last executing test programs:

2m56.551504756s ago: executing program 5 (id=50):
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000000)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

2m50.173382125s ago: executing program 5 (id=65):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$MAP_LOOKUP_BATCH(0x12, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x84, @remote, 0x0, 0x0, 'wlc\x00', 0x20, 0xfffffffe, 0x7f}, 0x2c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
pread64(r4, &(0x7f0000001c00)=""/4108, 0x100c, 0x3)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")

2m42.103285533s ago: executing program 5 (id=77):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000200000000000000071e00009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r5 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

2m40.76627183s ago: executing program 5 (id=80):
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80101, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

2m38.557173172s ago: executing program 5 (id=82):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, 0x0, 0x0, 0x1000, 0x0)
r3 = socket(0xa, 0x3, 0xfc)
setsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

2m36.136250573s ago: executing program 5 (id=86):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
r4 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000000000), 0x4)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000080)=0x8000)
write$dsp(0xffffffffffffffff, 0x0, 0x0)

2m30.623959958s ago: executing program 0 (id=95):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg1\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r2 = fsopen(&(0x7f0000000240)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x8)
prlimit64(0x0, 0x7, &(0x7f00000000c0)={0x36b8d822, 0x3}, &(0x7f0000000180))

2m29.953066198s ago: executing program 0 (id=100):
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, 0x0, 0x0, 0x0)
close(0x4)

2m27.375193042s ago: executing program 0 (id=104):
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r1 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7\x88\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7`\x9b=\xec\x9f\x1d\x9b@$\x8c\bb\x1a\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\'\xffO,4\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2\x01G\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\rr\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\xc6\x8a=\x04\xa35\x9b\xf5\x80E\x8f\x1e\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x10\x00'/276, 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000040)={r1, 0x0, 0x0, 0x1000})
unshare(0x22020400)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2m25.18961089s ago: executing program 0 (id=110):
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2)
openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
r0 = semget$private(0x0, 0x7, 0x180)
semtimedop(r0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000880)='hybla', 0x5)
sendto$inet(r4, 0x0, 0x0, 0xb, 0x0, 0x0)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2m23.920074765s ago: executing program 0 (id=113):
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000340)=0x5, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x4000000, 0x0, 0xfffffffffffffe10, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000280)=0x9, 0x4)
socket$netlink(0x10, 0x3, 0x8000000004)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee0000", 0x4d}], 0x1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015001f0f00000000fddbdf25fe8800000000000000000000000001", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x2000c810}, 0x4)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4c881, 0x0, 0x0)

2m20.013070117s ago: executing program 32 (id=86):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
r4 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000000000), 0x4)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000080)=0x8000)
write$dsp(0xffffffffffffffff, 0x0, 0x0)

2m20.002027007s ago: executing program 0 (id=116):
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, 0x0, 0x0, 0x0)
close(0x4)

2m4.803306345s ago: executing program 33 (id=116):
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, 0x0, 0x0, 0x0)
close(0x4)

13.698635933s ago: executing program 1 (id=339):
socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
syz_mount_image$vfat(&(0x7f0000000500), &(0x7f0000000140)='./file0\x00', 0x1000848, &(0x7f0000000600)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d302c7379735f696d6d757461626c652c756e695f786c6174653d312c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f636861727365743d6d61636761656c69632c756e695f786c6174653d312c64656275672c756e695f786c6174653d302c73686f72746e616d653d6c6f7765722c646f733178666c6f7070792c726f6469722c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c00765951898d8d221b19e1a2ffba549e66dc3e46698a9c2fe46460faf0ff29a68c04dfd74a8a4a75d249abf2c6442933dc3131ed0478aa9a20ee72b682544b75de4d", @ANYRES64=0x0], 0x1, 0x385, &(0x7f0000006400)="$eJzs3T2IHOUbAPBnb/br/iTcFX8ICsJoJ+iRREW08UK4SHCbKIsfhbiYROX2CORwMSmyORuxFCy1stJCC4t0ggha2FnYGiFExULTBQwZmd3Zr9vdMxjvYvD3K5bn3vd55n1n9oWdm2Pfe2U11k9W4vS1a1ejXi9FefXoalwvxXIk3ShcjGnVGW0AwN3hepbF71lfxBe3UlLa/VkBALup9/n/2v6xlre/3ik/8+kPAHe94vf/xVFLZSqnPq/4zK5NCwDYRZPP/yPigYnu6uSf+suR7PUEAYB/3HMvvvTMkUbEs2laj9h4p9PsNOPJUf+R0/FGtONUHIyluBHRv1HIX0q912PHG2sH0zTtxk/L0cwrOs2IjW6n2b9TOJL06mtxKJZiuagv7jayLEuOfd5YO5T2RMTFbm/82Ch1mpVYLMb/4X9xKg5HGv+fqo843lg7nBYHaG4M6isRW6PnFvn8V2Ipvns1zkQ7TkZeO7itaaxdOJSmR7PGvtKovttp1np5fXOfgAAAAAAAAAAAAAAAAAAAAAAAwN+ykg4tD/fPyUb796yszOjv7Y/Try/2B9rq7w+U1bLIst/eerj5bhIT+wNt25+n22mWY+HOnjoAAAAAAAAAAAAAAAAAAAD8a2yeq0ar3T51dvPc+fXxoHt289xClIu0T79ajMmcxaJnsmoiGBSPdaWjqiwZJGfJRE4RJBFPt0vlfssnl4YzHs+pDc+iaKlNHKc23rU92H//lQ9GLfclgyPfHOUkMfO8zifbptEP6hMXdj2JOZdlh+DwX+RczrJsXvmFl6erohRRnjHV2wqyPPjm6uv3PLJ54LFey5dZ34MPLT1/+f2PfllvtfORc+129ezmjWy9Vfw8e7HND5LB+vn4ynCxlcZXQrn16M0T++YceWuypZV8/+sL9773bdGykL9N80fPxlveHOsqFVVJf9DPtpdX+0E+zWHXU3mQX6PpsSpji7+yw3wej9t64w58uNq6dOHHn2fmLEwvkrG1bKMOAAAAAAAAAAAAAAAAAADYE2PfFS8UX/at7FT1xIndnxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7J3R//8fBrGwta3l1oI/ujHdVcsPGNXeWPXe6/IdPmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6L/gwAAP//tNVfdQ==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
rename(&(0x7f0000000180)='./file3\x00', &(0x7f0000000240)='./file1\x00')

12.611348227s ago: executing program 2 (id=341):
ioctl$VIDIOC_S_JPEGCOMP(0xffffffffffffffff, 0x408c563e, 0x0)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x8000000000000002, 0x0)
read$msr(r0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1]}}, 0x5c)
setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, 0x0, 0x0)
getpid()
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r2}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000200)={0x7, 0x8, 0xfa00, {r2, 0xffffffff}}, 0x10)

12.520002325s ago: executing program 4 (id=342):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
close(0x3)
openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00')
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

12.481218771s ago: executing program 1 (id=343):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5")
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}}, 0x0)
r4 = memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
r5 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x2)
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000140)=0x6)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1c0000001e007f", 0x7}, {&(0x7f0000000140)="78cafb73fc020107", 0x8}], 0x2}, 0x4000000)

12.379570989s ago: executing program 2 (id=344):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x7f}, @TCA_TBF_PARMS={0x28, 0x1, {{0x40, 0x1, 0xfff8, 0x7, 0x8, 0x200}, {0x20, 0x1, 0xb, 0x9, 0x9}, 0x3, 0xfffffffb, 0x67}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

12.175998095s ago: executing program 4 (id=346):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r0, 0x1, 0x70bd27, 0x25dfd3fb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

11.282230928s ago: executing program 4 (id=347):
syz_mount_image$ext4(&(0x7f0000000700)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x8}}, {@dioread_nolock}, {@grpid}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f0000000180)=0x3)
syz_mount_image$udf(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x1004000, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRESDEC, @ANYRESDEC=r1, @ANYRES8], 0x0, 0xc34, &(0x7f0000001bc0)="$eJzs3U9sXNd5N+D3XHHEofx9FRM7ipPGxaQtUlmxXP2LqViFO6pptgFkWQjF7AJwJFLqwBRJkFQjG2nBdNNFFwGKoousCLRGgRQNjKYIumRaF0g2XhRZdUW0sBEUXbBFgKwCFvfOGXFIkTYjkhJpP49N/WbunHPnnHvH98qC3jkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAET83iuXz5xNj3sUAMCjdHX0q2fOuf8DwMfKdf//DwAAAAAAAAAAAAAAB12KIp6MFLNXV9N49byjfqVdu3tvbHhk624Dqep5pGpf/tTPnjt/4UsvDF3s5pX29Af032ufjddGr19uvDxzZ3Zucn5+cqIxNt2+OTMxueM97Lb/ZqeqA9C48/rdiVu35hvnnj+/4eV7g+/3P3Fi8NLQs6ef6bYdGx4ZGV1vUt/y4UParsLjaBRxOlI8972fplZEFLH7Y1F/tOd+s4FqEqeqSYwNj1QTmWq3phfKF691D0QR0ejp1Oweo63PRfTVHukctteMWCyHXw74VDm90dnWXOvG1GTjWmtuob3Qnpm+ljqjLefTiCIupoiliFjpf3B3tSiiL1J85/hquhERR7rH4YtVYfD24yj2cY47UI6zUYtYKg7BOTvA+qOIVyPFz945GTfLY5Z/4gsRr5b5g4i3ynwpIpUfjAsR723xOeJw6osi/rw8/5dW00R1PeheV658rfGV6VszPW2715Vf8v7wwJXiMd0fBjblo3HAr031KKJVXfFX08P/ZgcAAAAAAAAAAAAAAACAvTYQRXwmUrzyb39U1RVHVZd+/NLQ7w/+/96a8ac/ZD9l2+cjYrHYWU3u0VwYeC1dS2mntcTqTvdcPYr441z/963HPRgAAAAAAAAAAAAAAAAAAICPtSJ+EilefPdkWoreNcXb07cb11s3pjqrwnbX/u2umb62trbWSJ1s5hzPuZhzKedyzpWcUeT+OZs5xwc6O17Mz5dyLudcyRlHcv+czZzjORdzLuVczrmSM/py/5zNnOM5F3Mu5VzOuZIzDsjavQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHyVFFPGLSPHtb6ymSBHRjBiPTi73P+7RAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACl/lTE9yNF4w+a97f1RUSq/u04Wf5yIZpHy/xkNIfKfCmal3O2quxrfusxjJ/dqaUifhwp+utv3z/h+fzXOs/ufwzirW+uP/tsXyePdF8cfL//iRPHLw2N/NrT2z1OWw3g1JX29N17jbHhkZHRns19+d0/2bNtML9vsTdTJyLm33jz9dbU1OTcwz8oPwK76H6IHqS+gz/T2oEf4SF6EH0HYhiPZ+58DJT3//cixW+/++/dG37n/l+P/9d5dv8OHz//k/X7/4ubd7TD+3/f5n75/l/e07e6/z/Zs+3F/LuRWl9EfeHObO1ERH3+jTdPt++0bk/enpy+cObMl4eGvnz+TO1oRP1We2qy59GeHC4AAAAAAAAAAAAAAACARycV8buRovXj1dSIiHtVvdbgpaFnTz9zJI5U9VYb6rZfG71+ufHyzJ3Zucn5+cmJxth0++bMxORO365elXuNDY/sy2Q+1MA+j3+g/vLM7Btz7dt/uLDl68fql2/ML8y1bm79cgxEEdHs3XKqGvDY8Eg16Kl2a7rqem3LYvpfXi0V8R+R4uaFRvp83pbr/zdX+G+o/1/cvKN9qv//RM+28j1TKuLnkeK3/uLp+Hw1zmPxwDHL7f4mUpy6+LncLo6W7bpj6HyvQKcysGz7P5HiH36xsW23HvLJ9bZnd3xgD4ny/B+PFN//s+/Gr+dtG7//Yevzf2zzjvbp/D/Vs+3Yhu8r2PXUyef/dKR46cm34zfytg/6/o/ud2+czI3vfz/HPp3/T/VsG8zv+5t7M3UAAAAAAAAAAIBDrZaK+NtI8cORvvRC3raTv/83sXlH+/T3vz7ds21ib9Yr+tAHuz6oAAAAAHBA1FIRP4kUtxfevl9DvbH+u6f+83fW6z+H06ZXqz/n+5XqewP28s//eg3m9x3f/bQBAAAAAAAAAAAAAAAAAADgQEmpiBfyeurjVT3/xLbrqS9Hilf+67ncLp0o23XXgR+sfq1fnZk+fXlqauZma6F1Y2qyMTrbujlZ9n0qUqz+9edy36JaX7273nxnjff1tdjnIsXI33XbdtZi765N/tR627Nl209Eiv/8+41tu+tYf2q97bmy7V9Fiq//09ZtT6y3PV+2/W6k+NHXG922x8q23e9H/fR62+dvzhT7cFYAAAAAAAAAAAAAAAAAAAD4uKmlIv40Uvz3naX7tfx5/f9az9PKW9/sWe9/k3vVOv+D1fr/2z1+mPX/q+8VWNzuXQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KMpRRFvRorZq6tpub983lG/0p6+e29seGTrbgOp6nmkal/+1M+eO3/hSy8MXezmB/ffa5+J10avX268PHNndm5yfn5yojE23b45MzG54z3stv9mp6oD0Ljz+t2JW7fmG+eeP7/h5XuD7/c/cWLw0tCzp5/pth0bHhkZ7WnTV3vod39A2mb70SjiLyPFc9/7afphf0QRuz8WH/LZ2W8D1SROVZMYGx6pJjLVbk0vlC9e6x6IIqLR06nZPUaP4FzsSjNisRx+OeBT5fRGZ1tzrRtTk41rrbmF9kJ7Zvpa6oy2nE8jiriYIpYiYqX/wd3VoojXI8V3jq+mf+6PONI9Dl+8OvrVM+e2H0exj3PcgXKcjVrEUnEIztkB1h9F/GOk+Nk7J+Nf+iP6ovMTX4h4tcwfRLwVnfOdyg/GhYj3tvgccTj1RRH/W57/S6vpnf7yetC9rlz5WuMr07dmetp2ryuH/v7wKB3wa1M9ivhRdcVfTf/qv2sAAAAAAAAAAAAAAACAA6SIX40UL757MlX1wfdritvTtxvXWzemOmV93dq/bs302traWiN1splzPOdizqWcyzlXckaR++dslllfWxvPzxdzLuVczrmSM47k/jmbOcdzLuZcyrmccyVn9OX+OZs5x3Mu5lzKuZxzJWcckNo9AAAAAAAAAAAAAAAAAADgo6Wo/knx7W+sprX+zvrS49HJZeuBfuT9XwAAAP//M3/28g==")
socket$nl_route(0x10, 0x3, 0x0)

11.272982646s ago: executing program 3 (id=348):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, 0x0, 0x4)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x4000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/sockstat\x00')
preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000280)={&(0x7f0000000400)="1bd844aec640ee1c28da106915d7988bb2225ec6bafbce8f1211f2eff3913e844b28f783a0dcdaa2b6ad0f6b328bd245232c3f73a151505d782751772603e1b0a404d71078b243581aca9a354e9ab57c3960aa634555ba12db797726d3936fd080b6220a1cea84671c5ba6b737982859de19de6ac55ed2ef32ca6a6655d0166190b5f008cfaacf0591ceb7989d37e3902a770ef7922ad4d524a10ad97b7fb66f631ddbe1", 0xa4, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000340)={&(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, r6, 0xeeeeeeee})
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @broadcast, @rand_addr=0x64010101, @empty, @remote}}}}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/zoneinfo\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x24, 0xfffffffffffffffd, 0x0, 0x4a3, 0x8, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x5, 0x9, 0x0, 0xf, 0x80000006, 0xfffc}, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0xf, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x968, 0x0, 0x0, 0x0, 0x81}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x802, 0x0)

10.357388417s ago: executing program 1 (id=349):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$lock(r1, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r1, 0x26, &(0x7f00000031c0)={0x1})

9.999762546s ago: executing program 3 (id=350):
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80101, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

9.803647286s ago: executing program 2 (id=351):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
r0 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x200001, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
creat(&(0x7f0000000200)='./file5\x00', 0x10)
open_tree(0xffffffffffffff9c, 0x0, 0x81000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
write$vga_arbiter(r0, &(0x7f000001b400)=ANY=[], 0x9)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
writev(0xffffffffffffffff, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)

9.754849886s ago: executing program 3 (id=352):
socket$unix(0x1, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fanotify_init(0xf00, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100), 0x24, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r3, 0xc0a85352, &(0x7f0000000200)={{0x80, 0x4}, 'port1\x00', 0x89, 0x0, 0x0, 0xfffffeff, 0x0, 0x0, 0x200000, 0x0, 0x4875c99660ff2b28})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)

6.969199335s ago: executing program 3 (id=353):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getpriority(0x2, 0x0)

6.767922067s ago: executing program 1 (id=354):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x400000088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000000c0))
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x1)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000240)=0x7d75, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e24, @local}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x1c}}, 0x84)
r2 = open(0x0, 0x14927e, 0x0)
fallocate(r2, 0x0, 0x0, 0x1001f0)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0)
mremap(&(0x7f0000010000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f000000d000/0x2000)=nil)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(0x0)
listen(0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8ec0, 0x0)

6.747299646s ago: executing program 2 (id=355):
ioctl$VIDIOC_S_JPEGCOMP(0xffffffffffffffff, 0x408c563e, 0x0)
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x8000000000000002, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0)
setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, 0x0, 0x0)
getpid()
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r2}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000200)={0x7, 0x8, 0xfa00, {r2, 0xffffffff}}, 0x10)

6.632204861s ago: executing program 4 (id=356):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
socket$kcm(0x21, 0x2, 0x2)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x8003, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc4c85512, &(0x7f0000000280)={{0xb, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})

4.480496753s ago: executing program 4 (id=357):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000000c0)=ANY=[], 0x5, 0x236, &(0x7f00000005c0)="$eJzsmDGLE0EUx/8z2ewlInI2V9goeOCJXnLZQ7kmnAqClc2dqJUGbz3O7F0kt4IJCAYbG+0sBBsLv4DFFVdZ2PkFBC1UECxMYWFjs/J2ZjezN9HENd29XzH8Z957M/PeZF8RMAyzb/ny+eenJxeWVk8DOIhZTOn1bwVACKWl4f/x+b1Tz+oXX7z+8Ort1qEHu3v3o5Aoyi6U/nK+A+DN+QLC9KQ0+heJWT1ZhUz1FUic1PoqBCpa34QsJvv6ELiu9R1Dt8i/Urm9EfiVW61gjcQCDTUaPBoy+dL9+j2BNT2PoigShn270202gsBvG8LRtiGmXCI9rDlj1a8IgX4PqBv3o/tfe/yoR/OkNgtG/WqQqOkkFiGwoteXMJXURpXEyP+IM9i/YOU/NFtyJcOoJEtK1H9MpFimODyfL3yO0jlnm6aR5xoYRC3DbxcxMFEls87H/i9lTO/96cTCMV4Hw8OX9YPmOPSylUWzEZSyK5LE0zKAib+yLXJlkYiZ/u472/R1VHgkRh8hxv/9lMa9c/Ih/kumyQesVsroNmW+inXsdzcu9n5H9Y/opcAJoz85Rv+ohpt3q9ud7vzGZmPdX/e3PG/xrAAenvGqcSNSo9X3Bv25HPenA8b+xT/4utLF/UYYtmtqdIWLMsKw7cVzz/hsVnZa32/osBCXABxXE2qbbrpjwTpDuMpHxr6k5mwnhmEYhmEYhmEYhmEYhmGYccn84XkUIv4XdASe8v4dAAD//9FzXEo=")
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001a0000001c000d800c00008008000600440500450c00008053fc0500feffffffc1913b8f0616322352fada7120d1647268b99f5893aa4d4e7766829fe5c43e5abe9f016fbff9232fd8306a13140f75208720bc3fcce82033c71586b9b9e43517c3470782f9d8af2d148729bd8417a8e73b8d2e245405c0f135c8c48fdb20c327eafd0290e2ac85e0d2ea722edb91016cd4650c73736c"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x10)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x7}, 0x8)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r5, 0x0, 0x0)
listxattr(&(0x7f0000000100)='./file2\x00', 0x0, 0x0)

4.479579196s ago: executing program 2 (id=358):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x3, 0x3, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, &(0x7f00000000c0)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
pread64(r3, 0x0, 0x0, 0x1)

4.339153445s ago: executing program 1 (id=359):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r0, 0x80089419, &(0x7f0000000040))
keyctl$reject(0x14, 0x0, 0xfffeffffffffff18, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, 0x0, 0xa8)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3})
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

2.182923122s ago: executing program 1 (id=360):
syz_mount_image$exfat(&(0x7f0000000700), &(0x7f0000000140)='./file0\x00', 0x810000, &(0x7f0000000500)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c696f636861727365743d69736f383835392d312c646d61736b3d30303030303030303030303033373737373737373737372c696f636861727365743d6b6f69382d72752c696f636861727365743d63703433372c6e616d65636173653d312c6e616d65636173653d312c009a8d4d9016e3d8128333e260a1b926dd0c5f7619710e03ea1ae6521494f87e5737dc0c5bec3f76668140a15258818b6fbc51f9a13940e63c378688559c351287f0e09ef0b7330db20eef797e5004484649e7f5fb64b746683a75b9ed822f5ae34fac"], 0x1, 0x150d, &(0x7f0000000780)="$eJzs3Al0VUXWKOC9q+qEECNeIzIEqmofuGKAIiIiMoiCDCIiIiIiMomIiBEREQERAgIiIiAi8xARGQICIkMMEcM8DzKLGGmkERGRSSaBeiu2/ej+7b/9/9f+j/c6+1urVmrn3F13n+wk99RZ697vuw2v06xuzSZEBP8S/MuXVACIBYBBAHAdAAQAUDGhYkLu8fwSU/+1J2F/rEfSr3YF7Gri/udt3P+8jfuft3H/8zbuf97G/c/buP95G/efsbxs66yi1/PIu4Pv/+dl/Pr/b+RQuYnfrC93Y/f/Rgr3P2/j/udt3P+8jfuft3H/8zbu/7+/Gv/kGPc/b+P+M5aXXe37zzyu7rjav3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4KBQB/nV/tuhhjjDHGGGOMMfbH8fmudgWMMcYYY4wxxhj7n4cgQIKCAGIgH8RCfoiDayAeroUCcB1E4HpIgBugINwIhaAwFIGikAjFoDhoMGCBIIQSUBKicBOUgpshCUpDGSgLDspBMtwC5eFWqAC3QUW4HSrBHVAZqkBVqAZ3QnW4C+6GGlAT7oFaUBvqQF24F+rBfeKvlTWEB6ERPASN4WFoAo9AU3gUmsFj0BwehxbQElpBa2jz23yoD/dDA3jgn+S/Ar3gVegNfSAV+kI/eA36wwAYCK/DIHgDBsObMATegqEwDIbD2zAC3oGR8C6MgtEwBsbCOBgPE2AiTILJkAbvwRR4H6bCBzANpsMMmAnpMAtmw4cwB+bCPPgI5sPHsAAWwiJYDBnwCWTCEsiCT2EpfAbZsAyWwwpYCatgNayBtbAO1sMG2AibYDNsga3wOWyD7bADdsIu2A174AvYC1/CPvgKcuDr/2b+2f+Q3x0BAQUKVKgwBmMwFmMxDuMwHuOxABbACEYwAROwIBbEQlgIi2ARTMRELI7F0aBBQsISWAKjGMVSWAqTMAnLYBl06DAZk7E83ooVsAJWxIpYCSthZayCVbAaVsPqWB3vRqgcQE2shbWwDtbBe/FevA/rY31sgA2wITbERtgIG2NjbIJNsCk2xWbYDJtjc2yBLbAVtsI22AbbYltsh+2wPbbHDtgBO2JHTMEU7ISdsDN2xi7YBbtiV+yG3bA79sAe+Aq+gq/iq9gHa4m+2A/7YX/svy/3j+F1fAMH45v4Jr6FQ3EYDse38W18B0fiGRyFo3EMjsHqYjxOwIlIYjKmYRpOwSk4FafiNJyO03EmpuMsnI2zcQ7Oxbn4Ec7Hj/FjXIgLcTFmYAZm4hLMwixcimcxG5fhclyBK3EVrsQ1uBbX4HrcgOtxE27CLbgFP8fPcTtux524E3fjbvwCv8Av8UscijmYg/txPx7AA3gQD+IhPISH8TAewSN4FI/iMTyGx/EEnsQTeBpP4xk8i+fwHF7AC3gRX0r8tunu0uuGgsilhBIxIkbEilgRJ+JEvIgXBUQBERERkSASREFRUBQShUQRUUQkikRRXBQXRhhBIhQlRAkRFVFRSpQSSSJJlBFlhBNOJItkUV6UFxVEBVFR3C4qiTtEZVFFPOWqiWqiumjv7hY1RE1RU9QStUUdUVfUFfVEPVFf1BcNRAPRUDQUjcRDorHoiwPxEZHbmWZiGDYXw7GFaClaidbiHXxCtBUjsZ14SrQXT4vROAo7irYuRTwnOokJ2Fm8ICbii6KrmIzdxMuiu+gheopXRC/RzvUWfcQ07Cv6iZnYXwwQA8XrYg7WFrkdqyPeEkPFMDFcvC0W4ztipHhXjBKjxRgxVowT48UEMVFMEpNFmnhPTBHvi6niAzFNTBczxEyRLmaJ2eJDMUfMFfPER2K++FgsEAvFIrFYZIhPRKZYIrLEp2Kp+Exki2ViuVghVopVYrVYI9aKdWK92CA2ik1is9gitorPxTaxXewQO8UusVvsEV+IveJLsU98JXLE12K/+JM4IL4RB2MAQHwrDovvxBHxvTgqfhDHxI/iuDghTopT4rT4SZwRZ8U5cV5cED+Li+KSuCy8AIlSSCmVDGSMzCdjZX4ZJ6+R8fJaWUBeJyPyepkgb5AF5Y2ykCwsi8iiMlEWk8WllkZaSTKUJWRJGZU3yVLyZpkkS8sysqx0spxMlrfI8vJWWUHeJivK22UleYesLKvIqrKavFNWl3fJu2UNWVPeI2vJ2rKOrCvvlfXkfbK+vF82kA/IhvJB2Ug+JBvLh2UT+YhsKh+VzeRjsrl8XLaQLWUr2Vq2kU/ItvJJGQsA7eXTsoN8RnaUz8oU+ZzsJJ+XneULsot8UXaVL8lu8mXZXfaQPeUleVl62Vv2kamyr+wnX5P95QA5UL4uB8k35GD5phwi35JD5TA5XL4tR8h35Ej5rhwlR8sxcqwcJ8fLCXKinCQnyzT5npwi35dT5QdympwuZ8iZMl3OkgN/XWnefyH//X+QP+SXZ98it8rP5Ta5Xe6QO+UuuVvukXvkXrlX7pP7ZI7MkfvlfnlAHpAH5UF5SB6Sh+VheUQekUflUXlMHpPH5Ql5Xp6Sp+VP8ow8K8/K8/KCvCAv/vozAIVKKKmUClSMyqdiVX4Vp65R8epaVUBdpyLqepWgblAF1Y2qkCqsiqiiKlEVU8WVVkZZRSpUJVRJFVU3qVLqZpWkSqsyqqxyqpxKVrf8y/m/V18b1Ua1VW1VO9VOtVftVQfVQXVUHVWKSlGdVCfVWXVWXVQX1VV1Vd1UN9VddVc9VU/VS/VSvVVvlapSVT/1muqvBqiB6nU1SL2hBqvBaogaooaqoWq4Gq5GqBFqpBqpRqlRaowao8apcWqCmqAmqUkqTaWpKWqKmqqmqmlqmpqhZqh0la5mq9lqjpqj5ql5ar6arxaoBWqRWqQyVIbKVJkqS2WppWqpylbL1DK1Qq1Qq9QqtUatUevUOrVBbVCb1CaVrbaqrWqb2qZ2qB1ql9ql9qg9aq/aq/apfSpH5aj9ar86oA6og+qgOqQOqcPqsDqijqij6qg6po6p4+q4OqlOqtPqtDqjzqhz6py6oC6oi+qiuqwu5172BSIQgQpUEBPEBLFBbBAXxAXxQXxQICgQRIJIkBAkBAWDG4NCQeGgSFA0SAyKBcUDHZjABhSEQYmgZBANbgpKBTcHSUHpoExQNnBBuSA5uCUoH9waVAhuCyoGtweVgjuCykGVoGpQLbgzqB7cFdwd1AhqBvcEtYLaQZ2gbnBvUC+4L6gf3B80CB4IGgYPBo2Ch4LGwcNBk+CRoGnwaNAseCxoHjwetAhaBq2C1kGbP3R9788UftL11n10qu6r++nXdH89QA/Ur+tB+g09WL+ph+i39FA9TA/Xb+sR+h09Ur+rR+nReoweq8fp8XqCnqgn6ck6Tb+np+j39VT9gZ6mp+sZeqZO17P0bP2hnqPn6nn6Iz1ff6wX6IV6kV6sM/QnOlMv0Vn6U71Uf6az9TK9XK/QK/UqvVqv0Wv1Or1eb9Ab9Sa9WW/RW/XnepvernfonXqX3q336C/0Xv2l3qe/0jn6a71f/0kf0N/og/rP+pD+Vh/W3+kj+nt9VP+gj+kf9XF9Qp/Up/Rp/ZM+o8/qc/q8vqB/1hf1JX1Z+9yL+9yXd6OMMjEmxsSaWBNn4ky8iTcFTAETMRGTYBJMQVPQFDKFTBFTxCSaRFPcFDe5yJApYUqYqImaUqaUSTJJpowpY5xxJtkkm/KmvKlgKpiKpqKpZCqZyqayqWqqmjvNneYuc5epYWqYe8w9prapbeqauqaeqWfqm/qmgWlgGpqGppFpZBqbxqaJaWKamqammWlmmpvmpoVpYVqZVqaNaWPamramnWln2pv2poPpYDqajibFpJhOppPpbDqbLqaL6Wq6mm6mm+luupuepqfpZXqZ3qa3STWppp/pZ/qb/magGWgGmUFmsBlshpghZmz5DTVy9ycjzAgz0ow0o8xoM8aMNePMeDPBTDSTzGSTZtLMFDPFTDVTzTQzzcwwM0y6STezzWwzx8wx88w8M9/MNwvMArPILDIZJsNkmkyTZbLMUrPUZJtss9wsNyvNSrParDZrzVqz3qw3G81Gs9lsNlvNVrPNbDM7zA6zy+wye8wes9fsNfvMPpNjcmJ/3UKZg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWlOmtPmtDljzphz5py5YH42F80lc9l4E2sFxNlrbLy91haw19lYm9/+bVzEFrWJtpgtbrUtZAv/XWystUm2tC1jy1pny9lke8tv4sq2iq1qq9k7bXV7l737N3E9e5+tb++3DewDtq699+/ihvZB28g+Zhvbx20T29I2ta1tM/uYbW4fty1sS9vKtrYd7DO2o33WptjnbCf7/G/iTLvErrXr7Hq7we61X9pz9rw9Yr+3F+zPtrftYwfZN+xg+6YdYt+yQ+2w38Rj7Fg7zo63E+xEO8lO/k08w8606XaWnW0/tHPs3N/EGfYTO99m2QV2oV1kF/8S59aUZT+1S+1nNtsus8vtCrvSrrKr7Zr/XesKu8lutlvsHvuF3Wa32x12p91ld/8S557HPvuVzbFf28P2O3vAfmMP2qP2kP32lzj3/AB+sMfsj/a4PWFP2lP2tP3JnrFnfzn/3HM/ZS/Zy9ZbICRBkhQFFEP5KJbyUxxdQ/F0LRWg6yhC11MC3UAF6UYqRIWpCBWlRCpGxUmTIUtEIZWgkhSlm6gU3UxJVJrKUFlyVI6S6RYqT7dSBbqNKtLtVInuoMpUhapSNbqTqtNddDfVoJp0D9Wi2lSH6tK9VI/uo/p0PzWgB6ghPUiN6CFqTA9TE3qEmtKj1Iweo+b0OLWgltSKWlMbeoLa0pPUjp6i9vQ0daBnqCM9Syn0HHWi56kzvUBd6EXqSi9RN3qZulMP6kmvUC96lXpTH0qlvtSPXqP+NIAG0us0iN6gwfQmDaG3aCgNo+H0No2gd2gkvUujaDSNobE0jsbTBJpIk2gypdF7NIXep6n0AU2j6TSDZlI6zaLZ9CHNobk0jz6i+fQxLaCFtIgWUwZ9Qpm0hLLoU1pKn1E2LaPltIJW0ipaTWtoLa2j9bSBNtIm2kxbaCt9TttoO+2gnbSLdtMe+oL20pe0j76iHPqa9tOf6AB9Qwfpz3SIvqXD9B0doe/pKP1Ax+hHOk4n6CSdotP0E52hs3SOztMF+pku0iW6TJ4gxFCEMlRhEMaE+cLYMH8YF14TxofXhgXC68JIeH2YEN4QFgxvDAuFhcMiYdEwMSwWFg91aEIbUhiGJcKSYTS8KSwV3hwmhaXDMmHZ0IXlwuTwlrB8eGtYIbwtrBjeHlYK7wgrh1XCxx6oFt4ZVg/vCu8Oa4Q1w3vCWmHtsE5YN7w3rBfeF9YP7w8bhA+EFcIHw0bhQ2Hj8OGwSfhI2DR8NGwWPhY2Dx8PW4Qtw1Zh67BN+ETYNnwybBc+FbYPnw47hM+EHcNnw5TwubBT+PzvHk8N+4b9wtfC10Lv75eLooujGdFPopnRJdGs6KfRpdHPotnRZdHl0RXRldFV0dXRNdG10XXR9dEN0Y3RTdHN0S1R7+vmA4dOOOmUC1yMy+diXX4X565x8e5aV8Bd5yLuepfgbnAF3Y2ukCvsiriiLtEVc8WddsZZRy50JVxJF3U3uVLuZpfkSrsyrqxzrpxLdq1dG9fGtXVPunbuKdfePe2eds+4Z9yz7ln3nOvknned3Quui3vRdXUvuZfcy6676+F6uldcL/eq6+36uFSX6vq5fq6/6+8GuoFukBvkBrvBbogb4oa6oW64G+5GuBFupBvpRrlRbowb48a5cW6Cm+AmuUkuzaW5KW6Km+qmumlumpvhZrh0l+5mu9lujpvj5rl5bn7SfLfALXCL3CKX4TJcpst0WS7LLXVLXbbLdsvdcrfSrXSr3Wq31q116916t9FtdJvdZrfVbXXb3Da3w+1wu9wut8ftcXvdXrfP7XM5Lsftd/vdAXfAHXR/dofct+6w+84dcd+7o+4Hd8z96I67E+6kO+VOu5/cGXfWnXPn3QX3s7voLrnLzru0yHuRKZH3I1MjH0SmRaZHZkRmRtIjsyKzIx9G5kTmRuZFPorMj3wcWRBZGFkUWRzJiHwSyYwsiWRFPo0sjXwWyY4siyyPrIisjKyKeF9sW+hL+JI+6m/ypfzNPsmX9mV8We98OZ/sb/Hl/a2+gr/NV/S3+0r+Dl/ZV/FV/eO+hW/pW/nWvo1/wrf1T/p2/inf3j/tO/hnfEf/rE/xz/lO/nnf2b/gu/gXfVf/ku/mX/bdfQ/f07/ie/lXfW/fx6f6vr6ff8339wP8QP+6H+Tf8IP9m36If8sP9cP8cP+2H+Hf8SP9u36UH+3H+LF+nB/vJ/iJfpKf7NP8e36Kf99P9R/4aX66n+Fn+nQ/y8/2H/o5fq6f5z/y8/3HfoFf6Bf5xT7Df+Iz/RKf5T/1S/1nPtsv88v9Cr/Sr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vf+63+e1+h9/pd/ndfo//wu/1X/p9/iuf47/2+/2f/AH/jT/o/+wP+W/9Yf+dP+K/90f9D/6Y/9Ef9yf8SX/Kn/Y/+TP+rD/nz/sL/md/0V/yl/+r71mL+R+6jc4YY4wx9v+JtN853vcffE/8OnL1A4Brtxc99LfHJQBsLPSX+QCR2CECAM/16fbIX0etWqmpqb8+NltCUHIhAESu5P9yifZrvAzawzOQAk9B+X9Y3wDR4wL9zvrR2wHi/iYn9i8fc/Af1r/1P1n/iafHZFYKzyX8k/UXAiSVvJKTH67EV9av8J+sX7jt79Sf/5s0gHZ/kxMPV+Ir6yfDk/A8pPzdIxljjDHGGGOMsb8YIKp2odwdMfzz/XmiupKTD67Ev7c/Z4wxxhhjjDHG2NX3Yo+ezz6RkvJUF57whCd/1OSvd8v+X6nn/2Bylf8xMcYYY4wxxv5wVy76r3YljDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZY3vV/4+PErvY5MsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY1fb/woAAP//xiAyZg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0xfffffffc)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r6, &(0x7f0000000280)="a530a9fa4915ba67de012cb516373c498b6bf947a715b9a4e09b26725e", 0x1d, 0x44, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x5, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002500)={{r7}, &(0x7f0000002480), &(0x7f00000024c0)}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r7, &(0x7f0000000180), &(0x7f0000000040)=@udp6}, 0x20)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000300)=0xe, 0x4)

1.61196231s ago: executing program 2 (id=361):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x7f}, @TCA_TBF_PARMS={0x28, 0x1, {{0x40, 0x1, 0xfff8, 0x7, 0x8, 0x200}, {0x20, 0x1, 0xb, 0x9, 0x9}, 0x3, 0xfffffffb, 0x67}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

474.968485ms ago: executing program 3 (id=362):
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80101, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xc3ac}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

83.230955ms ago: executing program 3 (id=363):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000580)={0x21e, 0x2, 0x0, {{0x500, 0xdd, 0x0, 0x0, {}, 0x2810000, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, 0xee01}}, 0x21e)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[], 0xb0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001aa40)=""/102400, 0x19000)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000f40))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
r5 = socket(0x10, 0x3, 0x0)
sendmmsg(r5, 0x0, 0x0, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}]}, &(0x7f0000000140)=0x10)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000540)={<r7=>r6, 0x10000}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000005c0)=@assoc_value={r7, 0x8}, &(0x7f0000000600)=0x8)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000300), &(0x7f0000001680)={0x0, 0xfb, 0x15, 0x6, 0xa, "d14a3d1406f39abc8b690a4d530043da"}, 0x15, 0x5)
bind$bt_sco(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)

0s ago: executing program 4 (id=364):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
sendmmsg$inet6(r0, &(0x7f00000080c0)=[{{&(0x7f0000000480)={0xa, 0x4e1e, 0x8, @private2={0xfc, 0x2, '\x00', 0x2}, 0x6}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000001880)="02", 0x1}], 0x1}}], 0x1, 0x931766f6319eed40)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.249' (ED25519) to the list of known hosts.
[  347.445145][ T5854] cgroup: Unknown subsys name 'net'
[  347.545702][ T5854] cgroup: Unknown subsys name 'cpuset'
[  347.555398][ T5854] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  349.209669][ T5854] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  353.726304][ T5868] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  353.734859][ T5868] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  353.742622][ T5868] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  353.766174][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  353.779393][ T5868] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  353.800343][ T5143] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  353.812129][ T5876] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  353.820434][ T5876] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  353.830728][ T5876] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  353.838923][ T5876] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  353.860097][ T5868] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  353.911807][ T5883] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  353.928977][ T5883] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  353.937712][ T5883] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  353.941127][ T5882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  353.946250][ T5883] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  353.959649][ T5883] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  353.960942][ T5882] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  353.968889][ T5888] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  353.985383][ T5882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  353.994042][ T5882] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  354.002082][ T5882] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  354.019981][ T5882] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  354.028435][ T5882] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  354.036522][   T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  354.045931][   T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  354.055612][   T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  354.065637][   T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  354.083341][   T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  354.091441][   T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  354.641934][ T5865] chnl_net:caif_netlink_parms(): no params data found
[  354.949067][ T5871] chnl_net:caif_netlink_parms(): no params data found
[  355.023261][ T5870] chnl_net:caif_netlink_parms(): no params data found
[  355.114375][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.121824][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.129549][ T5865] bridge_slave_0: entered allmulticast mode
[  355.137470][ T5865] bridge_slave_0: entered promiscuous mode
[  355.154099][ T5873] chnl_net:caif_netlink_parms(): no params data found
[  355.210185][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.217359][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.224730][ T5865] bridge_slave_1: entered allmulticast mode
[  355.232670][ T5865] bridge_slave_1: entered promiscuous mode
[  355.387236][ T5872] chnl_net:caif_netlink_parms(): no params data found
[  355.422370][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.429680][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.439847][ T5871] bridge_slave_0: entered allmulticast mode
[  355.447744][ T5871] bridge_slave_0: entered promiscuous mode
[  355.501501][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.508747][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.516206][ T5871] bridge_slave_1: entered allmulticast mode
[  355.524165][ T5871] bridge_slave_1: entered promiscuous mode
[  355.534599][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.601289][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.634239][ T5874] chnl_net:caif_netlink_parms(): no params data found
[  355.763383][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.775377][ T5865] team0: Port device team_slave_0 added
[  355.793350][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.800611][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.807749][ T5870] bridge_slave_0: entered allmulticast mode
[  355.815413][ T5870] bridge_slave_0: entered promiscuous mode
[  355.830829][ T5143] Bluetooth: hci0: command tx timeout
[  355.848832][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.860338][ T5865] team0: Port device team_slave_1 added
[  355.888473][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.895743][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.903247][ T5870] bridge_slave_1: entered allmulticast mode
[  355.911100][ T5870] bridge_slave_1: entered promiscuous mode
[  355.918128][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.925352][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.933024][ T5873] bridge_slave_0: entered allmulticast mode
[  355.940780][ T5873] bridge_slave_0: entered promiscuous mode
[  355.979956][ T5143] Bluetooth: hci2: command tx timeout
[  356.035981][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.043797][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.051447][ T5873] bridge_slave_1: entered allmulticast mode
[  356.059031][ T5873] bridge_slave_1: entered promiscuous mode
[  356.065233][ T5143] Bluetooth: hci1: command tx timeout
[  356.065241][ T5868] Bluetooth: hci4: command tx timeout
[  356.114831][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  356.122052][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.148823][ T5143] Bluetooth: hci5: command tx timeout
[  356.149033][ T5143] Bluetooth: hci3: command tx timeout
[  356.160417][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.175279][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.182422][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.208465][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  356.289321][ T5871] team0: Port device team_slave_0 added
[  356.316322][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  356.329198][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  356.339261][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.347171][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.355150][ T5872] bridge_slave_0: entered allmulticast mode
[  356.362864][ T5872] bridge_slave_0: entered promiscuous mode
[  356.371387][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.378534][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.385903][ T5872] bridge_slave_1: entered allmulticast mode
[  356.393581][ T5872] bridge_slave_1: entered promiscuous mode
[  356.402632][ T5871] team0: Port device team_slave_1 added
[  356.439193][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.446528][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.454435][ T5874] bridge_slave_0: entered allmulticast mode
[  356.462341][ T5874] bridge_slave_0: entered promiscuous mode
[  356.473224][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.485476][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.546112][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  356.555596][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.563538][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.570830][ T5874] bridge_slave_1: entered allmulticast mode
[  356.578400][ T5874] bridge_slave_1: entered promiscuous mode
[  356.658716][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.714607][ T5870] team0: Port device team_slave_0 added
[  356.722722][ T5873] team0: Port device team_slave_0 added
[  356.730970][ T5870] team0: Port device team_slave_1 added
[  356.737724][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0
[  356.745574][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.771763][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.791945][ T5865] hsr_slave_0: entered promiscuous mode
[  356.798572][ T5865] hsr_slave_1: entered promiscuous mode
[  356.837421][ T5873] team0: Port device team_slave_1 added
[  356.860133][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.867111][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  356.893177][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  356.915522][ T5872] team0: Port device team_slave_0 added
[  356.924949][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  356.971889][ T5872] team0: Port device team_slave_1 added
[  356.981816][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  357.006603][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.013914][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.040232][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.054540][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.061812][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.088233][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.157375][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.164523][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.191551][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.308166][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.315544][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.342258][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.382725][ T5871] hsr_slave_0: entered promiscuous mode
[  357.389593][ T5871] hsr_slave_1: entered promiscuous mode
[  357.396544][ T5871] debugfs: 'hsr0' already exists in 'hsr'
[  357.402646][ T5871] Cannot create hsr debugfs directory
[  357.408930][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.416136][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.442121][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.455283][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.462304][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.488409][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  357.503125][ T5874] team0: Port device team_slave_0 added
[  357.570879][ T5874] team0: Port device team_slave_1 added
[  357.597891][ T5870] hsr_slave_0: entered promiscuous mode
[  357.604584][ T5870] hsr_slave_1: entered promiscuous mode
[  357.611012][ T5870] debugfs: 'hsr0' already exists in 'hsr'
[  357.616755][ T5870] Cannot create hsr debugfs directory
[  357.814611][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.821765][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.849431][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.867600][ T5873] hsr_slave_0: entered promiscuous mode
[  357.874310][ T5873] hsr_slave_1: entered promiscuous mode
[  357.880616][ T5873] debugfs: 'hsr0' already exists in 'hsr'
[  357.886344][ T5873] Cannot create hsr debugfs directory
[  357.900922][ T5868] Bluetooth: hci0: command tx timeout
[  357.930996][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.938003][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  357.967614][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  358.012064][ T5872] hsr_slave_0: entered promiscuous mode
[  358.018974][ T5872] hsr_slave_1: entered promiscuous mode
[  358.025505][ T5872] debugfs: 'hsr0' already exists in 'hsr'
[  358.031314][ T5872] Cannot create hsr debugfs directory
[  358.068849][ T5868] Bluetooth: hci2: command tx timeout
[  358.140573][ T5868] Bluetooth: hci1: command tx timeout
[  358.146335][ T5868] Bluetooth: hci4: command tx timeout
[  358.229977][ T5143] Bluetooth: hci5: command tx timeout
[  358.235703][ T5868] Bluetooth: hci3: command tx timeout
[  358.248850][ T5874] hsr_slave_0: entered promiscuous mode
[  358.256027][ T5874] hsr_slave_1: entered promiscuous mode
[  358.262500][ T5874] debugfs: 'hsr0' already exists in 'hsr'
[  358.268229][ T5874] Cannot create hsr debugfs directory
[  358.605245][ T5865] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  358.639465][ T5865] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  358.691442][ T5865] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  358.733367][ T5865] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  358.851837][ T5871] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  358.863989][ T5871] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  358.885356][ T5871] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  358.912757][ T5871] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  358.978558][ T5870] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  359.000872][ T5870] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  359.016718][ T5870] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  359.029408][ T5870] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  359.163241][ T5873] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  359.176998][ T5873] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  359.203116][ T5873] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  359.255513][ T5873] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  359.326936][ T5874] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  359.347046][ T5874] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  359.358730][ T5874] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  359.369690][ T5874] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  359.462407][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.556886][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[  359.604007][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.611400][ T5926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.625725][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.632900][ T5926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.643680][ T5872] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  359.654765][ T5872] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  359.684666][ T5872] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  359.701645][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.717211][ T5872] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  359.767917][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.816426][ T5871] 8021q: adding VLAN 0 to HW filter on device team0
[  359.835973][ T5870] 8021q: adding VLAN 0 to HW filter on device team0
[  359.886562][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.893802][ T5926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.921141][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.928312][ T5926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.938795][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.945990][ T5926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.980910][ T5868] Bluetooth: hci0: command tx timeout
[  359.999377][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.006931][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.035036][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.062988][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.140850][ T5868] Bluetooth: hci2: command tx timeout
[  360.146987][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[  360.197526][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.204786][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.224081][ T5868] Bluetooth: hci4: command tx timeout
[  360.229542][ T5143] Bluetooth: hci1: command tx timeout
[  360.253083][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.260286][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.310313][ T5868] Bluetooth: hci5: command tx timeout
[  360.311481][ T5874] 8021q: adding VLAN 0 to HW filter on device team0
[  360.315867][ T5143] Bluetooth: hci3: command tx timeout
[  360.333867][ T5871] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  360.386943][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.394172][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.412885][ T5870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  360.476499][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.483788][ T5926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.556628][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.675624][ T5872] 8021q: adding VLAN 0 to HW filter on device team0
[  360.695832][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.814121][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.821386][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.917296][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.924545][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.099370][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.283327][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.325564][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.444527][ T5871] veth0_vlan: entered promiscuous mode
[  361.533086][ T5871] veth1_vlan: entered promiscuous mode
[  361.604656][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.713217][ T5870] veth0_vlan: entered promiscuous mode
[  361.798346][ T5871] veth0_macvtap: entered promiscuous mode
[  361.813671][ T5870] veth1_vlan: entered promiscuous mode
[  361.871645][ T5871] veth1_macvtap: entered promiscuous mode
[  361.958739][ T5865] veth0_vlan: entered promiscuous mode
[  361.965949][ T5874] veth0_vlan: entered promiscuous mode
[  361.989951][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.016324][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.032235][ T5874] veth1_vlan: entered promiscuous mode
[  362.047067][ T5865] veth1_vlan: entered promiscuous mode
[  362.057648][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.066338][ T5143] Bluetooth: hci0: command tx timeout
[  362.094484][ T5983] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.104788][ T5983] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.113921][ T5983] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.153410][ T5983] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.178253][ T5870] veth0_macvtap: entered promiscuous mode
[  362.196359][ T5873] veth0_vlan: entered promiscuous mode
[  362.220685][ T5143] Bluetooth: hci2: command tx timeout
[  362.242427][ T5870] veth1_macvtap: entered promiscuous mode
[  362.295828][ T5873] veth1_vlan: entered promiscuous mode
[  362.310608][ T5143] Bluetooth: hci1: command tx timeout
[  362.316051][ T5143] Bluetooth: hci4: command tx timeout
[  362.347269][ T5874] veth0_macvtap: entered promiscuous mode
[  362.359489][ T5872] veth0_vlan: entered promiscuous mode
[  362.372766][ T5874] veth1_macvtap: entered promiscuous mode
[  362.381383][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.383734][ T5143] Bluetooth: hci3: command tx timeout
[  362.389341][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.395274][ T5868] Bluetooth: hci5: command tx timeout
[  362.425894][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.439124][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.499685][ T2982] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.509530][ T5865] veth0_macvtap: entered promiscuous mode
[  362.521807][ T2982] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.544870][ T2982] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.561371][ T5872] veth1_vlan: entered promiscuous mode
[  362.573298][ T5865] veth1_macvtap: entered promiscuous mode
[  362.582460][ T2982] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.596258][ T5972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.604999][ T5972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.607017][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.649652][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.666689][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.675419][ T5873] veth0_macvtap: entered promiscuous mode
[  362.703347][ T5871] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  362.705984][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.745507][ T5873] veth1_macvtap: entered promiscuous mode
[  362.803730][ T5872] veth0_macvtap: entered promiscuous mode
[  362.831011][ T5925] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.850606][ T5925] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.859364][ T5925] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.907138][ T5872] veth1_macvtap: entered promiscuous mode
[  362.923163][ T5925] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.934076][ T5925] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.947732][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.971872][ T5925] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.980728][ T5925] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.998253][ T5925] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.008849][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.029893][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.039389][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.092658][ T2982] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.102642][ T2982] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.138531][ T2982] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.148215][ T2982] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.159882][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.196726][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.200882][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.212591][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.288621][ T2982] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.304954][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.326762][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.343176][ T2982] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.354218][ T2982] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.387994][ T2982] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.410735][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.429457][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.526161][ T2982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.753660][ T2982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.781912][ T2982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.800185][ T2982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.976598][ T6017] ªªªªªª: renamed from wg2 (while UP)
[  364.065437][ T5983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.082846][ T5983] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.379492][ T5983] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.790114][ T5983] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.129530][ T2982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  366.184716][ T2982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  366.366362][ T6050] Zero length message leads to an empty skb
[  367.394024][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  367.609926][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  367.900129][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  367.910140][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  368.098183][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  368.749359][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  368.900765][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  368.909433][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  369.025067][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  370.240571][ T6080] xt_CT: No such helper "snmp"
[  370.421006][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  371.179911][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  371.283880][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  371.284053][    T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!!
[  374.044867][ T6092] loop2: detected capacity change from 0 to 4096
[  374.338347][ T6102] process 'syz.0.14' launched './file0' with NULL argv: empty string added
[  374.740981][ T6092] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.967549][ T6108] hub 9-0:1.0: USB hub found
[  374.976781][ T6108] hub 9-0:1.0: 1 port detected
[  378.564720][  T804] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  378.764688][ T5874] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.509897][  T804] usb 5-1: Using ep0 maxpacket: 16
[  379.517794][  T804] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  379.529295][  T804] usb 5-1: config 0 has no interface number 0
[  379.574401][  T804] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  379.642198][  T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.689380][  T804] usb 5-1: Product: syz
[  379.712349][  T804] usb 5-1: Manufacturer: syz
[  379.716974][  T804] usb 5-1: SerialNumber: syz
[  379.791105][  T804] usb 5-1: config 0 descriptor??
[  379.804096][  T804] asix 5-1:0.251: probe with driver asix failed with error -22
[  380.795200][ T6009] usb 5-1: USB disconnect, device number 2
[  383.905182][ T6164] loop0: detected capacity change from 0 to 128
[  383.924579][ T6164] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  383.939084][ T6164] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  384.780647][ T6173] netlink: 20 bytes leftover after parsing attributes in process `syz.3.33'.
[  388.160513][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  388.167034][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  388.724646][ T6224] Bluetooth: MGMT ver 1.23
[  391.544648][ T6242] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.45' sets config #0
[  391.582481][ T6242] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.45' sets config #1
[  392.354652][ T5947] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  392.568998][ T5947] usb 5-1: Using ep0 maxpacket: 32
[  392.596444][ T5947] usb 5-1: New USB device found, idVendor=ae6f, idProduct=79f4, bcdDevice=8f.99
[  392.838418][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.079804][ T5947] usb 5-1: Product: syz
[  393.084047][ T5947] usb 5-1: Manufacturer: syz
[  393.088654][ T5947] usb 5-1: SerialNumber: syz
[  393.157291][ T5947] usb 5-1: config 0 descriptor??
[  393.425706][ T6244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.46'.
[  393.527296][ T5947] usb 5-1: USB disconnect, device number 3
[  393.540286][   T30] audit: type=1326 audit(1760522623.087:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6254 comm="syz.5.50" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a6d8eec9 code=0x0
[  395.882806][   T30] audit: type=1326 audit(1760522625.447:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6267 comm="syz.1.54" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb3d58eec9 code=0x0
[  396.927950][ T6282] loop2: detected capacity change from 0 to 1024
[  398.121860][ T6282] syz.2.57: attempt to access beyond end of device
[  398.121860][ T6282] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  398.135203][ T6282] Buffer I/O error on dev loop2, logical block 2889, async page read
[  398.143523][ T6282] syz.2.57: attempt to access beyond end of device
[  398.143523][ T6282] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  398.156694][ T6282] Buffer I/O error on dev loop2, logical block 2889, async page read
[  398.180421][   T30] audit: type=1800 audit(1760522627.727:4): pid=6282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.57" name="file1" dev="loop2" ino=20 res=0 errno=0
[  398.925622][ T6294] loop1: detected capacity change from 0 to 2048
[  399.022731][ T6294] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  399.132079][   T30] audit: type=1800 audit(1760522628.697:5): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.61" name="file1" dev="loop1" ino=1346 res=0 errno=0
[  402.042001][ T6322] loop2: detected capacity change from 0 to 2048
[  402.068018][ T6322] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  402.172534][ T6328] loop1: detected capacity change from 0 to 8
[  402.244453][ T6328] SQUASHFS error: xz decompression failed, data probably corrupt
[  402.252599][ T6328] SQUASHFS error: Failed to read block 0x108: -5
[  402.258983][ T6328] SQUASHFS error: Unable to read metadata cache entry [106]
[  402.266395][ T6328] SQUASHFS error: Unable to read inode 0x11f
[  402.401738][ T6329] loop1: detected capacity change from 0 to 512
[  405.697403][ T6329] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  405.989838][ T6329] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  406.029776][   T30] audit: type=1800 audit(1760522635.537:6): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.70" name="file1" dev="loop2" ino=1346 res=0 errno=0
[  406.450876][ T6329] EXT4-fs (loop1): 1 truncate cleaned up
[  406.458211][ T6329] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  407.377918][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.786989][  T804] IPVS: starting estimator thread 0...
[  408.151777][ T6341] IPVS: Scheduler module ip_vs_sip not found
[  408.341122][ T6344] IPVS: using max 20 ests per chain, 48000 per kthread
[  408.376321][ T6352] loop4: detected capacity change from 0 to 512
[  408.384271][ T6352] =======================================================
[  408.384271][ T6352] WARNING: The mand mount option has been deprecated and
[  408.384271][ T6352]          and is ignored by this kernel. Remove the mand
[  408.384271][ T6352]          option from the mount to silence this warning.
[  408.384271][ T6352] =======================================================
[  409.026060][ T6352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.038737][ T6352] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  409.116340][ T6347] loop0: detected capacity change from 0 to 1024
[  410.559444][ T5873] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  411.269022][ T6348] IPVS: length: 141 != 8
[  411.274144][ T6348] IPVS: fo: FWM 3 0x00000003 - no destination available
[  413.692838][ T6368] loop4: detected capacity change from 0 to 1764
[  413.716753][ T6372] loop2: detected capacity change from 0 to 512
[  413.793187][ T6372] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.84: bad orphan inode 13
[  413.851256][ T6372] ext4_test_bit(bit=12, block=4) = 1
[  413.856862][ T6372] is_bad_inode(inode)=0
[  413.863816][ T6372] NEXT_ORPHAN(inode)=0
[  413.867996][ T6372] max_ino=32
[  413.872028][ T6372] i_nlink=1
[  413.924334][ T6372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  414.352879][ T6384] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  414.363350][ T6384] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  414.645090][ T6386] EXT4-fs warning (device loop2): dx_probe:800: inode #2: comm syz.2.84: Unrecognised inode hash code 20
[  414.656824][ T6386] EXT4-fs warning (device loop2): dx_probe:933: inode #2: comm syz.2.84: Corrupt directory, running e2fsck is recommended
[  414.697184][ T6386] EXT4-fs error (device loop2): ext4_iget_extra_inode:5074: inode #15: comm syz.2.84: corrupted in-inode xattr: e_value out of bounds
[  414.920884][ T6371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  416.453907][ T5874] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  419.794584][ T6424] loop1: detected capacity change from 0 to 1024
[  422.147816][ T6447] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  422.174313][ T6447] CIFS mount error: No usable UNC path provided in device string!
[  422.174313][ T6447] 
[  422.189334][ T6447] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  429.409229][   T43] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  429.710285][   T43] usb 3-1: Using ep0 maxpacket: 8
[  429.726136][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  429.780043][   T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  429.829948][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  429.871690][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  429.935397][   T43] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  429.975832][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.038181][   T43] hub 3-1:1.0: bad descriptor, ignoring hub
[  430.085938][   T43] hub 3-1:1.0: probe with driver hub failed with error -5
[  430.172690][   T43] cdc_wdm 3-1:1.0: skipping garbage
[  430.177938][   T43] cdc_wdm 3-1:1.0: skipping garbage
[  430.268630][   T43] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  430.323792][   T43] cdc_wdm 3-1:1.0: Unknown control protocol
[  430.591471][   T43] usb 3-1: USB disconnect, device number 2
[  434.221669][ T5868] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  434.290360][ T5868] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  434.298278][ T5868] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  434.311075][ T5868] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  434.319153][ T5868] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  436.459793][ T5143] Bluetooth: hci6: command tx timeout
[  436.881223][ T6502] chnl_net:caif_netlink_parms(): no params data found
[  437.389859][ T5805] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  438.331526][ T5805] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  438.360317][ T5805] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  438.400633][ T5805] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  438.442336][ T5805] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  438.469774][ T5805] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  438.483936][ T5805] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  438.493412][ T5805] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  438.501647][ T5805] usb 4-1: Product: syz
[  438.509978][ T5805] usb 4-1: Manufacturer: syz
[  438.527530][ T5805] cdc_wdm 4-1:1.0: skipping garbage
[  438.539816][ T5143] Bluetooth: hci6: command tx timeout
[  438.545550][ T5805] cdc_wdm 4-1:1.0: skipping garbage
[  438.564277][ T5805] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  438.570933][ T5805] cdc_wdm 4-1:1.0: Unknown control protocol
[  438.583006][ T6066] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.190381][ T6066] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  440.300139][   T43] usb 4-1: USB disconnect, device number 2
[  440.327930][ T6502] bridge0: port 1(bridge_slave_0) entered blocking state
[  440.373814][ T6502] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.373744][ T5143] Bluetooth: hci6: command tx timeout
[  442.433272][ T6502] bridge_slave_0: entered allmulticast mode
[  443.161743][ T6502] bridge_slave_0: entered promiscuous mode
[  443.205729][ T6502] bridge0: port 2(bridge_slave_1) entered blocking state
[  443.251320][ T6502] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.258587][ T6502] bridge_slave_1: entered allmulticast mode
[  443.330108][ T6502] bridge_slave_1: entered promiscuous mode
[  443.435819][ T5143] Bluetooth: hci6: command tx timeout
[  443.532357][ T6066] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.856452][ T6502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  444.979064][ T6502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  446.218487][ T6066] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.600303][ T6579] loop2: detected capacity change from 0 to 8
[  446.660063][ T6579] SQUASHFS error: xz decompression failed, data probably corrupt
[  446.667968][ T6579] SQUASHFS error: Failed to read block 0x108: -5
[  446.674449][ T6579] SQUASHFS error: Unable to read metadata cache entry [106]
[  446.681840][ T6579] SQUASHFS error: Unable to read inode 0x11f
[  446.866867][ T6580] loop2: detected capacity change from 0 to 512
[  446.915117][ T6580] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  447.734417][ T6580] EXT4-fs (loop2): 1 truncate cleaned up
[  447.749310][ T6580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  448.462682][ T5874] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.642011][ T6502] team0: Port device team_slave_0 added
[  448.653121][ T6502] team0: Port device team_slave_1 added
[  448.958610][ T6578] loop3: detected capacity change from 0 to 32768
[  449.064108][ T6595] tipc: Started in network mode
[  449.069105][ T6595] tipc: Node identity f2c5e0b347d2, cluster identity 4711
[  449.101861][ T6595] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  449.116749][ T6502] batman_adv: batadv0: Adding interface: batadv_slave_0
[  449.125772][ T6578] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  449.150506][ T6502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  449.186828][ T6578] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  449.214944][ T6502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  449.298401][ T6598] syzkaller0: entered promiscuous mode
[  449.304399][ T6598] syzkaller0: entered allmulticast mode
[  449.315686][ T6607] tipc: Resetting bearer <eth:syzkaller0>
[  449.317997][ T6578] XFS (loop3): Ending clean mount
[  449.328260][ T6591] tipc: Resetting bearer <eth:syzkaller0>
[  449.334633][ T6578] XFS (loop3): Quotacheck needed: Please wait.
[  449.376924][ T6591] tipc: Disabling bearer <eth:syzkaller0>
[  449.389122][ T6578] XFS (loop3): Quotacheck: Done.
[  449.453878][ T6588] loop4: detected capacity change from 0 to 32768
[  449.476379][ T6502] batman_adv: batadv0: Adding interface: batadv_slave_1
[  449.493619][ T6502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  449.566945][ T5870] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  449.578819][ T6502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  449.607926][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  449.621404][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  449.695292][ T6588] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  449.927518][ T5868] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  449.937154][ T5868] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  449.950774][ T5868] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  449.958908][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  449.966802][ T5868] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  449.989412][ T6066] bridge_slave_1: left allmulticast mode
[  450.048897][ T6066] bridge_slave_1: left promiscuous mode
[  450.137846][ T6066] bridge0: port 2(bridge_slave_1) entered disabled state
[  450.293262][ T6066] bridge_slave_0: left allmulticast mode
[  450.318368][ T6066] bridge_slave_0: left promiscuous mode
[  450.331335][ T6066] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.434005][ T5873] ocfs2: Unmounting device (7,4) on (node local)
[  452.502526][ T5868] Bluetooth: hci0: command tx timeout
[  452.811310][ T6645] loop3: detected capacity change from 0 to 1024
[  452.906955][ T6645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  452.982870][   T30] audit: type=1800 audit(1760522682.547:7): pid=6645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.153" name="file1" dev="loop3" ino=15 res=0 errno=0
[  453.439728][ T6651] loop4: detected capacity change from 0 to 40427
[  453.462923][ T6652] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  453.473880][ T6651] F2FS-fs (loop4): invalid crc value
[  453.579176][ T6651] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  453.590247][ T6651] F2FS-fs (loop4): Start checkpoint disabled!
[  453.602318][ T6651] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  453.610799][ T6651] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  453.624711][ T6652] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28
[  453.646799][ T6652] EXT4-fs (loop3): This should not happen!! Data will be lost
[  453.646799][ T6652] 
[  453.657312][ T6652] EXT4-fs (loop3): Total free blocks count 0
[  453.678042][ T6652] EXT4-fs (loop3): Free/Dirty block details
[  453.693001][ T6652] EXT4-fs (loop3): free_blocks=68451041280
[  453.723813][ T6652] EXT4-fs (loop3): dirty_blocks=16
[  453.771076][ T6652] EXT4-fs (loop3): Block reservation details
[  453.780521][ T6652] EXT4-fs (loop3): i_reserved_data_blocks=1
[  454.434672][ T6066] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  454.480688][ T6066] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  454.520136][ T6066] bond0 (unregistering): Released all slaves
[  454.546543][ T5868] Bluetooth: hci0: command tx timeout
[  454.913150][ T6502] hsr_slave_0: entered promiscuous mode
[  454.944313][ T6502] hsr_slave_1: entered promiscuous mode
[  454.988765][ T6502] debugfs: 'hsr0' already exists in 'hsr'
[  455.010238][ T6502] Cannot create hsr debugfs directory
[  456.621361][ T5868] Bluetooth: hci0: command tx timeout
[  457.056224][ T6066] hsr_slave_0: left promiscuous mode
[  457.081969][ T6066] hsr_slave_1: left promiscuous mode
[  457.098438][ T6066] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  457.117137][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_0
[  457.147559][ T6066] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  457.164124][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_1
[  457.216027][ T6066] veth1_macvtap: left promiscuous mode
[  457.233010][ T6066] veth0_macvtap: left promiscuous mode
[  457.249295][ T6066] veth1_vlan: left promiscuous mode
[  457.276876][ T6066] veth0_vlan: left promiscuous mode
[  457.584920][ T5870] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.700223][ T5868] Bluetooth: hci0: command tx timeout
[  458.730325][  T804] IPVS: starting estimator thread 0...
[  458.864978][ T6707] IPVS: using max 28 ests per chain, 67200 per kthread
[  460.830132][ T6066] team0 (unregistering): Port device team_slave_1 removed
[  461.000481][ T6066] team0 (unregistering): Port device team_slave_0 removed
[  463.899631][  T804] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  464.113759][  T804] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  464.132253][  T804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.277356][  T804] usb 4-1: config 0 descriptor??
[  464.383987][ T6744] loop2: detected capacity change from 0 to 1024
[  464.490971][ T6744] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  464.540450][  T804] kaweth 4-1:0.0: Firmware present in device.
[  464.629829][   T30] audit: type=1800 audit(1760522694.137:8): pid=6744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.170" name="file1" dev="loop2" ino=15 res=0 errno=0
[  465.019726][  T804] kaweth 4-1:0.0: Statistics collection: 0
[  465.038160][  T804] kaweth 4-1:0.0: Multicast filter limit: 0
[  465.052968][ T6751] loop4: detected capacity change from 0 to 40427
[  465.065418][ T6751] F2FS-fs (loop4): invalid crc value
[  465.291190][  T804] kaweth 4-1:0.0: MTU: 0
[  465.349784][  T804] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00
[  465.416108][ T6751] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  465.426659][ T6751] F2FS-fs (loop4): Start checkpoint disabled!
[  465.495107][ T6751] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  465.515705][ T6751] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  465.558108][ T5874] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.717576][  T804] kaweth 4-1:0.0: Error setting SOFS wait
[  465.737930][  T804] kaweth 4-1:0.0: probe with driver kaweth failed with error -5
[  465.849235][  T804] usb 4-1: USB disconnect, device number 3
[  466.282171][ T6586] chnl_net:caif_netlink_parms(): no params data found
[  466.795969][ T6066] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.899768][   T43] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  467.121307][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  467.130091][   T43] usb 4-1: not running at top speed; connect to a high speed hub
[  467.160424][   T43] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  467.174213][ T6066] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  467.189853][   T43] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  467.202037][   T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  467.214855][   T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  467.230013][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.257302][   T43] usb 4-1: Product: syz
[  467.279826][   T43] usb 4-1: Manufacturer: syz
[  467.284463][   T43] usb 4-1: SerialNumber: syz
[  467.388791][ T6502] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  467.420442][ T6502] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  467.433043][ T6502] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  467.444399][ T6502] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  467.762084][ T6066] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  468.615970][   T43] usb 4-1: 0:2 : does not exist
[  468.825717][ T6066] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  468.928798][   T43] usb 4-1: USB disconnect, device number 4
[  469.026039][ T6800] Bluetooth: MGMT ver 1.23
[  469.615740][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  469.841664][ T6586] bridge0: port 1(bridge_slave_0) entered blocking state
[  469.859049][ T6586] bridge0: port 1(bridge_slave_0) entered disabled state
[  469.897114][ T6586] bridge_slave_0: entered allmulticast mode
[  469.911395][ T6586] bridge_slave_0: entered promiscuous mode
[  470.078280][ T6586] bridge0: port 2(bridge_slave_1) entered blocking state
[  470.124217][ T6586] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.273711][ T6586] bridge_slave_1: entered allmulticast mode
[  470.356477][ T6586] bridge_slave_1: entered promiscuous mode
[  472.109372][ T6586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  472.173244][ T6586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  473.312751][ T6586] team0: Port device team_slave_0 added
[  474.072411][ T6843] syz_tun: entered allmulticast mode
[  474.100627][ T6843] syz_tun: left allmulticast mode
[  474.177587][ T6586] team0: Port device team_slave_1 added
[  474.520560][ T6009] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  475.434843][ T6009] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  475.583933][ T6009] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.664938][ T6009] usb 3-1: Product: syz
[  475.709410][ T6009] usb 3-1: Manufacturer: syz
[  475.755404][ T6009] usb 3-1: SerialNumber: syz
[  475.933926][ T6586] batman_adv: batadv0: Adding interface: batadv_slave_0
[  475.955456][ T6586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  476.953462][ T6586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  478.062242][ T5888] Bluetooth: hci5: command 0x0406 tx timeout
[  478.062965][ T5876] Bluetooth: hci4: command 0x0406 tx timeout
[  478.068364][ T5888] Bluetooth: hci1: command 0x0406 tx timeout
[  478.074369][ T5885] Bluetooth: hci3: command 0x0406 tx timeout
[  478.393007][ T6586] batman_adv: batadv0: Adding interface: batadv_slave_1
[  478.457342][ T6586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  478.511550][ T6586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.532192][ T6009] rtl8150 3-1:1.0: couldn't reset the device
[  478.540217][ T6009] rtl8150 3-1:1.0: probe with driver rtl8150 failed with error -5
[  478.698900][ T6009] usb 3-1: USB disconnect, device number 3
[  478.778215][ T6881] syz.2.196 uses obsolete (PF_INET,SOCK_PACKET)
[  478.785728][ T6066] bridge_slave_1: left allmulticast mode
[  478.810586][ T6066] bridge_slave_1: left promiscuous mode
[  478.816390][ T6066] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.942665][ T6066] bridge_slave_0: left allmulticast mode
[  478.975860][ T6066] bridge_slave_0: left promiscuous mode
[  479.003700][ T6066] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.271699][ T6889] loop3: detected capacity change from 0 to 16
[  479.313248][ T6889] erofs (device loop3): mounted with root inode @ nid 36.
[  479.363347][ T6889] erofs (device loop3): readahead error at folio 87 @ nid 36
[  479.409842][ T6889] erofs (device loop3): readahead error at folio 86 @ nid 36
[  479.441708][ T6889] syz.3.199: attempt to access beyond end of device
[  479.441708][ T6889] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16
[  479.495915][ T6889] syz.3.199: attempt to access beyond end of device
[  479.495915][ T6889] loop3: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[  482.591089][ T6066] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  482.599885][ T6009] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  482.660340][ T6066] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  482.709615][ T6066] bond0 (unregistering): Released all slaves
[  482.758022][ T6009] usb 2-1: Using ep0 maxpacket: 8
[  482.782142][ T6009] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  482.818761][ T6009] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  482.850664][ T6009] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.904947][ T6586] hsr_slave_0: entered promiscuous mode
[  482.935633][ T6009] usb 2-1: config 0 descriptor??
[  482.951813][ T6586] hsr_slave_1: entered promiscuous mode
[  483.202790][ T6009] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  483.504935][ T6921] loop2: detected capacity change from 0 to 40427
[  483.537288][ T6921] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  483.545187][ T6921] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  483.556410][ T6921] F2FS-fs (loop2): invalid crc value
[  483.893182][ T6921] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  483.918001][ T6921] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  483.925228][ T6921] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  484.060928][  T804] usb 2-1: USB disconnect, device number 2
[  484.945487][ T6502] 8021q: adding VLAN 0 to HW filter on device bond0
[  485.757526][ T6932] syz.2.203: attempt to access beyond end of device
[  485.757526][ T6932] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  485.792617][ T6066] hsr_slave_0: left promiscuous mode
[  485.810581][ T6066] hsr_slave_1: left promiscuous mode
[  485.820628][ T6066] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  485.843734][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_0
[  485.952799][ T6941] netlink: 28 bytes leftover after parsing attributes in process `syz.1.205'.
[  486.020832][ T6066] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  486.142476][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_1
[  486.427540][ T6066] veth1_macvtap: left promiscuous mode
[  486.440582][ T6066] veth0_macvtap: left promiscuous mode
[  486.446375][ T6066] veth1_vlan: left promiscuous mode
[  486.466491][ T6066] veth0_vlan: left promiscuous mode
[  486.648395][ T6944] netlink: 20 bytes leftover after parsing attributes in process `syz.3.207'.
[  487.013699][ T6948] netlink: 12 bytes leftover after parsing attributes in process `syz.4.208'.
[  488.774233][ T6959] Bluetooth: MGMT ver 1.23
[  489.445457][ T6963] loop1: detected capacity change from 0 to 4096
[  489.526428][ T6966] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  491.572381][ T6066] team0 (unregistering): Port device team_slave_1 removed
[  492.462969][ T6066] team0 (unregistering): Port device team_slave_0 removed
[  494.138080][ T5868] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  494.149736][ T5868] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  494.157592][ T5868] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  494.820812][ T5868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  494.828833][ T5868] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  494.995691][ T6996] loop3: detected capacity change from 0 to 64
[  495.371919][ T7004] loop2: detected capacity change from 0 to 1024
[  495.445891][ T7004] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  495.484267][ T7004] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  495.502333][ T7004] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  495.518526][ T7004] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2967: inode #15: comm syz.2.224: corrupted xattr block 128: invalid ea_ino
[  495.538719][ T7004] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[  495.859636][ T5874] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  496.894558][ T7017] befs: (nullb0): invalid magic header
[  496.916872][ T5882] Bluetooth: hci2: command tx timeout
[  499.507806][ T5882] Bluetooth: hci2: command tx timeout
[  499.525687][ T7021] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.534524][ T7021] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.682727][ T7035] loop1: detected capacity change from 0 to 2048
[  499.726478][ T7035] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  501.027054][ T7021] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  501.070986][ T7021] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  501.595080][ T5882] Bluetooth: hci2: command tx timeout
[  502.342654][ T7052] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  502.390354][ T6058] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.420424][ T6058] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.454520][ T6058] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.503002][ T6058] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  503.072834][ T6586] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  503.131322][ T6586] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  503.237024][ T6586] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  503.551380][ T6586] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  504.228518][ T5882] Bluetooth: hci2: command tx timeout
[  510.020837][ T5868] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  510.029596][ T5868] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  510.039772][ T5868] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  510.047929][ T5868] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  510.058942][ T5868] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  510.073472][ T6988] chnl_net:caif_netlink_parms(): no params data found
[  510.105696][ T7143] tipc: Started in network mode
[  510.125775][ T7143] tipc: Node identity b6658dfc9e8b, cluster identity 4711
[  510.153397][ T7143] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  510.170050][ T7147] syzkaller0: entered promiscuous mode
[  510.175537][ T7147] syzkaller0: entered allmulticast mode
[  510.670632][ T7142] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  511.045301][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  511.052522][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  511.142274][ T7147] tipc: Resetting bearer <eth:syzkaller0>
[  511.369496][ T7140] tipc: Resetting bearer <eth:syzkaller0>
[  511.373177][ T5947] tipc: Node number set to 686722556
[  511.444701][ T7140] tipc: Disabling bearer <eth:syzkaller0>
[  511.496654][ T7133] loop3: detected capacity change from 0 to 40427
[  511.507716][ T7133] F2FS-fs (loop3): build fault injection rate: 694
[  511.645241][ T7133] F2FS-fs (loop3): invalid crc value
[  512.219267][ T5868] Bluetooth: hci6: command tx timeout
[  513.089389][ T7133] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  513.246967][ T6988] bridge0: port 1(bridge_slave_0) entered blocking state
[  513.292205][ T6988] bridge0: port 1(bridge_slave_0) entered disabled state
[  513.299487][ T6988] bridge_slave_0: entered allmulticast mode
[  513.462972][ T6988] bridge_slave_0: entered promiscuous mode
[  514.322649][ T6988] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.340164][ T6988] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.357585][ T6988] bridge_slave_1: entered allmulticast mode
[  514.368581][ T6988] bridge_slave_1: entered promiscuous mode
[  514.382453][ T5868] Bluetooth: hci6: command tx timeout
[  515.404177][ T6988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  515.477828][ T6988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  516.286079][ T7207] CIFS mount error: No usable UNC path provided in device string!
[  516.286079][ T7207] 
[  516.307080][ T7207] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  516.472030][ T5868] Bluetooth: hci6: command tx timeout
[  516.723436][ T6988] team0: Port device team_slave_0 added
[  516.732834][ T6066] bridge_slave_1: left allmulticast mode
[  517.194771][ T6066] bridge_slave_1: left promiscuous mode
[  517.380166][ T6066] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.432549][ T6066] bridge_slave_0: left allmulticast mode
[  517.438227][ T6066] bridge_slave_0: left promiscuous mode
[  517.460279][ T6066] bridge0: port 1(bridge_slave_0) entered disabled state
[  518.552779][ T5868] Bluetooth: hci6: command tx timeout
[  518.701476][ T6066] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  518.713828][ T6066] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  518.729419][ T6066] bond0 (unregistering): Released all slaves
[  519.208067][ T7242] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  519.393062][ T6988] team0: Port device team_slave_1 added
[  519.459009][ T6988] batman_adv: batadv0: Adding interface: batadv_slave_0
[  519.466672][ T6988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  519.503646][ T6988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  519.519112][ T6988] batman_adv: batadv0: Adding interface: batadv_slave_1
[  519.526671][ T6988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  519.572115][ T6988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  519.649252][ T6066] hsr_slave_0: left promiscuous mode
[  519.687510][ T6066] hsr_slave_1: left promiscuous mode
[  519.709925][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_0
[  519.751830][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_1
[  520.087165][ T7248] loop4: detected capacity change from 0 to 128
[  520.804614][ T6058] kworker/u8:14: attempt to access beyond end of device
[  520.804614][ T6058] loop4: rw=1, sector=145, nr_sectors = 16 limit=128
[  520.834968][ T6058] kworker/u8:14: attempt to access beyond end of device
[  520.834968][ T6058] loop4: rw=1, sector=169, nr_sectors = 8 limit=128
[  521.078996][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.078996][ T6058] loop4: rw=1, sector=185, nr_sectors = 8 limit=128
[  521.093265][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.093265][ T6058] loop4: rw=1, sector=201, nr_sectors = 8 limit=128
[  521.148847][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.148847][ T6058] loop4: rw=1, sector=217, nr_sectors = 8 limit=128
[  521.172633][ T6066] team0 (unregistering): Port device team_slave_1 removed
[  521.188143][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.188143][ T6058] loop4: rw=1, sector=233, nr_sectors = 8 limit=128
[  521.201882][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.201882][ T6058] loop4: rw=1, sector=249, nr_sectors = 8 limit=128
[  521.215551][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.215551][ T6058] loop4: rw=1, sector=265, nr_sectors = 8 limit=128
[  521.229432][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.229432][ T6058] loop4: rw=1, sector=281, nr_sectors = 8 limit=128
[  521.244082][ T6058] kworker/u8:14: attempt to access beyond end of device
[  521.244082][ T6058] loop4: rw=1, sector=297, nr_sectors = 8 limit=128
[  521.261908][ T6066] team0 (unregistering): Port device team_slave_0 removed
[  521.676933][ T7262] qnx4: unable to read the superblock
[  523.092944][ T7255] loop2: detected capacity change from 0 to 32768
[  523.196987][ T7255] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  523.677586][ T6988] hsr_slave_0: entered promiscuous mode
[  523.691949][ T7255] XFS (loop2): Ending clean mount
[  523.717747][ T6988] hsr_slave_1: entered promiscuous mode
[  523.951045][ T6988] debugfs: 'hsr0' already exists in 'hsr'
[  523.956816][ T6988] Cannot create hsr debugfs directory
[  523.967683][ T7255] XFS (loop2): Quotacheck needed: Please wait.
[  525.241772][ T7255] XFS (loop2): Quotacheck: Done.
[  525.645732][ T5874] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  526.474843][ T7144] chnl_net:caif_netlink_parms(): no params data found
[  527.816122][ T7321] netlink: 4 bytes leftover after parsing attributes in process `syz.2.290'.
[  527.832419][ T5881] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  528.707357][ T7144] bridge0: port 1(bridge_slave_0) entered blocking state
[  528.740810][ T5881] usb 4-1: Using ep0 maxpacket: 8
[  528.741684][ T7144] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.779310][ T5881] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  528.825194][ T7327] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  529.173499][ T7144] bridge_slave_0: entered allmulticast mode
[  529.212345][ T5881] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  529.598483][ T7144] bridge_slave_0: entered promiscuous mode
[  529.618811][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.660566][ T5881] usb 4-1: Product: syz
[  529.663173][ T7144] bridge0: port 2(bridge_slave_1) entered blocking state
[  529.664752][ T5881] usb 4-1: Manufacturer: syz
[  529.676390][ T5881] usb 4-1: SerialNumber: syz
[  529.691597][ T7144] bridge0: port 2(bridge_slave_1) entered disabled state
[  529.693411][ T5881] usb 4-1: config 0 descriptor??
[  529.698801][ T7144] bridge_slave_1: entered allmulticast mode
[  529.718516][ T5881] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  529.746225][ T5881] usb 4-1: setting power ON
[  529.760056][ T5881] dvb-usb: bulk message failed: -22 (2/0)
[  529.827918][ T5881] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  529.838027][ T7144] bridge_slave_1: entered promiscuous mode
[  530.016041][ T7314] dvb-usb: bulk message failed: -22 (3/0)
[  530.078772][ T5881] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  530.100174][ T5881] usb 4-1: media controller created
[  530.719318][ T5881] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  530.775525][ T5881] usb 4-1: selecting invalid altsetting 6
[  530.960027][ T5881] usb 4-1: digital interface selection failed (-22)
[  530.993057][ T5881] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  531.670185][ T5881] usb 4-1: setting power OFF
[  531.675140][ T5881] dvb-usb: bulk message failed: -22 (2/0)
[  531.725599][ T5881] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  533.705622][ T5881] (NULL device *): no alternate interface
[  533.951381][ T5881] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  534.003638][ T7349] loop4: detected capacity change from 0 to 128
[  534.053637][ T5881] usb 4-1: USB disconnect, device number 5
[  535.065019][ T7144] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.119007][ T7144] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.276115][ T7360] netlink: 16 bytes leftover after parsing attributes in process `syz.3.299'.
[  536.260886][ T7144] team0: Port device team_slave_0 added
[  536.310516][ T7144] team0: Port device team_slave_1 added
[  536.615773][ T7144] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.641934][ T7144] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.668769][ T7144] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.682649][ T7144] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.689603][ T7144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.716205][ T7144] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  537.615325][ T7367] loop1: detected capacity change from 0 to 32768
[  537.685519][ T7144] hsr_slave_0: entered promiscuous mode
[  537.711666][ T7144] hsr_slave_1: entered promiscuous mode
[  537.759015][ T7144] debugfs: 'hsr0' already exists in 'hsr'
[  537.780184][ T7367] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  537.825595][ T7144] Cannot create hsr debugfs directory
[  538.050638][ T5872] ocfs2: Unmounting device (7,1) on (node local)
[  538.285309][ T6066] bridge_slave_1: left allmulticast mode
[  538.303842][ T6066] bridge_slave_1: left promiscuous mode
[  538.309677][ T6066] bridge0: port 2(bridge_slave_1) entered disabled state
[  538.366038][ T6066] bridge_slave_0: left allmulticast mode
[  538.392370][ T6066] bridge_slave_0: left promiscuous mode
[  538.409162][ T6066] bridge0: port 1(bridge_slave_0) entered disabled state
[  538.745590][ T6066] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  538.771932][ T6066] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  538.794528][ T7379] loop3: detected capacity change from 0 to 32768
[  538.802599][ T6066] bond0 (unregistering): Released all slaves
[  538.872594][ T7379] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  538.937430][   T30] audit: type=1800 audit(1760522768.497:9): pid=7379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.305" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  538.945505][ T7379] (syz.3.305,7379,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  539.316816][ T5870] ocfs2: Unmounting device (7,3) on (node local)
[  539.779578][ T6066] hsr_slave_0: left promiscuous mode
[  539.805811][ T6066] hsr_slave_1: left promiscuous mode
[  540.311856][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_0
[  540.552301][ T6066] batman_adv: batadv0: Removing interface: batadv_slave_1
[  541.371406][ T7417] loop1: detected capacity change from 0 to 1024
[  543.598556][ T6066] team0 (unregistering): Port device team_slave_1 removed
[  543.738334][ T6066] team0 (unregistering): Port device team_slave_0 removed
[  544.665648][ T7423] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  544.696393][ T7424] syzkaller0: entered promiscuous mode
[  544.716882][ T7424] syzkaller0: entered allmulticast mode
[  544.804860][ T6988] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  544.834872][ T6988] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  544.926976][ T6988] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  544.979433][ T7433] tipc: Resetting bearer <eth:syzkaller0>
[  545.101529][ T7433] tipc: Disabling bearer <eth:syzkaller0>
[  545.141529][ T6988] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  545.253307][ T7448] loop1: detected capacity change from 0 to 512
[  545.342444][ T7448] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6).
[  545.377922][ T7448] EXT4-fs warning (device loop1): ext4_enable_quotas:7176: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  545.470459][ T7448] EXT4-fs (loop1): mount failed
[  545.818359][ T7448] loop1: detected capacity change from 0 to 512
[  545.946217][ T7448] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  546.053956][ T7448] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  546.240996][ T6988] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.572795][ T7144] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  547.310627][ T7144] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  547.382766][ T6988] 8021q: adding VLAN 0 to HW filter on device team0
[  547.392291][ T7144] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  547.434260][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state
[  547.441438][ T5926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  547.479352][ T7144] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  547.511733][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state
[  547.518895][ T5926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  548.584013][  T804] hid-generic 0101:0002:0002.0001: item fetching failed at offset 3/10
[  548.622802][  T804] hid-generic 0101:0002:0002.0001: probe with driver hid-generic failed with error -22
[  548.624842][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  549.159546][ T7144] 8021q: adding VLAN 0 to HW filter on device bond0
[  549.441986][ T7144] 8021q: adding VLAN 0 to HW filter on device team0
[  549.476982][ T5925] bridge0: port 1(bridge_slave_0) entered blocking state
[  549.484177][ T5925] bridge0: port 1(bridge_slave_0) entered forwarding state
[  550.172182][ T5925] bridge0: port 2(bridge_slave_1) entered blocking state
[  550.179490][ T5925] bridge0: port 2(bridge_slave_1) entered forwarding state
[  551.819139][ T6988] 8021q: adding VLAN 0 to HW filter on device batadv0
[  551.842385][ T7523] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  552.490091][  T804] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  552.940950][  T804] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  552.987531][  T804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.024221][  T804] usb 4-1: config 0 descriptor??
[  553.206991][ T7144] 8021q: adding VLAN 0 to HW filter on device batadv0
[  555.106298][ T5882] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  555.120913][ T5882] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  555.128697][ T5882] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  555.137424][ T5882] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  555.145315][ T5882] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  556.105294][ T7584] loop1: detected capacity change from 0 to 256
[  556.183672][ T7584] FAT-fs (loop1): Directory bread(block 64) failed
[  556.190536][ T7584] FAT-fs (loop1): Directory bread(block 65) failed
[  556.197165][ T7584] FAT-fs (loop1): Directory bread(block 66) failed
[  556.203834][ T7584] FAT-fs (loop1): Directory bread(block 67) failed
[  556.210512][ T7584] FAT-fs (loop1): Directory bread(block 68) failed
[  556.217058][ T7584] FAT-fs (loop1): Directory bread(block 69) failed
[  556.224339][ T7584] FAT-fs (loop1): Directory bread(block 70) failed
[  556.230911][ T7584] FAT-fs (loop1): Directory bread(block 71) failed
[  556.237526][ T7584] FAT-fs (loop1): Directory bread(block 72) failed
[  556.244083][ T7584] FAT-fs (loop1): Directory bread(block 73) failed
[  556.463704][  T804] usb 4-1: Cannot set autoneg
[  556.468732][  T804] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  556.632176][  T804] usb 4-1: USB disconnect, device number 6
[  557.046318][ T7144] veth0_vlan: entered promiscuous mode
[  557.182121][ T5868] Bluetooth: hci0: command tx timeout
[  557.430456][ T7144] veth1_vlan: entered promiscuous mode
[  557.512755][ T7605] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  558.174446][ T7609] loop1: detected capacity change from 0 to 4096
[  558.246385][ T7612] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  558.359252][ T7609] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  559.278690][ T5868] Bluetooth: hci0: command tx timeout
[  559.352875][ T5872] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.363397][ T5881] tipc: Node number set to 3038240947
[  559.442624][ T7633] loop4: detected capacity change from 0 to 512
[  559.472874][ T7633] EXT4-fs: Mount option(s) incompatible with ext3
[  559.485721][ T7602] tipc: Disabling bearer <eth:syzkaller0>
[  559.798403][ T7639] loop4: detected capacity change from 0 to 2048
[  559.806808][ T7639] udf: Unknown parameter '0xffffffffffffffff1844674407370955161500000000000000000004ÿ'
[  559.913675][ T7144] veth0_macvtap: entered promiscuous mode
[  559.987831][ T7144] veth1_macvtap: entered promiscuous mode
[  561.540879][ T5868] Bluetooth: hci0: command tx timeout
[  562.881618][ T7144] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.343972][ T7144] batman_adv: batadv0: Interface activated: batadv_slave_1
[  563.480251][ T7572] chnl_net:caif_netlink_parms(): no params data found
[  564.787950][ T5868] Bluetooth: hci0: command tx timeout
[  565.312352][ T7664] loop4: detected capacity change from 0 to 16
[  565.314579][ T6071] bridge_slave_1: left allmulticast mode
[  565.349809][ T6071] bridge_slave_1: left promiscuous mode
[  565.355594][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.360502][ T7664] erofs (device loop4): mounted with root inode @ nid 36.
[  565.531009][ T6071] bridge_slave_0: left allmulticast mode
[  565.544335][ T6071] bridge_slave_0: left promiscuous mode
[  565.554122][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.048193][ T7668] netlink: 'syz.4.357': attribute type 13 has an invalid length.
[  569.250327][ T6071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  569.280678][ T5882] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  569.289086][ T5882] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  569.298701][ T5882] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  569.306905][ T5882] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  569.315896][ T5882] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  569.330334][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  569.389254][ T6071] bond0 (unregistering): Released all slaves
[  569.701786][ T7679] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  569.721653][ T7681] syzkaller0: entered promiscuous mode
[  569.760223][ T7681] syzkaller0: entered allmulticast mode
[  569.805895][ T6053] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  570.101410][ T7703] sctp: [Deprecated]: syz.3.363 (pid 7703) Use of struct sctp_assoc_value in delayed_ack socket option.
[  570.101410][ T7703] Use struct sctp_sack_info instead
[  570.414479][ T7706] loop1: detected capacity change from 0 to 256
[  570.439135][ T7706] exfat: Deprecated parameter 'namecase'
[  570.449857][ T7706] exfat: Deprecated parameter 'namecase'
[  570.505129][ T7707] ==================================================================
[  570.513220][ T7707] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220
[  570.520443][ T7707] Read of size 8 at addr ffff888027a968f8 by task syz.4.364/7707
[  570.528155][ T7707] 
[  570.530472][ T7707] CPU: 0 UID: 0 PID: 7707 Comm: syz.4.364 Not tainted syzkaller #0 PREEMPT(full) 
[  570.530511][ T7707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  570.530530][ T7707] Call Trace:
[  570.530541][ T7707]  <TASK>
[  570.530553][ T7707]  dump_stack_lvl+0x116/0x1f0
[  570.530605][ T7707]  print_report+0xcd/0x630
[  570.530646][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.530686][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.530724][ T7707]  ? __phys_addr+0xe8/0x180
[  570.530760][ T7707]  ? __cpa_addr+0x1d3/0x220
[  570.530799][ T7707]  kasan_report+0xe0/0x110
[  570.530841][ T7707]  ? __cpa_addr+0x1d3/0x220
[  570.530887][ T7707]  __cpa_addr+0x1d3/0x220
[  570.530929][ T7707]  cpa_flush+0x28b/0x8a0
[  570.530975][ T7707]  ? __pfx_cpa_flush+0x10/0x10
[  570.531020][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.531059][ T7707]  ? pgprot2cachemode+0x9a/0x130
[  570.531107][ T7707]  ? __pfx_pgprot2cachemode+0x10/0x10
[  570.531141][ T7707]  ? drm_gem_get_pages+0x6a0/0xa10
[  570.531183][ T7707]  change_page_attr_set_clr+0x34e/0x4a0
[  570.531234][ T7707]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  570.531286][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.531341][ T7707]  _set_pages_array+0x1ab/0x2c0
[  570.531391][ T7707]  drm_gem_shmem_get_pages_locked+0x384/0x490
[  570.531426][ T7707]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  570.531459][ T7707]  ? __pfx___might_resched+0x10/0x10
[  570.531519][ T7707]  drm_gem_shmem_mmap+0xc9/0x550
[  570.531549][ T7707]  ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[  570.531583][ T7707]  drm_gem_mmap_obj+0x1b5/0x560
[  570.531621][ T7707]  drm_gem_mmap+0x40b/0x620
[  570.531659][ T7707]  ? __pfx_drm_gem_mmap+0x10/0x10
[  570.531694][ T7707]  ? vm_area_alloc+0x1f/0x160
[  570.531746][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.531784][ T7707]  ? lockdep_init_map_type+0x5c/0x280
[  570.531831][ T7707]  __mmap_region+0x1309/0x27a0
[  570.531865][ T7707]  ? __pfx___mmap_region+0x10/0x10
[  570.531894][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.531934][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.531973][ T7707]  ? rcu_is_watching+0x12/0xc0
[  570.532003][ T7707]  ? finish_task_switch.isra.0+0x221/0xc10
[  570.532056][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532100][ T7707]  ? lockdep_hardirqs_on+0x7c/0x110
[  570.532150][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532189][ T7707]  ? finish_task_switch.isra.0+0x221/0xc10
[  570.532241][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532281][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532369][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532408][ T7707]  ? __lock_acquire+0xb8a/0x1c90
[  570.532449][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532492][ T7707]  mmap_region+0x1ab/0x3f0
[  570.532523][ T7707]  ? __get_unmapped_area+0x267/0x440
[  570.532563][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532606][ T7707]  do_mmap+0xa3e/0x1210
[  570.532648][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532688][ T7707]  ? __pfx_do_mmap+0x10/0x10
[  570.532726][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.532767][ T7707]  ? __pfx_down_write_killable+0x10/0x10
[  570.532806][ T7707]  vm_mmap_pgoff+0x29e/0x470
[  570.532851][ T7707]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  570.532895][ T7707]  ? __fget_files+0x20e/0x3c0
[  570.532930][ T7707]  ? __entry_text_end+0x1020b5/0x1020b9
[  570.532974][ T7707]  ksys_mmap_pgoff+0x32c/0x5c0
[  570.533012][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  570.533055][ T7707]  __x64_sys_mmap+0x125/0x190
[  570.533104][ T7707]  do_syscall_64+0xcd/0xfa0
[  570.533156][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.533189][ T7707] RIP: 0033:0x7fc2f838eec9
[  570.533213][ T7707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.533245][ T7707] RSP: 002b:00007fc2f92bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  570.533275][ T7707] RAX: ffffffffffffffda RBX: 00007fc2f85e5fa0 RCX: 00007fc2f838eec9
[  570.533297][ T7707] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  570.533318][ T7707] RBP: 00007fc2f8411f91 R08: 0000000000000004 R09: 0000000100000000
[  570.533339][ T7707] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  570.533359][ T7707] R13: 00007fc2f85e6038 R14: 00007fc2f85e5fa0 R15: 00007ffcf02eaf08
[  570.533393][ T7707]  </TASK>
[  570.533404][ T7707] 
[  570.955541][ T7707] Allocated by task 7707:
[  570.959857][ T7707]  kasan_save_stack+0x33/0x60
[  570.964545][ T7707]  kasan_save_track+0x14/0x30
[  570.969224][ T7707]  __kasan_kmalloc+0xaa/0xb0
[  570.973815][ T7707]  __kvmalloc_node_noprof+0x3a3/0x9c0
[  570.979193][ T7707]  drm_gem_get_pages+0x144/0xa10
[  570.984144][ T7707]  drm_gem_shmem_get_pages_locked+0x1e6/0x490
[  570.990219][ T7707]  drm_gem_shmem_mmap+0xc9/0x550
[  570.995153][ T7707]  drm_gem_mmap_obj+0x1b5/0x560
[  571.000009][ T7707]  drm_gem_mmap+0x40b/0x620
[  571.004513][ T7707]  __mmap_region+0x1309/0x27a0
[  571.009272][ T7707]  mmap_region+0x1ab/0x3f0
[  571.013686][ T7707]  do_mmap+0xa3e/0x1210
[  571.017849][ T7707]  vm_mmap_pgoff+0x29e/0x470
[  571.022446][ T7707]  ksys_mmap_pgoff+0x32c/0x5c0
[  571.027217][ T7707]  __x64_sys_mmap+0x125/0x190
[  571.031900][ T7707]  do_syscall_64+0xcd/0xfa0
[  571.036421][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.042313][ T7707] 
[  571.044621][ T7707] The buggy address belongs to the object at ffff888027a96800
[  571.044621][ T7707]  which belongs to the cache kmalloc-256 of size 256
[  571.058667][ T7707] The buggy address is located 0 bytes to the right of
[  571.058667][ T7707]  allocated 248-byte region [ffff888027a96800, ffff888027a968f8)
[  571.073156][ T7707] 
[  571.075471][ T7707] The buggy address belongs to the physical page:
[  571.081868][ T7707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a96
[  571.090624][ T7707] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  571.099117][ T7707] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  571.106659][ T7707] page_type: f5(slab)
[  571.110638][ T7707] raw: 00fff00000000040 ffff88813ffa6b40 ffffea000094b700 dead000000000002
[  571.119223][ T7707] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  571.127808][ T7707] head: 00fff00000000040 ffff88813ffa6b40 ffffea000094b700 dead000000000002
[  571.136480][ T7707] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  571.145152][ T7707] head: 00fff00000000001 ffffea00009ea581 00000000ffffffff 00000000ffffffff
[  571.153826][ T7707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  571.162485][ T7707] page dumped because: kasan: bad access detected
[  571.168882][ T7707] page_owner tracks the page as allocated
[  571.174581][ T7707] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5870, tgid 5870 (syz-executor), ts 362759428216, free_ts 362743001689
[  571.196131][ T7707]  post_alloc_hook+0x1c0/0x230
[  571.200926][ T7707]  get_page_from_freelist+0x10a3/0x3a30
[  571.206493][ T7707]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  571.212385][ T7707]  alloc_pages_mpol+0x1fb/0x550
[  571.217250][ T7707]  new_slab+0x24a/0x360
[  571.221421][ T7707]  ___slab_alloc+0xdc4/0x1ae0
[  571.226113][ T7707]  __slab_alloc.constprop.0+0x63/0x110
[  571.231592][ T7707]  __kmalloc_noprof+0x501/0x880
[  571.236458][ T7707]  fib_create_info+0x53f/0x46b0
[  571.241319][ T7707]  fib_table_insert+0x177/0x1c40
[  571.246254][ T7707]  fib_magic+0x4d4/0x5c0
[  571.250498][ T7707]  fib_add_ifaddr+0x16d/0x580
[  571.255184][ T7707]  fib_netdev_event+0x38a/0x710
[  571.260042][ T7707]  notifier_call_chain+0xbc/0x410
[  571.265074][ T7707]  call_netdevice_notifiers_info+0xbe/0x140
[  571.270968][ T7707]  __dev_notify_flags+0x12c/0x2e0
[  571.276006][ T7707] page last free pid 5874 tgid 5874 stack trace:
[  571.282317][ T7707]  __free_frozen_pages+0x7df/0x1160
[  571.287530][ T7707]  qlist_free_all+0x4d/0x120
[  571.292120][ T7707]  kasan_quarantine_reduce+0x195/0x1e0
[  571.297588][ T7707]  __kasan_slab_alloc+0x69/0x90
[  571.302446][ T7707]  kmem_cache_alloc_lru_noprof+0x254/0x6e0
[  571.308251][ T7707]  sock_alloc_inode+0x25/0x1c0
[  571.313013][ T7707]  alloc_inode+0x64/0x240
[  571.317357][ T7707]  sock_alloc+0x40/0x280
[  571.321593][ T7707]  __sock_create+0xc1/0x8d0
[  571.326103][ T7707]  __sys_socket+0x14d/0x260
[  571.330613][ T7707]  __x64_sys_socket+0x72/0xb0
[  571.335294][ T7707]  do_syscall_64+0xcd/0xfa0
[  571.339815][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.345709][ T7707] 
[  571.348014][ T7707] Memory state around the buggy address:
[  571.353629][ T7707]  ffff888027a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  571.361683][ T7707]  ffff888027a96800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  571.369737][ T7707] >ffff888027a96880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[  571.377785][ T7707]                                                                 ^
[  571.385745][ T7707]  ffff888027a96900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  571.393799][ T7707]  ffff888027a96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  571.401849][ T7707] ==================================================================
[  571.459904][ T7707] Disabling lock debugging due to kernel taint
[  571.462743][ T5868] Bluetooth: hci2: command tx timeout
[  571.484422][ T7707] ==================================================================
[  571.492488][ T7707] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220
[  571.499686][ T7707] Read of size 8 at addr ffff888027a968f8 by task syz.4.364/7707
[  571.507384][ T7707] 
[  571.509743][ T7707] CPU: 1 UID: 0 PID: 7707 Comm: syz.4.364 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  571.509782][ T7707] Tainted: [B]=BAD_PAGE
[  571.509791][ T7707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  571.509807][ T7707] Call Trace:
[  571.509816][ T7707]  <TASK>
[  571.509826][ T7707]  dump_stack_lvl+0x116/0x1f0
[  571.509869][ T7707]  print_report+0xcd/0x630
[  571.509903][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.509936][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.509968][ T7707]  ? __phys_addr+0xe8/0x180
[  571.509997][ T7707]  ? __cpa_addr+0x1d3/0x220
[  571.510030][ T7707]  kasan_report+0xe0/0x110
[  571.510065][ T7707]  ? __cpa_addr+0x1d3/0x220
[  571.510103][ T7707]  __cpa_addr+0x1d3/0x220
[  571.510137][ T7707]  cpa_flush+0x28b/0x8a0
[  571.510175][ T7707]  ? __pfx_cpa_flush+0x10/0x10
[  571.510212][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.510245][ T7707]  ? pgprot2cachemode+0x9a/0x130
[  571.510271][ T7707]  ? __pfx_pgprot2cachemode+0x10/0x10
[  571.510299][ T7707]  ? drm_gem_get_pages+0x6a0/0xa10
[  571.510333][ T7707]  change_page_attr_set_clr+0x34e/0x4a0
[  571.510376][ T7707]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  571.510423][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.510467][ T7707]  _set_pages_array+0x20a/0x2c0
[  571.510509][ T7707]  drm_gem_shmem_get_pages_locked+0x384/0x490
[  571.510537][ T7707]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  571.510564][ T7707]  ? __pfx___might_resched+0x10/0x10
[  571.510614][ T7707]  drm_gem_shmem_mmap+0xc9/0x550
[  571.510639][ T7707]  ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[  571.510667][ T7707]  drm_gem_mmap_obj+0x1b5/0x560
[  571.510698][ T7707]  drm_gem_mmap+0x40b/0x620
[  571.510729][ T7707]  ? __pfx_drm_gem_mmap+0x10/0x10
[  571.510758][ T7707]  ? vm_area_alloc+0x1f/0x160
[  571.510801][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.510833][ T7707]  ? lockdep_init_map_type+0x5c/0x280
[  571.510871][ T7707]  __mmap_region+0x1309/0x27a0
[  571.510899][ T7707]  ? __pfx___mmap_region+0x10/0x10
[  571.510923][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.510956][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.510988][ T7707]  ? rcu_is_watching+0x12/0xc0
[  571.511013][ T7707]  ? finish_task_switch.isra.0+0x221/0xc10
[  571.511057][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511100][ T7707]  ? lockdep_hardirqs_on+0x7c/0x110
[  571.511141][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511174][ T7707]  ? finish_task_switch.isra.0+0x221/0xc10
[  571.511217][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511250][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511321][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511353][ T7707]  ? __lock_acquire+0xb8a/0x1c90
[  571.511387][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511425][ T7707]  mmap_region+0x1ab/0x3f0
[  571.511451][ T7707]  ? __get_unmapped_area+0x267/0x440
[  571.511484][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511519][ T7707]  do_mmap+0xa3e/0x1210
[  571.511554][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511587][ T7707]  ? __pfx_do_mmap+0x10/0x10
[  571.511619][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511652][ T7707]  ? __pfx_down_write_killable+0x10/0x10
[  571.511686][ T7707]  vm_mmap_pgoff+0x29e/0x470
[  571.511723][ T7707]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  571.511759][ T7707]  ? __fget_files+0x20e/0x3c0
[  571.511789][ T7707]  ? __entry_text_end+0x1020b5/0x1020b9
[  571.511824][ T7707]  ksys_mmap_pgoff+0x32c/0x5c0
[  571.511857][ T7707]  ? srso_alias_return_thunk+0x5/0xfbef5
[  571.511892][ T7707]  __x64_sys_mmap+0x125/0x190
[  571.511928][ T7707]  do_syscall_64+0xcd/0xfa0
[  571.511971][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.511998][ T7707] RIP: 0033:0x7fc2f838eec9
[  571.512018][ T7707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.512044][ T7707] RSP: 002b:00007fc2f92bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  571.512069][ T7707] RAX: ffffffffffffffda RBX: 00007fc2f85e5fa0 RCX: 00007fc2f838eec9
[  571.512087][ T7707] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  571.512104][ T7707] RBP: 00007fc2f8411f91 R08: 0000000000000004 R09: 0000000100000000
[  571.512121][ T7707] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  571.512139][ T7707] R13: 00007fc2f85e6038 R14: 00007fc2f85e5fa0 R15: 00007ffcf02eaf08
[  571.512167][ T7707]  </TASK>
[  571.512176][ T7707] 
[  571.940150][ T7707] Allocated by task 7707:
[  571.944468][ T7707]  kasan_save_stack+0x33/0x60
[  571.949151][ T7707]  kasan_save_track+0x14/0x30
[  571.953833][ T7707]  __kasan_kmalloc+0xaa/0xb0
[  571.958437][ T7707]  __kvmalloc_node_noprof+0x3a3/0x9c0
[  571.963812][ T7707]  drm_gem_get_pages+0x144/0xa10
[  571.968753][ T7707]  drm_gem_shmem_get_pages_locked+0x1e6/0x490
[  571.974817][ T7707]  drm_gem_shmem_mmap+0xc9/0x550
[  571.979749][ T7707]  drm_gem_mmap_obj+0x1b5/0x560
[  571.984602][ T7707]  drm_gem_mmap+0x40b/0x620
[  571.989104][ T7707]  __mmap_region+0x1309/0x27a0
[  571.993860][ T7707]  mmap_region+0x1ab/0x3f0
[  571.998274][ T7707]  do_mmap+0xa3e/0x1210
[  572.002433][ T7707]  vm_mmap_pgoff+0x29e/0x470
[  572.007029][ T7707]  ksys_mmap_pgoff+0x32c/0x5c0
[  572.011800][ T7707]  __x64_sys_mmap+0x125/0x190
[  572.016481][ T7707]  do_syscall_64+0xcd/0xfa0
[  572.020999][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.026889][ T7707] 
[  572.029196][ T7707] The buggy address belongs to the object at ffff888027a96800
[  572.029196][ T7707]  which belongs to the cache kmalloc-256 of size 256
[  572.043244][ T7707] The buggy address is located 0 bytes to the right of
[  572.043244][ T7707]  allocated 248-byte region [ffff888027a96800, ffff888027a968f8)
[  572.057731][ T7707] 
[  572.060043][ T7707] The buggy address belongs to the physical page:
[  572.066438][ T7707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a96
[  572.075190][ T7707] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  572.083680][ T7707] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  572.091218][ T7707] page_type: f5(slab)
[  572.095197][ T7707] raw: 00fff00000000040 ffff88813ffa6b40 ffffea000094b700 dead000000000002
[  572.103775][ T7707] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  572.112357][ T7707] head: 00fff00000000040 ffff88813ffa6b40 ffffea000094b700 dead000000000002
[  572.121025][ T7707] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  572.129692][ T7707] head: 00fff00000000001 ffffea00009ea581 00000000ffffffff 00000000ffffffff
[  572.138358][ T7707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  572.147013][ T7707] page dumped because: kasan: bad access detected
[  572.153409][ T7707] page_owner tracks the page as allocated
[  572.159105][ T7707] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5870, tgid 5870 (syz-executor), ts 362759428216, free_ts 362743001689
[  572.180649][ T7707]  post_alloc_hook+0x1c0/0x230
[  572.185429][ T7707]  get_page_from_freelist+0x10a3/0x3a30
[  572.190990][ T7707]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  572.196878][ T7707]  alloc_pages_mpol+0x1fb/0x550
[  572.201734][ T7707]  new_slab+0x24a/0x360
[  572.205900][ T7707]  ___slab_alloc+0xdc4/0x1ae0
[  572.210588][ T7707]  __slab_alloc.constprop.0+0x63/0x110
[  572.216060][ T7707]  __kmalloc_noprof+0x501/0x880
[  572.220925][ T7707]  fib_create_info+0x53f/0x46b0
[  572.225786][ T7707]  fib_table_insert+0x177/0x1c40
[  572.230715][ T7707]  fib_magic+0x4d4/0x5c0
[  572.234957][ T7707]  fib_add_ifaddr+0x16d/0x580
[  572.239636][ T7707]  fib_netdev_event+0x38a/0x710
[  572.244489][ T7707]  notifier_call_chain+0xbc/0x410
[  572.249515][ T7707]  call_netdevice_notifiers_info+0xbe/0x140
[  572.255408][ T7707]  __dev_notify_flags+0x12c/0x2e0
[  572.260442][ T7707] page last free pid 5874 tgid 5874 stack trace:
[  572.266752][ T7707]  __free_frozen_pages+0x7df/0x1160
[  572.271959][ T7707]  qlist_free_all+0x4d/0x120
[  572.276546][ T7707]  kasan_quarantine_reduce+0x195/0x1e0
[  572.282003][ T7707]  __kasan_slab_alloc+0x69/0x90
[  572.286859][ T7707]  kmem_cache_alloc_lru_noprof+0x254/0x6e0
[  572.292660][ T7707]  sock_alloc_inode+0x25/0x1c0
[  572.297423][ T7707]  alloc_inode+0x64/0x240
[  572.301768][ T7707]  sock_alloc+0x40/0x280
[  572.306008][ T7707]  __sock_create+0xc1/0x8d0
[  572.310512][ T7707]  __sys_socket+0x14d/0x260
[  572.315022][ T7707]  __x64_sys_socket+0x72/0xb0
[  572.319713][ T7707]  do_syscall_64+0xcd/0xfa0
[  572.324235][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.330129][ T7707] 
[  572.332441][ T7707] Memory state around the buggy address:
[  572.338059][ T7707]  ffff888027a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  572.346122][ T7707]  ffff888027a96800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  572.354177][ T7707] >ffff888027a96880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  572.362226][ T7707]                                                                 ^
[  572.370190][ T7707]  ffff888027a96900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  572.378246][ T7707]  ffff888027a96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  572.389089][ T7707] ==================================================================
[  572.397250][    C1] vkms_vblank_simulate: vblank timer overrun
[  572.411981][ T7706] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d)
[  572.585420][ T7681] tipc: Resetting bearer <eth:syzkaller0>
[  573.125202][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  573.131584][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  573.311258][ T7681] tipc: Disabling bearer <eth:syzkaller0>
[  573.378538][ T7704] ==================================================================
[  573.386632][ T7704] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220
[  573.393844][ T7704] Read of size 8 at addr ffff888027a968f8 by task syz.4.364/7704
[  573.401553][ T7704] 
[  573.403871][ T7704] CPU: 1 UID: 0 PID: 7704 Comm: syz.4.364 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  573.403916][ T7704] Tainted: [B]=BAD_PAGE
[  573.403928][ T7704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  573.403946][ T7704] Call Trace:
[  573.403957][ T7704]  <TASK>
[  573.403968][ T7704]  dump_stack_lvl+0x116/0x1f0
[  573.404020][ T7704]  print_report+0xcd/0x630
[  573.404060][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.404099][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.404137][ T7704]  ? __phys_addr+0xe8/0x180
[  573.404171][ T7704]  ? __cpa_addr+0x1d3/0x220
[  573.404210][ T7704]  kasan_report+0xe0/0x110
[  573.404251][ T7704]  ? __cpa_addr+0x1d3/0x220
[  573.404297][ T7704]  __cpa_addr+0x1d3/0x220
[  573.404338][ T7704]  cpa_flush+0xec/0x8a0
[  573.404389][ T7704]  ? __pfx_cpa_flush+0x10/0x10
[  573.404434][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.404472][ T7704]  ? pgprot2cachemode+0x9a/0x130
[  573.404504][ T7704]  ? __pfx_pgprot2cachemode+0x10/0x10
[  573.404541][ T7704]  set_pages_array_wb+0x238/0x280
[  573.404590][ T7704]  ? __pfx_set_pages_array_wb+0x10/0x10
[  573.404646][ T7704]  ? __pfx___might_resched+0x10/0x10
[  573.404699][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.404742][ T7704]  drm_gem_shmem_put_pages_locked+0x27e/0x300
[  573.404797][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.404837][ T7704]  drm_gem_shmem_vm_close+0x63/0xc0
[  573.404890][ T7704]  ? __pfx_drm_gem_shmem_vm_close+0x10/0x10
[  573.404944][ T7704]  remove_vma+0x88/0x160
[  573.404992][ T7704]  exit_mmap+0x50a/0xb90
[  573.405036][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.405075][ T7704]  ? __pfx_exit_mmap+0x10/0x10
[  573.405116][ T7704]  ? lock_release+0x201/0x2f0
[  573.405161][ T7704]  ? lock_release+0x201/0x2f0
[  573.405198][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.405246][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.405285][ T7704]  ? arch_uprobe_clear_state+0x16/0x150
[  573.405332][ T7704]  __mmput+0x12a/0x410
[  573.405387][ T7704]  mmput+0x62/0x70
[  573.405436][ T7704]  do_exit+0x7c7/0x2bf0
[  573.405475][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.405515][ T7704]  ? __pfx_do_exit+0x10/0x10
[  573.405550][ T7704]  ? srso_alias_return_thunk+0x5/0xfbef5
[  573.405588][ T7704]  ? preempt_schedule_thunk+0x16/0x30
[  573.405634][ T7704]  do_group_exit+0xd3/0x2a0
[  573.405672][ T7704]  __x64_sys_exit_group+0x3e/0x50
[  573.405711][ T7704]  x64_sys_call+0x150b/0x1730
[  573.405744][ T7704]  do_syscall_64+0xcd/0xfa0
[  573.405795][ T7704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.405827][ T7704] RIP: 0033:0x7fc2f838eec9
[  573.405850][ T7704] Code: Unable to access opcode bytes at 0x7fc2f838ee9f.
[  573.405865][ T7704] RSP: 002b:00007ffcf02eb268 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  573.405895][ T7704] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc2f838eec9
[  573.405916][ T7704] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  573.405936][ T7704] RBP: 00007ffcf02eb2cc R08: 00000005f02eb35f R09: 00005555785be590
[  573.405957][ T7704] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000052
[  573.405977][ T7704] R13: 00005555785be590 R14: 000000000008a876 R15: 00007ffcf02eb320
[  573.406009][ T7704]  </TASK>
[  573.406020][ T7704] 
[  573.714848][ T7704] Allocated by task 7707:
[  573.719166][ T7704]  kasan_save_stack+0x33/0x60
[  573.723853][ T7704]  kasan_save_track+0x14/0x30
[  573.728532][ T7704]  __kasan_kmalloc+0xaa/0xb0
[  573.733121][ T7704]  __kvmalloc_node_noprof+0x3a3/0x9c0
[  573.738497][ T7704]  drm_gem_get_pages+0x144/0xa10
[  573.743436][ T7704]  drm_gem_shmem_get_pages_locked+0x1e6/0x490
[  573.749500][ T7704]  drm_gem_shmem_mmap+0xc9/0x550
[  573.754434][ T7704]  drm_gem_mmap_obj+0x1b5/0x560
[  573.759287][ T7704]  drm_gem_mmap+0x40b/0x620
[  573.763792][ T7704]  __mmap_region+0x1309/0x27a0
[  573.768550][ T7704]  mmap_region+0x1ab/0x3f0
[  573.772962][ T7704]  do_mmap+0xa3e/0x1210
[  573.777123][ T7704]  vm_mmap_pgoff+0x29e/0x470
[  573.781717][ T7704]  ksys_mmap_pgoff+0x32c/0x5c0
[  573.786487][ T7704]  __x64_sys_mmap+0x125/0x190
[  573.791172][ T7704]  do_syscall_64+0xcd/0xfa0
[  573.795692][ T7704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.801582][ T7704] 
[  573.803894][ T7704] The buggy address belongs to the object at ffff888027a96800
[  573.803894][ T7704]  which belongs to the cache kmalloc-256 of size 256
[  573.817939][ T7704] The buggy address is located 0 bytes to the right of
[  573.817939][ T7704]  allocated 248-byte region [ffff888027a96800, ffff888027a968f8)
[  573.832430][ T7704] 
[  573.834739][ T7704] The buggy address belongs to the physical page:
[  573.841133][ T7704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a96
[  573.849891][ T7704] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  573.858382][ T7704] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  573.865920][ T7704] page_type: f5(slab)
[  573.869896][ T7704] raw: 00fff00000000040 ffff88813ffa6b40 ffffea000094b700 dead000000000002
[  573.878480][ T7704] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  573.887062][ T7704] head: 00fff00000000040 ffff88813ffa6b40 ffffea000094b700 dead000000000002
[  573.895734][ T7704] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  573.904404][ T7704] head: 00fff00000000001 ffffea00009ea581 00000000ffffffff 00000000ffffffff
[  573.913070][ T7704] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  573.921726][ T7704] page dumped because: kasan: bad access detected
[  573.928124][ T7704] page_owner tracks the page as allocated
[  573.933821][ T7704] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5870, tgid 5870 (syz-executor), ts 362759428216, free_ts 362743001689
[  573.955365][ T7704]  post_alloc_hook+0x1c0/0x230
[  573.960151][ T7704]  get_page_from_freelist+0x10a3/0x3a30
[  573.965717][ T7704]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  573.971605][ T7704]  alloc_pages_mpol+0x1fb/0x550
[  573.976463][ T7704]  new_slab+0x24a/0x360
[  573.980633][ T7704]  ___slab_alloc+0xdc4/0x1ae0
[  573.985331][ T7704]  __slab_alloc.constprop.0+0x63/0x110
[  573.990807][ T7704]  __kmalloc_noprof+0x501/0x880
[  573.995678][ T7704]  fib_create_info+0x53f/0x46b0
[  574.000541][ T7704]  fib_table_insert+0x177/0x1c40
[  574.005474][ T7704]  fib_magic+0x4d4/0x5c0
[  574.009715][ T7704]  fib_add_ifaddr+0x16d/0x580
[  574.014397][ T7704]  fib_netdev_event+0x38a/0x710
[  574.019253][ T7704]  notifier_call_chain+0xbc/0x410
[  574.024283][ T7704]  call_netdevice_notifiers_info+0xbe/0x140
[  574.030182][ T7704]  __dev_notify_flags+0x12c/0x2e0
[  574.035218][ T7704] page last free pid 5874 tgid 5874 stack trace:
[  574.041528][ T7704]  __free_frozen_pages+0x7df/0x1160
[  574.046738][ T7704]  qlist_free_all+0x4d/0x120
[  574.051329][ T7704]  kasan_quarantine_reduce+0x195/0x1e0
[  574.056788][ T7704]  __kasan_slab_alloc+0x69/0x90
[  574.061642][ T7704]  kmem_cache_alloc_lru_noprof+0x254/0x6e0
[  574.067445][ T7704]  sock_alloc_inode+0x25/0x1c0
[  574.072207][ T7704]  alloc_inode+0x64/0x240
[  574.076551][ T7704]  sock_alloc+0x40/0x280
[  574.080787][ T7704]  __sock_create+0xc1/0x8d0
[  574.085292][ T7704]  __sys_socket+0x14d/0x260
[  574.089806][ T7704]  __x64_sys_socket+0x72/0xb0
[  574.094493][ T7704]  do_syscall_64+0xcd/0xfa0
[  574.099011][ T7704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.104903][ T7704] 
[  574.107211][ T7704] Memory state around the buggy address:
[  574.112829][ T7704]  ffff888027a96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  574.120882][ T7704]  ffff888027a96800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  574.128936][ T7704] >ffff888027a96880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[  574.136984][ T7704]                                                                 ^
[  574.144948][ T7704]  ffff888027a96900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  574.153005][ T7704]  ffff888027a96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  574.161055][ T7704] ==================================================================
[  574.301367][ T5868] Bluetooth: hci2: command tx timeout
[  574.392401][ T6064] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  574.515964][ T6071] hsr_slave_0: left promiscuous mode
[  574.533199][ T6071] hsr_slave_1: left promiscuous mode
[  574.539088][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  574.547915][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  574.714648][ T6071] team0 (unregistering): Port device team_slave_1 removed
[  574.726298][ T6071] team0 (unregistering): Port device team_slave_0 removed
[  574.815865][ T7572] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.825907][ T7572] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.839094][ T7572] bridge_slave_0: entered allmulticast mode
[  574.846287][ T7572] bridge_slave_0: entered promiscuous mode
[  574.892732][ T6055] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  574.940956][ T6055] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  575.306496][ T6071] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.361138][ T6071] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.415490][ T6071] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.504029][ T6071] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.628780][ T6071] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.675576][ T6071] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.767430][ T6071] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.815803][ T6071] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.924629][ T6071] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.975281][ T6071] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.026823][ T6071] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.065445][ T6071] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.446268][ T6071] bridge_slave_1: left allmulticast mode
[  576.455355][ T6071] bridge_slave_1: left promiscuous mode
[  576.461308][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.471351][ T6071] bridge_slave_0: left allmulticast mode
[  576.477004][ T6071] bridge_slave_0: left promiscuous mode
[  576.483862][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.493821][ T6071] bridge_slave_1: left allmulticast mode
[  576.499463][ T6071] bridge_slave_1: left promiscuous mode
[  576.505461][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.514692][ T6071] bridge_slave_0: left allmulticast mode
[  576.521478][ T6071] bridge_slave_0: left promiscuous mode
[  576.527183][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.537357][ T6071] bridge_slave_1: left allmulticast mode
[  576.543147][ T6071] bridge_slave_1: left promiscuous mode
[  576.548821][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.562131][ T6071] bridge_slave_0: left allmulticast mode
[  576.567782][ T6071] bridge_slave_0: left promiscuous mode
[  576.576691][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.586759][ T6071] bridge_slave_1: left allmulticast mode
[  576.592565][ T6071] bridge_slave_1: left promiscuous mode
[  576.598403][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.607121][ T6071] bridge_slave_0: left allmulticast mode
[  576.613820][ T6071] bridge_slave_0: left promiscuous mode
[  576.619485][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.797457][ T6071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  576.808011][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  576.818527][ T6071] bond0 (unregistering): Released all slaves
[  576.917786][ T6071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  576.928262][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  576.945786][ T6071] bond0 (unregistering): Released all slaves
[  577.035773][ T6071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  577.047979][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  577.058174][ T6071] bond0 (unregistering): Released all slaves
[  577.235580][ T6071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  577.246429][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  577.256424][ T6071] bond0 (unregistering): Released all slaves
[  577.356303][ T6071] tipc: Left network mode
[  577.362465][ T6071] tipc: Left network mode
[  577.727721][ T6071] hsr_slave_0: left promiscuous mode
[  577.734360][ T6071] hsr_slave_1: left promiscuous mode
[  577.740352][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  577.747728][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  577.757733][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  577.765285][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  577.776150][ T6071] hsr_slave_0: left promiscuous mode
[  577.782195][ T6071] hsr_slave_1: left promiscuous mode
[  577.787971][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  577.796254][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  577.804296][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  577.812100][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  577.822459][ T6071] hsr_slave_0: left promiscuous mode
[  577.828196][ T6071] hsr_slave_1: left promiscuous mode
[  577.834090][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  577.841608][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  577.849212][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  577.857092][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  577.867989][ T6071] hsr_slave_0: left promiscuous mode
[  577.873827][ T6071] hsr_slave_1: left promiscuous mode
[  577.879479][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  577.887232][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  577.904134][ T6071] veth1_macvtap: left promiscuous mode
[  577.909645][ T6071] veth0_macvtap: left promiscuous mode
[  577.915343][ T6071] veth1_vlan: left promiscuous mode
[  577.920726][ T6071] veth0_vlan: left promiscuous mode
[  577.926838][ T6071] veth1_macvtap: left promiscuous mode
[  577.932383][ T6071] veth0_macvtap: left promiscuous mode
[  577.937929][ T6071] veth1_vlan: left promiscuous mode
[  577.943695][ T6071] veth0_vlan: left promiscuous mode
[  577.950001][ T6071] veth1_macvtap: left promiscuous mode
[  577.955481][ T6071] veth0_macvtap: left promiscuous mode
[  577.961124][ T6071] veth1_vlan: left promiscuous mode
[  577.966395][ T6071] veth0_vlan: left promiscuous mode
[  578.196024][ T6071] team0 (unregistering): Port device team_slave_1 removed
[  578.210132][ T6071] team0 (unregistering): Port device team_slave_0 removed
[  578.371981][ T6071] team0 (unregistering): Port device team_slave_1 removed
[  578.383665][ T6071] team0 (unregistering): Port device team_slave_0 removed
[  578.550826][ T6071] team0 (unregistering): Port device team_slave_1 removed
[  578.568042][ T6071] team0 (unregistering): Port device team_slave_0 removed
[  578.775470][ T6071] team0 (unregistering): Port device team_slave_1 removed
[  578.796259][ T6071] team0 (unregistering): Port device team_slave_0 removed
[  579.771914][ T6071] IPVS: stop unused estimator thread 0...
[  579.835044][ T6071] bridge_slave_0: left allmulticast mode
[  579.841003][ T6071] bridge_slave_0: left promiscuous mode
[  579.846694][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.914113][ T6071] bond0 (unregistering): Released all slaves