last executing test programs:

3m40.251089963s ago: executing program 1 (id=2):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x40, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r2, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03adcac4b74ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

3m38.239186913s ago: executing program 1 (id=15):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x5, 0x0)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

3m37.052067216s ago: executing program 1 (id=22):
socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0), 0x1, 0x3f7, &(0x7f0000000ac0)="$eJzs3U1vG0UfAPD/bt7atE+TSs+Bl4sFSERCJE3aApVAIuLCoT3RA0es2C1RnQYlRqJVxItA3EAC8QHgAHwEjnDgO8AZOEClCOVAys1o7V3HxHbapA6ukt9PGnlmZ+2Z9XjW68nsJIBjqxQRL0fESESci4ipfHuah3i/FbL9trc2lv7e2lhKotF47c8kknxb8VpJ/ngqf4GZNCL9KInHe5S7fuv2jXKtVl3L03P1lbfm1m/dfnZ5pXy9er16c+G58xcuXnzh0sLzAzvWzZXkk6e+ufzbZx9XPv/pj++ns/qezvM6j2NQSlFqvye7XRp0YUN2oiOejA6xIgAA7CnNr/1Hm9f/UzESOxdvU/Hpj0OtHAAAADAQjUbxCAAAABxdid/+AAAAcMQV8wC2tzaWijDE6Qj8xzYXI2K61f5389DKGW3f0zu26/7eQSpFxKsnrixkIQ7pPmwAAACA4+yHxdbCf93jf2k80rHfyYiYLNb2G6DSrnT3+E96Z8BF0mFzMeLFiLjbNf6XFrtMj+Sp/zWHCseSa8u16rmIOBMRMzE2kaXn9yjj3SdufNsvr3P878tfX5/Pys8ed/ZI74xO/Ps5lXK9/CDHzI7NDyIeG+3V/kl7zLdzncyDeGN5+6V+eVn7Z+1dhO725zA1vop4umf/31m5NNl7fda55vlgLj8rTHSX8cvprz/sV35n/89CVn7xtwAOX9b/J/du/+Y6ue31etf3X8Z3f135uV/evdu/9/l/PLnarOB4vu2dcr2+Nh8xnlzu3u7T1Fa8H8X7lbX/zJO9v/+L678k/+4/07E+9H688t7Zq/3y9P/hytq/sq/+v//Im5OPzvQr//76/4VmZYoXcf13b/fbQMOuJwAAAAAAAACDkTbn9iXpbDueprOzrXm+/4/JtLa6Xn/m2urbNyutOYDTMZYW8z+nOuaDzrduI2+nF3alz0fE2Yj4YupkMz27tFqrDPvgAQAA4Jg41ef3f+b3g9zsAQAAADycpoddAQAAAODQ+f0PAAAAR9qDrOtfq64V/yLogE8XETlYZCT/4D0s9Tl6kSGelAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIfwIAAP//keS8Nw==")
mkdirat(0xffffffffffffff9c, 0x0, 0x2c)
recvmmsg(0xffffffffffffffff, &(0x7f000000a780)=[{{0x0, 0x0, &(0x7f0000004840), 0x0, &(0x7f0000004880)=""/11, 0xb}, 0x3a}, {{&(0x7f00000048c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000005c40)=[{&(0x7f0000004940)=""/251, 0xfb}, {&(0x7f0000004a40)=""/213, 0xd5}, {&(0x7f0000004bc0)=""/4096, 0x1000}, {0x0}], 0x4, &(0x7f0000005cc0)=""/30, 0x1e}, 0x400}, {{&(0x7f0000005d00)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000007f40)}, 0x4}, {{0x0, 0x0, 0x0}, 0x7}], 0x4, 0x40000002, &(0x7f000000a900))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f000000a940)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r0, 0x0)
timer_create(0x2, 0x0, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, &(0x7f0000000140))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

3m36.800307792s ago: executing program 1 (id=28):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x1, 0xfffff7fe}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x42, 0x2}}}, 0x10)
bind$tipc(r1, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10)
bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

3m32.324845812s ago: executing program 1 (id=65):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(r0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c)
listen(r2, 0x0)

3m32.281059164s ago: executing program 32 (id=65):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(r0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c)
listen(r2, 0x0)

2m59.873102766s ago: executing program 5 (id=284):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x2c, &(0x7f0000000080)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}, @in6={0xa, 0x4e22, 0x9c, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
r3 = dup(r0)
r4 = dup(r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e22, 0xf, @empty, 0x1}}, 0x400, 0xbffc, 0xe652, 0x2, 0x24, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000780)={r2, @in6={{0xa, 0xce20, 0xfffffffc, @empty, 0x2c}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x806, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)

2m59.834071239s ago: executing program 5 (id=286):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x10000, 0xb)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000000c0)=0x2)

2m59.782880751s ago: executing program 5 (id=287):
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r1, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r1, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x4048001)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001400212100000000000000000200"], 0x28}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r4}, [@IFA_LOCAL={0x8, 0x2, @multicast2}]}, 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@ipv4_deladdr={0x20, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r4}, [@IFA_LOCAL={0x8, 0x2, @multicast2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

2m59.356896816s ago: executing program 5 (id=289):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000580), &(0x7f0000000040)='./file0\x00', 0x30160f8, &(0x7f0000000700)=ANY=[], 0x81, 0x0, 0x0)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r4, &(0x7f0000000100)='.\x00', 0x9000, &(0x7f0000001dc0)={0x0, 0xf9, 0x20000}, 0x20)

2m59.03411956s ago: executing program 5 (id=293):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000400)=0x4614, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@mss={0x2, 0x1}, @sack_perm, @mss={0x2, 0x3}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @sack_perm, @window={0x3, 0xfffe}, @timestamp], 0x2000000000000133)
sendto(r0, &(0x7f0000000000)="c9", 0x1, 0x20040, 0x0, 0x0)
sendto(r0, &(0x7f0000000980)="cd", 0x1, 0xc0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000380)="9f", 0x1, 0x881, 0x0, 0x0)

2m57.272417923s ago: executing program 5 (id=301):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
close_range(r0, 0xffffffffffffffff, 0x0)

2m57.146471202s ago: executing program 33 (id=301):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
close_range(r0, 0xffffffffffffffff, 0x0)

2m33.237151075s ago: executing program 0 (id=403):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x4d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, 0xd)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x2204806, &(0x7f0000000c40)=ANY=[@ANYBLOB="6d61703d6f66662c636865636b3d72656c61786564006e6f6a6f6c6965742c6d61703d6ff0a2b466662c73657373696f6e3d3078303030303030303030303030303036302c696f636861727365743d6d6163677265656b412203bc91fde777b21d626c6f636b3d3078303030303030283030303030306330302c696f636861727365743d69734f383835392d322c73657373696f6e3d3078303030303030303030303030090035632c73686f776173736f632c696f636861727365743d6d6163637972696c6c69632c636865636b3d7374726963742c6673636f6e7428a4743d73797374656d5f752c7065726d69745f64697265637469"], 0xfa, 0x69f, &(0x7f0000000f00)="$eJzs3c9v2+Ydx/EP5V+yOwTFNhRBkB9PkhVwsEyR5MaBkQEtR1E2N0kUSHmwgQFF1thFEDndkg5YfOl82Q+gA3berZcddts/MKDn/he7bUCx3QZsBw4kRVmyRMlqHLdZ3y8jEUV++Txfkgq/oSU+EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUyuWKpYbX2t4x+Zxa4DcnLE9bW9CtdOLW1H4lK/6jYlEX01kXv328+I34rxu6nD67rGL8UNTha2+8fv9b84Vs/QkJfRGatcFnzw8fP+h2956eInZOMzf/ZVLhFEGbbssLfa9pb7rGC32zsb5evrNVD03da7jhbthxm8YJ3ELHD8yqc8tUNjbWjFva9bdbmzW74WYz732vWi6vmx8upQdaUil0trxGw2ttJjHx4jjmnvn4J2mAazeN2X/U3VublmQcVMlbWBgIqk5rqVquViuVarWyfnfj7r1yeX5kRjlmlfs0EnHmL1q8Ys7u5A28oEJc//9mSQ0V1dK2dmTG/jiqKZCvZs7ynqz+v3nHndjvYP3PqvxF6e3e4ktK6v/V9NnVvPqfk4uRSVYYt8TKmT/bz0KSkdEzPdehHuuBuupqT0/PoG0jc+1MWjmHn025aslTKF+emrKTOaY3x2hD61pXWe9qS3WFMqrLU0OuQu0qVEdu8opyFMiVrY58BTJalaNbMqpoQxtak5Grknbla1stbaomW/+Oomhfj5L9vjYhR2VBlZyApcGg6oSW8ur/Tz9KX6e9+l+m/n9dpa+DpfThs0kxwFdA1Lv+n9G1l5MNAAAAAAB4Gazkt+9W8t79FUmR6l7DLeevsHie2QEAAAAAgLNgKVrSZVnx9b+kK7KmXP8DAAAAAIBXjpXcY2dJWkk+1G8d3wl1ml8CzJ1DigAAAAAA4AUld/5fXZSiZNCKa7Jmuv4HAAAAAACvgN8OjLE/n42xG2Vv6xckhe0l66//XFKwYB21d75jHdjxEvtgrpCEjHwCoFO/ZIV/SAfqTcbrXZSUPHPcy1avt94gmP1xBz/fnzbWvxWcSGBxbrCBEwlc6K1txT2vz/ee6WNdf3so9uFhQcmStJeVutdwS47fuF+RbV8odNydzi+ePPqlFPS3c/9Rd6/03gfdh0kuR/Gso4M4j4+ydP6y2Nt1w7kkD/1c/hulpCtjt3hZ9azL37WaK1bSbznb/jnZB4XjY5S7/cN96te6kR6zGytp7Mphf8T9ePuL8fZXSskhG9r6YME6zqJycsvHHYicLIpJFjfTmJurN9OHLL+4nYJV/O6cVC2NHoOhLKqDWUzfF9a/RvbFpCx6+2ItzuLTuKGcLNZmy2LkiADAl2U/GfUnufMvGcR8pO5m5SE7qX2hujO9ur8zXN0//GNcGdP/Xsz33puY2EtR8Rl91Urq0KKSE+v8pZEzerY19oWics7o5ReobnFffz7+DqRe2iNZ/CeKovuVpN/fn6iqn8QrfJLbb9hId/udDw9+lgyAH3t/7/29J9Xq2nr5rXL5blULyWb0HuZE7QEAjJj+HTtTI6y3dD2NuP7wH2+mU0MV75v9jxSU9J4+UFcPtZB9hcC18a2uDHwM4XZ61aqBq1bzxuv3l6WTsRXdzr2qS2rpQGy1H7ugbJXhSn0cu/aSjwIAAOfrxpQ6PL7+F4fq/22tphGrl8Zedw/X8t7Vcf+SPi+2Mj35d856bwAA8PXgBp9bK53fWEHgtd+tbGxU7M6WawLf+ZEJvNqma7xWxw2cLbu16Zp24Hd8x2+YdqAlr+aGJtxut/2gY+p+YNp+6O0k3/xuel/9HrpNu9XxnLDdcO3QNY7f6thOx9S80DHt7R80vHDLDZKVw7breHXPsTue3zKhvx04bsmY0HUHAr2a2+p4dS+ebJl24DXtYNf82G9sN11Tc0Mn8NodP20w68tr1f2gmTRbUjTzFx0CAPD/6Nnzw8cPut29pycnluNL83TOkXJiRicWxzTIGEEAAHzFHJfrGVYq9qc+jV5KVgAAAAAAAAAAAAAAAAAAAAAAYND0W/pmnFgYd7Og1J/z8wu9OfqVjm8xHGnH0lknNstEYda1slsiDh9/NiF4uT8n2/2DMUfntoF//4b0WjJH6Zz5ccHF/Has6X0tTzi4p5yYi3fQaYO/v5/u0dyYeOHYRUv9YzF/9v8c4oknf8pZFEVRNHn1peF9uDhpA4cn5iU9XXyBQ3D+5yIA5+t/AQAA//+xxzz3")
open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000080)=ANY=[@ANYBLOB="16000000020000001d"], 0x0)

2m32.068279341s ago: executing program 0 (id=405):
socket$packet(0x11, 0x3, 0x300)
r0 = open(0x0, 0x8000, 0x50)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x2000}, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x60001, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="080086dd0001280004000003a60c6eec00be00442ffffe8000000000000000000000000000aaff02000000000000000000000000000104206558"], 0xfdef)

2m31.853203344s ago: executing program 6 (id=408):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r1, 0x84, 0x4e, &(0x7f0000000040)=0x2, 0x4)

2m31.83045626s ago: executing program 0 (id=409):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r0, &(0x7f0000000240)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x2}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x3}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r3, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

2m31.689059435s ago: executing program 6 (id=410):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x802, &(0x7f00000000c0)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=', @ANYRESDEC=r0])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r1, 0x8008976)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2m29.352019657s ago: executing program 0 (id=412):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
openat$vcs(0xffffffffffffff9c, 0x0, 0x220802, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
chroot(&(0x7f0000000140)='./file0\x00')
umount2(&(0x7f0000000040)='./file0\x00', 0x9)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000bc0)={[{@uni_xlate}, {@shortname_lower}, {@fat=@codepage={'codepage', 0x3d, '857'}}, {@shortname_win95}, {@shortname_lower}, {@fat=@debug}, {@uni_xlate}, {@shortname_mixed}, {@utf8no}, {@shortname_lower}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x38, 0x61, 0x31, 0x34, 0x38, 0x35, 0x65], 0x2d, [0x33, 0x38, 0x30, 0x36], 0x2d, [0x39, 0x5b, 0x34, 0x34], 0x2d, [0x64, 0x36, 0x62, 0x36], 0x2d, [0x65, 0x64, 0x32, 0x39, 0x36, 0x38, 0x32, 0x30]}}}]}, 0x1, 0x22f, &(0x7f0000000c80)="$eJzs3TFrE28cB/Bf2vTf0D+SDkJRBE9cnEJbca+IglBQkAxuFtuiNLVgIaBDq5NvQt+Cjq6Cg7j6BkSQKrjYrYMYSS82bb22qXo5KZ/Pkh9Pnu/d78mFHBny5NapxYXZpeX59fW1qFRKUZ6KqdgoxWgMxGCkHgUAcJRstFrxtZXqjg4V2RIAkLPs+z8AcJT1eP+/3seWAICc9fz9f6BvLQEAObtxs1VKq6QSsfikWW/W08d09OJ83I1GzMV4VONbRGtLWl+5On15PGn7NBr1xdVOfrVZH9yZn4hqjGbnJ5LUzvxQjERU2vn3IzEXk1GN49n5ycz8f3Hu7Lbz16Ia727HUjRiNtrZbn5lIkkuXZvelR/enAcAAAAAAAAAAAAAAAAAAAAAAHmoJVsy9++p1fZ6Ps2n++uU4+D9gXbvz1OOk+Vi1w4AAAAAAAAAAAAAAAAAAAD/iuUHDxdmGo25+/sV994+f90ZGe7kekhlFqVOvjvy/28d58+LY2c+Pt17zuPDvD5/t3h1uoCTHrZ4s3bnxPnlsQv9Oun3zvXYZ87QL2+tbcWXakROHb4o9Fr8XPWBk8eeTc28XPnwudcj9/FDCAAAAAAAAAAAAAAAAAAA2NT90W/RnQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAcbr//59fUfQaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRwAAAP//cGeZCA==")

2m29.348327287s ago: executing program 6 (id=413):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffff8}, [@call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f0000000040)="f7edad00"/14, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

2m29.347285127s ago: executing program 0 (id=414):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
set_mempolicy(0x3, &(0x7f0000000000)=0x401, 0x200)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)

2m29.294219838s ago: executing program 6 (id=419):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x800, &(0x7f0000000500)=ANY=[@ANYBLOB='iocharset=cp850,dmask=00000000000000000000777,namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30300000000000000040303030303030303030303031302c757466382c666d61736b3d30303030303030303030303030303030303030303030372c6572726f72733d72476d6f756e742d726f2c6e616d65636173653d312c706c6c6f775f7574696d653d30303030323030303030303030303015303134373037302c00904f5ef6c3660c06b4d7d3172ed33955a22d96c6b58d48d25609fc8fd957db7f4cfb97e98333158a7878aa16963be19155c4a0068007e41cc520b790c6292f5e20dbf5725a2a02670903b3d75dfbb2030d8cdef5210ed5485e27f1d33f67e2d90248d081d098053c"], 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
syz_mount_image$ext4(0x0, &(0x7f0000000280)='./file0\x00', 0x3010010, 0x0, 0x1, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0xfffffffffffffffe}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000000240)='./file0\x00')
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')

2m28.940093606s ago: executing program 0 (id=420):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10)
sendmsg$tipc(r2, &(0x7f00000008c0)={&(0x7f0000000600)=@name={0x1e, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4041}, 0x80)
write(r2, 0x0, 0x0)

2m28.842048288s ago: executing program 6 (id=421):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
ioprio_set$pid(0x2, 0xffffffffffffffff, 0x2004)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES32=r3], 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x80)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={@rand_addr=' \x01\x00', @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a0022, r3})

2m27.972564077s ago: executing program 6 (id=426):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x5, 0xe, 0x0, &(0x7f0000000380)="fffbdc8c9826b8f14b8629d81eaa", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

2m27.913328697s ago: executing program 34 (id=426):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x5, 0xe, 0x0, &(0x7f0000000380)="fffbdc8c9826b8f14b8629d81eaa", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

2m13.849947916s ago: executing program 35 (id=420):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10)
sendmsg$tipc(r2, &(0x7f00000008c0)={&(0x7f0000000600)=@name={0x1e, 0x2, 0x1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4041}, 0x80)
write(r2, 0x0, 0x0)

7.099631848s ago: executing program 7 (id=1120):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[], 0xfffffe2b}}, 0x2200c840)

5.569978101s ago: executing program 7 (id=1126):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000340)='./file1\x00', 0x0, &(0x7f0000000000)={[{@space_cache_v1}, {@clear_cache}, {@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0xff, 0x50d4, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzjg6KDjXnbp48QW3wiQKRURDaFaYc82CosVMLYIQYVAwFy3EgpIWDgha4cJgWmR/nFVFC3GVBEEQBcEgzEKQdkIxGC6Ke8957pz7HO+5dyZ1TD+fmDnnOb/zPOeZy1nc783n3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhJNz585V1bdemTm7Y2DP1Us3T+w8NTE6H0KtdbyW1yeeeuaFNw5MPD8cO0zuz7b1erchs67zWWN1x8Fmv86f10IIQ8kAg/l292Bp1OLu4fKAlfZfXNh25NbeXTPHxg9dOLp5qvyn0zS80hNYKfl9dW3xXhpr/R5Izmi3C7dereMWzfqnN9w9+SMAgCUZbbQ27bej+Vvcdvt4Wk/aY0l7OmnHdwjTxcZyZOOu7jbPLWl9heY5lkWFNd3mWU/q+evfbjeSekjbnVFjCfPsPDWPNMPd5jmV1FdqngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3k6c/+eJ6VX3rlZmzOwb2XL1088TOUxOj8yHUW8drWbn2xMLcwqa3dj/63e4vP/6zPn5yMO8Xt6sKJ4ff4s5jIyG8Xqhci8P+vj6ERmeh1QwflQtvtnaejQUAAAAeJJtavwfa7SwODnW0a600WWv9F2Vhcf/FhW1Hbu3dNXNs/NCFo5unlj9eo8t4Y7cdr92uL/7UCsE4xt90vMV6PPVwaZxq6Yhpnn959MPtVf1L+b9enf/jKyf/AwAA8G/I/+k41Xrl//nPX91X1b+U/7d0XLKU/+OMY/4fCMvL/wAAAHA/u9v5f6w0TrVe+f/r9/edrupfyv+j/eX/VcVpx4M/xgkfHAlhtNfUAQAAgC7i/3df/Ggh5vXsk4M0r7+49fpQ1Xil/D/WX/6vHBQAAAC4p34488jfVfVS/m/0l//X3NVZAwAAAEvxv/cmD1TVS/l/sr/8vzbf5isfsk7fx3+FcHokhOHmzlRWuBKmn2wXAAAAgDsk5vSXvt18tOq8Uv6fqn7+f3zSQVz/3/H8v9L6/0Ihe+rf4x4MAAAAwMOovJ4/Ph4/++aCbt+/3+/6/09//nVD1fVL+f94f/l/sLi9k9//BwAAAMvwX/v+v1dK41Tr9fz/t9/dsLT8P91f/o/bdcU/73J8fd4ZCWFjcyd/muBn8XIHk8LsUKHQ0kh6HIg98sLsmkKhZSrpsX0khP83d44nhQ2xMJ0UbqzPC+eTwk+xkN8P7cJXSeFyvNPOrM+nmxa+iYV8gcVsXEGxrr0kIunxR7cezcJte8y1Lw4AAPBQieE5z7JDnc2QRtnZWq8T1vY6YaDXCYO9TliVnJCe2O14mOwsxON//TL+XKhQyv/n+8v/8aVYnW26rf8Pcf1//r2G7fX/k7FQTwqzsdBInxjQiNfIwu4H8Rr1Rt7jxsZ2AQAAAB5o8XOBwRWeBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAPe/ceY8dVHw787PN61+vdDUHKQxYxL0N+ktdrOw7WLyCcVBEIpGQtov6DQtbYm9TxBhs/Co4s1RhUlCKEC66IQh+2RFSnEsgqbXmEEosqQVUtGoU2fziPpgWEKkGjFNclSiRX986c2bln9j78WNsbPh/Je8+933POzDn33vGcmblnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgt8PV373hy+3i7/jR1796U+8HXvjBbw6u/9I9ky+FMNV4vScL97zvzHNnrvvU7Ru+d/s3Hjk9fudDg3m5PB6W1v/05k8+F2v92bIQvt0TQn8aWDWSBQby5yOxvuUjIVwV5gJFiZnhrES64PDkUAhHwlygqOq7QyGMlAJ3PfPDJ75YTxweCuGdIYRauowXatkyhtLAysEsMJwGdvRngf89mykC3+nNAnDB4peh+NAfn2rOMD5/uRafv4GLtmKXV9q8vpgYb53vV7cu8EqVDKYvTF3Q21apjgVR+Xqc8G1bBN+2Sj8f8raVd6TyPZSzc6Fa6N06c+/mvbN74iu9YWKir1VNC/Q+n3pl/5ZzSS+az2FcgfGL8jm8//DNzw5+7I4XH3n98f2na19bfqGr2ap7F1ot5J+5RfM+RhttTxbB16+yl7TCTlcI4fSJk/vbxSvj//H24//4cY6PvU25Y62vjWZj8/jKSEy8PJqNzQEAAGDRWAxHTQdX/OtP29VXGf+v6O78fzzlnw/ms9aeCGFjI/HZsRCubbyeBR6Li/v4WAhvbaSmmgO3JoETIVzXSNxYVJWUWBJLrEgCvxjNAxuTwFMxMJUEHo2BQ0ngczFwPAlsiYETSeC2GAjbmtvx/0bzdnQdGIqB6awTj8erEH49GpeW9NVzRVUAAAAXST46HGh+WrrW4UIzxOHl8aFOGeIV2C0z1JIa0hFsMaxqWUN/pxp6O9VQtPtA++ZXau7pVHPlMoye5gz/c+qaHaGNyvh/sv34vzbPivRUzv+HyU2Nh5i7N4/MFhmmp5oyAAAAABfg9948vbldvDL+39jd9f/xmEhfKXM4GQ9DbB8LYbI5kFV7SzWQnfVemgcAAABgMSjOxxfnwrflj9kl2ul4upp/6hzzxxP/G+fNv+PH//J4u/WtjP+nurv+f7j5MVuJp+JafGUshCWlwI/iWtYDDSti4KX3Nwfy9j8VO+ALsar8woSiqi/EEtMxMJkEjrQq8XRR4trmQP5mFQv/bNGObXmJUgAAAAAuuXg4IJ6Xj9f/r/nbP3yyXbnK+H/63K7/b4yDK5f3zy4NYXV/CH3pDwNODmcTA8bASE+e+PvhrK6+tKqDwyHcUm9YWtV/5PP/96dzDP5kKKsqBq5927FXVtYTXx8KYXU58OxHj66vJ/YmgWLhvzsUwg311qYL/7sl2cIH0oU/vCSEt5QCRVVbloRQX9hgWtU/1PL7GKRVHa+FcHUpUFT1nloI+wIAi1X8v3Rr+cXd+x7cvnl2dmbXAibiQfyhcO+22ZmJLTtmt9ZarNPWZJ2b5jH6TLVN3d765vk4R9Hdx8a6SRc/FJwsLys/kF+5cjB/HneGBhrtXDvQ9HRd2uR3v726iFDalWrV5N4FbvJwuZK5N7FSf8w/GJaGJXt3z+ya+PTmPXt2rcn+dpt9bfY3nmfK+mpN2lfD861bFx+PltNlJc63r1aWK1m954Gdq3fve3DVtgc23zdz38wnNkyuW7vh5sn171ldb9Rk9rdDS1fOV3PS0rNHu2zWRWzp9f2lSi7FRkNCQmKxJQYH7jzVbvNTGf/vbD/+j1uduOHP52dodf5/PJ7mz16fO80/HQNHuj3/P97qbH5xYcCKJHAgBg44zQ8AAMAbQzwcGY9mxoPSB971wvvalauM/w909/v/izT/fzF1/YdaTfN/Yywx2Wr+/3Sa/2L+/wOt5v9Pp/kv5v8/chnm/99bBJIu+bX5/wEAgDeCSzf/f8fp/dMbBFQydJzeP71BQCVDx2n8u71BwDnP//83v1yzPrRRGf8f6m78b+J+AAAAuHJcc9sNP24Xr4z/j3Q3/r/08/+FVtf/r2gVmGo1MaD5/wAAAFikWs3/98xHdr6/XbnK+P94d+P/eNlFb1PuWOtro9mcdiGd0+7l0eInAwAAALA49IaJiYEu8zZNjHrr+S/zVJwKtE267NDnj53b7/9PdDf+b/pdxv2Hb3528GN3vPjaI68/vv907WvL587/AwAAAAun2+MSAAAAAAAAAAAAAADA5ffo1d+ad16AqPL7/7Cp8Xqr3//H+/413TTxTD4Z4IE4s/6XxkzzBwAAAAvroVtffTj+u+/Lf/Rf7fJWxv/j3Y3/4/0F8vvgZbfeOxHv//fZsRAat9YbzwKPxcV9fCyEtzZSU7FEdkO9D8USk1ngsThh4o2xxPRUc1VLYuB4EvjFaB44kQSeioH8KMWxeGPAPx4NYX0jtam5xM5YYjwJ3BkDK5LARAxMJoFlMbAxCfxyWR6YSgL/FAP5zQeLvvrWsryvAAAAzkU+zhpofhrScd7x/k4Zejpl6LiI4U4ZejtlqLXIEJ//dVyHgfJ8/HmG+NJAWutQUkslQ7wZ3vk3vZiu7+nmnGnByqL7YsHx5pwxw85/vukroY3K+H9Fd+P/y3j///Ru/htjYEUS2BkDG5PA9KY8cOSa5oD7/wMAAHBla3X//9G3/NWhduUq4//J7sb/8UDEm5tyx1o73/8/f37Xh7+5r7HKJ0dDeHs5sP3g9qvqiUdHQ3hXOfDE3Tc2Ru0H0xLff/G2n9cT96SBD65605l64r1JYDp20nVpIB5VObMsCcTu/UkaiP1xPA0M5oGHlmXt6En76j9Hsr7qSfvq1Eh2eUVP2lffHsmW0ZM28HASKBr4yTQQG3hHHuhN1+qbS7O1ioGRWPQvlhYXfQAAcGWKe4ED4d5tszOT6U94r+9vfoyabln+mWq1PV0u/vl4a/K7j411k+5L90VrRVUDoVZvwprK7mo5S0+jlRenlg5d9+YWTe50t/feFuVS59p1g61bNJS1aGLLjtmtAx0bvq5zlrX9HbOsqQx2yll6G13aRS1drEsXLeqyb7pY5fi8N0xM9CW5/n8MjocmnT4R3d6vr3yf/1afgnKeo5//91fb1VcZ/2/sbvwf27M0lD7On4u1/mxZCN/umTsaUQRWjWSB2NyRODxePhLCVaV+KErMDGclBpMFhyeHshHqYFrVd4eyYwzx+V3P/PCJL9YTh4dCeGfpvSqW8UItW8ZQGlg5mAWG08CO/iwQr/woAt/pzQJwwYqNQvxA5T91KYzPX67F5++Nck/QtHmVa6DmyTffNneh1NIX8muqCuf2tlWqY0FUvh4nfNsW47ct+LaVd6TyPZSzc6Fa6N06c+/mvbN74ivlPdmKBXqfy3up3aQvwufwwPmvbWe1dAUmk83H5Pzl5v8c9sTq7j9887ODH7vjxUdef3z/6drXlne9Gi3EgcKT//2mq8rdu9BqIf/MLbrtyZTtyWL8b2Dc2xZCOPTnQ59sF6+M/6e6G//3J48Nr8bO3D0WwrtLnXsydv/vjGXbwVIg20peXQ1kl9z/dLTllhMAAAAutuJwR3G8YFv+mP0gPB0nV/NPnWP+eLxi47z5u13v/U/+/mPt4pXx/3T78f+SZDWd/3f+nwXi/P+8rvRD0UvSFw5c0KHoSnUsCOf/53Wlf9uc/5+X8//O/8/H+f8OnP+f15X+tlX2knba6QohnL1+4OF28cr4f2d34//fsvn/09n8i/n/00n7i/n/p1vN/7+z1fz/B8z/DwAALKgWE82n47zK5PyVDOnk/JUMPUmGc7/FQMdp9M3/n87/f/DPbtkT2qiM/w90N/6PH4eR8tIXy/z/45talNi4qXl1i8ChGNjpjgEAAABcRvEAQbzovdsZJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhYd7x6ZnO7+Dt+9PWv3tT7gRd+8JuD6790z+RLIWxrvN6ThXved+a5M9d96vYN37v9G4+cHr/zoVpebiB/XN6UO9b62mgIR0qvjMTEy6P1J3OBuz78zX399cTJ0RDeXg5sP7j9qnri0dEQ3lUOPHH3jdfUEwfTEt9/8baf1xP3pIEPrnrTmXrivXmgJ13dP12WrW5PurpfXBbCWClQrO79y5qrKpbxgTzQmy7jL0eyZcTASCz68Ei2jBiYjSW2LQlhdX8IfWlV/1jLqupLq/peLauqL63qD2oh3BJC6E+r+rfBrKr+tOVPD2ZVxcC1bzv2ysp64uhgCKvLgWc/enR9PbErCRQL/8hgCDfUPzLpwr81kC18IF34nwyE8JZSoKhqeiCE+sIG06pO9GdVDaZVfaM/hKtLgaKqm/pD2Be4XOKGZGv5xd37Hty+eXZ2ZtcCJgbzZQ2Fe7fNzkxs2TG7tZasUys9pfTZz5x/259/Zf+WRuLuY2PdpIv1miyvy9NTlRfLz/vzpwONdq4daHq6brE0ebhcydybWKk/5h8MS8OSvbtndk18evOePbvWZH+7zb42+9uXR7O+WrNY+mpluZLVex7YuXr3vgdXbXtg830z9818YsPkurUbbp5c/57V9UZNZn8vRkuPXvqWXt9fquRSbDQkJCQWW6K3aes2eaVvxys7+nMrOhBqjQ10ZVhRztLTaOXFaPSt59Ha3Lk2ujIkqbRoTWXgUMmytnOWdZUxw1yWoSxLY1+wMjgs19Tb6NL4vDdMTPS16ofx5qfl7v3VBXTvqdh1XaYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4P3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRs8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//Qczu7Q==")
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x80383, 0x0)
ioctl$SNDCTL_SEQ_RESET(r3, 0x5100)

5.444646649s ago: executing program 3 (id=1128):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0x3cfa, 0x400, 0x2, 0x3b9}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1})

5.327387189s ago: executing program 3 (id=1130):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000008480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000085c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r7, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

4.41528454s ago: executing program 7 (id=1134):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
rt_sigprocmask(0x2, &(0x7f0000000080)={[0xffffffffffffffff]}, 0x0, 0x8)
r1 = getpid()
r2 = gettid()
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000000c0)='./file2\x00', 0xf4ddc3267dd022d3, &(0x7f0000000480)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB="2c63727566742c646d6f64653d3078303030303030303030303030303030352c6f76657272696465726f636b7065726d2c73686f776173736f632c7065726d69745f646972656374696f2c736d73726f6f743d63727566742c004ef38bc576ab64c53f16e96fd52f000000653f208615df39cede52a3565e692d60a4ff07fa1d591fc9a537ff5c37c22628c35863cb192d5806c780471ca1d3ba6ccff6a3b3cb4e3b224c95ab069a7a"], 0x3, 0x562, &(0x7f00000009c0)="$eJzs3V1v01YYwPHHbaOFMLFpmxCqeDm0m1Q0CE4KRRFXnnOSHkjsyHZQe4UQTVFFChNl0tob6A3bpG2fYdzuQ+x2d/smaB9hk+2kpG1eBn1Jh/6/iPrEfuzz2KR+5CrHFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIJZbtu2CJTXjNZdUr992vXPLgV9Xg3W3d2XXZEi/Ilb8T7JZOZfOOvfF28Vn4x8zcj59d16y8SQrW6fPfnr786mJ7vpDEjoWG5tbjx+0261n405kTKraM6Fv6k5VKxP6qvTrnyKLlVBVTE2Hy2Gk68oNtBP5gZpzr6hCqTSvdH7Zb3rVslPT3Zm3rhVte0HdyTe0E4S+d/1OPnQXTa1mvGoSEy+OY27FH8S7JlKRdupKra61W/NKqdPDkoyDCqP2JA4qjgoq2sVioVAsFhZulm7esu2pfTPsPWRfxPg/tBivQz6DA+9volP/pSZGPGnKkqi+L1fKEogv9QHLO7r1/6vremi/lsikdOp/t8qfe7t4WpL6fzF9d3FQ/R+Qy/G9NmRTMp2cT0lLno09o+N9VUWLJ0ZC8cVIXZxkjurMUVKSBVkQW+7LolQkFCUVMVITLaEsSyiR6OQT5UogWhyJxJdAlMyJK1dESUFKUpJ5UaIlL8viS1M8qUpZnGQrq7ImbWklEf1fp2QnqDBkR3aCikOCqP84uMM9gQMH8E+3/g+WOb5sAAAAAADAUbCSv75byWX+haRVMTVtjzstAAAAAABwiCyRlZ5vpFwQi+t/AAAAAAA+NFYyxs4SkZxcSlvdkVD8EQAAAAAAgA9EMvL/YjzJxa1LYnH9DwAAAADAh+bHkffYDxsfWX/8LcGLjLXdWPrSWnfiOGd9Ml1vcu8Wo8q0daazkWSyMNV55+rzVmeswc6QgzedyeqgPD5O5lrWi/jnAROQn+VyGnN5JZ2udJeke5urmJrOuxm5XUjTEJHvnqx9LxLsdLO61m7lHz5tryS5bMezttc7N1Dcdx/FIbk8T+63kIy56HvkM8lAjCDIWD951ksr6dfu3f+JdPWJd+jzlcykMTO5dJrbvf/ZuM9C/nZBHOfMRKSXos7eJ1nUc2kWhT173vfukUOzmE1jZudm00mfLIoDs4i7W2u3ir1ZvNexGJjFS+lmMT/qWMx3s8i87f5dsgCAcVkdUYWs5Hy3fcC6M7C6d3ux9vXyHtX9lcylMXPTyYl1arpPXbFHndHtA9b13zN7n4E0qMbG/f6yp6q+jld4PbDfsFa04kM4+Xz9Wzm7sbl1bW39waPWo9aTYnF+wb5h2zeLkkl2ozOh9gAA+hj9jJ2REdaNEVfVn+18pSAvD+WptGVFriajDZJvHPTdaq7nawhXR1y15nqe8HJ1xLVlrudBL/89dv4Y/icAADg+MyPq8Mj6L93ryFMi0v+6e3ctH3513FvLezYMAAAOkQ7eWLnoBysITON+oVQqONGiVoHv3lWBKVe1Ml6kA3fR8apaNQI/8l2/FjfumbIOVdhsNPwgUhU/UA0/NEvJk99V59Hvoa47XmTcsFHTTqiV63uR40aqbEJXNZrf1Ey4qINk5bChXVMxrhMZ31Oh3wxcnVcq1Lon0JS1F5mKiZueagSm7gTL6p5fa9a1KuvQDUwj8tMNdvsyXsUP6slm8+M+2AAAnBAbm1uPH7TbrWdH2Bj3PgIAgN2o0gAAAAAAAAAAAAAAAAAAAAAAnHzHMf7vSBqSfYfgv9KnCMhJSf5/1vjkZKTRt5E9GWmMrWENWvT17MF+u5NfmFp2vKcnAEfo3wAAAP//hQRKQg==")
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = memfd_create(&(0x7f0000000040)='\\\\&\x0e\x00', 0x1)
copy_file_range(r3, 0x0, r3, &(0x7f0000000080)=0xde27, 0x3, 0x0)
rt_tgsigqueueinfo(r1, r2, 0x1f, &(0x7f0000000000)={0x17, 0xb, 0x82})
ppoll(0x0, 0x0, 0x0, &(0x7f0000000100), 0x8)

3.987840656s ago: executing program 3 (id=1135):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x88031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, 0x0, 0x0)
waitid(0x1, 0x0, 0x0, 0x80000004, 0x0)
getsockname$l2tp6(0xffffffffffffffff, 0x0, 0x0)

3.343422603s ago: executing program 8 (id=1138):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
r3 = syz_io_uring_setup(0x78ae, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x306}, &(0x7f0000000080), &(0x7f0000002800))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)

3.244180506s ago: executing program 4 (id=1142):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
tkill(r3, 0x2e)
ptrace$peeksig(0x4209, r3, &(0x7f0000000340)={0x0, 0x0, 0x2e}, 0x0)

2.843329546s ago: executing program 2 (id=1143):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

2.842654506s ago: executing program 3 (id=1144):
r0 = socket(0x1, 0x5, 0x0)
close(0x3)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x400, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r3=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x8, r3}, 0x10)
r4 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000500)={0xe000200c})

2.736592167s ago: executing program 7 (id=1145):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000003c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x300f401, 0x0, 0x2, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, 0x0, 0x0, 0x400c844)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
preadv(r1, 0x0, 0x0, 0x113, 0x2)
chdir(&(0x7f00000003c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000300)={0x0, 0xfffffffffffffff9, 0x4, 0xfff})

2.424543873s ago: executing program 8 (id=1146):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet(0x2, 0x2, 0x1)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2.369776923s ago: executing program 4 (id=1147):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlinkprop={0x44, 0x6c, 0x701, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x40, 0x400}, [@IFLA_MAP={0x24, 0xe, {0x3, 0x2, 0x4, 0x8, 0x7, 0x7}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000003c0)={0x20, 0x21, 0x1, 0x70bd27, 0x25dfdbfc, "", [@nested={0x10, 0x121, 0x0, 0x1, [@typed={0xefc87e4c0f2f8e4e, 0xe0, 0x0, 0x0, @u64=0x6}]}]}, 0x20}], 0x1, 0x0, 0x0, 0x40480c4}, 0x8000)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x800010, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
unshare(0x22020600)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x1, 0x14)
r5 = openat$cgroup_int(r4, &(0x7f0000000100)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000140)=0x4, 0x12)

2.239309751s ago: executing program 3 (id=1148):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0x6, 0x0, 0x0, 0x2, 0x0, 0x70bd28, 0x4000}, 0x10}}, 0x0)

1.88996367s ago: executing program 2 (id=1149):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x34, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xffe0}, {0x10, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x4040004)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@delchain={0x3c, 0x2c, 0xf31, 0x70bd27, 0x2000, {0x0, 0x0, 0x0, r6, {0x8}, {0xfff2, 0xffff}, {0xffff, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @private=0xa010100}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008854}, 0x4010)

1.852407673s ago: executing program 4 (id=1150):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x0, 0xfffffffd}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x3}}, 0x10)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
dup3(r0, r1, 0x0)

1.500636932s ago: executing program 4 (id=1151):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x56, r2})
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000180)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2d, r4})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

1.499269872s ago: executing program 8 (id=1152):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xff, 0x1, 0x10, 0x3ff, 0x4, 0x6}, {0xf, 0x1, 0x2, 0x1, 0x5}, 0x4, 0x100, 0x1b8c}}, @TCA_TBF_RATE64={0xc, 0x4, 0x2fd9e5fb6e622145}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x4094)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r4)

1.453209324s ago: executing program 7 (id=1153):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80000)
splice(r2, 0x0, r4, 0x0, 0x200006, 0x0)
splice(r3, 0x0, r2, 0x0, 0x7fffffffffffffff, 0x1)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="8e", 0x1}], 0x1)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
timer_getoverrun(r0)

1.172514845s ago: executing program 8 (id=1154):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000340)={0x0, 0x3cfa, 0x400, 0x2, 0x3b9}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1})

1.172140255s ago: executing program 2 (id=1155):
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000140)=0x80000001, 0x4)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0x6000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000003a00))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x44)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
add_key$fscrypt_provisioning(0x0, 0x0, &(0x7f0000000080)={0x1, 0x0, @a}, 0x48, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1)

1.155099202s ago: executing program 4 (id=1156):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0)

1.150425861s ago: executing program 2 (id=1157):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2b, 0x1, 0x1)
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})

1.040102372s ago: executing program 2 (id=1158):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/xfrm_stat\x00')
read$eventfd(r3, &(0x7f0000000340), 0x8)

1.038904972s ago: executing program 3 (id=1159):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)

952.668827ms ago: executing program 8 (id=1160):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000180)={0x0, 0x0, 0x3ff, 0xfffffef0, 0x670, 0x5}, &(0x7f00000001c0)=0x14)

943.808085ms ago: executing program 4 (id=1161):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x23c, &(0x7f0000000600)="$eJzs3T9oFFkcB/Df7J/8XY7cXXNwcHdwHMddIOS6g2tyjUJAgogIKkRErCRRYtImVjYWWquksom2RkuxCTYRwSpoitgIGkQMFlqszE5iollR3LgjzucDszuzO29+b3jzfbPNsAEUVl9EDEVEOSL6I6IaEcnWHX7Llr71zdnuhdGIen3fs6SxX7ad2WjXGxEzEfHv1XqmEjE1f2jl5dLuP89NVv+4Mn+wO7raepoNqyvLe9Yuj5y9PvzP1N37T0aSGIraO+e185Imn1WSiB++RLGvRFLJuwd8ilOLI8/T3P8YEb838l+NUmSDd36i43Y1/r70obYXnt77uZ19BXZevV5N74EzdaBwShFRi6Q0EBHZeqk0MJD9hn9Q7imdGJ843X98fHLsWN4zFbBTahHLu2523uh9L/+Py1n+gW9Xmv/9e+ceputr5bx7A7RTmv/+I9N/hfxD4cg/FJf8Q3HJPxRXh/xDYbn/Q3HJPxSX/ENxyT8Ul/xDcW3NPwBQLPXOvJ9ABvKS9/wDAAAAAAAAAAAAAAAAAABsN9u9MLqxtKvmnYsRq/9HRKVZ/XLj/4gjuhqvPS+SdLe3kqxZSw7/2uIBWnQt56evv3uUR9XNUVv8JY/6m6bHImbORMRgpbL9+kvWr7/P9/1Hvq8ebbFAi/47kG/913P51h9eiriVzj+DzeafUvzUeG8+/9TS8Wux/slXLR4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtnkTAAD//zBNc9A=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sysinfo(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x25, 0x1, 0x0)

172.62192ms ago: executing program 7 (id=1162):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

159.451608ms ago: executing program 2 (id=1163):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000008480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000085c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r7, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

5.035642ms ago: executing program 36 (id=1162):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

0s ago: executing program 8 (id=1165):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x6, 0x504}, 0x50)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001d0025bd7000fadbdf2500000000", @ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r0], 0x44}, 0x1, 0x0, 0x0, 0x240448e0}, 0x0)

kernel console output (not intermixed with test programs):

059][ T4602] tipc: Failed to remove unknown binding: 66,0,0/0:3399488371/3399488373
[   41.299528][ T4602] tipc: Failed to remove unknown binding: 66,0,0/0:3399488371/3399488372
[   41.301583][ T4602] tipc: Failed to remove unknown binding: 66,0,0/0:3399488371/3399488373
[   41.302845][ T4602] tipc: Failed to remove unknown binding: 66,0,0/0:3399488371/3399488372
[   41.976688][ T4618] loop0: detected capacity change from 0 to 256
[   42.009496][ T4618] FAT-fs (loop0): Directory bread(block 64) failed
[   42.012912][ T4618] FAT-fs (loop0): Directory bread(block 65) failed
[   42.014965][ T4618] FAT-fs (loop0): Directory bread(block 66) failed
[   42.017242][ T4618] FAT-fs (loop0): Directory bread(block 67) failed
[   42.020127][ T4618] FAT-fs (loop0): Directory bread(block 68) failed
[   42.021267][ T4618] FAT-fs (loop0): Directory bread(block 69) failed
[   42.022458][ T4618] FAT-fs (loop0): Directory bread(block 70) failed
[   42.023503][ T4618] FAT-fs (loop0): Directory bread(block 71) failed
[   42.027303][ T4618] FAT-fs (loop0): Directory bread(block 72) failed
[   42.028438][ T4618] FAT-fs (loop0): Directory bread(block 73) failed
[   42.058231][ T4479] EXT4-fs (loop1): unmounting filesystem.
[   42.262725][ T4334] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   42.277003][ T4334] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   42.278998][ T4334] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   42.280699][ T4334] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   42.282229][ T4334] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   42.283574][ T4334] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   42.486791][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.490147][ T4634] netlink: 12 bytes leftover after parsing attributes in process `syz.3.70'.
[   42.495562][ T4634] device macvlan2 entered promiscuous mode
[   42.496647][ T4634] device veth0_virt_wifi entered promiscuous mode
[   42.504851][ T4634] team0: Port device macvlan2 added
[   42.578271][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.603678][ T4637] device syzkaller0 entered promiscuous mode
[   42.666795][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.671448][ T4637] tipc: Started in network mode
[   42.672313][ T4637] tipc: Node identity 5ef5095879da, cluster identity 4711
[   42.673543][ T4637] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   42.697240][ T4636] tipc: Resetting bearer <eth:syzkaller0>
[   42.756296][ T4636] tipc: Disabling bearer <eth:syzkaller0>
[   42.759856][ T4622] chnl_net:caif_netlink_parms(): no params data found
[   42.806836][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.898294][ T4622] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.900025][ T4622] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.906299][ T4622] device bridge_slave_0 entered promiscuous mode
[   42.913641][ T4622] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.918389][ T4622] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.925712][ T4622] device bridge_slave_1 entered promiscuous mode
[   42.941833][ T4622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   42.983144][ T4622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   42.997610][ T4622] team0: Port device team_slave_0 added
[   43.007825][ T4622] team0: Port device team_slave_1 added
[   43.020905][ T4622] batman_adv: batadv0: Adding interface: batadv_slave_0
[   43.029876][ T4622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.040420][ T4622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   43.057623][ T4622] batman_adv: batadv0: Adding interface: batadv_slave_1
[   43.059001][ T4622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.063271][ T4622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   43.127821][ T4622] device hsr_slave_0 entered promiscuous mode
[   43.164770][ T4622] device hsr_slave_1 entered promiscuous mode
[   43.204674][ T4622] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   43.206606][ T4622] Cannot create hsr debugfs directory
[   43.322707][ T4656] loop0: detected capacity change from 0 to 8
[   43.339869][ T4656] SQUASHFS error: lzo decompression failed, data probably corrupt
[   43.341526][ T4656] SQUASHFS error: Failed to read block 0x91: -5
[   43.342669][ T4656] SQUASHFS error: Unable to read metadata cache entry [8f]
[   43.343891][ T4656] SQUASHFS error: Unable to read inode 0x11f
[   43.430677][ T4666] netlink: 'syz.0.75': attribute type 4 has an invalid length.
[   43.512024][ T4656] netlink: 'syz.0.75': attribute type 4 has an invalid length.
[   43.517102][ T4622] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   43.617212][ T4622] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   43.656007][ T4622] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   43.789399][ T4622] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   44.345102][ T4334] Bluetooth: hci0: command 0x0409 tx timeout
[   44.777277][ T4622] 8021q: adding VLAN 0 to HW filter on device bond0
[   44.796334][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.797931][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.064992][ T4327] Bluetooth: hci3: command 0x0406 tx timeout
[   45.117507][ T4622] 8021q: adding VLAN 0 to HW filter on device team0
[   45.174198][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.175956][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.177403][ T4522] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.178513][ T4522] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.179875][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   45.181847][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.183293][ T4522] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.184317][ T4522] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.198984][ T4700] Set syz0 is full, maxelem 0 reached
[   45.206046][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   45.212326][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   45.223560][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   45.233476][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   45.298786][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   45.300346][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   45.301823][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   45.303393][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   45.307491][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   45.308967][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.320416][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   45.323580][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.340267][ T4622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   46.062539][ T4731] binder: 4730:4731 tried to acquire reference to desc 0, got 1 instead
[   46.070903][ T4731] binder_alloc: 4730: binder_alloc_buf size 16384 failed, no address space
[   46.073185][ T4731] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 8192 (num: 1 largest: 8192)
[   46.079194][ T4731] binder: cannot allocate buffer: no space left
[   46.079238][ T4731] binder: 4730:4731 transaction call to 4730:0 failed 36/29201/-28, size 16384-0 line 3230
[   46.084108][   T22] binder: undelivered TRANSACTION_COMPLETE
[   46.086178][   T22] binder: undelivered TRANSACTION_ERROR: 29201
[   46.093868][   T22] binder: undelivered transaction 35, process died.
[   46.424544][ T4334] Bluetooth: hci0: command 0x041b tx timeout
[   47.412227][ T4622] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.421555][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   47.422852][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   48.496250][ T4334] Bluetooth: hci0: command 0x040f tx timeout
[   48.516018][ T4769] device macvlan2 entered promiscuous mode
[   48.890011][   T11] device hsr_slave_0 left promiscuous mode
[   48.925879][   T11] device hsr_slave_1 left promiscuous mode
[   48.997854][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   48.999085][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   49.001804][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   49.002932][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   49.005042][   T11] device bridge_slave_1 left promiscuous mode
[   49.006645][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.046932][   T11] device bridge_slave_0 left promiscuous mode
[   49.048076][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.167921][   T11] device veth1_macvtap left promiscuous mode
[   49.169116][   T11] device veth0_macvtap left promiscuous mode
[   49.170237][   T11] device veth1_vlan left promiscuous mode
[   49.171333][   T11] device veth0_vlan left promiscuous mode
[   49.648558][ T4840] binder: 4839:4840 tried to acquire reference to desc 0, got 1 instead
[   49.650978][ T4840] binder: 4839:4840 got transaction with invalid parent offset or type
[   49.652444][ T4840] binder: 4840:4839 failed to fixup parent
[   49.653422][ T4840] binder: 4839:4840 transaction call to 4839:0 failed 41/29201/-22, size 120-24 line 3540
[   49.662598][ T4523] binder: undelivered TRANSACTION_ERROR: 29201
[   50.584574][ T4327] Bluetooth: hci0: command 0x0419 tx timeout
[   51.756767][   T11] team0 (unregistering): Port device team_slave_1 removed
[   51.928216][   T11] team0 (unregistering): Port device team_slave_0 removed
[   52.115587][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   52.325248][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   53.805993][   T11] bond0 (unregistering): Released all slaves
[   54.086919][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   54.088606][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.101106][ T4874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.125'.
[   54.113560][ T4876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.125'.
[   54.116612][ T4878] netlink: 4 bytes leftover after parsing attributes in process `syz.4.126'.
[   54.118001][ T4878] device bridge_slave_1 left promiscuous mode
[   54.119726][ T4878] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.145590][ T4878] device bridge_slave_0 left promiscuous mode
[   54.146662][ T4878] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.176374][ T4887] netlink: 28 bytes leftover after parsing attributes in process `syz.2.127'.
[   54.389330][ T4772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   54.391068][ T4772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.392608][ T4622] device veth0_vlan entered promiscuous mode
[   54.412292][ T4772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.413781][ T4772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.422688][ T4622] device veth1_vlan entered promiscuous mode
[   54.443451][ T4904] loop0: detected capacity change from 0 to 512
[   54.454951][ T4904] EXT4-fs (loop0): Test dummy encryption mode enabled
[   54.470455][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   54.472142][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   54.473647][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   54.476209][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.481345][ T4904] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.131: invalid indirect mapped block 2185560079 (level 0)
[   54.486561][ T4904] EXT4-fs (loop0): Remounting filesystem read-only
[   54.488441][ T4904] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.131: invalid indirect mapped block 2683928664 (level 1)
[   54.491011][ T4904] EXT4-fs (loop0): Remounting filesystem read-only
[   54.493047][ T4904] EXT4-fs (loop0): 1 truncate cleaned up
[   54.494021][ T4904] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   54.503558][ T4904] netlink: 'syz.0.131': attribute type 1 has an invalid length.
[   54.507640][ T4904] fscrypt: AES-256-XTS using implementation "xts-aes-ce"
[   54.515697][ T4622] device veth0_macvtap entered promiscuous mode
[   54.518200][ T4622] device veth1_macvtap entered promiscuous mode
[   54.532437][ T4325] EXT4-fs (loop0): unmounting filesystem.
[   54.581572][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.583221][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.588730][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.590505][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.592293][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.594333][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.596647][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   54.598291][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.600804][ T4622] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.608023][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   54.609738][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   54.611080][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   54.612575][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.679479][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   54.681275][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.682863][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   54.690700][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   54.692270][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   54.694040][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.042963][ T4622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   55.047019][ T4622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.053777][ T4622] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.069192][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.070842][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.075970][ T4622] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.077393][ T4622] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.079245][ T4622] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.080705][ T4622] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.223869][  T191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.225528][  T191] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.226785][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.250166][ T4678] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.251550][ T4678] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.252866][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   55.372765][ T4935] netlink: 'syz.5.66': attribute type 1 has an invalid length.
[   55.429924][ T4939] netlink: 4 bytes leftover after parsing attributes in process `syz.5.66'.
[   56.010951][ T4960] binder: 4953:4960 tried to acquire reference to desc 0, got 1 instead
[   56.013294][ T4960] binder: 4953:4960 got transaction with invalid data ptr
[   56.017680][ T4960] binder: 4953:4960 transaction async to 4953:0 failed 46/29201/-14, size 0-24 line 3333
[   56.020910][ T4589] binder: release 4953:4960 transaction 47 out, still active
[   56.022391][ T4589] binder: undelivered TRANSACTION_COMPLETE
[   56.033901][ T4589] binder: send failed reply for transaction 47, target dead
[   56.355758][ T4900] overlayfs: failed to clone upperpath
[   56.929532][ T5024] netlink: 220 bytes leftover after parsing attributes in process `syz.5.148'.
[   56.933858][ T5024] netlink: 16 bytes leftover after parsing attributes in process `syz.5.148'.
[   57.918299][ T5103] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.920958][ T5103] team0: Port device bond0 added
[   57.932129][ T5103] netlink: 'syz.3.158': attribute type 16 has an invalid length.
[   57.933654][ T5103] netlink: 'syz.3.158': attribute type 17 has an invalid length.
[   57.961540][ T5103] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.963686][ T5103] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.506071][ T5121] loop3: detected capacity change from 0 to 16
[   58.518573][ T5121] erofs: (device loop3): mounted with root inode @ nid 36.
[   58.556308][ T5121] syz.3.163: attempt to access beyond end of device
[   58.556308][ T5121] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[   58.863499][ T5125] tipc: Failed to remove unknown binding: 66,0,0/0:1743040175/1743040177
[   58.865132][ T5125] tipc: Failed to remove unknown binding: 66,0,0/0:1743040175/1743040176
[   58.869693][ T5125] tipc: Failed to remove unknown binding: 66,0,0/0:1743040175/1743040177
[   58.872443][ T5125] tipc: Failed to remove unknown binding: 66,0,0/0:1743040175/1743040176
[   59.277635][ T5138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.169'.
[   59.576005][ T4593] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   59.704585][    T7] cfg80211: failed to load regulatory.db
[   59.835064][ T4593] usb 1-1: device descriptor read/64, error -71
[   60.454017][ T4593] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   61.034744][ T4593] usb 1-1: device descriptor read/64, error -71
[   61.205472][ T4593] usb usb1-port1: attempt power cycle
[   61.356638][ T5184] sock: sock_set_timeout: `syz.4.183' (pid 5184) tries to set negative timeout
[   61.517437][ T5196] loop4: detected capacity change from 0 to 164
[   61.654568][ T4593] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   61.717673][ T4593] usb 1-1: device descriptor read/8, error -71
[   61.794937][ T5192] loop5: detected capacity change from 0 to 512
[   61.833833][ T5192] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   61.939804][ T4622] EXT4-fs (loop5): unmounting filesystem.
[   61.984563][ T4593] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   61.987742][ T5207] binder: 5206:5207 tried to acquire reference to desc 0, got 1 instead
[   61.990025][ T5207] binder: tried to use weak ref as strong ref
[   61.991236][ T5207] binder: 5206:5207 got transaction to invalid handle, 1
[   61.992676][ T5207] binder: 5207:5206 cannot find target node
[   61.993706][ T5207] binder: 5206:5207 transaction call to 0:0 failed 59/29201/-22, size 0-0 line 3045
[   61.996736][ T4589] binder: release 5206:5207 transaction 52 out, still active
[   61.997920][ T4589] binder: undelivered TRANSACTION_COMPLETE
[   62.006751][ T4589] binder: undelivered TRANSACTION_ERROR: 29201
[   62.007806][ T4589] binder: send failed reply for transaction 52, target dead
[   62.015408][ T4593] usb 1-1: device descriptor read/8, error -71
[   62.149194][ T4593] usb usb1-port1: unable to enumerate USB device
[   62.774388][ T5234] loop5: detected capacity change from 0 to 512
[   62.782433][ T5234] EXT4-fs: inline encryption not supported
[   62.786034][ T5234] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   62.796539][ T5234] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   62.800824][ T5234] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[   62.802189][ T5234] System zones: 1-12
[   62.805886][ T5234] EXT4-fs (loop5): 1 truncate cleaned up
[   62.807041][ T5234] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   63.175180][ T5234] EXT4-fs warning (device loop5): verify_group_input:169: Last group not full
[   63.817997][ T5252] netlink: 182 bytes leftover after parsing attributes in process `syz.3.204'.
[   64.167145][ T5231] netlink: 'syz.5.199': attribute type 6 has an invalid length.
[   64.185505][ T4622] EXT4-fs (loop5): unmounting filesystem.
[   64.817109][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[   64.838642][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[   66.203490][ T5297] Injecting memory failure for pfn 0x13f55c at process virtual address 0x20003000
[   66.211805][ T5287] loop4: detected capacity change from 0 to 32768
[   66.227168][ T5297] Memory failure: 0x13f55c: Failed to invalidate
[   66.229067][ T5297] Memory failure: 0x13f55c: clean unevictable LRU page still referenced by 2 users
[   66.233170][ T5297] Memory failure: 0x13f55c: recovery action for clean unevictable LRU page: Failed
[   66.238866][ T5287] XFS (loop4): Mounting V5 Filesystem
[   66.272829][ T5287] XFS (loop4): Ending clean mount
[   66.282224][ T5312] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   66.282224][ T5312] The task syz.5.217 (5312) triggered the difference, watch for misbehavior.
[   66.327068][ T5302] loop5: detected capacity change from 0 to 512
[   66.410629][ T4310] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   66.737289][ T4326] XFS (loop4): Unmounting Filesystem
[   66.894026][ T5289] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   66.909981][ T5289] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.189274][    C1] vcan0: j1939_tp_rxtimer: 0x00000000fa16bcad: rx timeout, send abort
[   67.283524][ T5289] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.287632][ T5289] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.288967][ T5289] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.290365][ T5289] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   67.364837][ T4372] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   67.564575][ T4372] usb 1-1: Using ep0 maxpacket: 16
[   67.567969][ T4372] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[   67.569523][ T4372] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   67.571274][ T4372] usb 1-1: config 0 has no interface number 0
[   67.575345][ T4372] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[   67.576971][ T4372] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.579114][ T4372] usb 1-1: Product: syz
[   67.579753][ T4372] usb 1-1: Manufacturer: syz
[   67.580608][ T4372] usb 1-1: SerialNumber: syz
[   67.596504][ T4372] usb 1-1: config 0 descriptor??
[   67.606960][ T4372] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[   67.608678][ T4372] usb 1-1: No valid video chain found.
[   67.689425][    C1] vcan0: j1939_tp_rxtimer: 0x000000000ae67acb: rx timeout, send abort
[   67.691447][    C1] vcan0: j1939_tp_rxtimer: 0x00000000fa16bcad: abort rx timeout. Force session deactivation
[   67.892623][ T4372] usb 1-1: USB disconnect, device number 6
[   68.185497][    C1] vcan0: j1939_tp_rxtimer: 0x000000004fca13c5: rx timeout, send abort
[   68.187156][    C1] vcan0: j1939_xtp_rx_abort_one: 0x000000004fca13c5: 0x2ff00: (3) A timeout occurred and this is the connection abort to close the session.
[   68.190794][    C1] vcan0: j1939_tp_rxtimer: 0x000000000ae67acb: abort rx timeout. Force session deactivation
[   69.415196][ T5409] Driver unsupported XDP return value 0 on prog  (id 40) dev N/A, expect packet loss!
[   70.358770][ T5435] netlink: 'syz.2.246': attribute type 4 has an invalid length.
[   70.466089][ T5440] netlink: 104 bytes leftover after parsing attributes in process `syz.3.248'.
[   70.467751][ T5440] netlink: 104 bytes leftover after parsing attributes in process `syz.3.248'.
[   70.474038][ T5440] netlink: 104 bytes leftover after parsing attributes in process `syz.3.248'.
[   70.499392][ T5446] netlink: 'syz.0.249': attribute type 1 has an invalid length.
[   70.540228][ T5446] device bond1 entered promiscuous mode
[   70.551659][ T5446] 8021q: adding VLAN 0 to HW filter on device bond1
[   70.636420][ T5451] netlink: 60 bytes leftover after parsing attributes in process `syz.3.251'.
[   70.661471][ T5446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.249'.
[   71.122560][ T5473] netlink: 24 bytes leftover after parsing attributes in process `syz.2.255'.
[   71.208722][ T5474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.254'.
[   72.407888][ T5480] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.409333][ T5480] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.922245][ T5480] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.942549][ T5480] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.222334][ T5480] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.223908][ T5480] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.225505][ T5480] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.226981][ T5480] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.369254][ T5498] netlink: 'syz.0.259': attribute type 10 has an invalid length.
[   73.377336][ T5498] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.390193][ T5498] team0: Port device bond0 added
[   73.392267][ T5519] netlink: 24 bytes leftover after parsing attributes in process `syz.2.266'.
[   74.030509][ T5568] batman_adv: batadv0: Adding interface: dummy0
[   74.031604][ T5568] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.039161][ T5568] batman_adv: batadv0: Interface activated: dummy0
[   74.067506][ T5568] batadv0: mtu less than device minimum
[   74.073574][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.076835][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.079868][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.083099][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.086351][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.089383][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.092350][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.095392][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.098337][ T5568] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   74.128264][ T5575] netlink: 4 bytes leftover after parsing attributes in process `syz.2.278'.
[   74.130829][ T5575] batman_adv: batadv0: Interface deactivated: dummy0
[   74.133069][ T5575] batman_adv: batadv0: Removing interface: dummy0
[   74.136748][ T5575] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.138329][ T5575] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.153868][ T5575] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.157276][ T5575] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.296696][   T78] block nbd4: Attempted send on invalid socket
[   74.297998][   T78] I/O error, dev nbd4, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[   74.300286][ T5579] qnx6: unable to read the first superblock
[   74.304420][   T78] block nbd4: Attempted send on invalid socket
[   74.305730][   T78] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[   74.307135][ T5579] qnx6: unable to read the first superblock
[   74.308146][ T5579] qnx6: unable to read the first superblock
[   74.519665][ T5581] netlink: 'syz.0.282': attribute type 4 has an invalid length.
[   74.539937][ T5584] netlink: 88 bytes leftover after parsing attributes in process `syz.5.283'.
[   74.563477][ T5581] netlink: 'syz.0.282': attribute type 4 has an invalid length.
[   76.074265][ T5637] binder: 5636:5637 tried to acquire reference to desc 0, got 1 instead
[   76.088810][ T5637] binder: 5636:5637 BC_FREE_BUFFER u0000000020ffd000 matched unreturned or currently freeing buffer
[   76.123356][    T7] binder: release 5636:5637 transaction 64 out, still active
[   76.126922][    T7] binder: undelivered TRANSACTION_COMPLETE
[   76.154887][   T22] binder: send failed reply for transaction 64, target dead
[   77.368192][ T5675] netlink: 'syz.3.300': attribute type 1 has an invalid length.
[   77.413705][ T5675] 8021q: adding VLAN 0 to HW filter on device bond1
[   77.519481][ T4334] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.522488][ T4334] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.525176][ T4334] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.531976][ T4334] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.533569][ T4334] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.536964][ T4334] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.875823][ T5674] loop0: detected capacity change from 0 to 32768
[   77.919123][ T5674] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.303 (5674)
[   77.938433][ T5674] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   77.940226][ T5674] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm
[   77.965346][ T5674] BTRFS info (device loop0): setting nodatasum
[   77.966385][ T5674] BTRFS info (device loop0): force zlib compression, level 3
[   77.967522][ T5674] BTRFS info (device loop0): metadata ratio 1
[   77.968389][ T5674] BTRFS info (device loop0): enabling ssd optimizations
[   77.969541][ T5674] BTRFS info (device loop0): allowing degraded mounts
[   77.970696][ T5674] BTRFS info (device loop0): using spread ssd allocation scheme
[   77.971897][ T5674] BTRFS info (device loop0): using free space tree
[   78.452159][ T5678] chnl_net:caif_netlink_parms(): no params data found
[   78.489079][ T5678] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.490227][ T5678] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.492242][ T5678] device bridge_slave_0 entered promiscuous mode
[   78.499012][ T5678] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.500255][ T5678] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.502242][ T5678] device bridge_slave_1 entered promiscuous mode
[   78.509271][ T5678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.511830][ T5678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.521579][ T5678] team0: Port device team_slave_0 added
[   78.524366][ T5678] team0: Port device team_slave_1 added
[   78.529990][ T5678] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.531118][ T5678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.538167][ T5678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.543633][ T5678] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.545173][ T5678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.549188][ T5678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.606122][ T5678] device hsr_slave_0 entered promiscuous mode
[   78.620671][ T4325] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   78.654829][ T5678] device hsr_slave_1 entered promiscuous mode
[   78.738009][ T5678] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.743906][ T5678] Cannot create hsr debugfs directory
[   79.142986][ T5678] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   79.444844][ T5739] Soft offlining pfn 0x1460ac at process virtual address 0x20000000
[   79.448588][ T5739] Soft offlining pfn 0x146254 at process virtual address 0x20001000
[   79.450019][ T5739] Soft offlining pfn 0x146255 at process virtual address 0x20002000
[   79.451295][ T5739] Soft offlining pfn 0x146256 at process virtual address 0x20003000
[   79.452702][ T5739] Soft offlining pfn 0x146257 at process virtual address 0x20004000
[   79.454095][ T5739] Soft offlining pfn 0x144c61 at process virtual address 0x20005000
[   80.126169][ T5678] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   80.239639][ T5739] Soft offlining pfn 0x1464f0 at process virtual address 0x20006000
[   80.241004][ T5739] Soft offlining pfn 0x1464f1 at process virtual address 0x20007000
[   80.242314][ T5739] Soft offlining pfn 0x1464f2 at process virtual address 0x20008000
[   80.243611][ T5739] Soft offlining pfn 0x1464f3 at process virtual address 0x20009000
[   80.244978][ T5739] Soft offlining pfn 0x1464f4 at process virtual address 0x2000a000
[   80.246361][ T5739] Soft offlining pfn 0x1464f5 at process virtual address 0x2000b000
[   80.247667][ T5739] Soft offlining pfn 0x1464f6 at process virtual address 0x2000c000
[   80.248985][ T5739] Soft offlining pfn 0x1464f7 at process virtual address 0x2000d000
[   80.250379][ T5739] Soft offlining pfn 0x144098 at process virtual address 0x2000e000
[   80.251682][ T5739] Soft offlining pfn 0x144099 at process virtual address 0x2000f000
[   80.252930][ T5739] Soft offlining pfn 0x14409a at process virtual address 0x20010000
[   80.254233][ T5739] Soft offlining pfn 0x14409b at process virtual address 0x20011000
[   80.270849][ T4327] Bluetooth: hci0: command 0x0409 tx timeout
[   80.332125][ T5678] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   80.971068][   T27] audit: type=1326 audit(80.950:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5742 comm="syz.4.313" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff89177ee8 code=0x0
[   81.017039][ T5678] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   81.061015][ T5754] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[   81.072061][ T5754] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[   81.076837][ T5754] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[   81.092165][ T5754] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[   81.096191][ T5754] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[   81.112661][ T5754] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[   81.168806][ T5678] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.173645][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   81.225626][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   81.229203][ T4677] bond0 (unregistering): Released all slaves
[   81.253228][ T5678] 8021q: adding VLAN 0 to HW filter on device team0
[   81.597686][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   81.599535][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   81.602232][ T4522] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.603479][ T4522] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.608912][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   81.612652][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   81.617236][ T4522] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.619261][ T4522] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.620682][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   81.622477][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   81.624208][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   81.638074][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   81.641002][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   81.642884][ T4522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   81.649049][ T5678] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   81.652824][ T5678] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.663494][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   81.668378][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   81.670237][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   81.671820][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.676050][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   81.679807][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.685551][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.756767][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.758199][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.763240][ T5678] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.925486][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   81.927356][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   81.939019][ T5678] device veth0_vlan entered promiscuous mode
[   81.942993][ T5678] device veth1_vlan entered promiscuous mode
[   81.951640][ T5678] device veth0_macvtap entered promiscuous mode
[   81.955724][ T5678] device veth1_macvtap entered promiscuous mode
[   82.163421][ T5678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.187616][ T5678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.191385][ T5678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.194188][ T5678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.208050][ T5678] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.213503][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   82.216085][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   82.222019][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   82.223538][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   82.232630][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   82.237969][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   82.240759][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   82.248192][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   82.251727][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   82.257757][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   82.259524][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   82.265480][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   82.267980][ T5678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.269888][ T5678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.271396][ T5678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.274832][ T5678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.277421][ T5678] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.278919][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   82.280578][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   82.283372][ T5678] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.286176][ T5678] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.287501][ T5678] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.289021][ T5678] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.334563][ T4334] Bluetooth: hci0: command 0x041b tx timeout
[   82.344586][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.345775][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.347388][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   82.349810][  T191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.351054][  T191] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.352368][  T191] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   83.828009][ T5808] __nla_validate_parse: 5 callbacks suppressed
[   83.828020][ T5808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.327'.
[   84.415384][ T4327] Bluetooth: hci0: command 0x040f tx timeout
[   85.509713][ T5746] net_ratelimit: 10 callbacks suppressed
[   85.509726][ T5746] Set syz1 is full, maxelem 65536 reached
[   85.957013][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.959286][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.494542][ T4327] Bluetooth: hci0: command 0x0419 tx timeout
[   86.865639][ T5859] netlink: 8 bytes leftover after parsing attributes in process `syz.6.341'.
[   87.088163][ T5833] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.106884][ T5833] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.782914][ T5833] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.784557][ T5833] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.787251][ T5833] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   87.789790][ T5833] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.028942][   T27] audit: type=1326 audit(88.010:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz.3.347" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x0
[   88.210767][ T5886] loop0: detected capacity change from 0 to 164
[   88.531380][ T5888] netlink: 'syz.4.350': attribute type 4 has an invalid length.
[   88.712220][ T5899] loop6: detected capacity change from 0 to 512
[   88.796625][ T5899] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   89.352744][ T5907] fs-verity (loop6, inode 15): Unrecognized descriptor size: 0 bytes
[   89.636252][ T5678] EXT4-fs (loop6): unmounting filesystem.
[   90.542677][ T5923] netlink: 'syz.4.358': attribute type 4 has an invalid length.
[   90.544428][ T5923] netlink: 'syz.4.358': attribute type 4 has an invalid length.
[   91.169546][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.170872][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.272252][ T5877] Set syz1 is full, maxelem 65536 reached
[   92.020439][ T5927] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.036517][ T5927] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.105273][ T5927] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.106801][ T5927] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.108281][ T5927] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.109770][ T5927] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.342032][ T5958] netlink: 'syz.3.365': attribute type 4 has an invalid length.
[   93.501980][ T5976] loop6: detected capacity change from 0 to 164
[   94.157182][ T5968] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.158587][ T5968] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.304590][   T27] audit: type=1326 audit(95.280:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5994 comm="syz.6.375" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb2777ee8 code=0x0
[   96.112361][ T5968] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   96.113938][ T5968] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   96.118374][ T5968] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   96.119934][ T5968] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   96.401256][ T5983] batman_adv: batadv0: Adding interface: dummy0
[   96.402317][ T5983] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.407707][ T5983] batman_adv: batadv0: Interface activated: dummy0
[   96.420055][ T5990] batadv0: mtu less than device minimum
[   96.422651][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.425766][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.428837][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.431925][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.434949][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.437916][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.440859][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.443924][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.447037][ T5990] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   96.463956][ T5993] netlink: 4 bytes leftover after parsing attributes in process `syz.4.372'.
[   96.474027][ T5993] batman_adv: batadv0: Interface deactivated: dummy0
[   96.475238][ T5993] batman_adv: batadv0: Removing interface: dummy0
[   96.476791][ T5993] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.477973][ T5993] batman_adv: batadv0: Removing interface: batadv_slave_0
[   96.479522][ T5993] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   96.480622][ T5993] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.286298][ T6028] netlink: 182 bytes leftover after parsing attributes in process `syz.4.386'.
[   99.033716][   T27] audit: type=1326 audit(99.010:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.2.393" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff80f77ee8 code=0x0
[   99.187021][ T6040] netlink: 'syz.4.389': attribute type 6 has an invalid length.
[  101.543472][ T6086] sched: RT throttling activated
[  102.303783][ T6092] netlink: 4 bytes leftover after parsing attributes in process `syz.6.404'.
[  103.578008][ T6102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.406'.
[  105.483539][ T6132] loop6: detected capacity change from 0 to 256
[  105.491903][ T6132] exfat: Deprecated parameter 'namecase'
[  105.525295][ T6132] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  105.632891][ T6048] net_ratelimit: 11 callbacks suppressed
[  105.632904][ T6048] Set syz1 is full, maxelem 65536 reached
[  106.343096][ T6147] Set syz0 is full, maxelem 0 reached
[  106.548742][ T6150] netlink: 12 bytes leftover after parsing attributes in process `syz.4.428'.
[  106.574824][ T6150] 8021q: adding VLAN 0 to HW filter on device bond1
[  106.589159][ T4327] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.591044][ T4327] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.592852][ T4327] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.594453][ T4327] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.596732][ T4327] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  106.597965][ T4327] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.962218][ T6150] device macvlan2 entered promiscuous mode
[  106.967984][ T6150] device bond1 entered promiscuous mode
[  106.969775][ T6150] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  106.973051][ T6150] team0: Port device macvlan2 added
[  107.097639][ T6156] chnl_net:caif_netlink_parms(): no params data found
[  107.129391][ T6156] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.130745][ T6156] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.132583][ T6156] device bridge_slave_0 entered promiscuous mode
[  107.136562][ T6156] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.137898][ T6156] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.139802][ T6156] device bridge_slave_1 entered promiscuous mode
[  107.151277][ T6156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.154445][ T6156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.166893][ T6156] team0: Port device team_slave_0 added
[  107.169233][ T6156] team0: Port device team_slave_1 added
[  107.177385][ T6156] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.178695][ T6156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.182911][ T6156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.189607][ T6156] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.190858][ T6156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.196645][ T6156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.249380][ T6156] device hsr_slave_0 entered promiscuous mode
[  107.286946][ T6156] device hsr_slave_1 entered promiscuous mode
[  107.324572][ T6156] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  107.325958][ T6156] Cannot create hsr debugfs directory
[  107.439679][ T6156] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  107.494574][ T6156] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  107.567850][ T6156] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  107.608372][ T6156] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  107.681544][ T6156] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.691489][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.693002][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.696935][ T6156] 8021q: adding VLAN 0 to HW filter on device team0
[  107.701099][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  107.702615][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.703997][ T4678] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.705121][ T4678] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.711131][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  107.716254][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  107.717839][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.720186][ T1574] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.721332][ T1574] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.725031][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  107.737374][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  107.742317][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  107.749241][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  107.750926][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  107.753080][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  107.757717][ T6156] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  107.759476][ T6156] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  107.769323][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  107.770918][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  107.772888][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  107.775397][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  107.776979][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  107.779220][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  107.872146][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  107.873460][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  107.877400][ T6156] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.985471][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  107.987202][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  107.993065][ T5872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  107.994661][ T5872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  107.996199][ T5872] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  107.997649][ T5872] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  107.999845][ T6156] device veth0_vlan entered promiscuous mode
[  108.003095][ T6156] device veth1_vlan entered promiscuous mode
[  108.014078][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  108.016126][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  108.017564][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  108.019202][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  108.021699][ T6156] device veth0_macvtap entered promiscuous mode
[  108.024052][ T6156] device veth1_macvtap entered promiscuous mode
[  108.031456][ T6156] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.032812][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  108.034431][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  108.039159][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  108.040880][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  108.045878][ T6156] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.048187][ T6156] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.049510][ T6156] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.050855][ T6156] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.052156][ T6156] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.057509][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  108.059208][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  108.086736][ T5963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.088009][ T5963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.089412][ T5963] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  108.103301][ T5963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.105160][ T5963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.106531][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  108.772560][ T4327] Bluetooth: hci0: command 0x0409 tx timeout
[  109.973354][ T6204] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.977561][ T6204] team0: Port device bond0 added
[  110.045104][ T6204] netlink: 'syz.2.448': attribute type 16 has an invalid length.
[  110.048746][ T6204] netlink: 'syz.2.448': attribute type 17 has an invalid length.
[  110.518840][ T6220] loop7: detected capacity change from 0 to 164
[  111.170065][ T4327] Bluetooth: hci0: command 0x041b tx timeout
[  111.504366][ T6228] loop7: detected capacity change from 0 to 2048
[  111.532773][ T6228] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  111.821944][ T6208] overlayfs: failed to clone upperpath
[  113.214705][ T4334] Bluetooth: hci0: command 0x040f tx timeout
[  113.280284][ T6240] netlink: 'syz.3.450': attribute type 10 has an invalid length.
[  113.293162][ T6243] netlink: 'syz.7.451': attribute type 1 has an invalid length.
[  113.323222][ T6245] netlink: 'syz.4.452': attribute type 1 has an invalid length.
[  113.347941][ T6245] 8021q: adding VLAN 0 to HW filter on device bond2
[  113.362210][ T6247] netlink: 4 bytes leftover after parsing attributes in process `syz.7.451'.
[  113.387528][ T6245] netlink: 8 bytes leftover after parsing attributes in process `syz.4.452'.
[  113.388989][ T6245] bond2: up delay (136) is not a multiple of miimon (100), value rounded to 100 ms
[  113.421955][ T6245] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  113.824657][ T6255] netlink: 28 bytes leftover after parsing attributes in process `syz.4.456'.
[  114.657152][ T6269] team0 (unregistering): Port device team_slave_0 removed
[  114.659279][ T6269] team0 (unregistering): Failed to send options change via netlink (err -105)
[  114.660575][ T6269] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  114.674168][ T6269] team0 (unregistering): Port device team_slave_1 removed
[  114.678647][ T6269] team0 (unregistering): Failed to send options change via netlink (err -105)
[  114.680238][ T6269] team0 (unregistering): Failed to send port change of device macvlan2 via netlink (err -105)
[  114.688595][ T6269] team0 (unregistering): Port device macvlan2 removed
[  114.696959][ T6269] team0 (unregistering): Failed to send options change via netlink (err -105)
[  114.698576][ T6269] team0 (unregistering): Failed to send port change of device bond0 via netlink (err -105)
[  114.703414][ T6269] team0 (unregistering): Port device bond0 removed
[  115.304863][ T4334] Bluetooth: hci0: command 0x0419 tx timeout
[  116.550072][ T6279] netlink: 'syz.2.464': attribute type 10 has an invalid length.
[  117.381882][ T6307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'.
[  118.369618][ T6318] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.373870][ T6318] team0: Port device bond0 added
[  118.390743][ T6318] netlink: 'syz.4.477': attribute type 16 has an invalid length.
[  118.392012][ T6318] netlink: 'syz.4.477': attribute type 17 has an invalid length.
[  118.449770][ T6321] 9pnet: p9_errstr2errno: server reported unknown error �0x0000000000000009
[  118.467854][ T6323] netlink: 'syz.4.478': attribute type 1 has an invalid length.
[  118.502847][ T6323] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  118.504646][ T6323] bond3: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  118.507693][ T6323] bond3: (slave vxcan3): making interface the new active one
[  118.509347][ T6323] bond3: (slave vxcan3): Enslaving as an active interface with an up link
[  118.511424][ T6326] netlink: 'syz.7.479': attribute type 10 has an invalid length.
[  118.527559][ T6326] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.536210][ T6326] team0: Port device bond0 added
[  118.540347][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.478'.
[  118.547458][ T6323] bond3 (unregistering): (slave vxcan3): Releasing backup interface
[  118.589303][ T6323] bond3 (unregistering): Released all slaves
[  118.629816][ T6330] netlink: 'syz.7.481': attribute type 10 has an invalid length.
[  118.698051][ T6330] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  118.700458][ T6332] netlink: 'syz.2.482': attribute type 10 has an invalid length.
[  118.828901][ T6339] bond3: (slave batadv_slave_1): Enslaving as a backup interface with an up link
[  119.716129][ T6357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.721546][ T6357] bond2: (slave batadv_slave_1): Enslaving as a backup interface with a down link
[  120.746812][ T6381] netlink: 'syz.3.497': attribute type 1 has an invalid length.
[  120.864164][ T6381] bond3: (slave vxcan1): The slave device specified does not support setting the MAC address
[  120.873356][ T6381] bond3: (slave vxcan1): Setting fail_over_mac to active for active-backup mode
[  120.877713][ T6381] bond3: (slave vxcan1): making interface the new active one
[  120.879232][ T6381] bond3: (slave vxcan1): Enslaving as an active interface with an up link
[  121.771134][ T4334] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  121.774415][ T4334] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  121.778687][ T4334] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  121.780166][ T4334] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  121.781560][ T4334] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  121.782739][ T4334] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  121.817802][ T6381] netlink: 4 bytes leftover after parsing attributes in process `syz.3.497'.
[  121.865091][ T6381] bond3 (unregistering): (slave vxcan1): Releasing backup interface
[  121.940228][ T6381] bond3 (unregistering): Released all slaves
[  122.172032][ T6387] chnl_net:caif_netlink_parms(): no params data found
[  122.220388][ T6387] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.221691][ T6387] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.223808][ T6387] device bridge_slave_0 entered promiscuous mode
[  122.280990][ T6409] loop7: detected capacity change from 0 to 128
[  123.111346][ T6387] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.112440][ T6387] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.131028][ T6387] device bridge_slave_1 entered promiscuous mode
[  123.178165][ T6387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.182228][ T6387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.218989][ T6387] team0: Port device team_slave_0 added
[  123.228566][ T6387] team0: Port device team_slave_1 added
[  123.248785][ T6387] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.249974][ T6387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.253897][ T6387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.269345][ T6387] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.270463][ T6387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.277488][ T6387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.396378][ T6387] device hsr_slave_0 entered promiscuous mode
[  123.428006][ T6387] device hsr_slave_1 entered promiscuous mode
[  123.464572][ T6387] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  123.465662][ T6387] Cannot create hsr debugfs directory
[  123.512080][ T6387] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  123.547149][ T6387] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  123.590552][ T6387] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  123.641445][ T6387] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  123.731895][ T6387] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.740306][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.742289][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.746132][ T6387] 8021q: adding VLAN 0 to HW filter on device team0
[  123.749536][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.751116][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.753321][ T5169] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.754474][ T5169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.761899][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  123.766179][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.767763][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.769235][ T5169] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.770313][ T5169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.782854][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.787779][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.792991][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.799586][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.801256][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.802888][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.808134][ T6387] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  123.809788][ T6387] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  123.815018][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.817437][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.818996][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.820582][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.822519][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.828675][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  123.868104][ T4327] Bluetooth: hci5: command 0x0409 tx timeout
[  123.914829][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  123.916141][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  123.923327][ T6387] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.035357][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.037119][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.044108][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.049527][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.051817][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.053233][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.056255][ T6387] device veth0_vlan entered promiscuous mode
[  124.060191][ T6387] device veth1_vlan entered promiscuous mode
[  124.073986][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  124.076047][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  124.077511][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  124.079022][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  124.082777][ T6387] device veth0_macvtap entered promiscuous mode
[  124.089873][ T6387] device veth1_macvtap entered promiscuous mode
[  124.096114][ T6387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.097669][ T6387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.100431][ T6387] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.101674][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  124.103173][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  124.109293][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  124.111379][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  124.115385][ T6387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.116950][ T6387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.119687][ T6387] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.120915][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  124.123551][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  124.130758][ T6387] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.132269][ T6387] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.133815][ T6387] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.135289][ T6387] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.178575][ T5169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.179965][ T5169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.182086][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  124.201196][ T1574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.202582][ T1574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.209503][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  124.337828][ T6428] netlink: 'syz.8.492': attribute type 10 has an invalid length.
[  124.350863][ T6428] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.361483][ T6428] team0: Port device bond0 added
[  125.433954][ T6439] bond1: (slave batadv_slave_1): Enslaving as a backup interface with a down link
[  126.005204][ T4334] Bluetooth: hci5: command 0x041b tx timeout
[  126.007605][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[  126.009657][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[  127.700709][ T6488] netlink: 'syz.4.520': attribute type 10 has an invalid length.
[  127.704570][ T6488] netlink: 40 bytes leftover after parsing attributes in process `syz.4.520'.
[  127.767686][ T6488] team0: Port device geneve0 added
[  127.904817][ T6496] netlink: 4 bytes leftover after parsing attributes in process `syz.4.522'.
[  127.907038][ T6496] netlink: 24 bytes leftover after parsing attributes in process `syz.4.522'.
[  127.996149][ T6503] batman_adv: batadv0: Adding interface: dummy0
[  127.997230][ T6503] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.001550][ T6503] batman_adv: batadv0: Interface activated: dummy0
[  128.010128][ T6503] batadv0: mtu less than device minimum
[  128.012870][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.016048][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.019076][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.022045][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.024938][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.027940][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.030891][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.033891][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.037053][ T6503] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  128.053488][ T4327] Bluetooth: hci5: command 0x040f tx timeout
[  128.872257][ T6521] loop7: detected capacity change from 0 to 16
[  128.873731][ T6521] MTD: Attempt to mount non-MTD device "/dev/loop7"
[  130.194929][ T4327] Bluetooth: hci5: command 0x0419 tx timeout
[  130.197903][ T6538] loop8: detected capacity change from 0 to 128
[  132.859778][ T6573] netlink: 4768 bytes leftover after parsing attributes in process `syz.8.545'.
[  134.135606][ T6605] binder: 6604:6605 tried to acquire reference to desc 0, got 1 instead
[  134.139517][ T4589] binder: undelivered TRANSACTION_COMPLETE
[  134.147257][ T4589] binder: undelivered transaction 69, process died.
[  135.728234][ T6640] netlink: 'syz.3.568': attribute type 39 has an invalid length.
[  136.583212][ T6651] loop8: detected capacity change from 0 to 2048
[  137.688347][ T6651] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  137.711466][ T6673] netlink: 12 bytes leftover after parsing attributes in process `syz.7.576'.
[  137.830962][ T6651] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.580: bg 0: block 234: padding at end of block bitmap is not set
[  137.851126][ T6651] EXT4-fs (loop8): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 342 with error 28
[  137.861940][ T6651] EXT4-fs (loop8): This should not happen!! Data will be lost
[  137.861940][ T6651] 
[  137.869794][ T6651] EXT4-fs (loop8): Total free blocks count 0
[  137.873400][ T6651] EXT4-fs (loop8): Free/Dirty block details
[  137.880104][ T6651] EXT4-fs (loop8): free_blocks=0
[  137.880991][ T6651] EXT4-fs (loop8): dirty_blocks=352
[  137.886553][ T6651] EXT4-fs (loop8): Block reservation details
[  137.889895][ T6651] EXT4-fs (loop8): i_reserved_data_blocks=22
[  138.073595][ T6387] EXT4-fs (loop8): unmounting filesystem.
[  138.229960][ T4327] block nbd0: Receive control failed (result -1)
[  138.474326][ T6688] capability: warning: `syz.4.579' uses deprecated v2 capabilities in a way that may be insecure
[  139.148054][ T6705] netlink: 24 bytes leftover after parsing attributes in process `syz.7.586'.
[  139.815475][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.8.592'.
[  139.833872][ T6726] 8021q: adding VLAN 0 to HW filter on device team1
[  139.835972][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.8.592'.
[  139.837729][ T6726] team2 (uninitialized): Failed to send options change via netlink (err -105)
[  139.844154][ T6726] 8021q: adding VLAN 0 to HW filter on device team2
[  142.669020][ T6793] netlink: 4 bytes leftover after parsing attributes in process `syz.8.611'.
[  143.800817][ T6797] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.802148][ T6797] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.586728][   T27] audit: type=1326 audit(144.570:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6813 comm="syz.8.618" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b77ee8 code=0x0
[  144.609838][ T6797] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.644116][ T6797] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  145.039243][ T6797] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  145.040824][ T6797] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  145.042428][ T6797] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  145.044101][ T6797] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  145.433822][ T6833] netlink: 12 bytes leftover after parsing attributes in process `syz.8.624'.
[  145.802665][ T6833] device bond1 entered promiscuous mode
[  145.812479][ T6833] 8021q: adding VLAN 0 to HW filter on device bond1
[  145.831298][ T6839] device macvlan2 entered promiscuous mode
[  145.839020][ T6839] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  146.440705][ T6855] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  146.507539][ T6855] netlink: 4 bytes leftover after parsing attributes in process `syz.2.630'.
[  147.326520][ T6864] binder: 6863:6864 tried to acquire reference to desc 0, got 1 instead
[  147.328567][ T6864] binder: tried to use weak ref as strong ref
[  147.332870][ T6864] binder: 6863:6864 Acquire 1 refcount change on invalid ref 1 ret -22
[  147.340307][    T7] binder: release 6863:6864 transaction 80 out, still active
[  147.341584][    T7] binder: undelivered TRANSACTION_COMPLETE
[  147.357888][    T7] binder: send failed reply for transaction 80, target dead
[  147.517626][ T6869] Invalid option length (57448) for dns_resolver key
[  147.940827][   T27] audit: type=1326 audit(147.920:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  147.945881][   T27] audit: type=1326 audit(147.930:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=0 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  147.970439][   T27] audit: type=1326 audit(147.930:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  147.985839][   T27] audit: type=1326 audit(147.930:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=199 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  148.057044][   T27] audit: type=1326 audit(147.930:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  148.069145][   T27] audit: type=1326 audit(147.930:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  148.083319][   T27] audit: type=1326 audit(147.930:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  148.096574][   T27] audit: type=1326 audit(147.930:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  148.727866][   T27] audit: type=1326 audit(147.930:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6868 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff89177ee8 code=0x7ffc0000
[  150.377733][ T6923] Invalid ELF header magic: != ELF
[  150.875659][ T6931] netlink: 'syz.8.652': attribute type 39 has an invalid length.
[  152.471717][ T6958] loop8: detected capacity change from 0 to 1024
[  153.026716][ T6970] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.663'.
[  153.029409][ T6967] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.663'.
[  153.375001][ T6958] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  153.483888][ T6387] EXT4-fs (loop8): unmounting filesystem.
[  153.930815][ T4334] Bluetooth: hci2: command 0x0406 tx timeout
[  153.931906][ T4334] Bluetooth: hci3: command 0x0406 tx timeout
[  153.932879][ T4334] Bluetooth: hci1: command 0x0406 tx timeout
[  154.123455][ T6984] binder: 6983:6984 tried to acquire reference to desc 0, got 1 instead
[  154.125371][ T6984] binder: 6983:6984 got transaction with invalid data ptr
[  154.142498][ T6984] binder: 6983:6984 transaction async to 6983:0 failed 91/29201/-14, size 0-24 line 3333
[  154.164344][    T7] binder: undelivered TRANSACTION_ERROR: 29201
[  155.244259][ T7005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.675'.
[  155.398262][   T27] kauditd_printk_skb: 26 callbacks suppressed
[  155.398273][   T27] audit: type=1326 audit(155.380:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.402630][   T27] audit: type=1326 audit(155.380:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.418026][   T27] audit: type=1326 audit(155.390:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=8 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.421626][   T27] audit: type=1326 audit(155.390:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.435667][   T27] audit: type=1326 audit(155.390:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.441850][   T27] audit: type=1326 audit(155.390:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8f75adac code=0x7ffc0000
[  155.450259][   T27] audit: type=1326 audit(155.390:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff8f75adac code=0x7ffc0000
[  155.453499][   T27] audit: type=1326 audit(155.390:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.462335][   T27] audit: type=1326 audit(155.390:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.473605][   T27] audit: type=1326 audit(155.390:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7011 comm="syz.7.678" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=40 compat=0 ip=0xffff8f777ee8 code=0x7ffc0000
[  155.553511][ T7016] device syzkaller0 entered promiscuous mode
[  155.898097][ T7034] loop7: detected capacity change from 0 to 4096
[  156.193074][ T7034] ntfs: volume version 3.1.
[  156.277371][ T7037] binder: 7036:7037 tried to acquire reference to desc 0, got 1 instead
[  156.339116][ T7045] binder: 7036:7045 got transaction with invalid offset (48, min 48 max 83) or object.
[  156.340825][ T7045] binder: 7036:7045 transaction call to 7036:0 failed 103/29201/-22, size 83-24 line 3346
[  156.353102][ T4523] binder: release 7036:7037 transaction 96 out, still active
[  156.354391][ T4523] binder: undelivered TRANSACTION_COMPLETE
[  156.357711][ T4523] binder: undelivered TRANSACTION_ERROR: 29201
[  156.358790][ T4523] binder: send failed reply for transaction 96, target dead
[  156.395455][ T7039] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  158.018782][ T7061] netlink: 52 bytes leftover after parsing attributes in process `syz.7.693'.
[  158.022202][ T7061] netlink: 76 bytes leftover after parsing attributes in process `syz.7.693'.
[  158.024794][ T7061] netlink: 52 bytes leftover after parsing attributes in process `syz.7.693'.
[  158.080393][ T7066] netlink: 'syz.4.698': attribute type 13 has an invalid length.
[  159.369997][ T7104] Invalid option length (57448) for dns_resolver key
[  159.701079][ T7108] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  162.286561][ T7167] device syzkaller0 entered promiscuous mode
[  164.458638][ T7203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  167.510045][ T7262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.759'.
[  168.428238][ T7282] device vlan2 entered promiscuous mode
[  168.966215][ T7297] device syzkaller0 entered promiscuous mode
[  168.974626][ T4327] Bluetooth: hci4: command 0x0406 tx timeout
[  168.978280][ T7297] tipc: Started in network mode
[  168.979082][ T7297] tipc: Node identity aa3ff5fb739d, cluster identity 4711
[  168.980328][ T7297] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.981987][ T7296] tipc: Resetting bearer <eth:syzkaller0>
[  169.116774][ T7296] tipc: Disabling bearer <eth:syzkaller0>
[  169.221421][ T7303] loop8: detected capacity change from 0 to 16
[  169.226751][ T7303] MTD: Attempt to mount non-MTD device "/dev/loop8"
[  170.492772][ T7316] loop8: detected capacity change from 0 to 40427
[  170.567942][ T7316] F2FS-fs (loop8): invalid crc value
[  170.628379][ T7316] F2FS-fs (loop8): Found nat_bits in checkpoint
[  170.961414][ T7316] F2FS-fs (loop8): Start checkpoint disabled!
[  171.022305][ T7316] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  171.733362][ T4678] kworker/u4:10: attempt to access beyond end of device
[  171.733362][ T4678] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  171.863350][ T7348] netlink: 4 bytes leftover after parsing attributes in process `syz.7.784'.
[  171.872124][ T7348] netlink: 4 bytes leftover after parsing attributes in process `syz.7.784'.
[  173.348066][ T7376] device syzkaller0 entered promiscuous mode
[  174.337983][ T7390] loop8: detected capacity change from 0 to 512
[  174.339846][ T7390] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  174.360922][ T7390] EXT4-fs (loop8): 1 truncate cleaned up
[  174.361850][ T7390] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  174.472561][ T7399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  174.952568][ T6387] EXT4-fs (loop8): unmounting filesystem.
[  175.494911][ T7418] loop7: detected capacity change from 0 to 512
[  175.519809][ T7363] overlayfs: failed to clone upperpath
[  175.529662][ T7418] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  175.546942][ T7418] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  175.578167][ T4334] Bluetooth: hci4: hcon 00000000e5507f46 sent 0 < count 137
[  175.580376][ T4334] Bluetooth: hci4: hcon 00000000e5507f46 sent 0 < count 6
[  175.581588][ T4334] Bluetooth: hci4: hcon 00000000e5507f46 sent 0 < count 511
[  175.582882][ T4334] Bluetooth: hci4: hcon 00000000e5507f46 sent 0 < count 3
[  175.583990][ T4334] Bluetooth: hci4: hcon 00000000e5507f46 sent 0 < count 4
[  175.585784][ T4334] Bluetooth: hci4: hcon 00000000d8707ed4 sent 1 < count 16393
[  175.598079][ T7418] EXT4-fs warning (device loop7): dx_probe:833: inode #2: comm syz.7.805: Unrecognised inode hash code 20
[  175.600606][ T7418] EXT4-fs warning (device loop7): dx_probe:966: inode #2: comm syz.7.805: Corrupt directory, running e2fsck is recommended
[  175.603410][ T7418] EXT4-fs error (device loop7): ext4_validate_inode_bitmap:106: comm syz.7.805: Corrupt inode bitmap - block_group = 0, inode_bitmap = 18
[  175.607892][ T7418] EXT4-fs (loop7): Remounting filesystem read-only
[  175.611465][ T6549] udevd[6549]: incorrect ext4 checksum on /dev/loop7
[  175.621438][ T6156] EXT4-fs (loop7): unmounting filesystem.
[  175.737775][ T7430] netlink: 'syz.4.807': attribute type 1 has an invalid length.
[  175.746704][ T7430] device bond4 entered promiscuous mode
[  175.765447][ T7430] bond4: (slave ip6gretap2): making interface the new active one
[  175.766708][ T7430] device ip6gretap2 entered promiscuous mode
[  175.768741][ T7430] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link
[  175.786770][ T7430] netlink: 28 bytes leftover after parsing attributes in process `syz.4.807'.
[  176.123474][ T7430] device bond4 left promiscuous mode
[  176.129004][ T7430] device ip6gretap2 left promiscuous mode
[  176.139571][ T7430] 8021q: adding VLAN 0 to HW filter on device bond4
[  176.233041][ T7429] loop7: detected capacity change from 0 to 40427
[  176.239650][ T7429] F2FS-fs (loop7): Fix alignment : internally, start(4096) end(16896) block(12288)
[  176.242100][ T7429] F2FS-fs (loop7): invalid crc value
[  176.243856][ T7429] F2FS-fs (loop7): Found nat_bits in checkpoint
[  176.250972][ T7429] F2FS-fs (loop7): recover fsync data on readonly fs
[  176.253819][ T7429] F2FS-fs (loop7): Cannot turn on quotas: -2 on 1
[  176.254986][ T7429] F2FS-fs (loop7): Cannot turn on quotas: -2 on 2
[  176.256834][ T7429] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  176.821345][ T5169] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[  177.142994][ T7458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.818'.
[  177.826470][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.2.821'.
[  177.845525][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.2.821'.
[  177.909502][ T7480] xt_CT: You must specify a L4 protocol and not use inversions on it
[  178.675598][ T7494] loop7: detected capacity change from 0 to 256
[  180.069879][ T7498] loop8: detected capacity change from 0 to 40427
[  180.087465][ T7498] F2FS-fs (loop8): Fix alignment : internally, start(4096) end(16896) block(12288)
[  180.091320][ T7498] F2FS-fs (loop8): invalid crc value
[  180.102674][ T7498] F2FS-fs (loop8): Found nat_bits in checkpoint
[  180.551775][ T7498] F2FS-fs (loop8): recover fsync data on readonly fs
[  180.553367][ T7498] F2FS-fs (loop8): Cannot turn on quotas: -2 on 1
[  180.565154][ T7498] F2FS-fs (loop8): Cannot turn on quotas: -2 on 2
[  180.572189][ T7498] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  180.823957][ T7545] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  183.540427][ T7581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.851'.
[  183.599067][ T7584] loop7: detected capacity change from 0 to 2048
[  183.627825][ T7584]  loop7: p1 p3 p4
[  183.631949][ T7584] loop7: p4 size 589824 extends beyond EOD, truncated
[  183.799108][   T27] kauditd_printk_skb: 54 callbacks suppressed
[  183.799121][   T27] audit: type=1326 audit(183.780:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7586 comm="syz.2.853" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff80f77ee8 code=0x0
[  183.864347][ T7585] udevd[7585]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[  183.870615][ T6282] udevd[6282]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory
[  183.887881][ T6549] udevd[6549]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  184.932505][ T7638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.861'.
[  186.915212][ T7669] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  186.937239][ T7663] tmpfs: Bad value for 'mpol'
[  186.938545][ T7663] Soft offlining pfn 0x1550a7 at process virtual address 0x20000000
[  186.942804][ T7663] Soft offlining pfn 0x210ff2 at process virtual address 0x20001000
[  186.944182][ T7663] Memory failure: 0x210ff2: unhandlable page.
[  187.376531][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[  187.377756][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[  187.876863][ T4678] device hsr_slave_0 left promiscuous mode
[  189.688478][ T4678] device hsr_slave_1 left promiscuous mode
[  190.162103][ T4678] batman_adv: batadv0: Removing interface: batadv_slave_0
[  190.214674][ T4678] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.244384][ T4678] device bridge_slave_1 left promiscuous mode
[  190.245642][ T4678] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.287616][ T4678] device bridge_slave_0 left promiscuous mode
[  190.288868][ T4678] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.608931][ T7743] binder: 7742:7743 tried to acquire reference to desc 0, got 1 instead
[  190.614793][ T7743] binder: 7742:7743 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  190.616948][ T7743] binder: 7743 RLIMIT_NICE not set
[  190.692043][ T7743] binder: undelivered transaction 108, process died.
[  190.693566][ T4589] binder: undelivered TRANSACTION_COMPLETE
[  194.110209][ T4678] team0 (unregistering): Port device team_slave_1 removed
[  194.304353][ T4678] team0 (unregistering): Port device team_slave_0 removed
[  194.511826][ T4678] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.749405][ T4678] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.751568][ T4678] bond0 (unregistering): Released all slaves
[  197.151196][ T7701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.874'.
[  197.154028][ T7704] netlink: 12 bytes leftover after parsing attributes in process `syz.4.874'.
[  197.331505][ T7773] net_ratelimit: 11 callbacks suppressed
[  197.331518][ T7773] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  197.416579][ T7794] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  197.421869][ T7796] netlink: 12 bytes leftover after parsing attributes in process `syz.7.895'.
[  197.439163][ T7796] device bond1 entered promiscuous mode
[  197.762746][ T7802] lo: Caught tx_queue_len zero misconfig
[  197.763856][ T7802] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  197.891089][ T7796] device ip6gretap1 entered promiscuous mode
[  197.892473][ T7796] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  197.944716][ T7806] netlink: 28 bytes leftover after parsing attributes in process `syz.7.895'.
[  197.947447][ T7806] device bond1 left promiscuous mode
[  197.948226][ T7806] device ip6gretap1 left promiscuous mode
[  197.949766][ T7806] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.542770][ T7876] dns_resolver: Unsupported server list version (6)
[  201.231454][ T7882] netlink: 'syz.7.914': attribute type 4 has an invalid length.
[  201.338362][ T7891] syz.3.917 uses obsolete (PF_INET,SOCK_PACKET)
[  201.348552][ T7882] netlink: 'syz.7.914': attribute type 17 has an invalid length.
[  201.351053][ T7882] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  201.359175][ T7894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.919'.
[  201.408930][ T7899] bond5: (slave bridge1): Enslaving as an active interface with an up link
[  201.436656][ T7904] device bond5 entered promiscuous mode
[  201.437629][ T7904] device bridge1 entered promiscuous mode
[  201.931134][ T7920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.933789][ T7920] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.110755][ T7931] dns_resolver: Unsupported server list version (6)
[  202.954967][ T7938] netlink: 12 bytes leftover after parsing attributes in process `syz.2.929'.
[  202.959040][ T7938] device vlan3 entered promiscuous mode
[  202.959868][ T7938] device bridge0 entered promiscuous mode
[  203.362997][ T4327] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  203.366193][ T4327] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  203.369030][ T4327] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  203.371385][ T4327] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  203.372910][ T4327] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  203.374308][ T4327] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  203.942133][ T7965] loop8: detected capacity change from 0 to 8192
[  203.976032][ T7965] FAT-fs (loop8): Unrecognized mount option "./file0" or missing value
[  204.164844][ T7978] loop8: detected capacity change from 0 to 4096
[  204.172867][ T7978] EXT4-fs: Ignoring removed orlov option
[  204.173793][ T7978] EXT4-fs: inline encryption not supported
[  204.190560][ T7978] ext4: Unknown parameter 'nouser_xattr'
[  204.274897][ T7994] Bluetooth: MGMT ver 1.22
[  204.346774][ T7953] chnl_net:caif_netlink_parms(): no params data found
[  204.374007][ T7953] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.378107][ T7953] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.379758][ T7953] device bridge_slave_0 entered promiscuous mode
[  204.381857][ T7953] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.382938][ T7953] bridge0: port 2(bridge_slave_1) entered disabled state
[  204.386368][ T7953] device bridge_slave_1 entered promiscuous mode
[  204.394445][ T7953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  204.400887][ T7953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.412433][ T7953] team0: Port device team_slave_0 added
[  204.430784][ T7953] team0: Port device team_slave_1 added
[  204.465047][ T7953] batman_adv: batadv0: Adding interface: batadv_slave_0
[  204.466207][ T7953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.470207][ T7953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  204.474159][ T7953] batman_adv: batadv0: Adding interface: batadv_slave_1
[  204.476273][ T7953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.480832][ T7953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.828917][ T7953] device hsr_slave_0 entered promiscuous mode
[  204.875252][ T7953] device hsr_slave_1 entered promiscuous mode
[  204.906580][ T7953] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.917243][ T7953] Cannot create hsr debugfs directory
[  205.455640][ T4327] Bluetooth: hci2: command 0x0409 tx timeout
[  206.298898][ T7953] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.492569][ T7953] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.822010][ T4327] Bluetooth: hci2: command 0x041b tx timeout
[  207.967746][ T8085] block nbd7: shutting down sockets
[  208.017927][ T7953] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.236844][ T7953] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.617244][ T8102] netlink: 24 bytes leftover after parsing attributes in process `syz.8.960'.
[  208.646714][ T8097] device syzkaller0 entered promiscuous mode
[  208.847851][ T8105] netlink: 4 bytes leftover after parsing attributes in process `syz.8.960'.
[  208.943879][ T8124] loop7: detected capacity change from 0 to 512
[  208.946276][ T8124] EXT4-fs: Ignoring removed mblk_io_submit option
[  208.957328][ T8124] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  208.959032][ T8124] EXT4-fs (loop7): can't mount with data_err=abort, fs mounted w/o journal
[  209.002693][ T7953] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  209.036327][ T8124] loop7: detected capacity change from 0 to 256
[  209.428746][ T7953] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  209.456612][ T7953] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  209.922007][ T8130] netlink: 24 bytes leftover after parsing attributes in process `syz.3.965'.
[  209.935103][ T4334] Bluetooth: hci2: command 0x040f tx timeout
[  210.063477][ T8145] loop8: detected capacity change from 0 to 32768
[  210.075323][ T8145] XFS (loop8): Mounting V5 Filesystem
[  210.089909][ T8145] XFS (loop8): Ending clean mount
[  210.170687][ T7953] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  210.225725][ T8154] loop8: detected capacity change from 32768 to 1
[  210.231186][ T8157] XFS (loop8): Metadata CRC error detected at xfs_agfl_read_verify+0x15c/0x230, xfs_agfl block 0x3 
[  210.263902][ T8157] XFS (loop8): Unmount and run xfs_repair
[  210.267279][ T8157] XFS (loop8): First 128 bytes of corrupted metadata buffer:
[  210.272773][ T8157] 00000000: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ..BNy.B..... ...
[  210.278601][ T8157] 00000010: 00 00 00 00 00 00 00 00 e6 0a 0e bb ff ff ff ff  ................
[  210.280135][ T8157] 00000020: 00 00 0b f0 00 00 0b f1 00 00 0b f2 00 00 0b f3  ................
[  210.290198][ T8157] 00000030: 00 00 0b f4 00 00 0b f5 ff ff ff ff ff ff ff ff  ................
[  210.291757][ T8157] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  210.303817][ T8157] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  210.341470][ T8157] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  210.343716][ T8157] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  210.436077][ T8157] XFS (loop8): metadata I/O error in "xfs_alloc_read_agfl+0x1a0/0x340" at daddr 0x3 len 1 error 74
[  210.447821][ T8157] syz.8.968: attempt to access beyond end of device
[  210.447821][ T8157] loop8: rw=432129, sector=112, nr_sectors = 16 limit=1
[  210.451400][   T78] XFS (loop8): log I/O error -5
[  210.743500][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.972'.
[  210.745280][ T8172] netlink: 44 bytes leftover after parsing attributes in process `syz.2.972'.
[  210.993041][ T8157] XFS (loop8): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x580/0xaec (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  210.997115][ T8157] XFS (loop8): Please unmount the filesystem and rectify the problem(s)
[  211.121937][ T6387] XFS (loop8): Unmounting Filesystem
[  211.711955][ T7953] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.762719][ T4677] device hsr_slave_0 left promiscuous mode
[  211.805159][ T4677] device hsr_slave_1 left promiscuous mode
[  211.864595][ T4677] batman_adv: batadv0: Removing interface: batadv_slave_0
[  211.866730][ T4677] batman_adv: batadv0: Removing interface: batadv_slave_1
[  211.868298][ T4677] device bridge_slave_1 left promiscuous mode
[  211.869352][ T4677] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.905169][ T4677] device bridge_slave_0 left promiscuous mode
[  211.906415][ T4677] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.014897][ T4327] Bluetooth: hci2: command 0x0419 tx timeout
[  215.039268][ T4677] team0 (unregistering): Port device team_slave_1 removed
[  215.542962][ T4677] team0 (unregistering): Port device team_slave_0 removed
[  215.793639][ T4677] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  216.091370][ T4677] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.122145][ T4677] bond0 (unregistering): Released all slaves
[  218.599860][ T7953] 8021q: adding VLAN 0 to HW filter on device team0
[  218.751095][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.760145][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  219.031944][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  219.033837][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  219.035870][ T4678] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.037084][ T4678] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.039168][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  219.046892][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  219.049039][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.050647][ T4387] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.051718][ T4387] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.053492][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  219.055480][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  219.062061][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  219.071171][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.074136][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  219.077947][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.080766][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  219.083470][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  219.093462][ T7953] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  219.099244][ T7953] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  219.103201][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  219.108701][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  219.110266][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  219.890330][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  219.891694][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  219.896583][ T7953] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.017126][ T8288] MPTCP: kernel_bind error, err=-99
[  220.065763][ T8291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.072424][ T8291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.163448][ T5963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  220.165748][ T5963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  220.190544][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  220.192542][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  220.199467][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  220.201294][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  220.209852][ T7953] device veth0_vlan entered promiscuous mode
[  220.220725][ T7953] device veth1_vlan entered promiscuous mode
[  220.253593][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  220.257490][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  220.260951][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  220.262728][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  220.269784][ T7953] device veth0_macvtap entered promiscuous mode
[  220.282680][ T7953] device veth1_macvtap entered promiscuous mode
[  220.301561][ T7953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  220.309669][ T7953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.319622][ T7953] batman_adv: batadv0: Interface activated: batadv_slave_0
[  220.323421][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  220.325540][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  220.327840][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  220.329622][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  220.334939][ T7953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  220.338908][ T7953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  220.343361][ T7953] batman_adv: batadv0: Interface activated: batadv_slave_1
[  220.349747][ T7953] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  220.357353][ T7953] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  220.359933][ T7953] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.363570][ T7953] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.388282][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  220.390127][ T6222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  220.469890][ T4387] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.471203][ T4387] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.472623][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  220.499810][ T4677] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.501046][ T4677] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.502461][ T4677] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  220.735240][ T8319] ptrace attach of "./syz-executor exec"[4330] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  221.454283][ T8329] binder: 8328:8329 tried to acquire reference to desc 0, got 1 instead
[  221.471249][ T8329] binder: release 8328:8329 transaction 113 out, still active
[  221.472485][ T8329] binder: undelivered TRANSACTION_COMPLETE
[  221.473696][ T8329] binder: 8328:8329 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  221.526391][ T8329] binder: 8329 RLIMIT_NICE not set
[  221.527336][ T8329] binder: 8329 RLIMIT_NICE not set
[  221.608238][ T8329] binder: 8329 RLIMIT_NICE not set
[  221.609096][ T8329] binder: 8329:8328 reply target not found
[  221.610662][ T8329] binder: 8328:8329 transaction reply to 0:0 failed 114/29189/0, size 0-0 line 2975
[  221.612326][ T8329] binder: send failed reply for transaction 113, target dead
[  222.495097][ T5725] binder: undelivered TRANSACTION_ERROR: 29190
[  223.772745][   T27] audit: type=1326 audit(223.750:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  223.782590][ T8370] netlink: 1343 bytes leftover after parsing attributes in process `syz.3.1009'.
[  223.788008][   T27] audit: type=1326 audit(223.760:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  223.884212][   T27] audit: type=1326 audit(223.760:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.054766][   T27] audit: type=1326 audit(223.760:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.061497][   T27] audit: type=1326 audit(223.760:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.079537][   T27] audit: type=1326 audit(223.760:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.138451][   T27] audit: type=1326 audit(223.760:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.141967][   T27] audit: type=1326 audit(223.760:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=206 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.145528][   T27] audit: type=1326 audit(223.760:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.149940][   T27] audit: type=1326 audit(223.760:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8368 comm="syz.3.1009" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff77ee8 code=0x7ffc0000
[  224.684623][ T8388] tipc: Started in network mode
[  224.686679][ T8388] tipc: Node identity 4, cluster identity 4711
[  224.688880][ T8388] tipc: Node number set to 4
[  228.987048][ T8494] loop4: detected capacity change from 0 to 32768
[  229.000335][ T8518] device batadv_slave_0 entered promiscuous mode
[  229.004580][ T8494] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1034 (8494)
[  229.026880][ T8494] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  229.028585][ T8494] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm
[  229.030023][ T8494] BTRFS info (device loop4): using free space tree
[  229.971636][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'.
[  230.029423][ T8494] BTRFS info (device loop4): enabling ssd optimizations
[  230.424504][ T4334] Bluetooth: hci0: command 0x0406 tx timeout
[  230.997901][ T7953] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  231.148876][ T8584] bond2: option mode: unable to set because the bond device has slaves
[  231.199270][ T8584] bond2: (slave macvlan3): Enslaving as a backup interface with a down link
[  233.959136][ T8638] loop8: detected capacity change from 0 to 1024
[  233.994710][ T8638] EXT4-fs: inline encryption not supported
[  234.014344][ T8638] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  234.017877][ T8638] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  234.032061][ T8638] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e854c01c, mo2=0003]
[  234.033344][ T8638] System zones: 0-1, 3-36
[  234.059405][ T8638] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  234.194173][ T8634] loop7: detected capacity change from 0 to 32768
[  234.230522][ T8634] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 scanned by syz.7.1060 (8634)
[  234.301513][ T8634] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  234.310754][ T8634] BTRFS info (device loop7): using sha256 (sha256-ce) checksum algorithm
[  234.312220][ T8634] BTRFS info (device loop7): using free space tree
[  235.181789][ T6387] EXT4-fs (loop8): unmounting filesystem.
[  235.205129][ T8676] netlink: 'syz.2.1065': attribute type 1 has an invalid length.
[  235.210752][ T8676] device bond2 entered promiscuous mode
[  235.211877][ T8676] 8021q: adding VLAN 0 to HW filter on device bond2
[  235.247686][ T8676] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1065'.
[  235.260817][ T8676] bond2: (slave bridge2): making interface the new active one
[  235.282697][ T8676] device bridge2 entered promiscuous mode
[  235.295573][ T8634] BTRFS info (device loop7): enabling ssd optimizations
[  235.298209][ T8676] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  235.314198][ T5122] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  235.338788][ T8687] device team0 entered promiscuous mode
[  235.344307][ T8687] device team_slave_0 entered promiscuous mode
[  235.352945][ T8687] device team_slave_1 entered promiscuous mode
[  235.357482][ T8687] device bond0 entered promiscuous mode
[  235.358362][ T8687] device bond_slave_0 entered promiscuous mode
[  235.363965][ T8687] device bond_slave_1 entered promiscuous mode
[  235.373545][ T8687] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  235.486688][ T8687] device team0 left promiscuous mode
[  235.487560][ T8687] device team_slave_0 left promiscuous mode
[  235.488518][ T8687] device team_slave_1 left promiscuous mode
[  235.489506][ T8687] device bond0 left promiscuous mode
[  235.490350][ T8687] device bond_slave_0 left promiscuous mode
[  235.491457][ T8687] device bond_slave_1 left promiscuous mode
[  235.920704][ T8695] bridge0: port 3(vlan4) entered blocking state
[  235.923933][ T8695] bridge0: port 3(vlan4) entered disabled state
[  235.928804][ T6156] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  235.930954][ T8695] device vlan4 entered promiscuous mode
[  235.932037][ T8695] device bond0 entered promiscuous mode
[  235.932904][ T8695] device bond_slave_0 entered promiscuous mode
[  235.938508][ T8695] device bond_slave_1 entered promiscuous mode
[  236.859979][ T8727] 9pnet: p9_errstr2errno: server reported unknown error ÈVmI®LÓâ—…N
[  237.903515][ T8314] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop7 scanned by udevd (8314)
[  240.401998][ T8814] loop4: detected capacity change from 0 to 512
[  240.405412][ T8814] EXT4-fs: Ignoring removed mblk_io_submit option
[  240.591161][ T8814] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  240.639674][ T8822] binder: 8820:8822 tried to acquire reference to desc 0, got 1 instead
[  240.643094][ T8822] binder: 8820:8822 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  240.645442][ T8822] binder: 8822 RLIMIT_NICE not set
[  240.646249][ T8822] binder: 8822 RLIMIT_NICE not set
[  240.647515][ T8822] binder: 8822 RLIMIT_NICE not set
[  240.648342][ T8822] binder: 8820:8822 got transaction with invalid data ptr
[  240.649562][ T8822] binder: 8820:8822 transaction reply to 8820:8822 failed 120/29201/-14, size 0-24 line 3333
[  240.651255][ T8822] binder: send failed reply for transaction 119 to 8820:8822
[  240.686818][  T112] binder: undelivered TRANSACTION_COMPLETE
[  240.688419][  T112] binder: undelivered TRANSACTION_ERROR: 29201
[  240.691144][  T112] binder: undelivered TRANSACTION_ERROR: 29190
[  241.015595][ T8814] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  241.177915][ T7953] EXT4-fs (loop4): unmounting filesystem.
[  243.018830][ T8859] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1102'.
[  244.100989][ T8882] loop4: detected capacity change from 0 to 128
[  244.190106][ T8882] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  245.030742][ T7953] EXT4-fs (loop4): unmounting filesystem.
[  245.610764][ T8915] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1113'.
[  245.774699][ T4334] Bluetooth: hci5: command 0x0406 tx timeout
[  248.848287][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[  248.849417][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[  248.896273][ T8983] binder: 8982:8983 ioctl 4018620d 0 returned -22
[  249.005273][ T8980] loop7: detected capacity change from 0 to 32768
[  249.009781][ T8980] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop7 scanned by syz.7.1126 (8980)
[  249.036635][ T8980] BTRFS info (device loop7): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  249.038411][ T8980] BTRFS info (device loop7): using crc32c (crc32c-generic) checksum algorithm
[  249.039764][ T8980] BTRFS info (device loop7): enabling disk space caching
[  249.040914][ T8980] BTRFS info (device loop7): force clearing of disk cache
[  249.041996][ T8980] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  249.043475][ T8980] BTRFS info (device loop7): use zstd compression, level 3
[  249.044719][ T8980] BTRFS info (device loop7): disk space caching is enabled
[  249.052595][ T8991] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1129'.
[  249.487106][ T8980] BTRFS info (device loop7): enabling ssd optimizations
[  249.490051][ T8980] BTRFS info (device loop7): rebuilding free space tree
[  249.497802][ T8980] BTRFS info (device loop7): disabling free space tree
[  249.498980][ T8980] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  249.500556][ T8980] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  250.016006][ T6156] BTRFS info (device loop7): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  250.408460][ T9024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1132'.
[  250.409951][ T9024] device bridge_slave_1 left promiscuous mode
[  250.411066][ T9024] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.445457][ T9024] device bridge_slave_0 left promiscuous mode
[  250.446580][ T9024] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.538221][ T9049] loop7: detected capacity change from 0 to 164
[  251.173229][ T9068] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1141'.
[  252.038429][ T9092] loop7: detected capacity change from 0 to 512
[  252.071127][ T9092] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  252.153881][ T9092] EXT4-fs warning (device loop7): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  252.161286][ T9092] EXT4-fs (loop7): 1 truncate cleaned up
[  252.182623][ T9092] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  252.477882][ T9101] fuse: Bad value for 'fd'
[  252.610223][ T9114] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1149'.
[  252.978222][ T6156] EXT4-fs error (device loop7): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /144/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  252.991596][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  252.992888][ T6156] EXT4-fs error (device loop7): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  253.008682][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.010129][ T6156] EXT4-fs error (device loop7): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /144/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  253.016661][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.018465][ T6156] EXT4-fs error (device loop7): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  253.028279][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.030057][ T6156] EXT4-fs error (device loop7): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /144/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  253.033721][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.035334][ T6156] EXT4-fs error (device loop7): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  253.038805][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.039967][ T6156] EXT4-fs error (device loop7): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /144/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  253.043701][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.048317][ T6156] EXT4-fs error (device loop7): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  253.051711][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.052866][ T6156] EXT4-fs error (device loop7): ext4_readdir:263: inode #11: block 54: comm syz-executor: path /144/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  253.064866][ T9125] netlink: 'syz.4.1151': attribute type 1 has an invalid length.
[  253.074615][ T6156] EXT4-fs (loop7): Remounting filesystem read-only
[  253.075901][ T6156] EXT4-fs error (device loop7): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  253.077196][ T9125] device bond1 entered promiscuous mode
[  253.083725][ T9125] 8021q: adding VLAN 0 to HW filter on device bond1
[  253.154991][ T9130] bond1: (slave bridge1): making interface the new active one
[  253.157294][ T9130] device bridge1 entered promiscuous mode
[  253.161495][ T9130] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  253.195945][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  254.574711][   T28] INFO: task syz.0.420:6135 blocked for more than 143 seconds.
[  254.576025][   T28]       Not tainted syzkaller #0
[  254.576781][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  254.578326][   T28] task:syz.0.420       state:D stack:0     pid:6135  ppid:4325   flags:0x00000009
[  254.579914][   T28] Call trace:
[  254.580482][   T28]  __switch_to+0x2f4/0x550
[  254.581455][   T28]  __schedule+0xdd0/0x1b0c
[  254.582161][   T28]  schedule+0xc4/0x170
[  254.582815][   T28]  __lock_sock+0x10c/0x264
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  254.591246][   T28]  lock_sock_nested+0xb8/0x130
[  254.603267][ T4334] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  254.608361][ T4332] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  254.610360][   T28]  tipc_send_group_bcast+0x464/0xacc
[  254.611496][ T4332] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  254.613166][ T4332] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  254.614349][   T28]  __tipc_sendmsg+0x2ac/0x28b8
[  254.614682][ T4332] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  254.616331][ T4332] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  254.617929][   T28]  tipc_sendmsg+0x60/0x1bc
[  254.618705][   T28]  sock_write_iter+0x268/0x360
[  254.624755][   T28]  vfs_write+0x3ec/0x7f0
[  254.634171][ T9161] caif:caif_disconnect_client(): nothing to disconnect
[  254.643738][   T28]  ksys_write+0x12c/0x224
[  254.644464][   T28]  __arm64_sys_write+0x7c/0x90
[  254.653523][   T28]  invoke_syscall+0x98/0x2b4
[  254.658915][   T28]  el0_svc_common+0x138/0x258
[  254.659711][   T28]  do_el0_svc+0x58/0x130
[  254.687758][   T28]  el0_svc+0x58/0x128
[  254.690834][   T28]  el0t_64_sync_handler+0x84/0xf0
[  254.691581][   T28]  el0t_64_sync+0x18c/0x190
[  254.695266][   T28] 
[  254.695266][   T28] Showing all locks held in the system:
[  254.698057][ T9175] netlink: 'syz.8.1165': attribute type 12 has an invalid length.
[  254.699241][ T9175] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1165'.
[  254.706903][   T28] 1 lock held by rcu_tasks_kthre/12:
[  254.719543][   T28]  #0: ffff8000153e7c30 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x40/0xbb4
[  254.721128][   T28] 1 lock held by rcu_tasks_trace/13:
[  254.721966][   T28]  #0: ffff8000153e8450 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x40/0xbb4
[  254.723735][   T28] 1 lock held by khungtaskd/28:
[  254.763358][   T28]  #0: ffff8000153e72c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44
[  254.767404][   T28] 2 locks held by kworker/1:2/112:
[  254.768192][   T28]  #0: ffff0000c0021938 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x6b8/0x13a4
[  254.769791][   T28]  #1: ffff8000205b7c20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x13a4
[  254.771531][   T28] 2 locks held by getty/4078:
[  254.772264][   T28]  #0: ffff0000d656e098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c
[  254.773875][   T28]  #1: ffff8000207eb2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x2ec/0xfa0
[  254.818293][   T28] 3 locks held by kworker/1:11/5727:
[  254.819173][   T28]  #0: ffff0000c0020938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x6b8/0x13a4
[  254.820902][   T28]  #1: ffff800022477c20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x13a4
[  254.822853][   T28]  #2: ffff0000cc19b240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x1d0/0x27cc
[  254.844615][   T28] 2 locks held by kworker/u4:16/5872:
[  254.845482][   T28]  #0: ffff0000c0029138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x6b8/0x13a4
[  254.847331][   T28]  #1: ffff8000217b7c20 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x13a4
[  254.849058][   T28] 1 lock held by syz.0.420/6134:
[  254.849853][   T28] 1 lock held by syz.0.420/6135:
[  254.850625][   T28]  #0: ffff0000d248dc30 (sk_lock-AF_TIPC){+.+.}-{0:0}, at: tipc_send_group_bcast+0x464/0xacc
[  254.852302][   T28] 1 lock held by syz-executor/6387:
[  254.853091][   T28]  #0: ffff8000153ecf78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2b8/0x77c
[  254.874520][   T28] 3 locks held by kworker/u4:20/8978:
[  254.876055][   T28] 1 lock held by syz.3.1159/9154:
[  254.876806][   T28] 1 lock held by syz.4.1161/9161:
[  254.877643][   T28]  #0: ffff8000153ecf78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3fc/0x77c
[  254.879337][   T28] 2 locks held by syz.2.1163/9168:
[  254.880069][   T28]  #0: ffff8000178db290 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50
[  254.881348][   T28]  #1: ffff8000153ece40 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x58/0x5d0
[  254.913462][   T28] 
[  254.913889][   T28] =============================================
[  254.913889][   T28] 
[  254.934655][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  254.935711][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0
[  254.936819][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
[  254.938499][   T28] Call trace:
[  254.939115][   T28]  dump_backtrace+0x1c0/0x1ec
[  254.939872][   T28]  show_stack+0x2c/0x3c
[  254.940492][   T28]  __dump_stack+0x30/0x40
[  254.941220][   T28]  dump_stack_lvl+0xf4/0x15c
[  254.941963][   T28]  dump_stack+0x1c/0x5c
[  254.942699][   T28]  panic+0x2f8/0x7ac
[  254.943316][   T28]  hung_task_panic+0x0/0x2c
[  254.944062][   T28]  kthread+0x250/0x2d8
[  254.944735][   T28]  ret_from_fork+0x10/0x20
[  254.945491][   T28] SMP: stopping secondary CPUs
[  254.946240][   T28] Kernel Offset: disabled
[  254.946884][   T28] CPU features: 0x080000,000f0097,a65bfea7
[  254.947756][   T28] Memory Limit: none
[  255.260281][   T28] Rebooting in 86400 seconds..