
[  157.355641][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355686][   T86]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  157.355745][   T86]  ? __pfx_wb_workfn+0x10/0x10
[  157.355805][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355865][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355913][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.355958][   T86]  ? rcu_is_watching+0x12/0xc0
[  157.356011][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.356065][   T86]  process_one_work+0xa0e/0x1980
[  157.356132][   T86]  ? __pfx_process_one_work+0x10/0x10
[  157.356176][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.356236][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.356289][   T86]  worker_thread+0x5ef/0xe50
[  157.356346][   T86]  ? __pfx_worker_thread+0x10/0x10
[  157.356394][   T86]  ? kthread+0x13a/0x450
[  157.356432][   T86]  ? __pfx_worker_thread+0x10/0x10
[  157.356476][   T86]  kthread+0x370/0x450
[  157.356514][   T86]  ? __pfx_kthread+0x10/0x10
[  157.356557][   T86]  ret_from_fork+0x72b/0xd50
[  157.356605][   T86]  ? __pfx_ret_from_fork+0x10/0x10
[  157.356651][   T86]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.356696][   T86]  ? __switch_to+0x800/0x1100
[  157.356749][   T86]  ? __switch_to_asm+0x39/0x70
[  157.356801][   T86]  ? __pfx_kthread+0x10/0x10
[  157.356856][   T86]  ret_from_fork_asm+0x1a/0x30
[  157.356930][   T86]  </TASK>
[  157.385171][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  157.385220][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  157.385248][ T5985] Workqueue: writeback wb_workfn (flush-7:5)
[  157.385317][ T5985] Call Trace:
[  157.385328][ T5985]  <TASK>
[  157.385341][ T5985]  dump_stack_lvl+0x100/0x190
[  157.385384][ T5985]  f2fs_stop_checkpoint+0x600/0x9b0
[  157.385441][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.385487][ T5985]  ? errseq_set+0xe3/0x150
[  157.385544][ T5985]  ? errseq_set+0xe3/0x150
[  157.385600][ T5985]  f2fs_write_end_io+0xf59/0x1340
[  157.385665][ T5985]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  157.385732][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.385787][ T5985]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  157.385847][ T5985]  bio_endio+0x78f/0x8f0
[  157.385896][ T5985]  submit_bio_noacct+0x64c/0x2000
[  157.385967][ T5985]  f2fs_submit_write_bio+0x135/0x340
[  157.386026][ T5985]  __submit_merged_bio+0x331/0x780
[  157.386101][ T5985]  __submit_merged_write_cond+0x3fe/0x510
[  157.386172][ T5985]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  157.386246][ T5985]  ? __pfx___might_resched+0x10/0x10
[  157.386299][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.386351][ T5985]  f2fs_write_cache_pages+0x20e9/0x2630
[  157.386416][ T5985]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  157.386469][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.386515][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.386559][ T5985]  ? find_held_lock+0x2b/0x80
[  157.386617][ T5985]  ? nr_blockdev_pages+0xde/0x120
[  157.386673][ T5985]  ? nr_blockdev_pages+0xde/0x120
[  157.386728][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.386791][ T5985]  ? si_meminfo+0x118/0x230
[  157.386829][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.386874][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.386982][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387027][ T5985]  ? rcu_is_watching+0x12/0xc0
[  157.387093][ T5985]  f2fs_write_data_pages+0x799/0x16d0
[  157.387135][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387179][ T5985]  ? trace_f2fs_writepages.constprop.0+0x75/0x230
[  157.387239][ T5985]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.387290][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387340][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387386][ T5985]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.387432][ T5985]  do_writepages+0x278/0x600
[  157.387496][ T5985]  ? __pfx_do_writepages+0x10/0x10
[  157.387556][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387608][ T5985]  __writeback_single_inode+0x164/0x1350
[  157.387665][ T5985]  ? find_held_lock+0x2b/0x80
[  157.387724][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387772][ T5985]  ? __pfx___writeback_single_inode+0x10/0x10
[  157.387828][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387873][ T5985]  ? do_raw_spin_unlock+0x145/0x1e0
[  157.387926][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.387977][ T5985]  writeback_sb_inodes+0x766/0x1c60
[  157.388056][ T5985]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  157.388116][ T5985]  ? do_raw_spin_lock+0x128/0x260
[  157.388168][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.388269][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.388313][ T5985]  ? rcu_is_watching+0x12/0xc0
[  157.388366][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.388411][ T5985]  ? queue_io+0x287/0x540
[  157.388462][ T5985]  wb_writeback+0x1bf/0xb90
[  157.388530][ T5985]  ? __pfx_wb_writeback+0x10/0x10
[  157.388597][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.388641][ T5985]  ? mark_held_locks+0x40/0x70
[  157.388684][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.388744][ T5985]  wb_workfn+0x14f/0xc00
[  157.388805][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.388849][ T5985]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  157.388907][ T5985]  ? __pfx_wb_workfn+0x10/0x10
[  157.388967][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389016][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389063][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389116][ T5985]  ? rcu_is_watching+0x12/0xc0
[  157.389169][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389222][ T5985]  process_one_work+0xa0e/0x1980
[  157.389289][ T5985]  ? __pfx_process_one_work+0x10/0x10
[  157.389332][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389392][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389445][ T5985]  worker_thread+0x5ef/0xe50
[  157.389502][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  157.389550][ T5985]  ? kthread+0x13a/0x450
[  157.389588][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  157.389630][ T5985]  kthread+0x370/0x450
[  157.389669][ T5985]  ? __pfx_kthread+0x10/0x10
[  157.389712][ T5985]  ret_from_fork+0x72b/0xd50
[  157.389760][ T5985]  ? __pfx_ret_from_fork+0x10/0x10
[  157.389806][ T5985]  ? srso_alias_return_thunk+0x5/0xfbef5
[  157.389850][ T5985]  ? __switch_to+0x800/0x1100
[  157.389903][ T5985]  ? __switch_to_asm+0x39/0x70
[  157.389953][ T5985]  ? __pfx_kthread+0x10/0x10
[  157.389997][ T5985]  ret_from_fork_asm+0x1a/0x30
[  157.390075][ T5985]  </TASK>
[  157.718134][   T86] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  157.806476][ T5985] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  158.599205][ T6258] bond0: (slave bond_slave_0): Releasing backup interface
[  158.619862][ T6291] loop3: detected capacity change from 0 to 1024
[  161.365909][ T6258] bond0: (slave bond_slave_1): Releasing backup interface
[  161.541581][ T6258] team0: Port device team_slave_0 removed
[  161.638116][ T6258] team0: Port device team_slave_1 removed
[  161.639095][ T6258] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.639119][ T6258] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.667051][ T6258] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.667080][ T6258] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.710111][ T6258] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  164.240583][ T6329] vxcan1: tx drop: invalid sa for name 0x0000000000000002
[  165.897140][ T5854] IPVS: starting estimator thread 0...
[  166.109785][ T6345] IPVS: using max 22 ests per chain, 52800 per kthread
[  166.149376][ T6350] x_tables: duplicate underflow at hook 1
[  166.928572][ T6352] netlink: 'syz.3.77': attribute type 1 has an invalid length.
[  167.083362][ T6352] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.77'.
[  169.218802][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  169.628316][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  170.037898][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  170.448409][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  172.765458][ T5842] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  172.776784][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  172.776834][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  172.776860][ T5842] Workqueue: hci2 hci_rx_work
[  172.776925][ T5842] Call Trace:
[  172.776939][ T5842]  <TASK>
[  172.776954][ T5842]  dump_stack_lvl+0x100/0x190
[  172.777000][ T5842]  sysfs_warn_dup.cold+0x1c/0x28
[  172.777059][ T5842]  sysfs_create_dir_ns+0x24b/0x2b0
[  172.777123][ T5842]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  172.777184][ T5842]  ? find_held_lock+0x2b/0x80
[  172.777245][ T5842]  ? kobject_add_internal+0x25f/0x930
[  172.777291][ T5842]  ? kobject_add_internal+0x25f/0x930
[  172.777339][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.777387][ T5842]  ? do_raw_spin_unlock+0x145/0x1e0
[  172.777450][ T5842]  kobject_add_internal+0x2c8/0x930
[  172.777504][ T5842]  kobject_add+0x16a/0x1e0
[  172.777549][ T5842]  ? __pfx_kobject_add+0x10/0x10
[  172.777591][ T5842]  ? preempt_schedule_thunk+0x16/0x30
[  172.777660][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.777707][ T5842]  ? kobject_put+0xb9/0x640
[  172.777743][ T5842]  ? _raw_spin_unlock+0x3e/0x50
[  172.777813][ T5842]  device_add+0x294/0x1950
[  172.777857][ T5842]  ? __pfx_dev_set_name+0x10/0x10
[  172.777908][ T5842]  ? __pfx_device_add+0x10/0x10
[  172.777949][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.777996][ T5842]  ? mgmt_send_event_skb+0x2fb/0x460
[  172.778073][ T5842]  hci_conn_add_sysfs+0x1a3/0x260
[  172.778120][ T5842]  le_conn_complete_evt+0x11eb/0x1f60
[  172.778196][ T5842]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  172.778264][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.778319][ T5842]  hci_le_conn_complete_evt+0x23c/0x3a0
[  172.778386][ T5842]  ? skb_pull_data+0x15f/0x1e0
[  172.778445][ T5842]  hci_le_meta_evt+0x34a/0x5f0
[  172.778484][ T5842]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  172.778555][ T5842]  hci_event_packet+0x51c/0xcd0
[  172.778619][ T5842]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  172.778660][ T5842]  ? __pfx_hci_event_packet+0x10/0x10
[  172.778725][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.778782][ T5842]  ? kcov_remote_start+0x374/0x660
[  172.778823][ T5842]  ? lockdep_hardirqs_on+0x78/0x100
[  172.778885][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.778943][ T5842]  hci_rx_work+0x451/0xfc0
[  172.779016][ T5842]  process_one_work+0xa0e/0x1980
[  172.779087][ T5842]  ? __pfx_process_one_work+0x10/0x10
[  172.779133][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.779195][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.779251][ T5842]  worker_thread+0x5ef/0xe50
[  172.779316][ T5842]  ? kthread+0x13a/0x450
[  172.779356][ T5842]  ? __pfx_worker_thread+0x10/0x10
[  172.779402][ T5842]  kthread+0x370/0x450
[  172.779443][ T5842]  ? __pfx_kthread+0x10/0x10
[  172.779488][ T5842]  ret_from_fork+0x72b/0xd50
[  172.779538][ T5842]  ? __pfx_ret_from_fork+0x10/0x10
[  172.779586][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.779634][ T5842]  ? __switch_to+0x800/0x1100
[  172.779691][ T5842]  ? __switch_to_asm+0x39/0x70
[  172.779744][ T5842]  ? __pfx_kthread+0x10/0x10
[  172.779801][ T5842]  ret_from_fork_asm+0x1a/0x30
[  172.779877][ T5842]  </TASK>
[  173.112075][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.82'.
[  173.180026][ T5842] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  173.194361][ T5842] Bluetooth: hci2: failed to register connection device
[  174.563540][ T6372] nbd: socks must be embedded in a SOCK_ITEM attr
[  178.209468][ T6386] loop4: detected capacity change from 0 to 128
[  179.758482][ T5822] udevd[5822]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  180.059538][ T6386] loop4: detected capacity change from 0 to 32768
[  180.105686][ T6386] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  180.702612][ T6386] XFS (loop4): Ending clean mount
[  180.885327][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  180.885518][ T6408] vlan2: entered promiscuous mode
[  180.918817][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  180.928577][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  180.941708][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  180.952302][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  180.983894][ T6408] vlan2: entered allmulticast mode
[  180.998008][ T6408] hsr_slave_1: entered allmulticast mode
[  181.046483][ T6408] netlink: 4 bytes leftover after parsing attributes in process `syz.5.93'.
[  181.068437][ T5822] udevd[5822]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  182.448430][ T5840] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  183.048047][ T5842] Bluetooth: hci6: command tx timeout
[  185.128289][ T5842] Bluetooth: hci6: command tx timeout
[  185.475307][ T6439] loop4: detected capacity change from 0 to 1024
[  186.778105][ T5947] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  187.134452][ T5947] usb 6-1: Using ep0 maxpacket: 16
[  187.207844][ T5842] Bluetooth: hci6: command tx timeout
[  187.374700][ T5947] usb 6-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.436078][ T5947] usb 6-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[  187.674045][ T5947] usb 6-1: config 0 interface 0 has no altsetting 0
[  187.681439][ T5947] usb 6-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[  187.690566][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.716318][ T5947] usb 6-1: config 0 descriptor??
[  189.071972][ T6460] loop4: detected capacity change from 0 to 32768
[  189.077879][ T5947] usbhid 6-1:0.0: can't add hid device: -71
[  189.080608][ T6460] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.104 (6460)
[  189.104957][ T6460] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  189.105605][ T5947] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  189.115476][ T6460] BTRFS info (device loop4): using sha256 checksum algorithm
[  189.223199][ T5947] usb 6-1: USB disconnect, device number 2
[  189.375478][ T6460] BTRFS info (device loop4): setting nodatasum
[  189.382310][ T6460] BTRFS info (device loop4): enabling ssd optimizations
[  189.389323][ T6460] BTRFS info (device loop4): turning on async discard
[  189.398494][ T6460] BTRFS info (device loop4): enabling free space tree
[  189.514046][ T5842] Bluetooth: hci6: command tx timeout
[  189.850691][ T6486] process 'syz.2.108' launched './file0' with NULL argv: empty string added
[  190.240427][   T30] audit: type=1800 audit(1776959062.512:6): pid=6489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.104" name="file1" dev="loop4" ino=260 res=0 errno=0
[  191.399562][ T5840] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  193.703027][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  193.712690][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  194.497109][ T6511] netlink: 28 bytes leftover after parsing attributes in process `syz.5.113'.
[  194.507921][ T6511] netlink: 28 bytes leftover after parsing attributes in process `syz.5.113'.
[  194.517925][ T6511] netlink: 28 bytes leftover after parsing attributes in process `syz.5.113'.
[  194.527021][ T6512] vxcan1: tx drop: invalid sa for name 0x0000000000000002
[  195.000150][ T6410] chnl_net:caif_netlink_parms(): no params data found
[  196.184777][ T5842] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  196.195120][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  196.195172][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  196.195197][ T5842] Workqueue: hci3 hci_rx_work
[  196.195264][ T5842] Call Trace:
[  196.195276][ T5842]  <TASK>
[  196.195291][ T5842]  dump_stack_lvl+0x100/0x190
[  196.195338][ T5842]  sysfs_warn_dup.cold+0x1c/0x28
[  196.195398][ T5842]  sysfs_create_dir_ns+0x24b/0x2b0
[  196.195463][ T5842]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  196.195524][ T5842]  ? find_held_lock+0x2b/0x80
[  196.195591][ T5842]  ? kobject_add_internal+0x25f/0x930
[  196.195638][ T5842]  ? kobject_add_internal+0x25f/0x930
[  196.195686][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.195735][ T5842]  ? do_raw_spin_unlock+0x145/0x1e0
[  196.195802][ T5842]  kobject_add_internal+0x2c8/0x930
[  196.195856][ T5842]  kobject_add+0x16a/0x1e0
[  196.195900][ T5842]  ? __pfx_kobject_add+0x10/0x10
[  196.195943][ T5842]  ? preempt_schedule_thunk+0x16/0x30
[  196.196013][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.196067][ T5842]  ? kobject_put+0xb9/0x640
[  196.196105][ T5842]  ? _raw_spin_unlock+0x3e/0x50
[  196.196174][ T5842]  device_add+0x294/0x1950
[  196.196218][ T5842]  ? __pfx_dev_set_name+0x10/0x10
[  196.196270][ T5842]  ? __pfx_device_add+0x10/0x10
[  196.196313][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.196361][ T5842]  ? mgmt_send_event_skb+0x2fb/0x460
[  196.196439][ T5842]  hci_conn_add_sysfs+0x1a3/0x260
[  196.196485][ T5842]  le_conn_complete_evt+0x11eb/0x1f60
[  196.196563][ T5842]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  196.196641][ T5842]  hci_le_conn_complete_evt+0x23c/0x3a0
[  196.196708][ T5842]  ? skb_pull_data+0x15f/0x1e0
[  196.196767][ T5842]  hci_le_meta_evt+0x34a/0x5f0
[  196.196808][ T5842]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  196.196880][ T5842]  hci_event_packet+0x51c/0xcd0
[  196.196944][ T5842]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  196.196986][ T5842]  ? __pfx_hci_event_packet+0x10/0x10
[  196.197065][ T5842]  ? kcov_remote_start+0x384/0x660
[  196.197118][ T5842]  hci_rx_work+0x451/0xfc0
[  196.197190][ T5842]  process_one_work+0xa0e/0x1980
[  196.197261][ T5842]  ? __pfx_process_one_work+0x10/0x10
[  196.197308][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.197372][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.197427][ T5842]  worker_thread+0x5ef/0xe50
[  196.197494][ T5842]  ? kthread+0x13a/0x450
[  196.197534][ T5842]  ? __pfx_worker_thread+0x10/0x10
[  196.197581][ T5842]  kthread+0x370/0x450
[  196.197622][ T5842]  ? __pfx_kthread+0x10/0x10
[  196.197668][ T5842]  ret_from_fork+0x72b/0xd50
[  196.197717][ T5842]  ? __pfx_ret_from_fork+0x10/0x10
[  196.197764][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  196.197809][ T5842]  ? __switch_to+0x800/0x1100
[  196.197864][ T5842]  ? __switch_to_asm+0x39/0x70
[  196.197915][ T5842]  ? __pfx_kthread+0x10/0x10
[  196.197962][ T5842]  ret_from_fork_asm+0x1a/0x30
[  196.198047][ T5842]  </TASK>
[  196.513652][ T6533] netlink: 4 bytes leftover after parsing attributes in process `syz.5.117'.
[  196.610135][ T5842] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  196.624540][ T5842] Bluetooth: hci3: failed to register connection device
[  198.176131][ T6533] nbd: socks must be embedded in a SOCK_ITEM attr
[  198.200274][ T6111] block nbd64: NBD_DISCONNECT
[  198.445415][ T6410] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.476953][ T6410] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.667506][ T6410] bridge_slave_0: entered allmulticast mode
[  198.676283][ T6410] bridge_slave_0: entered promiscuous mode
[  198.679015][ T6415] udevd[6415]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  198.687631][ T6410] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.699397][ T6410] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.727494][ T6410] bridge_slave_1: entered allmulticast mode
[  199.562499][ T6410] bridge_slave_1: entered promiscuous mode
[  201.340943][ T6558] loop0: detected capacity change from 0 to 32768
[  201.367354][ T6558] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.123 (6558)
[  201.397083][ T6558] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  201.409829][ T6558] BTRFS info (device loop0): using sha256 checksum algorithm
[  201.485126][ T6410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.566237][ T6558] BTRFS info (device loop0): setting nodatasum
[  201.572703][ T6558] BTRFS info (device loop0): enabling ssd optimizations
[  201.580982][ T6558] BTRFS info (device loop0): turning on async discard
[  201.587853][ T6558] BTRFS info (device loop0): enabling free space tree
[  201.627443][ T6410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.662510][   T30] audit: type=1800 audit(1776959074.722:7): pid=6583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.123" name="file1" dev="loop0" ino=260 res=0 errno=0
[  202.770245][ T6410] team0: Port device team_slave_0 added
[  203.786558][ T6410] team0: Port device team_slave_1 added
[  204.003082][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.078679][ T6410] batman_adv: batadv0: Adding interface: batadv_slave_0
[  204.083214][ T5839] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  204.098374][ T6410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  204.116592][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.197886][ T6410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  204.245073][ T6410] batman_adv: batadv0: Adding interface: batadv_slave_1
[  204.286264][ T6410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  204.347093][ T6410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.416556][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.424118][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.432869][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.445395][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.453543][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.461877][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.469674][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.477189][ T5931] hid-generic 0006:0004:0009.0001: unknown main item tag 0x0
[  204.579322][ T6597] ALSA: mixer_oss: invalid OSS volume 'VOLU'
[  205.250768][ T5931] hid-generic 0006:0004:0009.0001: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0
[  207.068444][ T6410] hsr_slave_0: entered promiscuous mode
[  207.148016][ T6598] fido_id[6598]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  207.190477][ T6410] hsr_slave_1: entered promiscuous mode
[  207.249072][ T6410] debugfs: 'hsr0' already exists in 'hsr'
[  207.282200][ T6410] Cannot create hsr debugfs directory
[  207.524135][ T6613] loop5: detected capacity change from 0 to 128
[  212.346110][ T6626] block device autoloading is deprecated and will be removed.
[  214.815278][ T6632] loop4: detected capacity change from 0 to 32768
[  214.828362][ T6632] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.138 (6632)
[  214.854316][ T6632] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  214.864653][ T6632] BTRFS info (device loop4): using sha256 checksum algorithm
[  215.091368][ T6632] BTRFS info (device loop4): setting nodatasum
[  215.098885][ T6632] BTRFS info (device loop4): enabling ssd optimizations
[  215.105902][ T6632] BTRFS info (device loop4): turning on async discard
[  215.113838][ T6632] BTRFS info (device loop4): enabling free space tree
[  216.410368][   T30] audit: type=1800 audit(1776959088.002:8): pid=6660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.138" name="file1" dev="loop4" ino=260 res=0 errno=0
[  218.038386][ T6665] ceph: No mds server is up or the cluster is laggy
[  218.148917][ T5917] libceph: connect (1)[c::]:6789 error -101
[  218.161128][ T5917] libceph: mon0 (1)[c::]:6789 connect error
[  218.282973][ T5844] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  218.295418][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: kworker/u9:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  218.295472][ T5844] Tainted: [L]=SOFTLOCKUP
[  218.295487][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  218.295520][ T5844] Workqueue: hci0 hci_rx_work
[  218.295595][ T5844] Call Trace:
[  218.295610][ T5844]  <TASK>
[  218.295628][ T5844]  dump_stack_lvl+0x100/0x190
[  218.295676][ T5844]  sysfs_warn_dup.cold+0x1c/0x28
[  218.295744][ T5844]  sysfs_create_dir_ns+0x24b/0x2b0
[  218.295816][ T5844]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  218.295892][ T5844]  ? find_held_lock+0x2b/0x80
[  218.295964][ T5844]  ? kobject_add_internal+0x25f/0x930
[  218.296000][ T5844]  ? kobject_add_internal+0x25f/0x930
[  218.296037][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.296088][ T5844]  ? do_raw_spin_unlock+0x145/0x1e0
[  218.296135][ T5844]  kobject_add_internal+0x2c8/0x930
[  218.296183][ T5844]  kobject_add+0x16a/0x1e0
[  218.296221][ T5844]  ? __pfx_kobject_add+0x10/0x10
[  218.296259][ T5844]  ? class_to_subsys+0x10f/0x150
[  218.296305][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.296356][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.296400][ T5844]  ? kobject_put+0xb9/0x640
[  218.296438][ T5844]  ? _raw_spin_unlock+0x28/0x50
[  218.296504][ T5844]  device_add+0x294/0x1950
[  218.296549][ T5844]  ? __pfx_dev_set_name+0x10/0x10
[  218.296606][ T5844]  ? __pfx_device_add+0x10/0x10
[  218.296649][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.296700][ T5844]  ? mgmt_send_event_skb+0x2fb/0x460
[  218.296782][ T5844]  hci_conn_add_sysfs+0x1a3/0x260
[  218.296830][ T5844]  le_conn_complete_evt+0x11eb/0x1f60
[  218.296910][ T5844]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  218.296967][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.297027][ T5844]  hci_le_conn_complete_evt+0x23c/0x3a0
[  218.297106][ T5844]  ? skb_pull_data+0x15f/0x1e0
[  218.297163][ T5844]  hci_le_meta_evt+0x34a/0x5f0
[  218.297203][ T5844]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  218.297271][ T5844]  hci_event_packet+0x51c/0xcd0
[  218.297355][ T5844]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  218.297397][ T5844]  ? __pfx_hci_event_packet+0x10/0x10
[  218.297460][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.297509][ T5844]  ? kcov_remote_start+0x374/0x660
[  218.297548][ T5844]  ? lockdep_hardirqs_on+0x78/0x100
[  218.297607][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.297664][ T5844]  hci_rx_work+0x451/0xfc0
[  218.297733][ T5844]  process_one_work+0xa0e/0x1980
[  218.297792][ T5844]  ? __pfx_process_one_work+0x10/0x10
[  218.297833][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.297890][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.297940][ T5844]  worker_thread+0x5ef/0xe50
[  218.297995][ T5844]  ? __pfx_worker_thread+0x10/0x10
[  218.298039][ T5844]  ? kthread+0x13a/0x450
[  218.298080][ T5844]  ? __pfx_worker_thread+0x10/0x10
[  218.298124][ T5844]  kthread+0x370/0x450
[  218.298158][ T5844]  ? __pfx_kthread+0x10/0x10
[  218.298200][ T5844]  ret_from_fork+0x72b/0xd50
[  218.298245][ T5844]  ? __pfx_ret_from_fork+0x10/0x10
[  218.298285][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.298328][ T5844]  ? rcu_is_watching+0x12/0xc0
[  218.298379][ T5844]  ? srso_alias_return_thunk+0x5/0xfbef5
[  218.298421][ T5844]  ? __switch_to+0x800/0x1100
[  218.298470][ T5844]  ? __switch_to_asm+0x39/0x70
[  218.298520][ T5844]  ? __pfx_kthread+0x10/0x10
[  218.298563][ T5844]  ret_from_fork_asm+0x1a/0x30
[  218.298632][ T5844]  </TASK>
[  218.634145][ T5917] libceph: connect (1)[c::]:6789 error -101
[  218.640303][ T5917] libceph: mon0 (1)[c::]:6789 connect error
[  218.648000][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.134'.
[  218.664182][ T5844] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  218.681131][ T5844] Bluetooth: hci0: failed to register connection device
[  219.033862][ T5840] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.607551][ T6674] loop2: detected capacity change from 0 to 32768
[  219.847780][ T6674] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 72155c93-b5c1-4180-a2e6-a096f6954f9e
[  219.860425][ T6674] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.144 (6674)
[  220.019050][ T6674] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  220.029429][ T6674] BTRFS info (device loop2): using sha256 checksum algorithm
[  220.161958][ T6647] nbd: socks must be embedded in a SOCK_ITEM attr
[  220.190703][ T6674] BTRFS info (device loop2): enabling ssd optimizations
[  220.197766][ T6674] BTRFS info (device loop2): turning on async discard
[  220.204716][ T6674] BTRFS info (device loop2): enabling free space tree
[  220.301547][ T6410] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  220.604534][ T6410] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  220.655874][ T6698] BTRFS error (device loop2): balance: mixed groups data and metadata options must be the same
[  220.864499][ T6410] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  225.371428][ T6410] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  225.381394][ T6410] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  225.460910][ T6410] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  225.530748][ T6410] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  225.632854][ T6410] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  225.634797][ T5847] BTRFS info (device loop2): last unmount of filesystem 72155c93-b5c1-4180-a2e6-a096f6954f9e
[  225.730409][ T6111] udevd[6111]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  227.913595][ T5858] Bluetooth: hci4: command 0x0406 tx timeout
[  227.919764][ T5857] Bluetooth: hci3: command 0x0406 tx timeout
[  227.925810][   T50] Bluetooth: hci2: command 0x0406 tx timeout
[  227.932675][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  227.941496][ T5852] Bluetooth: hci0: command 0x0406 tx timeout
[  229.630632][ T6727] loop4: detected capacity change from 0 to 32768
[  229.652994][ T6410] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.687485][ T6727] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.152 (6727)
[  229.729024][ T6727] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  229.743047][ T6727] BTRFS info (device loop4): using sha256 checksum algorithm
[  229.824381][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  229.841740][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  229.857825][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  229.869271][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  229.877192][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  229.881090][ T6410] 8021q: adding VLAN 0 to HW filter on device team0
[  229.927207][ T6727] BTRFS info (device loop4): enabling ssd optimizations
[  229.934376][ T6727] BTRFS info (device loop4): turning on async discard
[  229.942332][ T6727] BTRFS info (device loop4): enabling free space tree
[  230.548133][ T6071] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.555388][ T6071] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.710913][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.718306][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.300073][ T6754] loop3: detected capacity change from 0 to 40427
[  231.344964][ T6754] F2FS-fs (loop3): invalid crc value
[  231.416423][ T6754] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  231.434411][ T6754] F2FS-fs (loop3): Start checkpoint disabled!
[  231.447912][ T6754] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  231.458987][ T6754] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  231.489762][   T30] audit: type=1800 audit(1776959103.802:9): pid=6754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.153" name="file1" dev="loop3" ino=10 res=0 errno=0
[  231.887950][ T6761] bio_check_eod: 362 callbacks suppressed
[  231.887980][ T6761] syz.3.153: attempt to access beyond end of device
[  231.887980][ T6761] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  231.911977][ T6761] syz.3.153: attempt to access beyond end of device
[  231.911977][ T6761] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  231.930907][ T6761] syz.3.153: attempt to access beyond end of device
[  231.930907][ T6761] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  231.948836][ T6761] syz.3.153: attempt to access beyond end of device
[  231.948836][ T6761] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  232.014291][ T6761] syz.3.153: attempt to access beyond end of device
[  232.014291][ T6761] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  232.033622][ T6761] syz.3.153: attempt to access beyond end of device
[  232.033622][ T6761] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  232.052310][ T6761] syz.3.153: attempt to access beyond end of device
[  232.052310][ T6761] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  232.071169][ T6761] syz.3.153: attempt to access beyond end of device
[  232.071169][ T6761] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  232.088017][ T6761] syz.3.153: attempt to access beyond end of device
[  232.088017][ T6761] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  232.106856][ T6761] syz.3.153: attempt to access beyond end of device
[  232.106856][ T6761] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  232.671349][ T5844] Bluetooth: hci5: command tx timeout
[  233.091323][ T1091] CPU: 0 UID: 0 PID: 1091 Comm: kworker/u8:7 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  233.091379][ T1091] Tainted: [L]=SOFTLOCKUP
[  233.091392][ T1091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  233.091416][ T1091] Workqueue: writeback wb_workfn (flush-7:3)
[  233.091486][ T1091] Call Trace:
[  233.091497][ T1091]  <TASK>
[  233.091511][ T1091]  dump_stack_lvl+0x100/0x190
[  233.091559][ T1091]  f2fs_stop_checkpoint+0x600/0x9b0
[  233.091616][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.091663][ T1091]  ? errseq_set+0xe3/0x150
[  233.091721][ T1091]  ? errseq_set+0xe3/0x150
[  233.091778][ T1091]  f2fs_write_end_io+0xf59/0x1340
[  233.091844][ T1091]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  233.091912][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.091974][ T1091]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  233.092036][ T1091]  bio_endio+0x78f/0x8f0
[  233.092085][ T1091]  submit_bio_noacct+0x64c/0x2000
[  233.092158][ T1091]  f2fs_submit_write_bio+0x135/0x340
[  233.092217][ T1091]  __submit_merged_bio+0x331/0x780
[  233.092284][ T1091]  __submit_merged_write_cond+0x3fe/0x510
[  233.092355][ T1091]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  233.092428][ T1091]  ? __pfx___might_resched+0x10/0x10
[  233.092480][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.092534][ T1091]  f2fs_write_cache_pages+0x20e9/0x2630
[  233.092598][ T1091]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  233.092651][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.092698][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.092744][ T1091]  ? find_held_lock+0x2b/0x80
[  233.092802][ T1091]  ? nr_blockdev_pages+0xde/0x120
[  233.092861][ T1091]  ? nr_blockdev_pages+0xde/0x120
[  233.092917][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.092996][ T1091]  ? si_meminfo+0x118/0x230
[  233.093034][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093082][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093191][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093236][ T1091]  ? rcu_is_watching+0x12/0xc0
[  233.093298][ T1091]  f2fs_write_data_pages+0x799/0x16d0
[  233.093340][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093386][ T1091]  ? trace_f2fs_writepages.constprop.0+0x75/0x230
[  233.093446][ T1091]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.093499][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093550][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093598][ T1091]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  233.093646][ T1091]  do_writepages+0x278/0x600
[  233.093712][ T1091]  ? __pfx_do_writepages+0x10/0x10
[  233.093773][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.093825][ T1091]  __writeback_single_inode+0x164/0x1350
[  233.093884][ T1091]  ? find_held_lock+0x2b/0x80
[  233.093953][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094002][ T1091]  ? __pfx___writeback_single_inode+0x10/0x10
[  233.094059][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094104][ T1091]  ? do_raw_spin_unlock+0x145/0x1e0
[  233.094158][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094210][ T1091]  writeback_sb_inodes+0x766/0x1c60
[  233.094290][ T1091]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  233.094347][ T1091]  ? do_raw_spin_lock+0x128/0x260
[  233.094401][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094503][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094549][ T1091]  ? rcu_is_watching+0x12/0xc0
[  233.094603][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094649][ T1091]  ? queue_io+0x287/0x540
[  233.094701][ T1091]  wb_writeback+0x1bf/0xb90
[  233.094770][ T1091]  ? __pfx_wb_writeback+0x10/0x10
[  233.094838][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.094884][ T1091]  ? mark_held_locks+0x40/0x70
[  233.094939][ T1091]  ? _raw_spin_unlock_irq+0x23/0x50
[  233.095000][ T1091]  wb_workfn+0x14f/0xc00
[  233.095061][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095105][ T1091]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  233.095166][ T1091]  ? __pfx_wb_workfn+0x10/0x10
[  233.095227][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095276][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095324][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095369][ T1091]  ? rcu_is_watching+0x12/0xc0
[  233.095422][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095475][ T1091]  process_one_work+0xa0e/0x1980
[  233.095542][ T1091]  ? __pfx_process_one_work+0x10/0x10
[  233.095585][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095645][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.095698][ T1091]  worker_thread+0x5ef/0xe50
[  233.095761][ T1091]  ? kthread+0x13a/0x450
[  233.095800][ T1091]  ? __pfx_worker_thread+0x10/0x10
[  233.095843][ T1091]  kthread+0x370/0x450
[  233.095882][ T1091]  ? __pfx_kthread+0x10/0x10
[  233.095935][ T1091]  ret_from_fork+0x72b/0xd50
[  233.095983][ T1091]  ? __pfx_ret_from_fork+0x10/0x10
[  233.096030][ T1091]  ? srso_alias_return_thunk+0x5/0xfbef5
[  233.096077][ T1091]  ? __switch_to+0x800/0x1100
[  233.096130][ T1091]  ? __switch_to_asm+0x39/0x70
[  233.096180][ T1091]  ? __pfx_kthread+0x10/0x10
[  233.096223][ T1091]  ret_from_fork_asm+0x1a/0x30
[  233.096298][ T1091]  </TASK>
[  233.119541][ T1091] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  233.882677][ T5840] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  234.787886][ T5844] Bluetooth: hci5: command tx timeout
[  236.808450][ T5844] Bluetooth: hci5: command tx timeout
[  239.036778][ T5844] Bluetooth: hci5: command tx timeout
[  239.775685][ T6071] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.908346][ T6794] netlink: 'syz.4.161': attribute type 4 has an invalid length.
[  239.950140][ T5153] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  239.969129][ T6794] mmap: syz.4.161 (6794) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  239.987495][ T5153] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  240.002875][ T5153] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  240.013886][ T5153] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  240.023316][ T5153] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  242.110601][ T5153] Bluetooth: hci3: command tx timeout
[  242.906822][ T6819] loop0: detected capacity change from 0 to 32768
[  242.914500][ T6819] xfs: Deprecated parameter 'ikeep'
[  242.920081][ T6819] XFS: ikeep mount option is deprecated.
[  242.986881][ T6819] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  243.098146][ T6819] XFS (loop0): Ending clean mount
[  243.540300][ T6833] xt_CT: You must specify a L4 protocol and not use inversions on it
[  243.960708][ T5839] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  243.992030][ T6071] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.170168][ T5153] Bluetooth: hci3: command tx timeout
[  245.432067][ T6071] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.757766][ T5153] Bluetooth: hci3: command tx timeout
[  247.710591][ T6071] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.831191][ T6733] chnl_net:caif_netlink_parms(): no params data found
[  248.371553][ T6875] loop3: detected capacity change from 0 to 32768
[  248.537681][ T6875] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  248.808277][ T5153] Bluetooth: hci3: command tx timeout
[  249.615176][ T6875] XFS (loop3): Ending clean mount
[  249.629209][ T6875] XFS (loop3): Quotacheck needed: Please wait.
[  249.962050][ T6896] loop4: detected capacity change from 0 to 32768
[  249.993698][ T6896] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.180 (6896)
[  250.029363][ T6896] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  250.039660][ T6896] BTRFS info (device loop4): using sha256 checksum algorithm
[  250.304592][ T6875] XFS (loop3): Quotacheck: Done.
[  251.249687][ T6800] chnl_net:caif_netlink_parms(): no params data found
[  251.405243][ T5848] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  251.506852][ T6733] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.529574][ T6733] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.551017][ T6733] bridge_slave_0: entered allmulticast mode
[  251.574868][ T6733] bridge_slave_0: entered promiscuous mode
[  251.629043][ T6071] bridge_slave_1: left allmulticast mode
[  251.646221][ T6071] bridge_slave_1: left promiscuous mode
[  251.666955][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.704287][ T6919] loop2: detected capacity change from 0 to 32768
[  251.712220][ T6919] xfs: Deprecated parameter 'ikeep'
[  251.717490][ T6919] XFS: ikeep mount option is deprecated.
[  251.759271][ T6071] bridge_slave_0: left allmulticast mode
[  251.765771][ T6071] bridge_slave_0: left promiscuous mode
[  251.772432][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.825552][ T6919] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  251.841346][ T6896] BTRFS info (device loop4): setting nodatasum
[  251.847612][ T6896] BTRFS info (device loop4): enabling ssd optimizations
[  251.856960][ T6896] BTRFS info (device loop4): turning on async discard
[  251.864937][ T6896] BTRFS info (device loop4): enabling free space tree
[  251.922216][ T6919] XFS (loop2): Ending clean mount
[  252.708233][ T6938] xt_CT: You must specify a L4 protocol and not use inversions on it
[  253.107551][   T30] audit: type=1800 audit(1776959125.372:10): pid=6937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.180" name="file1" dev="loop4" ino=260 res=0 errno=0
[  253.298605][ T5847] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  253.846615][ T5840] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  255.150874][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  255.157346][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  256.548377][ T6957] loop2: detected capacity change from 0 to 2048
[  256.841887][ T6957] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  258.165151][ T6963] loop3: detected capacity change from 0 to 40427
[  258.183381][ T6963] F2FS-fs (loop3): Corrupted extension count (64 + 1 > 64)
[  258.190932][ T6963] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  258.201861][ T6963] F2FS-fs (loop3): invalid crc value
[  258.665686][ T6957] EXT4-fs: error -4 creating inode table initialization thread
[  258.712749][ T6957] EXT4-fs (loop2): mount failed
[  258.759971][ T6963] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  260.903373][ T6982] loop2: detected capacity change from 0 to 32768
[  261.025042][ T6982] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.189 (6982)
[  261.304797][ T6982] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  261.315231][ T6982] BTRFS info (device loop2): using sha256 checksum algorithm
[  262.284411][   T30] audit: type=1800 audit(1776959134.182:11): pid=6991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.193" name="file0" dev="overlay" ino=220 res=0 errno=0
[  262.660132][ T6071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  262.720436][ T6982] BTRFS info (device loop2): enabling ssd optimizations
[  262.727496][ T6982] BTRFS info (device loop2): turning on async discard
[  262.735068][ T6982] BTRFS info (device loop2): enabling free space tree
[  262.761809][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  262.802142][ T7009] loop0: detected capacity change from 0 to 512
[  262.850764][ T6071] bond0 (unregistering): Released all slaves
[  263.199088][ T7009] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.968458][ T7009] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  263.993608][ T6733] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.032592][ T6733] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.095369][ T6733] bridge_slave_1: entered allmulticast mode
[  264.114201][ T6733] bridge_slave_1: entered promiscuous mode
[  264.203298][ T5847] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  265.978700][ T7029] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  266.159222][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.216096][ T6733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.261488][ T6733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.130684][ T7049] IPv6: NLM_F_REPLACE set, but no existing node found!
[  271.117330][ T7060] xt_TPROXY: Can be used only with -p tcp or -p udp
[  274.232178][ T6733] team0: Port device team_slave_0 added
[  274.256789][ T6733] team0: Port device team_slave_1 added
[  275.245207][ T7083] loop0: detected capacity change from 0 to 32768
[  275.581268][ T7083] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  276.242319][ T7083] XFS (loop0): Ending clean mount
[  276.254494][ T7083] XFS (loop0): Quotacheck needed: Please wait.
[  276.352583][ T7083] XFS (loop0): Quotacheck: Done.
[  276.632197][ T6733] batman_adv: batadv0: Adding interface: batadv_slave_0
[  276.645109][ T6733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  276.676911][ T6733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.345031][ T6800] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.625095][ T6800] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.647383][ T6800] bridge_slave_0: entered allmulticast mode
[  277.853940][ T5839] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  278.084232][ T6800] bridge_slave_0: entered promiscuous mode
[  278.116058][ T6800] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.154872][ T6800] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.188406][ T6800] bridge_slave_1: entered allmulticast mode
[  278.206302][ T6800] bridge_slave_1: entered promiscuous mode
[  278.561132][ T6733] batman_adv: batadv0: Adding interface: batadv_slave_1
[  278.578029][ T6733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  278.639495][ T6733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  279.890199][ T6071] hsr_slave_0: left promiscuous mode
[  279.907889][ T6071] hsr_slave_1: left promiscuous mode
[  279.915828][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  279.933731][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  279.951512][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  280.063032][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  280.237866][ T7118] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  280.744875][ T6071] veth1_macvtap: left promiscuous mode
[  280.775868][ T6071] veth0_macvtap: left promiscuous mode
[  280.795873][ T6071] veth1_vlan: left promiscuous mode
[  280.816580][ T6071] veth0_vlan: left promiscuous mode
[  280.967252][ T7122] Bluetooth: MGMT ver 1.23
[  281.299320][ T6071] pim6reg (unregistering): left allmulticast mode
[  282.909296][ T5153] Bluetooth: hci1: unexpected cc 0x0c13 length: 85 > 1
[  282.916466][ T5153] Bluetooth: hci1: unexpected event for opcode 0x0c13
[  283.159631][ T7119] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  283.256952][ T7119] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  283.435140][ T6071] team0 (unregistering): Port device team_slave_1 removed
[  283.537192][ T7119] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  283.622529][ T7150] xt_CT: You must specify a L4 protocol and not use inversions on it
[  284.328758][ T6071] team0 (unregistering): Port device team_slave_0 removed
[  284.407179][ T7119] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  285.825015][ T7159] capability: warning: `syz.4.224' uses 32-bit capabilities (legacy support in use)
[  286.969556][ T6800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  287.046436][ T6800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  287.128016][ T5498] 8021q: adding VLAN 0 to HW filter on device eth1
[  287.142660][ T7163] syz_tun: entered allmulticast mode
[  287.225177][ T5844] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  287.237584][ T5844] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  287.245948][ T5844] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  287.330329][ T5844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  287.349599][ T5844] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  289.818071][ T5844] Bluetooth: hci6: command tx timeout
[  289.951998][ T6800] team0: Port device team_slave_0 added
[  289.984421][ T6800] team0: Port device team_slave_1 added
[  290.221829][ T7185] loop2: detected capacity change from 0 to 128
[  290.236649][ T6800] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.265924][ T6800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  290.480601][ T6800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.219029][ T7185] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  291.295485][ T7185] ext4 filesystem being mounted at /49/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  291.701492][ T6800] batman_adv: batadv0: Adding interface: batadv_slave_1
[  291.734474][ T6800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.710980][ T5844] Bluetooth: hci6: command tx timeout
[  292.747152][ T6800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.778908][ T7198] loop4: detected capacity change from 0 to 40427
[  293.927806][ T7198] F2FS-fs (loop4): Corrupted extension count (64 + 1 > 64)
[  293.935122][ T7198] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  294.747849][ T5844] Bluetooth: hci6: command tx timeout
[  294.988934][ T7198] F2FS-fs (loop4): invalid crc value
[  294.994472][ T7198] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-4)
[  295.450870][ T5847] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  296.746352][ T7215] netlink: 20 bytes leftover after parsing attributes in process `syz.0.235'.
[  296.810143][ T5844] Bluetooth: hci6: command tx timeout
[  297.192285][ T5153] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  297.206283][ T5153] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  297.225599][ T5153] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  297.242554][ T5153] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  297.259801][ T5153] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  299.288374][ T5153] Bluetooth: hci5: command tx timeout
[  301.173322][ T7247] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  301.410373][ T5153] Bluetooth: hci5: command tx timeout
[  301.435403][ T7247] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  303.493770][ T5153] Bluetooth: hci5: command tx timeout
[  305.618885][ T5153] Bluetooth: hci5: command tx timeout
[  305.659376][ T7278] loop2: detected capacity change from 0 to 32768
[  305.670431][ T7278] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.256 (7278)
[  305.685200][ T7275] loop3: detected capacity change from 0 to 32768
[  305.707222][ T7275] BTRFS info: device /dev/loop3 (7:3) using temp-fsid f5a8d248-b514-47c1-83f5-788b15f55de3
[  305.707248][ T7278] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  305.707292][ T7278] BTRFS info (device loop2): using sha256 checksum algorithm
[  305.719985][ T7275] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.246 (7275)
[  305.761610][ T7275] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  305.771962][ T7275] BTRFS info (device loop3): using sha256 checksum algorithm
[  305.876088][ T7166] chnl_net:caif_netlink_parms(): no params data found
[  305.951980][ T7278] BTRFS info (device loop2): setting nodatasum
[  305.958439][ T7278] BTRFS info (device loop2): enabling ssd optimizations
[  305.965637][ T7278] BTRFS info (device loop2): turning on async discard
[  305.972644][ T7278] BTRFS info (device loop2): enabling free space tree
[  306.020978][ T7275] BTRFS info (device loop3): enabling ssd optimizations
[  306.029792][ T7275] BTRFS info (device loop3): turning on async discard
[  306.036629][ T7275] BTRFS info (device loop3): enabling free space tree
[  306.397888][   T30] audit: type=1800 audit(1776959178.692:12): pid=7313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.256" name="file1" dev="loop2" ino=260 res=0 errno=0
[  307.991322][ T5847] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  309.154164][ T5848] BTRFS info (device loop3): last unmount of filesystem f5a8d248-b514-47c1-83f5-788b15f55de3
[  309.489217][ T5498] 8021q: adding VLAN 0 to HW filter on device eth3
[  311.240961][ T7347] loop2: detected capacity change from 0 to 512
[  311.365158][ T7324] syzkaller0: entered promiscuous mode
[  311.473915][ T7324] syzkaller0: entered allmulticast mode
[  311.650979][ T7347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.665460][ T7347] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.115087][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.239658][ T7361] loop4: detected capacity change from 0 to 512
[  314.424785][ T7166] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.432683][ T7166] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.440519][ T7166] bridge_slave_0: entered allmulticast mode
[  315.216340][ T7166] bridge_slave_0: entered promiscuous mode
[  315.220526][ T7370] loop2: detected capacity change from 0 to 64
[  315.714993][ T7166] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.742599][ T7166] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.708651][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  316.715106][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  316.726130][ T7381] xt_TPROXY: Can be used only with -p tcp or -p udp
[  316.735593][ T7166] bridge_slave_1: entered allmulticast mode
[  316.749341][ T7166] bridge_slave_1: entered promiscuous mode
[  317.845783][ T7166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  318.859814][ T7392] trusted_key: encrypted_key: insufficient parameters specified
[  318.870151][ T7166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  320.098247][ T7223] chnl_net:caif_netlink_parms(): no params data found
[  321.302728][ T7406] slcan: can't register candev
[  321.353235][ T7166] team0: Port device team_slave_0 added
[  321.362705][ T7166] team0: Port device team_slave_1 added
[  322.485900][ T7418] netlink: 5 bytes leftover after parsing attributes in process `syz.4.268'.
[  323.909189][ T7411] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  324.098411][ T5931] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  324.219942][ T7418] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  324.279814][ T5931] usb 5-1: config 0 has no interfaces?
[  324.285504][ T5931] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  324.321041][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.379925][ T5931] usb 5-1: config 0 descriptor??
[  325.396436][ T7421] No such timeout policy "syz1"
[  325.404104][ T7166] batman_adv: batadv0: Adding interface: batadv_slave_0
[  325.440197][ T7166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  325.534301][ T7166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  326.618539][ T7166] batman_adv: batadv0: Adding interface: batadv_slave_1
[  326.642274][ T7166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  326.670163][ T7166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  326.871976][ T5931] usb 5-1: string descriptor 0 read error: -71
[  326.936105][ T5931] usb 5-1: USB disconnect, device number 2
[  327.418513][ T7441] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  327.937745][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  327.955776][ T7445] netlink: 20 bytes leftover after parsing attributes in process `syz.3.271'.
[  329.450300][ T6071] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  330.504449][ T5153] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  330.514436][ T5153] CPU: 0 UID: 0 PID: 5153 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  330.514493][ T5153] Tainted: [L]=SOFTLOCKUP
[  330.514506][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  330.514531][ T5153] Workqueue: hci0 hci_rx_work
[  330.514594][ T5153] Call Trace:
[  330.514606][ T5153]  <TASK>
[  330.514619][ T5153]  dump_stack_lvl+0x100/0x190
[  330.514664][ T5153]  sysfs_warn_dup.cold+0x1c/0x28
[  330.514723][ T5153]  sysfs_create_dir_ns+0x24b/0x2b0
[  330.514785][ T5153]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  330.514844][ T5153]  ? find_held_lock+0x2b/0x80
[  330.514906][ T5153]  ? kobject_add_internal+0x25f/0x930
[  330.514951][ T5153]  ? kobject_add_internal+0x25f/0x930
[  330.514998][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.515046][ T5153]  ? do_raw_spin_unlock+0x145/0x1e0
[  330.515105][ T5153]  kobject_add_internal+0x2c8/0x930
[  330.515167][ T5153]  kobject_add+0x16a/0x1e0
[  330.515211][ T5153]  ? __pfx_kobject_add+0x10/0x10
[  330.515253][ T5153]  ? class_to_subsys+0x10f/0x150
[  330.515303][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.515353][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.515400][ T5153]  ? kobject_put+0xb9/0x640
[  330.515437][ T5153]  ? _raw_spin_unlock+0x28/0x50
[  330.515506][ T5153]  device_add+0x294/0x1950
[  330.515551][ T5153]  ? __pfx_dev_set_name+0x10/0x10
[  330.515602][ T5153]  ? __pfx_device_add+0x10/0x10
[  330.515644][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.515691][ T5153]  ? mgmt_send_event_skb+0x2fb/0x460
[  330.515769][ T5153]  hci_conn_add_sysfs+0x1a3/0x260
[  330.515814][ T5153]  le_conn_complete_evt+0x11eb/0x1f60
[  330.515890][ T5153]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  330.515959][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.516014][ T5153]  hci_le_conn_complete_evt+0x23c/0x3a0
[  330.516081][ T5153]  ? skb_pull_data+0x15f/0x1e0
[  330.516140][ T5153]  hci_le_meta_evt+0x34a/0x5f0
[  330.516184][ T5153]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  330.516255][ T5153]  hci_event_packet+0x51c/0xcd0
[  330.516318][ T5153]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  330.516357][ T5153]  ? __pfx_hci_event_packet+0x10/0x10
[  330.516425][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.516478][ T5153]  ? kcov_remote_start+0x374/0x660
[  330.516519][ T5153]  ? lockdep_hardirqs_on+0x78/0x100
[  330.516582][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.516640][ T5153]  hci_rx_work+0x451/0xfc0
[  330.516710][ T5153]  process_one_work+0xa0e/0x1980
[  330.516781][ T5153]  ? __pfx_process_one_work+0x10/0x10
[  330.516826][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.516889][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.516943][ T5153]  worker_thread+0x5ef/0xe50
[  330.517003][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  330.517053][ T5153]  ? kthread+0x13a/0x450
[  330.517092][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  330.517136][ T5153]  kthread+0x370/0x450
[  330.517181][ T5153]  ? __pfx_kthread+0x10/0x10
[  330.517226][ T5153]  ret_from_fork+0x72b/0xd50
[  330.517275][ T5153]  ? __pfx_ret_from_fork+0x10/0x10
[  330.517323][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  330.517370][ T5153]  ? __switch_to+0x800/0x1100
[  330.517423][ T5153]  ? __switch_to_asm+0x39/0x70
[  330.517475][ T5153]  ? __pfx_kthread+0x10/0x10
[  330.517519][ T5153]  ret_from_fork_asm+0x1a/0x30
[  330.517597][ T5153]  </TASK>
[  330.868404][ T5498] 8021q: adding VLAN 0 to HW filter on device eth4
[  330.890195][ T5153] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  330.909090][ T5153] Bluetooth: hci0: failed to register connection device
[  330.939939][ T6071] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.165456][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.173356][ T7223] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.189480][ T7223] bridge_slave_0: entered allmulticast mode
[  331.198799][ T7223] bridge_slave_0: entered promiscuous mode
[  331.222350][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.263499][ T5153] ==================================================================
[  331.271704][ T5153] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xde7/0xf80
[  331.279671][ T5153] Read of size 8 at addr ffff888023290480 by task kworker/u9:1/5153
[  331.287759][ T5153] 
[  331.290271][ T5153] CPU: 0 UID: 0 PID: 5153 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  331.290326][ T5153] Tainted: [L]=SOFTLOCKUP
[  331.290340][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  331.290367][ T5153] Workqueue: hci0 hci_rx_work
[  331.290429][ T5153] Call Trace:
[  331.290443][ T5153]  <TASK>
[  331.290459][ T5153]  dump_stack_lvl+0x100/0x190
[  331.290501][ T5153]  print_report+0x13d/0x4b0
[  331.290557][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.290605][ T5153]  ? __virt_addr_valid+0x239/0x430
[  331.290647][ T5153]  ? l2cap_connect_cfm+0xde7/0xf80
[  331.290706][ T5153]  kasan_report+0xdf/0x1d0
[  331.290764][ T5153]  ? l2cap_connect_cfm+0xde7/0xf80
[  331.290831][ T5153]  l2cap_connect_cfm+0xde7/0xf80
[  331.290904][ T5153]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  331.290967][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.291017][ T5153]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  331.291079][ T5153]  le_conn_complete_evt+0x197c/0x1f60
[  331.291148][ T5153]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  331.291212][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.291264][ T5153]  hci_le_conn_complete_evt+0x23c/0x3a0
[  331.291327][ T5153]  ? skb_pull_data+0x15f/0x1e0
[  331.291382][ T5153]  hci_le_meta_evt+0x34a/0x5f0
[  331.291420][ T5153]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  331.291487][ T5153]  hci_event_packet+0x51c/0xcd0
[  331.291547][ T5153]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  331.291585][ T5153]  ? __pfx_hci_event_packet+0x10/0x10
[  331.291646][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.291695][ T5153]  ? kcov_remote_start+0x374/0x660
[  331.291736][ T5153]  ? lockdep_hardirqs_on+0x78/0x100
[  331.291796][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.291849][ T5153]  hci_rx_work+0x451/0xfc0
[  331.291920][ T5153]  process_one_work+0xa0e/0x1980
[  331.291979][ T5153]  ? __pfx_process_one_work+0x10/0x10
[  331.292024][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.292080][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.292131][ T5153]  worker_thread+0x5ef/0xe50
[  331.292184][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  331.292231][ T5153]  ? kthread+0x13a/0x450
[  331.292271][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  331.292315][ T5153]  kthread+0x370/0x450
[  331.292354][ T5153]  ? __pfx_kthread+0x10/0x10
[  331.292397][ T5153]  ret_from_fork+0x72b/0xd50
[  331.292443][ T5153]  ? __pfx_ret_from_fork+0x10/0x10
[  331.292489][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  331.292535][ T5153]  ? __switch_to+0x800/0x1100
[  331.292588][ T5153]  ? __switch_to_asm+0x39/0x70
[  331.292635][ T5153]  ? __pfx_kthread+0x10/0x10
[  331.292678][ T5153]  ret_from_fork_asm+0x1a/0x30
[  331.292744][ T5153]  </TASK>
[  331.292757][ T5153] 
[  331.555594][ T5153] Allocated by task 5153:
[  331.560099][ T5153]  kasan_save_stack+0x30/0x50
[  331.564844][ T5153]  kasan_save_track+0x14/0x30
[  331.569666][ T5153]  __kasan_kmalloc+0xaa/0xb0
[  331.574287][ T5153]  l2cap_chan_create+0x44/0x940
[  331.579259][ T5153]  l2cap_sock_alloc.constprop.0+0xf5/0x1e0
[  331.585108][ T5153]  l2cap_sock_new_connection_cb+0x101/0x260
[  331.591044][ T5153]  l2cap_connect_cfm+0x4e2/0xf80
[  331.596041][ T5153]  le_conn_complete_evt+0x197c/0x1f60
[  331.601448][ T5153]  hci_le_conn_complete_evt+0x23c/0x3a0
[  331.607139][ T5153]  hci_le_meta_evt+0x34a/0x5f0
[  331.611919][ T5153]  hci_event_packet+0x51c/0xcd0
[  331.616903][ T5153]  hci_rx_work+0x451/0xfc0
[  331.621351][ T5153]  process_one_work+0xa0e/0x1980
[  331.626310][ T5153]  worker_thread+0x5ef/0xe50
[  331.630916][ T5153]  kthread+0x370/0x450
[  331.634993][ T5153]  ret_from_fork+0x72b/0xd50
[  331.639689][ T5153]  ret_from_fork_asm+0x1a/0x30
[  331.644473][ T5153] 
[  331.646785][ T5153] Freed by task 7476:
[  331.650752][ T5153]  kasan_save_stack+0x30/0x50
[  331.655531][ T5153]  kasan_save_track+0x14/0x30
[  331.660342][ T5153]  kasan_save_free_info+0x3b/0x70
[  331.665377][ T5153]  __kasan_slab_free+0x5f/0x80
[  331.670171][ T5153]  kfree+0x223/0x6c0
[  331.674169][ T5153]  l2cap_chan_put+0x235/0x300
[  331.678876][ T5153]  l2cap_sock_cleanup_listen+0x4d/0x2d0
[  331.684469][ T5153]  l2cap_sock_release+0x69/0x280
[  331.689460][ T5153]  __sock_release+0xb3/0x260
[  331.694069][ T5153]  sock_close+0x1c/0x30
[  331.698237][ T5153]  __fput+0x3ff/0xb50
[  331.702359][ T5153]  task_work_run+0x150/0x240
[  331.707160][ T5153]  get_signal+0x1bd/0x21e0
[  331.711687][ T5153]  arch_do_signal_or_restart+0x91/0x7a0
[  331.717262][ T5153]  exit_to_user_mode_loop+0x86/0x4a0
[  331.722689][ T5153]  do_syscall_64+0x706/0xf80
[  331.727417][ T5153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.733333][ T5153] 
[  331.735658][ T5153] The buggy address belongs to the object at ffff888023290000
[  331.735658][ T5153]  which belongs to the cache kmalloc-2k of size 2048
[  331.749905][ T5153] The buggy address is located 1152 bytes inside of
[  331.749905][ T5153]  freed 2048-byte region [ffff888023290000, ffff888023290800)
[  331.764003][ T5153] 
[  331.766536][ T5153] The buggy address belongs to the physical page:
[  331.772976][ T5153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888023297000 pfn:0x23290
[  331.783067][ T5153] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  331.791587][ T5153] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  331.800353][ T5153] page_type: f5(slab)
[  331.804537][ T5153] raw: 00fff00000000240 ffff88813fe87000 ffffea00014f5e10 ffffea0000d26610
[  331.813135][ T5153] raw: ffff888023297000 0000000800080006 00000000f5000000 0000000000000000
[  331.821733][ T5153] head: 00fff00000000240 ffff88813fe87000 ffffea00014f5e10 ffffea0000d26610
[  331.830503][ T5153] head: ffff888023297000 0000000800080006 00000000f5000000 0000000000000000
[  331.839218][ T5153] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  331.847904][ T5153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  331.856683][ T5153] page dumped because: kasan: bad access detected
[  331.863109][ T5153] page_owner tracks the page as allocated
[  331.868945][ T5153] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3150279650, free_ts 0
[  331.888741][ T5153]  post_alloc_hook+0x153/0x170
[  331.893704][ T5153]  get_page_from_freelist+0x11a6/0x33b0
[  331.899271][ T5153]  __alloc_frozen_pages_noprof+0x27c/0x2bc0
[  331.905286][ T5153]  new_slab+0xa6/0x6c0
[  331.909382][ T5153]  refill_objects+0x277/0x420
[  331.914598][ T5153]  __pcs_replace_empty_main+0x375/0x650
[  331.920192][ T5153]  __kmalloc_cache_noprof+0x493/0x6f0
[  331.925611][ T5153]  acpi_ds_create_walk_state+0x95/0x300
[  331.931290][ T5153]  acpi_ps_execute_method+0x2c1/0xe90
[  331.936794][ T5153]  acpi_ns_evaluate+0x640/0x1670
[  331.941840][ T5153]  acpi_evaluate_object+0x420/0xe00
[  331.947240][ T5153]  acpi_evaluate_integer+0xdf/0x220
[  331.952478][ T5153]  acpi_bus_get_status+0x1a1/0x430
[  331.957634][ T5153]  acpi_bus_attach+0xe5/0xbc0
[  331.962433][ T5153]  acpi_dev_for_one_check+0x97/0xd0
[  331.967686][ T5153]  device_for_each_child+0x11e/0x1a0
[  331.973018][ T5153] page_owner free stack trace missing
[  331.978402][ T5153] 
[  331.980722][ T5153] Memory state around the buggy address:
[  331.986400][ T5153]  ffff888023290380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  331.994636][ T5153]  ffff888023290400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  332.002770][ T5153] >ffff888023290480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  332.010852][ T5153]                    ^
[  332.014927][ T5153]  ffff888023290500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  332.023088][ T5153]  ffff888023290580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  332.031191][ T5153] ==================================================================
[  332.078892][ T7223] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.089978][ T7223] bridge_slave_1: entered allmulticast mode
[  332.098646][ T5153] Disabling lock debugging due to kernel taint
[  332.098946][ T7223] bridge_slave_1: entered promiscuous mode
[  332.104892][ T5153] ==================================================================
[  332.119176][ T5153] BUG: KASAN: wild-memory-access in l2cap_connect_cfm+0x7c0/0xf80
[  332.127051][ T5153] Read of size 4 at addr deacfffffffffc8c by task kworker/u9:1/5153
[  332.135142][ T5153] 
[  332.137925][ T5153] CPU: 0 UID: 0 PID: 5153 Comm: kworker/u9:1 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[  332.137989][ T5153] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  332.138004][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  332.138032][ T5153] Workqueue: hci0 hci_rx_work
[  332.138104][ T5153] Call Trace:
[  332.138117][ T5153]  <TASK>
[  332.138137][ T5153]  dump_stack_lvl+0x100/0x190
[  332.138181][ T5153]  kasan_report+0xdf/0x1d0
[  332.138240][ T5153]  ? l2cap_connect_cfm+0x7c0/0xf80
[  332.138314][ T5153]  kasan_check_range+0x10f/0x1e0
[  332.138380][ T5153]  l2cap_connect_cfm+0x7c0/0xf80
[  332.138446][ T5153]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  332.138509][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.138559][ T5153]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  332.138620][ T5153]  le_conn_complete_evt+0x197c/0x1f60
[  332.138697][ T5153]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  332.138762][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.138814][ T5153]  hci_le_conn_complete_evt+0x23c/0x3a0
[  332.138880][ T5153]  ? skb_pull_data+0x15f/0x1e0
[  332.138935][ T5153]  hci_le_meta_evt+0x34a/0x5f0
[  332.138975][ T5153]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  332.139042][ T5153]  hci_event_packet+0x51c/0xcd0
[  332.139103][ T5153]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  332.139148][ T5153]  ? __pfx_hci_event_packet+0x10/0x10
[  332.139210][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.139259][ T5153]  ? kcov_remote_start+0x374/0x660
[  332.139300][ T5153]  ? lockdep_hardirqs_on+0x78/0x100
[  332.139365][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.139419][ T5153]  hci_rx_work+0x451/0xfc0
[  332.139486][ T5153]  process_one_work+0xa0e/0x1980
[  332.139546][ T5153]  ? __pfx_process_one_work+0x10/0x10
[  332.139598][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.139655][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.139706][ T5153]  worker_thread+0x5ef/0xe50
[  332.139759][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  332.139808][ T5153]  ? kthread+0x13a/0x450
[  332.139848][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  332.139892][ T5153]  kthread+0x370/0x450
[  332.139930][ T5153]  ? __pfx_kthread+0x10/0x10
[  332.139973][ T5153]  ret_from_fork+0x72b/0xd50
[  332.140020][ T5153]  ? __pfx_ret_from_fork+0x10/0x10
[  332.140067][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.140115][ T5153]  ? __switch_to+0x800/0x1100
[  332.140176][ T5153]  ? __switch_to_asm+0x39/0x70
[  332.140229][ T5153]  ? __pfx_kthread+0x10/0x10
[  332.140272][ T5153]  ret_from_fork_asm+0x1a/0x30
[  332.140338][ T5153]  </TASK>
[  332.140351][ T5153] ==================================================================
[  332.397043][ T7166] hsr_slave_0: entered promiscuous mode
[  332.399700][ T5153] Oops: general protection fault, probably for non-canonical address 0xfbd59bffffffff91: 0000 [#1] SMP KASAN NOPTI
[  332.405378][ T7166] hsr_slave_1: entered promiscuous mode
[  332.414655][ T5153] KASAN: maybe wild-memory-access in range [0xdeacfffffffffc88-0xdeacfffffffffc8f]
[  332.414697][ T5153] CPU: 0 UID: 0 PID: 5153 Comm: kworker/u9:1 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[  332.438729][ T7166] debugfs: 'hsr0' already exists in 'hsr'
[  332.440625][ T5153] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  332.447308][ T7166] Cannot create hsr debugfs directory
[  332.452337][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  332.452364][ T5153] Workqueue: hci0 hci_rx_work
[  332.452429][ T5153] RIP: 0010:l2cap_connect_cfm+0x7c7/0xf80
[  332.452498][ T5153] Code: 80 fb ff ff 49 39 c7 0f 84 29 01 00 00 e8 a1 d3 6f f7 49 8d 6e 0c be 04 00 00 00 48 89 ef e8 c0 9e dc f7 48 89 e8 48 c1 e8 03 <0f> b6 14 18 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5
[  332.452537][ T5153] RSP: 0018:ffffc900056af830 EFLAGS: 00010213
[  332.452566][ T5153] RAX: 1bd59fffffffff91 RBX: dffffc0000000000 RCX: ffffc9001e661000
[  332.452595][ T5153] RDX: 0000000000000000 RSI: ffffffff81c72c0d RDI: ffff8880373dbd80
[  332.452621][ T5153] RBP: deacfffffffffc8c R08: 0000000000000007 R09: 0000000000000000
[  332.452645][ T5153] R10: 0000000000000000 R11: 3d3d3d3d3d3d3d3d R12: ffff888034d9003d
[  332.452670][ T5153] R13: 0000000000000080 R14: deacfffffffffc80 R15: ffff888061a8b288
[  332.452698][ T5153] FS:  0000000000000000(0000) GS:ffff8881242db000(0000) knlGS:0000000000000000
[  332.452732][ T5153] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  332.452760][ T5153] CR2: 00007fad833e7158 CR3: 000000002adcf000 CR4: 0000000000350ef0
[  332.452784][ T5153] Call Trace:
[  332.452798][ T5153]  <TASK>
[  332.452820][ T5153]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  332.452888][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.452942][ T5153]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  332.453004][ T5153]  le_conn_complete_evt+0x197c/0x1f60
[  332.596861][ T5153]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  332.602640][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.608344][ T5153]  hci_le_conn_complete_evt+0x23c/0x3a0
[  332.613936][ T5153]  ? skb_pull_data+0x15f/0x1e0
[  332.618758][ T5153]  hci_le_meta_evt+0x34a/0x5f0
[  332.623552][ T5153]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  332.629669][ T5153]  hci_event_packet+0x51c/0xcd0
[  332.634558][ T5153]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  332.639892][ T5153]  ? __pfx_hci_event_packet+0x10/0x10
[  332.645308][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.651041][ T5153]  ? kcov_remote_start+0x374/0x660
[  332.656169][ T5153]  ? lockdep_hardirqs_on+0x78/0x100
[  332.661464][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.667225][ T5153]  hci_rx_work+0x451/0xfc0
[  332.671786][ T5153]  process_one_work+0xa0e/0x1980
[  332.676752][ T5153]  ? __pfx_process_one_work+0x10/0x10
[  332.682189][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.687977][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.693653][ T5153]  worker_thread+0x5ef/0xe50
[  332.698397][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  332.703574][ T5153]  ? kthread+0x13a/0x450
[  332.707889][ T5153]  ? __pfx_worker_thread+0x10/0x10
[  332.713044][ T5153]  kthread+0x370/0x450
[  332.717140][ T5153]  ? __pfx_kthread+0x10/0x10
[  332.721748][ T5153]  ret_from_fork+0x72b/0xd50
[  332.726364][ T5153]  ? __pfx_ret_from_fork+0x10/0x10
[  332.731580][ T5153]  ? srso_alias_return_thunk+0x5/0xfbef5
[  332.737266][ T5153]  ? __switch_to+0x800/0x1100
[  332.741967][ T5153]  ? __switch_to_asm+0x39/0x70
[  332.746895][ T5153]  ? __pfx_kthread+0x10/0x10
[  332.751577][ T5153]  ret_from_fork_asm+0x1a/0x30
[  332.756484][ T5153]  </TASK>
[  332.759504][ T5153] Modules linked in:
[  332.764425][ T5153] ---[ end trace 0000000000000000 ]---
[  332.777742][ T5153] RIP: 0010:l2cap_connect_cfm+0x7c7/0xf80
[  332.783549][ T5153] Code: 80 fb ff ff 49 39 c7 0f 84 29 01 00 00 e8 a1 d3 6f f7 49 8d 6e 0c be 04 00 00 00 48 89 ef e8 c0 9e dc f7 48 89 e8 48 c1 e8 03 <0f> b6 14 18 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5
[  332.804336][ T5153] RSP: 0018:ffffc900056af830 EFLAGS: 00010213
[  332.810954][ T5153] RAX: 1bd59fffffffff91 RBX: dffffc0000000000 RCX: ffffc9001e661000
[  332.819035][ T5153] RDX: 0000000000000000 RSI: ffffffff81c72c0d RDI: ffff8880373dbd80
[  332.827053][ T5153] RBP: deacfffffffffc8c R08: 0000000000000007 R09: 0000000000000000
[  332.835209][ T5153] R10: 0000000000000000 R11: 3d3d3d3d3d3d3d3d R12: ffff888034d9003d
[  332.843345][ T5153] R13: 0000000000000080 R14: deacfffffffffc80 R15: ffff888061a8b288
[  332.851427][ T5153] FS:  0000000000000000(0000) GS:ffff8881242db000(0000) knlGS:0000000000000000
[  332.861694][ T5153] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  332.868376][ T5153] CR2: 00007fad833e7158 CR3: 000000002adcf000 CR4: 0000000000350ef0
[  332.876383][ T5153] Kernel panic - not syncing: Fatal exception
[  332.883040][ T5153] Kernel Offset: disabled
[  332.887373][ T5153] Rebooting in 86400 seconds..