last executing test programs:

1m16.900939477s ago: executing program 1 (id=2):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=r3, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080088a8"], 0x44}}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x13, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000002c0)={@mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x8, 0x6, 0x0, 0x100, 0x8, 0x2080005, r8})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x8a0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r10, 0x404c534a, &(0x7f0000000380)={0x0, 0x1, 0xbe})
close_range(r9, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00')
r12 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/kexec_crash_size', 0x149a82, 0x0)
sendfile(r12, r12, 0x0, 0x3)
preadv(r11, &(0x7f0000000500)=[{&(0x7f0000000040)=""/9, 0x9}, {&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000240)=""/110, 0x6e}, {&(0x7f00000002c0)=""/29, 0x1d}, {&(0x7f0000000300)=""/215, 0xd7}, {&(0x7f0000000400)=""/165, 0xa5}, {&(0x7f00000004c0)=""/4, 0x4}], 0x7, 0x7, 0xffffffc0)
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000100)="b9e6277eb78fd4652a477612103fdac33d637e93d53f69d807af23a8bf986cb43bc1908d7d16ae3d0e69e3fc0b770448c39a084b983c375a27191f04c7ac42d1538a4d281a13ad935733e402a90bd859cf040d3232e07fb4130e4cf461154db48a94254411fd1f7390328c9ee78fbb8e8697ad60eb7e9a6de9128d623643fbcba423fbb5b570c602654c325ab703068248ffcc1157d0662a119a8774bbacf304f9cbae92f47af96d73e4", 0xaa}, {&(0x7f0000000080)='-6', 0x2}, {&(0x7f0000000040)}], 0x3)

1m12.916286985s ago: executing program 1 (id=16):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000008600), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000080), 0x12)

1m9.583402306s ago: executing program 1 (id=20):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r5, 0x1, 0xfffffffe, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x64000}, 0x0)

1m1.03261917s ago: executing program 1 (id=23):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r2 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)

56.542392279s ago: executing program 4 (id=32):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000406eb0800000000000000000200000a0500010007000000aef1e00bce6f8e7ec0e3"], 0x1c}, 0x1, 0x0, 0x0, 0xc011}, 0x800)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1, <r3=>0xffffffffffffffff}, 0x0, &(0x7f0000000200)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
r5 = openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x11, r5, 0x0)
gettid()
timer_create(0x3, 0x0, &(0x7f0000044000))
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000b80)={[{@errors_remount}, {@nobh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@dioread_lock}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file1\x00', &(0x7f0000000000), &(0x7f0000000100)=ANY=[], 0xfe37, 0x2)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000a00)='./file2\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c666c7573682c726f6469722c726f6469722c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c6368651e01fa57f9a4d16898636b3d7374726963742c756e653d302c757466383d302c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c001641cb5ed1f363303378b924fc250bdae45cd22bb33f29d72cf1c8410df88b83b9710b49374a748455718cc4af5f3c9a4200000095e9c8c3a89f41b650b90dd5886ae65bf02b7c8ea4e76ef2cc241ac9f89f2753df98db0ba9558c753363f296424ec60e703fac2db7e9f31283852e11", @ANYBLOB="11ad0fa62a2978807a8e8dfa67c8067d98e603c58e7741eff6101f7dba3e990d3c0c48189cbc7d818e4f857a223c76a4e2cd58dd6af9d8e4a08a2b86421350c1a17d139ce9557b4349553f9bbebef80fbded8430b9772d31c61c03266f36811894ab79fec8ccbacca6f8a63a2ef607314056f14f2c1dc27d3e32385c9af9182d068d101ffbb44cfcb71f7af9565659eef91f11f9f7d5c25012450485453b96da2fa7", @ANYBLOB="b13c376fdd66a7d639c02532bf04ce21f7d86f67914cd24c1a16c85d000e56c7368c5baa847b8d1390c871ca73979c130e2e8dba52cb6e29e7ef9ce8e7f092a32dd4dff5839727b3f591e388d041527960a1e20a1e133b12dfc18f1f732ea8614d5847cd54edc1c0aa5422ef3bb9508fdbebcc135de98954f1d9fbffbb190a49b16c1275d4830b8a85acf0b55c1e19533fb1ae4ca8f80bdefda060e3e6837a10fc794ecf34ec4b7a7c76402285c415d76a33d64d218596c8126c7b35076511e52e235fb9be2d0a381962e129748855c39c84436bd553b25d7f0ae7e35b54eebdb608625a42b589438a35d78997"], 0xff, 0x2c1, &(0x7f0000000a40)="$eJzs3bFra1UcB/DfTdMkT5FEcBLBCzo4PV7f6pIifVDMpGRQBy22BUmCkEKhVYydXF0cXV0Ewc1/wsX/QHAV3CxYuHKTe03SpiFB06rv81l6eu755vzOyS0lQ8794KVB7zCN44tPf45GI4lKO9pxmUQrKlH6POa0vwwA4L/sMsvit2xinVwSEY3NlQUAbNDa//+/33hJAMCGvf3Ou2/udjp7b6VpI54Mvjjt5p/s858RDyJi9zg+in4cxaNoxlVE9pdJ+0mWZaNqmmvFq4PRaTdPDt7/sXj93V8bMc7vRDNa4675/H5nbyedmMmP8jqeKeZv5/nH0YwXFsy/39l7vCAf3Vq89spM/Q+jGT99GB9HPw7HRUzyUYn4bCdN38i++v2T9/Ly8nwyOu3Wx+Omsq27f3cAAAAAAAAAAAAAAAAAAAAAAPi/elicnVOP8fk9eVdx/s7WVf7LdqSl1vz5PJN8Ur7QtfOBRll8XZ7P8yhN06wYOM1X48VqVO9n1QAAAAAAAAAAAAAAAAAAAPDvcnJ23jvo94+G/0ijPA2g/Fr/qvGLaz3tmTEvx/J4fTpXpWgumSu2yjFJxNLC8kWsvPY/imMPVt2oasz2PH9bzd9+t/Jb8M3ta38wf2l72f78jUatmObsvFfeXb2DZPEe1qPsaZQ3yQ+zY2qx6qS3XcrWuP2GJ7WFl5prb0Lt2XFjtGRMJMsKe/2Xyc6d9w6e6x8Nk+urqI13dWF8u2gU8ZtjGqvfz/lfyg2J0zoAAAAAAAAAAAAAAAAAAGCjpl/6neuePK7/Ymm0ktU3WxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3JXp8//XaIyK8AqDazE8ueclAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8BT4MwAA//9YnFw0")

54.598511462s ago: executing program 4 (id=38):
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x404d3, 0x32}, 0x0, @in=@empty}}, 0xe8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)

53.796188072s ago: executing program 4 (id=43):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x227f)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000001c0)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/74, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001cc0)={0x1, 0x0, [{0x0, 0xffb, &(0x7f0000001d80)=""/4091}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)

53.269182268s ago: executing program 4 (id=46):
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000240)={0x101, 0x8, {}, {<r3=>0xffffffffffffffff}, 0x9, 0x7})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000280)={0x8a0, 0x6, {}, {r3}, 0x8, 0x6})
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x86, 0xffffffff, 0x2})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc})
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

51.771127732s ago: executing program 4 (id=49):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
shmget$private(0x0, 0x1000, 0x800, &(0x7f0000001000/0x1000)=nil)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x14}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
syz_clone3(&(0x7f0000000300)={0x100000400, 0x0, 0x0, 0x0, {0x11}, &(0x7f00000005c0)=""/199, 0xc7, 0x0, &(0x7f0000000240)=[0x0], 0x1, {r1}}, 0x58)

48.287062833s ago: executing program 4 (id=54):
syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240))

39.542512654s ago: executing program 32 (id=23):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r2 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)

32.397806216s ago: executing program 33 (id=54):
syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240))

25.581114385s ago: executing program 3 (id=81):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}], 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
socket$inet6_sctp(0xa, 0x5, 0x84)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x10010, 0xffffffffffffffff, 0x28f43000)
semctl$IPC_INFO(0x0, 0x2, 0x3, &(0x7f0000000440)=""/166)

23.908091685s ago: executing program 3 (id=83):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, 0x0, 0x0)

20.492863135s ago: executing program 3 (id=84):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=r3, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080088a8"], 0x44}}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5, <r6=>0xffffffffffffffff}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x13, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000002c0)={@mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x8, 0x6, 0x0, 0x100, 0x8, 0x2080005, r8})
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f0000000340)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}, @local, @private0, 0x2, 0x5, 0x0, 0x580, 0x80180000006, 0x110032})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x8a0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r10, 0x404c534a, &(0x7f0000000380)={0x0, 0x1, 0xbe})
close_range(r9, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00')
r12 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/kexec_crash_size', 0x149a82, 0x0)
sendfile(r12, r12, 0x0, 0x3)
preadv(r11, &(0x7f0000000500)=[{&(0x7f0000000040)=""/9, 0x9}, {&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000240)=""/110, 0x6e}, {&(0x7f00000002c0)=""/29, 0x1d}, {&(0x7f0000000300)=""/215, 0xd7}, {&(0x7f0000000400)=""/165, 0xa5}, {&(0x7f00000004c0)=""/4, 0x4}], 0x7, 0x7, 0xffffffc0)
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000100)="b9e6277eb78fd4652a477612103fdac33d637e93d53f69d807af23a8bf986cb43bc1908d7d16ae3d0e69e3fc0b770448c39a084b983c375a27191f04c7ac42d1538a4d281a13ad935733e402a90bd859cf040d3232e07fb4130e4cf461154db48a94254411fd1f7390328c9ee78fbb8e8697ad60eb7e9a6de9128d623643fbcba423fbb5b570c602654c325ab703068248ffcc1157d0662a119a8774bbacf304f9cbae92f47af96d73e4", 0xaa}, {&(0x7f0000000080)='-6', 0x2}, {&(0x7f0000000040)}], 0x3)

17.57905199s ago: executing program 3 (id=87):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=r2, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080088a8"], 0x44}}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r4=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x13, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f00000002c0)={@mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x8, 0x6, 0x0, 0x100, 0x8, 0x2080005, r7})
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000340)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}, @local, @private0, 0x2, 0x5, 0x0, 0x580, 0x80180000006, 0x110032})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x8a0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r9, 0x404c534a, &(0x7f0000000380)={0x0, 0x1, 0xbe})
close_range(r8, 0xffffffffffffffff, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00')
r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/kexec_crash_size', 0x149a82, 0x0)
sendfile(r11, r11, 0x0, 0x3)
preadv(r10, &(0x7f0000000500)=[{&(0x7f0000000040)=""/9, 0x9}, {&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000240)=""/110, 0x6e}, {&(0x7f00000002c0)=""/29, 0x1d}, {&(0x7f0000000300)=""/215, 0xd7}, {&(0x7f0000000400)=""/165, 0xa5}, {&(0x7f00000004c0)=""/4, 0x4}], 0x7, 0x7, 0xffffffc0)
writev(r10, &(0x7f00000000c0)=[{&(0x7f0000000100)="b9e6277eb78fd4652a477612103fdac33d637e93d53f69d807af23a8bf986cb43bc1908d7d16ae3d0e69e3fc0b770448c39a084b983c375a27191f04c7ac42d1538a4d281a13ad935733e402a90bd859cf040d3232e07fb4130e4cf461154db48a94254411fd1f7390328c9ee78fbb8e8697ad60eb7e9a6de9128d623643fbcba423fbb5b570c602654c325ab703068248ffcc1157d0662a119a8774bbacf304f9cbae92f47af96d73e4", 0xaa}, {&(0x7f0000000080)='-6', 0x2}, {&(0x7f0000000040)}], 0x3)

17.269320908s ago: executing program 2 (id=88):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}]}]}, 0x44}}, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000480)=""/74, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
r1 = eventfd2(0xe8, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000240)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

16.782516217s ago: executing program 3 (id=89):
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@multicast2, 0x404d3, 0x32}, 0x0, @in=@empty}}, 0xe8)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)

16.301231097s ago: executing program 3 (id=90):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x9, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

13.697127083s ago: executing program 0 (id=92):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, 0x0, 0x0)

13.412308781s ago: executing program 0 (id=93):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000406eb0800000000000000000200000a0500010007000000aef1e00bce6f8e7ec0e3e41e9ffa33d270dcee"], 0x1c}, 0x1, 0x0, 0x0, 0xc011}, 0x800)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1, <r3=>0xffffffffffffffff}, 0x0, &(0x7f0000000200)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40))
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
r5 = openat$fb0(0xffffffffffffff9c, 0x0, 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x11, r5, 0x0)
gettid()
timer_create(0x3, 0x0, &(0x7f0000044000))
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000b80)={[{@errors_remount}, {@nobh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@dioread_lock}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./file1\x00', &(0x7f0000000000), &(0x7f0000000100)=ANY=[], 0xfe37, 0x2)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000a00)='./file2\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c666c7573682c726f6469722c726f6469722c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c6368651e01fa57f9a4d16898636b3d7374726963742c756e653d302c757466383d302c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c001641cb5ed1f363303378b924fc250bdae45cd22bb33f29d72cf1c8410df88b83b9710b49374a748455718cc4af5f3c9a4200000095e9c8c3a89f41b650b90dd5886ae65bf02b7c8ea4e76ef2cc241ac9f89f2753df98db0ba9558c753363f296424ec60e703fac2db7e9f31283852e11", @ANYBLOB="11ad0fa62a2978807a8e8dfa67c8067d98e603c58e7741eff6101f7dba3e990d3c0c48189cbc7d818e4f857a223c76a4e2cd58dd6af9d8e4a08a2b86421350c1a17d139ce9557b4349553f9bbebef80fbded8430b9772d31c61c03266f36811894ab79fec8ccbacca6f8a63a2ef607314056f14f2c1dc27d3e32385c9af9182d068d101ffbb44cfcb71f7af9565659eef91f11f9f7d5c25012450485453b96da2fa7", @ANYBLOB="b13c376fdd66a7d639c02532bf04ce21f7d86f67914cd24c1a16c85d000e56c7368c5baa847b8d1390c871ca73979c130e2e8dba52cb6e29e7ef9ce8e7f092a32dd4dff5839727b3f591e388d041527960a1e20a1e133b12dfc18f1f732ea8614d5847cd54edc1c0aa5422ef3bb9508fdbebcc135de98954f1d9fbffbb190a49b16c1275d4830b8a85acf0b55c1e19533fb1ae4ca8f80bdefda060e3e6837a10fc794ecf34ec4b7a7c76402285c415d76a33d64d218596c8126c7b35076511e52e235fb9be2d0a381962e129748855c39c84436bd553b25d7f0ae7e35b54eebdb608625a42b589438a35d78997"], 0xff, 0x2c1, &(0x7f0000000a40)="$eJzs3bFra1UcB/DfTdMkT5FEcBLBCzo4PV7f6pIifVDMpGRQBy22BUmCkEKhVYydXF0cXV0Ewc1/wsX/QHAV3CxYuHKTe03SpiFB06rv81l6eu755vzOyS0lQ8794KVB7zCN44tPf45GI4lKO9pxmUQrKlH6POa0vwwA4L/sMsvit2xinVwSEY3NlQUAbNDa//+/33hJAMCGvf3Ou2/udjp7b6VpI54Mvjjt5p/s858RDyJi9zg+in4cxaNoxlVE9pdJ+0mWZaNqmmvFq4PRaTdPDt7/sXj93V8bMc7vRDNa4675/H5nbyedmMmP8jqeKeZv5/nH0YwXFsy/39l7vCAf3Vq89spM/Q+jGT99GB9HPw7HRUzyUYn4bCdN38i++v2T9/Ly8nwyOu3Wx+Omsq27f3cAAAAAAAAAAAAAAAAAAAAAAPi/elicnVOP8fk9eVdx/s7WVf7LdqSl1vz5PJN8Ur7QtfOBRll8XZ7P8yhN06wYOM1X48VqVO9n1QAAAAAAAAAAAAAAAAAAAPDvcnJ23jvo94+G/0ijPA2g/Fr/qvGLaz3tmTEvx/J4fTpXpWgumSu2yjFJxNLC8kWsvPY/imMPVt2oasz2PH9bzd9+t/Jb8M3ta38wf2l72f78jUatmObsvFfeXb2DZPEe1qPsaZQ3yQ+zY2qx6qS3XcrWuP2GJ7WFl5prb0Lt2XFjtGRMJMsKe/2Xyc6d9w6e6x8Nk+urqI13dWF8u2gU8ZtjGqvfz/lfyg2J0zoAAAAAAAAAAAAAAAAAAGCjpl/6neuePK7/Ymm0ktU3WxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3JXp8//XaIyK8AqDazE8ueclAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8BT4MwAA//9YnFw0")

12.095452283s ago: executing program 2 (id=94):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x227f)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000001c0)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/74, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001cc0)={0x1, 0x0, [{0x0, 0xffb, &(0x7f0000001d80)=""/4091}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)

11.541372284s ago: executing program 0 (id=95):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=r3, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080088a8"], 0x44}}, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5, <r6=>0xffffffffffffffff}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x13, &(0x7f00000014c0)=""/4101, 0x0, 0xc}, 0x94)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000002c0)={@mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x8, 0x6, 0x0, 0x100, 0x8, 0x2080005, r8})
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f0000000340)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}, @local, @private0, 0x2, 0x5, 0x0, 0x580, 0x80180000006, 0x110032})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x8a0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r10, 0x404c534a, &(0x7f0000000380)={0x0, 0x1, 0xbe})
close_range(r9, 0xffffffffffffffff, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00')
r12 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/kexec_crash_size', 0x149a82, 0x0)
sendfile(r12, r12, 0x0, 0x3)
preadv(r11, &(0x7f0000000500)=[{&(0x7f0000000040)=""/9, 0x9}, {&(0x7f00000001c0)=""/91, 0x5b}, {&(0x7f0000000240)=""/110, 0x6e}, {&(0x7f00000002c0)=""/29, 0x1d}, {&(0x7f0000000300)=""/215, 0xd7}, {&(0x7f0000000400)=""/165, 0xa5}, {&(0x7f00000004c0)=""/4, 0x4}], 0x7, 0x7, 0xffffffc0)
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000100)="b9e6277eb78fd4652a477612103fdac33d637e93d53f69d807af23a8bf986cb43bc1908d7d16ae3d0e69e3fc0b770448c39a084b983c375a27191f04c7ac42d1538a4d281a13ad935733e402a90bd859cf040d3232e07fb4130e4cf461154db48a94254411fd1f7390328c9ee78fbb8e8697ad60eb7e9a6de9128d623643fbcba423fbb5b570c602654c325ab703068248ffcc1157d0662a119a8774bbacf304f9cbae92f47af96d73e4", 0xaa}, {&(0x7f0000000080)='-6', 0x2}, {&(0x7f0000000040)}], 0x3)

10.627780044s ago: executing program 2 (id=96):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
semop(0x0, &(0x7f0000000440)=[{0x3, 0xffff, 0x1000}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

9.703210309s ago: executing program 0 (id=97):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

9.452927037s ago: executing program 2 (id=98):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x64000}, 0x0)

9.322820034s ago: executing program 0 (id=99):
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000240)={0x101, 0x8, {}, {<r2=>0xffffffffffffffff}, 0x9, 0x7})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000280)={0x8a0, 0x6, {}, {r2}, 0x8, 0x6})
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

4.263239338s ago: executing program 2 (id=100):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
socket$inet6_sctp(0xa, 0x5, 0x84)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x10010, 0xffffffffffffffff, 0x28f43000)
semctl$IPC_INFO(0x0, 0x2, 0x3, &(0x7f0000000440)=""/166)

880.345632ms ago: executing program 34 (id=90):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x9, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

720.58659ms ago: executing program 0 (id=102):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', 0x0})
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r1, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de2500000000000000", 0x3f}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb2", 0x86}], 0x2}}], 0x1, 0x2090)
sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
close(0x4)

0s ago: executing program 2 (id=103):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0xc0010058}]})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
semop(0x0, &(0x7f0000000440)=[{0x3, 0xffff, 0x1000}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.210' (ED25519) to the list of known hosts.
[  153.063993][ T5756] cgroup: Unknown subsys name 'net'
[  153.184532][ T5756] cgroup: Unknown subsys name 'cpuset'
[  153.201180][ T5756] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  158.644566][ T5756] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  162.582864][   T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  162.616874][   T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  162.625830][   T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  162.639437][   T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  162.650225][   T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  162.737452][ T5071] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  162.746822][ T5071] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  162.756864][ T5071] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  162.787277][ T5071] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  162.803551][ T5071] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  162.857399][   T49] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  162.867398][   T49] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  162.880722][   T49] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  162.890275][   T49] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  162.903699][   T49] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  162.914588][   T49] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  162.935081][   T49] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  162.965504][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  162.992592][   T49] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  163.003998][   T49] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  163.037419][   T49] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  163.046860][ T5071] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  163.057570][ T5071] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  163.070489][ T5071] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  163.081687][ T5071] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  163.978090][ T5774] chnl_net:caif_netlink_parms(): no params data found
[  164.561241][ T5778] chnl_net:caif_netlink_parms(): no params data found
[  164.726147][ T5071] Bluetooth: hci0: command tx timeout
[  164.760840][ T5784] chnl_net:caif_netlink_parms(): no params data found
[  164.840333][ T5780] chnl_net:caif_netlink_parms(): no params data found
[  164.886139][ T5071] Bluetooth: hci1: command tx timeout
[  164.898821][ T5781] chnl_net:caif_netlink_parms(): no params data found
[  164.926077][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.933747][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.943791][ T5774] bridge_slave_0: entered allmulticast mode
[  164.952749][ T5774] bridge_slave_0: entered promiscuous mode
[  165.043910][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.052718][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.056277][ T5071] Bluetooth: hci3: command tx timeout
[  165.060168][ T5783] Bluetooth: hci2: command tx timeout
[  165.073598][ T5774] bridge_slave_1: entered allmulticast mode
[  165.084194][ T5774] bridge_slave_1: entered promiscuous mode
[  165.126221][ T5783] Bluetooth: hci4: command tx timeout
[  165.375430][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  165.417179][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.662944][ T5774] team0: Port device team_slave_0 added
[  165.703942][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.712950][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.735644][ T5778] bridge_slave_0: entered allmulticast mode
[  165.745801][ T5778] bridge_slave_0: entered promiscuous mode
[  165.766777][ T5774] team0: Port device team_slave_1 added
[  165.823758][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.831608][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.839507][ T5778] bridge_slave_1: entered allmulticast mode
[  165.848084][ T5778] bridge_slave_1: entered promiscuous mode
[  165.902936][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.910769][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.918576][ T5781] bridge_slave_0: entered allmulticast mode
[  165.927600][ T5781] bridge_slave_0: entered promiscuous mode
[  166.032945][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.040437][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.048085][ T5781] bridge_slave_1: entered allmulticast mode
[  166.056455][ T5781] bridge_slave_1: entered promiscuous mode
[  166.066289][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.073706][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.082287][ T5784] bridge_slave_0: entered allmulticast mode
[  166.091071][ T5784] bridge_slave_0: entered promiscuous mode
[  166.123385][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.131033][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.138611][ T5780] bridge_slave_0: entered allmulticast mode
[  166.147336][ T5780] bridge_slave_0: entered promiscuous mode
[  166.159831][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0
[  166.168406][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  166.195204][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  166.231183][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.239074][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.247240][ T5784] bridge_slave_1: entered allmulticast mode
[  166.255247][ T5784] bridge_slave_1: entered promiscuous mode
[  166.272134][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.281976][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.289646][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.297338][ T5780] bridge_slave_1: entered allmulticast mode
[  166.305620][ T5780] bridge_slave_1: entered promiscuous mode
[  166.317240][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1
[  166.324289][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  166.351192][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  166.477611][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.540105][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.627025][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.644117][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.690221][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.736349][ T5778] team0: Port device team_slave_0 added
[  166.749987][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.789951][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.806208][ T5783] Bluetooth: hci0: command tx timeout
[  166.832817][ T5778] team0: Port device team_slave_1 added
[  166.869419][ T5781] team0: Port device team_slave_0 added
[  166.966155][ T5783] Bluetooth: hci1: command tx timeout
[  166.972984][ T5781] team0: Port device team_slave_1 added
[  167.043068][ T5774] hsr_slave_0: entered promiscuous mode
[  167.051827][ T5774] hsr_slave_1: entered promiscuous mode
[  167.089594][ T5780] team0: Port device team_slave_0 added
[  167.126466][ T5783] Bluetooth: hci3: command tx timeout
[  167.127154][ T5071] Bluetooth: hci2: command tx timeout
[  167.134124][ T5784] team0: Port device team_slave_0 added
[  167.163903][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.171387][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.197822][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.208687][ T5071] Bluetooth: hci4: command tx timeout
[  167.222368][ T5780] team0: Port device team_slave_1 added
[  167.230644][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.238072][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.264323][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.282170][ T5784] team0: Port device team_slave_1 added
[  167.320900][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.328037][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.354207][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.389945][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.397262][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.423908][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.551798][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.558990][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.586257][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.603417][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.611278][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.638320][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.652340][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.659957][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.686284][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.702649][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.709928][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  167.736295][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.973750][ T5781] hsr_slave_0: entered promiscuous mode
[  167.982224][ T5781] hsr_slave_1: entered promiscuous mode
[  167.990135][ T5781] debugfs: 'hsr0' already exists in 'hsr'
[  167.996177][ T5781] Cannot create hsr debugfs directory
[  168.014279][ T5778] hsr_slave_0: entered promiscuous mode
[  168.022867][ T5778] hsr_slave_1: entered promiscuous mode
[  168.031213][ T5778] debugfs: 'hsr0' already exists in 'hsr'
[  168.037157][ T5778] Cannot create hsr debugfs directory
[  168.181470][ T5780] hsr_slave_0: entered promiscuous mode
[  168.189908][ T5780] hsr_slave_1: entered promiscuous mode
[  168.197981][ T5780] debugfs: 'hsr0' already exists in 'hsr'
[  168.203816][ T5780] Cannot create hsr debugfs directory
[  168.229722][ T5784] hsr_slave_0: entered promiscuous mode
[  168.238906][ T5784] hsr_slave_1: entered promiscuous mode
[  168.246710][ T5784] debugfs: 'hsr0' already exists in 'hsr'
[  168.252680][ T5784] Cannot create hsr debugfs directory
[  168.886272][ T5071] Bluetooth: hci0: command tx timeout
[  169.046510][ T5071] Bluetooth: hci1: command tx timeout
[  169.206190][ T5071] Bluetooth: hci2: command tx timeout
[  169.206569][ T5783] Bluetooth: hci3: command tx timeout
[  169.286331][ T5783] Bluetooth: hci4: command tx timeout
[  169.313776][ T5774] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  169.333115][ T5774] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  169.395693][ T5774] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  169.426106][ T5774] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  169.523749][ T5781] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  169.554763][ T5781] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  169.584704][ T5781] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  169.621920][ T5781] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  169.806820][ T5780] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  169.858256][ T5780] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  169.910991][ T5780] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  169.931985][ T5780] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  170.118089][ T5778] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  170.169029][ T5778] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  170.234797][ T5778] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  170.258829][ T5778] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  170.478023][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0
[  170.554728][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  170.578876][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  170.621664][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  170.648000][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  170.771647][ T5774] 8021q: adding VLAN 0 to HW filter on device team0
[  170.807865][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0
[  170.910014][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.917372][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.966238][ T5783] Bluetooth: hci0: command tx timeout
[  170.995463][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.002849][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.041887][ T5781] 8021q: adding VLAN 0 to HW filter on device team0
[  171.126756][ T5783] Bluetooth: hci1: command tx timeout
[  171.142414][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.172572][  T129] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.180027][  T129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.273734][  T129] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.281196][  T129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.287175][ T5783] Bluetooth: hci3: command tx timeout
[  171.290503][ T5071] Bluetooth: hci2: command tx timeout
[  171.367256][ T5071] Bluetooth: hci4: command tx timeout
[  171.390778][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[  171.497082][  T129] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.504526][  T129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.519029][  T129] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.526540][  T129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.645282][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.856139][ T5778] 8021q: adding VLAN 0 to HW filter on device team0
[  171.968134][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.975588][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.040016][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.123883][  T129] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.131424][  T129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.297884][ T5784] 8021q: adding VLAN 0 to HW filter on device team0
[  172.318816][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.433983][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.441510][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.601026][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.608543][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.192930][ T5774] veth0_vlan: entered promiscuous mode
[  173.211814][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.325358][ T5774] veth1_vlan: entered promiscuous mode
[  173.638062][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.785553][ T5774] veth0_macvtap: entered promiscuous mode
[  173.900437][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.919676][ T5774] veth1_macvtap: entered promiscuous mode
[  174.093415][ T5781] veth0_vlan: entered promiscuous mode
[  174.171040][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0
[  174.268630][ T5781] veth1_vlan: entered promiscuous mode
[  174.304966][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1
[  174.421171][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  174.479840][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.504895][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  174.544157][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  174.557597][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  174.599921][ T5778] veth0_vlan: entered promiscuous mode
[  174.768581][ T5778] veth1_vlan: entered promiscuous mode
[  174.814178][ T5781] veth0_macvtap: entered promiscuous mode
[  174.894817][ T5781] veth1_macvtap: entered promiscuous mode
[  175.100472][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.160971][ T5780] veth0_vlan: entered promiscuous mode
[  175.214911][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.230416][ T5784] veth0_vlan: entered promiscuous mode
[  175.319266][   T34] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.344783][ T5784] veth1_vlan: entered promiscuous mode
[  175.373796][   T34] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.442635][ T5780] veth1_vlan: entered promiscuous mode
[  175.470272][   T34] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.489319][   T34] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.534259][ T5778] veth0_macvtap: entered promiscuous mode
[  175.634891][ T5778] veth1_macvtap: entered promiscuous mode
[  175.838637][ T5784] veth0_macvtap: entered promiscuous mode
[  175.899222][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.924675][ T5784] veth1_macvtap: entered promiscuous mode
[  175.971296][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1
[  176.127076][   T34] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.146369][   T34] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.155362][   T34] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.221770][ T5780] veth0_macvtap: entered promiscuous mode
[  176.234485][   T34] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.343159][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  176.403495][ T5780] veth1_macvtap: entered promiscuous mode
[  176.511357][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  176.629447][  T499] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.660958][  T499] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.729607][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[  176.760337][  T129] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.779990][  T499] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.884303][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[  177.042587][   T56] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.154197][   T56] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.196394][   T56] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.205558][   T56] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.704164][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.750575][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.000416][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.056159][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.469029][ T5774] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  180.135706][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.178401][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.401975][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.443084][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.695977][ T5933] SQUASHFS error: Failed to read block 0x0: -5
[  182.350394][ T5947] capability: warning: `syz.0.6' uses 32-bit capabilities (legacy support in use)
[  184.932703][ T5964] netlink: 'syz.2.7': attribute type 8 has an invalid length.
[  184.970040][ T5964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7'.
[  185.536192][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  186.567931][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  186.977560][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  187.386922][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  188.206312][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  189.127692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  189.946856][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  190.356490][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  192.097558][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  192.776931][ T5979] netlink: 'syz.0.9': attribute type 8 has an invalid length.
[  192.799771][ T5979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9'.
[  192.868130][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.888911][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.003287][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.035766][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.151500][  T129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.177476][  T129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.349567][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.367521][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.383036][ T5989] netlink: 'syz.0.11': attribute type 8 has an invalid length.
[  193.402476][ T5989] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11'.
[  193.874272][ T5960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.886195][ T5960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.076998][ T5992] netlink: 'syz.1.2': attribute type 8 has an invalid length.
[  194.084651][ T5992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'.
[  194.239643][ T5960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.952429][ T5997] SQUASHFS error: Failed to read block 0x0: -5
[  196.416068][ T5960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  197.527623][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  202.173993][ T6024] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  209.469665][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  209.476587][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  210.669777][ T6046] netlink: 'syz.3.26': attribute type 8 has an invalid length.
[  210.696275][ T6046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26'.
[  214.295429][ T6066] netlink: 'syz.0.33': attribute type 8 has an invalid length.
[  214.314466][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.33'.
[  214.462282][ T6068] loop4: detected capacity change from 0 to 512
[  214.492594][ T6068] EXT4-fs: Ignoring removed nobh option
[  214.527975][ T6068] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  214.542132][ T6068] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  214.854288][ T6068] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  214.975655][ T6068] EXT4-fs (loop4): 1 truncate cleaned up
[  215.023892][ T6068] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.952959][ T5780] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.130822][ T6082] netlink: 'syz.3.37': attribute type 8 has an invalid length.
[  216.177039][ T6082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.37'.
[  216.809880][ T6090] netlink: 'syz.0.40': attribute type 8 has an invalid length.
[  216.845139][ T6090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40'.
[  219.573299][ T6118] loop4: detected capacity change from 0 to 40427
[  219.786281][ T6120] loop3: detected capacity change from 0 to 512
[  219.812560][ T6120] EXT4-fs: Ignoring removed nobh option
[  219.933461][ T6120] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  219.989806][ T6118] F2FS-fs (loop4): invalid crc value
[  220.474692][ T6118] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  220.486672][ T6118] F2FS-fs (loop4): Start checkpoint disabled!
[  220.572689][ T6118] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  220.599936][ T6118] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  220.625277][ T6120] EXT4-fs (loop3): 1 truncate cleaned up
[  220.648935][ T6120] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.220343][   T29] audit: type=1800 audit(1774370305.921:2): pid=6130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.49" name="bus" dev="loop4" ino=10 res=0 errno=0
[  221.880709][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.271963][ T6037] kworker/u8:13: attempt to access beyond end of device
[  222.271963][ T6037] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  222.294658][ T6037] CPU: 1 UID: 0 PID: 6037 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT(full) 
[  222.294793][ T6037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  222.294916][ T6037] Workqueue: writeback wb_workfn (flush-7:4)
[  222.295112][ T6037] Call Trace:
[  222.295160][ T6037]  <TASK>
[  222.295207][ T6037]  __dump_stack+0x26/0x30
[  222.295369][ T6037]  dump_stack_lvl+0x14c/0x1c0
[  222.295523][ T6037]  dump_stack+0x1e/0x25
[  222.295660][ T6037]  f2fs_handle_critical_error+0xa6f/0xc20
[  222.295875][ T6037]  f2fs_stop_checkpoint+0x65/0x80
[  222.295995][ T6037]  f2fs_write_end_io+0x12e6/0x2560
[  222.296177][ T6037]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  222.296306][ T6037]  bio_endio+0x1006/0x1160
[  222.296456][ T6037]  submit_bio_noacct+0x533/0x2960
[  222.296647][ T6037]  submit_bio+0x57a/0x620
[  222.296789][ T6037]  f2fs_submit_write_bio+0x115/0x350
[  222.296965][ T6037]  __submit_merged_bio+0x16f/0x780
[  222.297128][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.297309][ T6037]  __submit_merged_write_cond+0x4ba/0xae0
[  222.297514][ T6037]  f2fs_write_data_pages+0x5073/0x5e10
[  222.297734][ T6037]  ? sysvec_apic_timer_interrupt+0x52/0x90
[  222.297904][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.298078][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.298253][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.298425][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.298584][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.298752][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.298913][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.299079][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.299263][ T6037]  ? __update_load_avg_cfs_rq+0xe9/0x1060
[  222.299424][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.299596][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.299760][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.299931][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.300102][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.300277][ T6037]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  222.300409][ T6037]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  222.300535][ T6037]  do_writepages+0x3f2/0x860
[  222.300667][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.300852][ T6037]  ? writeback_sb_inodes+0x21/0x1d90
[  222.301012][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.301209][ T6037]  __writeback_single_inode+0xfc/0x1440
[  222.301398][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.301587][ T6037]  writeback_sb_inodes+0xb3b/0x1d90
[  222.301861][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.302038][ T6037]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  222.302229][ T6037]  wb_writeback+0x4f1/0xcd0
[  222.302423][ T6037]  ? queue_io+0x431/0x800
[  222.302585][ T6037]  wb_workfn+0x3b9/0x19b0
[  222.302727][ T6037]  ? kmsan_get_metadata+0xf1/0x160
[  222.302928][ T6037]  ? __pfx_wb_workfn+0x10/0x10
[  222.303067][ T6037]  process_scheduled_works+0xb82/0x1e80
[  222.303275][ T6037]  worker_thread+0xee4/0x1590
[  222.303454][ T6037]  kthread+0x53f/0x600
[  222.303611][ T6037]  ? __pfx_worker_thread+0x10/0x10
[  222.303763][ T6037]  ? __pfx_kthread+0x10/0x10
[  222.303916][ T6037]  ret_from_fork+0x20f/0x910
[  222.304054][ T6037]  ? __switch_to+0x51c/0x750
[  222.304222][ T6037]  ? __pfx_kthread+0x10/0x10
[  222.304386][ T6037]  ret_from_fork_asm+0x1a/0x30
[  222.304581][ T6037]  </TASK>
[  222.722629][ T6037] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  222.808174][ T6137] netlink: 'syz.3.52': attribute type 8 has an invalid length.
[  222.867066][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.52'.
[  231.541489][ T6158] loop3: detected capacity change from 0 to 512
[  231.586788][ T6158] EXT4-fs: Ignoring removed nobh option
[  231.610495][ T6158] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  232.312616][ T6158] EXT4-fs (loop3): 1 truncate cleaned up
[  232.399041][ T6158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.108718][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.130539][ T6162] loop0: detected capacity change from 0 to 40427
[  234.194041][ T6162] F2FS-fs (loop0): invalid crc value
[  234.475390][ T6162] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  234.497122][ T6162] F2FS-fs (loop0): Start checkpoint disabled!
[  234.510860][ T6162] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  234.526964][ T6162] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  234.620664][   T29] audit: type=1800 audit(1774370319.681:3): pid=6170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.64" name="bus" dev="loop0" ino=10 res=0 errno=0
[  235.370809][ T6170] syz.0.64: attempt to access beyond end of device
[  235.370809][ T6170] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  235.391379][ T6170] syz.0.64: attempt to access beyond end of device
[  235.391379][ T6170] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.414212][ T6170] syz.0.64: attempt to access beyond end of device
[  235.414212][ T6170] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.439202][ T6170] syz.0.64: attempt to access beyond end of device
[  235.439202][ T6170] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.466407][ T6170] syz.0.64: attempt to access beyond end of device
[  235.466407][ T6170] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.494343][ T6170] syz.0.64: attempt to access beyond end of device
[  235.494343][ T6170] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  235.510291][ T6170] syz.0.64: attempt to access beyond end of device
[  235.510291][ T6170] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.537164][ T6170] syz.0.64: attempt to access beyond end of device
[  235.537164][ T6170] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  235.560860][ T6170] syz.0.64: attempt to access beyond end of device
[  235.560860][ T6170] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  235.584508][ T6170] syz.0.64: attempt to access beyond end of device
[  235.584508][ T6170] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  237.958489][ T5783] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  237.967763][ T5783] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  237.983296][ T5783] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  237.996343][ T5783] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  238.007371][ T5783] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  238.508241][  T148] CPU: 0 UID: 0 PID: 148 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  238.508374][  T148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  238.508469][  T148] Workqueue: writeback wb_workfn (flush-7:0)
[  238.508659][  T148] Call Trace:
[  238.508704][  T148]  <TASK>
[  238.508753][  T148]  __dump_stack+0x26/0x30
[  238.508899][  T148]  dump_stack_lvl+0x14c/0x1c0
[  238.509044][  T148]  dump_stack+0x1e/0x25
[  238.509178][  T148]  f2fs_handle_critical_error+0xa6f/0xc20
[  238.509388][  T148]  f2fs_stop_checkpoint+0x65/0x80
[  238.509514][  T148]  f2fs_write_end_io+0x12e6/0x2560
[  238.509711][  T148]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  238.509844][  T148]  bio_endio+0x1006/0x1160
[  238.509986][  T148]  submit_bio_noacct+0x533/0x2960
[  238.510184][  T148]  submit_bio+0x57a/0x620
[  238.510328][  T148]  f2fs_submit_write_bio+0x115/0x350
[  238.510510][  T148]  __submit_merged_bio+0x16f/0x780
[  238.510682][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.510882][  T148]  __submit_merged_write_cond+0x4ba/0xae0
[  238.511079][  T148]  f2fs_write_data_pages+0x5073/0x5e10
[  238.511331][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.511521][  T148]  ? __update_load_avg_cfs_rq+0xd80/0x1060
[  238.511701][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.511882][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.512065][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.512233][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.512412][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.512584][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.512762][  T148]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  238.512889][  T148]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  238.513016][  T148]  do_writepages+0x3f2/0x860
[  238.513141][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.513313][  T148]  ? writeback_sb_inodes+0x21/0x1d90
[  238.513465][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.513658][  T148]  __writeback_single_inode+0xfc/0x1440
[  238.513837][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.514025][  T148]  writeback_sb_inodes+0xb3b/0x1d90
[  238.514295][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.514469][  T148]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  238.514660][  T148]  wb_writeback+0x4f1/0xcd0
[  238.514848][  T148]  ? queue_io+0x431/0x800
[  238.515009][  T148]  wb_workfn+0x3b9/0x19b0
[  238.515151][  T148]  ? kmsan_get_metadata+0xf1/0x160
[  238.515349][  T148]  ? __pfx_wb_workfn+0x10/0x10
[  238.515486][  T148]  process_scheduled_works+0xb82/0x1e80
[  238.515695][  T148]  worker_thread+0xee4/0x1590
[  238.515883][  T148]  kthread+0x53f/0x600
[  238.516033][  T148]  ? __pfx_worker_thread+0x10/0x10
[  238.516185][  T148]  ? __pfx_kthread+0x10/0x10
[  238.516336][  T148]  ret_from_fork+0x20f/0x910
[  238.516471][  T148]  ? __switch_to+0x51c/0x750
[  238.516645][  T148]  ? __pfx_kthread+0x10/0x10
[  238.516810][  T148]  ret_from_fork_asm+0x1a/0x30
[  238.517001][  T148]  </TASK>
[  238.903119][  T148] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  239.622747][  T499] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.869112][  T499] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.100096][ T5783] Bluetooth: hci5: command tx timeout
[  240.462996][ T5071] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  240.480001][ T5071] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  240.483261][  T499] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.538023][ T5071] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  240.565120][ T5071] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  240.581716][ T5071] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  240.810870][  T499] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.848358][  T499] bridge_slave_1: left allmulticast mode
[  241.876147][  T499] bridge_slave_1: left promiscuous mode
[  241.913287][  T499] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.001582][  T499] bridge_slave_0: left allmulticast mode
[  242.024668][  T499] bridge_slave_0: left promiscuous mode
[  242.049360][  T499] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.166388][ T5071] Bluetooth: hci5: command tx timeout
[  242.247487][ T6206] netlink: 'syz.0.68': attribute type 8 has an invalid length.
[  242.287248][ T6207] loop2: detected capacity change from 0 to 512
[  242.326579][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'.
[  242.417982][ T6207] EXT4-fs: Ignoring removed nobh option
[  242.426725][ T6207] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  242.726214][ T5071] Bluetooth: hci1: command tx timeout
[  242.791169][ T6207] EXT4-fs (loop2): 1 truncate cleaned up
[  242.844332][ T6207] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.584623][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.908383][  T499] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.941145][  T499] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.958908][  T499] bond0 (unregistering): Released all slaves
[  244.246423][ T5071] Bluetooth: hci5: command tx timeout
[  244.270246][ T6177] chnl_net:caif_netlink_parms(): no params data found
[  244.438116][ T6223] netlink: 'syz.2.76': attribute type 8 has an invalid length.
[  244.466706][ T6223] netlink: 8 bytes leftover after parsing attributes in process `syz.2.76'.
[  244.812306][ T5071] Bluetooth: hci1: command tx timeout
[  245.712354][ T6230] loop0: detected capacity change from 0 to 40427
[  245.761487][ T6230] F2FS-fs (loop0): invalid crc value
[  245.987260][ T6230] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  246.009941][ T6230] F2FS-fs (loop0): Start checkpoint disabled!
[  246.024587][ T6230] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  246.052760][ T6230] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  246.153539][   T29] audit: type=1800 audit(1774370331.211:4): pid=6242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.79" name="bus" dev="loop0" ino=10 res=0 errno=0
[  246.333600][ T5071] Bluetooth: hci5: command tx timeout
[  246.475722][  T499] hsr_slave_0: left promiscuous mode
[  246.626393][  T499] hsr_slave_1: left promiscuous mode
[  246.669788][ T6242] bio_check_eod: 182 callbacks suppressed
[  246.669865][ T6242] syz.0.79: attempt to access beyond end of device
[  246.669865][ T6242] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  246.700532][  T499] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.761227][  T499] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.889490][ T5071] Bluetooth: hci1: command tx timeout
[  247.001550][ T6246] loop2: detected capacity change from 0 to 512
[  247.026551][ T6246] EXT4-fs: Ignoring removed nobh option
[  248.676587][ T6246] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  248.959548][  T499] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  248.976346][ T5071] Bluetooth: hci1: command tx timeout
[  249.196953][  T499] batman_adv: batadv0: Removing interface: batadv_slave_1
[  249.519755][ T6246] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  249.520819][ T6246] EXT4-fs: failed to create workqueue
[  249.623434][  T499] veth1_macvtap: left promiscuous mode
[  249.663974][ T6246] EXT4-fs (loop2): mount failed
[  249.670776][  T499] veth0_macvtap: left promiscuous mode
[  249.708730][  T499] veth1_vlan: left promiscuous mode
[  249.738154][  T499] veth0_vlan: left promiscuous mode
[  250.143302][   T12] kworker/u8:0: attempt to access beyond end of device
[  250.143302][   T12] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  250.203344][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  250.203477][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  250.203570][   T12] Workqueue: writeback wb_workfn (flush-7:0)
[  250.203733][   T12] Call Trace:
[  250.203778][   T12]  <TASK>
[  250.203821][   T12]  __dump_stack+0x26/0x30
[  250.203968][   T12]  dump_stack_lvl+0x14c/0x1c0
[  250.204113][   T12]  dump_stack+0x1e/0x25
[  250.204246][   T12]  f2fs_handle_critical_error+0xa6f/0xc20
[  250.204455][   T12]  f2fs_stop_checkpoint+0x65/0x80
[  250.204577][   T12]  f2fs_write_end_io+0x12e6/0x2560
[  250.204785][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  250.204905][   T12]  bio_endio+0x1006/0x1160
[  250.205038][   T12]  submit_bio_noacct+0x533/0x2960
[  250.205220][   T12]  submit_bio+0x57a/0x620
[  250.205363][   T12]  f2fs_submit_write_bio+0x115/0x350
[  250.205548][   T12]  __submit_merged_bio+0x16f/0x780
[  250.205724][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.205916][   T12]  __submit_merged_write_cond+0x4ba/0xae0
[  250.206110][   T12]  f2fs_write_data_pages+0x5073/0x5e10
[  250.206365][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.206548][   T12]  ? __update_load_avg_cfs_rq+0xd80/0x1060
[  250.206755][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.206926][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.207111][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.207281][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.207462][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.207632][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.207813][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.207942][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  250.208069][   T12]  do_writepages+0x3f2/0x860
[  250.208200][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.208381][   T12]  ? writeback_sb_inodes+0x21/0x1d90
[  250.208542][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.208740][   T12]  __writeback_single_inode+0xfc/0x1440
[  250.208913][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.209098][   T12]  writeback_sb_inodes+0xb3b/0x1d90
[  250.209373][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.209546][   T12]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  250.209740][   T12]  wb_writeback+0x4f1/0xcd0
[  250.209918][   T12]  ? queue_io+0x431/0x800
[  250.210075][   T12]  wb_workfn+0x3b9/0x19b0
[  250.210218][   T12]  ? kmsan_get_metadata+0xf1/0x160
[  250.210414][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  250.210550][   T12]  process_scheduled_works+0xb82/0x1e80
[  250.210752][   T12]  worker_thread+0xee4/0x1590
[  250.210928][   T12]  kthread+0x53f/0x600
[  250.211086][   T12]  ? __pfx_worker_thread+0x10/0x10
[  250.211240][   T12]  ? __pfx_kthread+0x10/0x10
[  250.211392][   T12]  ret_from_fork+0x20f/0x910
[  250.211526][   T12]  ? __switch_to+0x51c/0x750
[  250.211697][   T12]  ? __pfx_kthread+0x10/0x10
[  250.211851][   T12]  ret_from_fork_asm+0x1a/0x30
[  250.212038][   T12]  </TASK>
[  250.279187][ T6252] netlink: 'syz.3.84': attribute type 8 has an invalid length.
[  250.305055][   T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  250.431212][ T6252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.84'.
[  251.261528][  T499] team0 (unregistering): Port device team_slave_1 removed
[  251.330647][  T499] team0 (unregistering): Port device team_slave_0 removed
[  251.406380][ T6254] loop2: detected capacity change from 0 to 40427
[  251.461012][ T6254] F2FS-fs (loop2): invalid crc value
[  251.750271][ T6254] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  251.760726][ T6254] F2FS-fs (loop2): Start checkpoint disabled!
[  251.771582][ T6254] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  251.782268][ T6254] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  251.887759][   T29] audit: type=1800 audit(1774370336.941:5): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.85" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  253.214491][ T6263] netlink: 'syz.3.87': attribute type 8 has an invalid length.
[  253.256707][ T6263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.87'.
[  253.397184][ T6177] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.414355][ T6177] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.422944][ T6177] bridge_slave_0: entered allmulticast mode
[  253.432590][ T6177] bridge_slave_0: entered promiscuous mode
[  253.450250][ T6177] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.457976][ T6177] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.465599][ T6177] bridge_slave_1: entered allmulticast mode
[  253.474922][ T6177] bridge_slave_1: entered promiscuous mode
[  253.815222][ T6177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  254.001087][ T6177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  254.125607][ T6191] chnl_net:caif_netlink_parms(): no params data found
[  254.333884][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x9300
[  254.380994][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x501c
[  254.450529][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xd41c
[  254.557268][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x501c
[  254.598755][ T6177] team0: Port device team_slave_0 added
[  254.637701][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x501c
[  254.675674][ T6177] team0: Port device team_slave_1 added
[  254.697653][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x501c
[  254.749526][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x501c
[  254.780621][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x501c
[  254.879601][ T6274] kvm: kvm [6272]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x501c
[  255.080802][  T499] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.340860][  T499] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.435348][ T6177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  255.470124][ T6177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  255.590179][ T6177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  255.653340][  T499] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.723875][ T6177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  255.765718][ T6177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  255.870774][ T6177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  255.986272][  T499] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.350056][ T6191] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.364394][ T6191] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.383041][ T6191] bridge_slave_0: entered allmulticast mode
[  256.411474][ T6191] bridge_slave_0: entered promiscuous mode
[  256.484101][ T6177] hsr_slave_0: entered promiscuous mode
[  256.521937][ T6177] hsr_slave_1: entered promiscuous mode
[  256.553893][ T6177] debugfs: 'hsr0' already exists in 'hsr'
[  256.575302][ T6177] Cannot create hsr debugfs directory
[  256.681390][ T6191] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.696961][ T6191] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.739062][ T6191] bridge_slave_1: entered allmulticast mode
[  256.798432][ T6191] bridge_slave_1: entered promiscuous mode
[  257.635247][ T6309] loop0: detected capacity change from 0 to 512
[  257.668090][ T6309] EXT4-fs: Ignoring removed nobh option
[  257.700529][ T6309] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  257.929512][ T6309] EXT4-fs (loop0): 1 truncate cleaned up
[  258.043663][ T6309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.361424][ T6191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  258.381368][ T6191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  258.985265][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.010282][ T6191] team0: Port device team_slave_0 added
[  259.161725][  T499] bridge_slave_1: left allmulticast mode
[  259.190129][  T499] bridge_slave_1: left promiscuous mode
[  259.226960][  T499] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.250506][  T499] bridge_slave_0: left allmulticast mode
[  259.273520][  T499] bridge_slave_0: left promiscuous mode
[  259.310715][  T499] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.431750][ T6317] netlink: 'syz.0.95': attribute type 8 has an invalid length.
[  259.466515][ T6317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.95'.
[  260.087263][  T499] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  260.152504][  T499] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  260.181663][  T499] bond0 (unregistering): Released all slaves
[  260.228585][ T6191] team0: Port device team_slave_1 added
[  260.587629][ T6320] kvm: kvm [6319]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xffbc00005700
[  260.948546][ T6191] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.955644][ T6191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  261.037400][ T6191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  261.076541][ T6191] batman_adv: batadv0: Adding interface: batadv_slave_1
[  261.083657][ T6191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  261.146183][ T6191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.142333][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  266.224903][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  270.009753][  T499] hsr_slave_0: left promiscuous mode
[  270.045558][  T499] hsr_slave_1: left promiscuous mode
[  270.063793][  T499] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  270.086113][  T499] batman_adv: batadv0: Removing interface: batadv_slave_0
[  270.108325][  T499] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  270.132215][  T499] batman_adv: batadv0: Removing interface: batadv_slave_1
[  270.190210][  T499] veth1_macvtap: left promiscuous mode
[  270.202372][  T499] veth0_macvtap: left promiscuous mode
[  270.219600][  T499] veth1_vlan: left promiscuous mode
[  270.234654][  T499] veth0_vlan: left promiscuous mode
[  270.542040][ T5783] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  270.559028][ T5783] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  270.570216][ T5783] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  270.606066][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  270.621687][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  271.078531][ T6340] kvm: kvm [6339]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x5016
[  271.304939][  T499] team0 (unregistering): Port device team_slave_1 removed
[  271.378950][  T499] team0 (unregistering): Port device team_slave_0 removed
[  271.706910][    C0] =====================================================
[  271.714109][    C0] BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0
[  271.722944][    C0]  __flush_smp_call_function_queue+0x362/0x18e0
[  271.729321][    C0]  generic_smp_call_function_single_interrupt+0x1c/0x30
[  271.736400][    C0]  __sysvec_call_function_single+0x4b/0x3e0
[  271.742438][    C0]  sysvec_call_function_single+0x7c/0x90
[  271.748199][    C0]  asm_sysvec_call_function_single+0x1f/0x30
[  271.754309][    C0]  __msan_metadata_ptr_for_store_4+0x11/0x40
[  271.760535][    C0]  stack_trace_save+0x70/0x100
[  271.765449][    C0]  kmsan_internal_poison_memory+0x4a/0x90
[  271.771333][    C0]  kmsan_slab_free+0xce/0x140
[  271.776161][    C0]  kfree+0x2e4/0x1130
[  271.780240][    C0]  skb_release_data+0x1061/0x11b0
[  271.785390][    C0]  __kfree_skb+0x6b/0x260
[  271.789828][    C0]  consume_skb+0x86/0x2a0
[  271.794261][    C0]  nsim_dev_trap_report_work+0x1063/0x1430
[  271.800228][    C0]  process_scheduled_works+0xb82/0x1e80
[  271.805910][    C0]  worker_thread+0xee4/0x1590
[  271.810715][    C0]  kthread+0x53f/0x600
[  271.814927][    C0]  ret_from_fork+0x20f/0x910
[  271.819642][    C0]  ret_from_fork_asm+0x1a/0x30
[  271.824555][    C0] 
[  271.826925][    C0] Local variable tmp created at:
[  271.831911][    C0]  number+0x83/0x2190
[  271.836047][    C0]  vsnprintf+0xd0d/0x1b00
[  271.840519][    C0] 
[  271.842906][    C0] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  271.852309][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  271.862470][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  271.869417][    C0] =====================================================
[  271.876423][    C0] Disabling lock debugging due to kernel taint
[  271.882647][    C0] Kernel panic - not syncing: kmsan.panic set ...
[  271.889166][    C0] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  271.900162][    C0] Tainted: [B]=BAD_PAGE
[  271.904378][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  271.914530][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  271.921479][    C0] Call Trace:
[  271.924822][    C0]  <IRQ>
[  271.927730][    C0]  __dump_stack+0x26/0x30
[  271.932204][    C0]  dump_stack_lvl+0x50/0x1c0
[  271.936935][    C0]  ? dump_stack+0x12/0x25
[  271.941406][    C0]  dump_stack+0x1e/0x25
[  271.945794][    C0]  vpanic+0x7b4/0x1430
[  271.950032][    C0]  panic+0x15d/0x160
[  271.954135][    C0]  kmsan_report+0x31a/0x320
[  271.958812][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  271.964094][    C0]  ? __msan_warning+0x1b/0x30
[  271.968919][    C0]  ? __flush_smp_call_function_queue+0x362/0x18e0
[  271.975499][    C0]  ? generic_smp_call_function_single_interrupt+0x1c/0x30
[  271.982767][    C0]  ? __sysvec_call_function_single+0x4b/0x3e0
[  271.989002][    C0]  ? sysvec_call_function_single+0x7c/0x90
[  271.994948][    C0]  ? asm_sysvec_call_function_single+0x1f/0x30
[  272.001243][    C0]  ? __msan_metadata_ptr_for_store_4+0x11/0x40
[  272.007653][    C0]  ? stack_trace_save+0x70/0x100
[  272.012753][    C0]  ? kmsan_internal_poison_memory+0x4a/0x90
[  272.018801][    C0]  ? kmsan_slab_free+0xce/0x140
[  272.023805][    C0]  ? kfree+0x2e4/0x1130
[  272.028066][    C0]  ? skb_release_data+0x1061/0x11b0
[  272.033394][    C0]  ? __kfree_skb+0x6b/0x260
[  272.038009][    C0]  ? consume_skb+0x86/0x2a0
[  272.042627][    C0]  ? nsim_dev_trap_report_work+0x1063/0x1430
[  272.048786][    C0]  ? process_scheduled_works+0xb82/0x1e80
[  272.054995][    C0]  ? worker_thread+0xee4/0x1590
[  272.059984][    C0]  ? kthread+0x53f/0x600
[  272.064380][    C0]  ? ret_from_fork+0x20f/0x910
[  272.069269][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  272.074374][    C0]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  272.080892][    C0]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  272.087127][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.092408][    C0]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  272.098384][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.103660][    C0]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  272.110154][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.115437][    C0]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  272.121431][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.126722][    C0]  __msan_warning+0x1b/0x30
[  272.131374][    C0]  __flush_smp_call_function_queue+0x362/0x18e0
[  272.137754][    C0]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  272.143765][    C0]  generic_smp_call_function_single_interrupt+0x1c/0x30
[  272.151111][    C0]  __sysvec_call_function_single+0x4b/0x3e0
[  272.157165][    C0]  sysvec_call_function_single+0x7c/0x90
[  272.162941][    C0]  </IRQ>
[  272.165936][    C0]  <TASK>
[  272.168932][    C0]  asm_sysvec_call_function_single+0x1f/0x30
[  272.175181][    C0] RIP: 0010:__msan_metadata_ptr_for_store_4+0x11/0x40
[  272.182147][    C0] Code: cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 53 48 83 ec 10 9c 8f 45 e8 <0f> 01 ca 48 8b 5d e8 be 04 00 00 00 ba 01 00 00 00 e8 79 27 00 00
[  272.201917][    C0] RSP: 0018:ffff8881007075b8 EFLAGS: 00000286
[  272.208130][    C0] RAX: ffff8880bbb075e8 RBX: ffff888100710bc8 RCX: 0000000000500f23
[  272.216207][    C0] RDX: ffff8881003075e8 RSI: 0000000000000001 RDI: ffff8881007075ec
[  272.224295][    C0] RBP: ffff8881007075d0 R08: ffffea000000000f R09: 0000000000000000
[  272.232373][    C0] R10: ffff8880bbb078c0 R11: ffff8880bbb078d0 R12: 0000000000000040
[  272.240445][    C0] R13: ffff888100707640 R14: ffff8881007075e0 R15: 0000000000000001
[  272.248561][    C0]  stack_trace_save+0x70/0x100
[  272.253503][    C0]  kmsan_internal_poison_memory+0x4a/0x90
[  272.259410][    C0]  ? chacha_permute+0x1057/0x1200
[  272.264606][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.269896][    C0]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  272.275987][    C0]  ? kfree+0x221/0x1130
[  272.280295][    C0]  ? filter_irq_stacks+0x49/0x190
[  272.285490][    C0]  ? stack_depot_save_flags+0x35/0x790
[  272.291198][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.296483][    C0]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  272.302986][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.308271][    C0]  ? kmsan_get_shadow_origin_ptr+0x35/0xb0
[  272.314348][    C0]  kmsan_slab_free+0xce/0x140
[  272.319175][    C0]  kfree+0x2e4/0x1130
[  272.323265][    C0]  ? skb_release_data+0x1061/0x11b0
[  272.328617][    C0]  ? kmsan_get_metadata+0xf1/0x160
[  272.333917][    C0]  skb_release_data+0x1061/0x11b0
[  272.339100][    C0]  ? nsim_dev_trap_report_work+0x1063/0x1430
[  272.345256][    C0]  __kfree_skb+0x6b/0x260
[  272.349699][    C0]  ? nsim_dev_trap_report_work+0x1063/0x1430
[  272.355947][    C0]  consume_skb+0x86/0x2a0
[  272.360385][    C0]  ? __local_bh_enable_ip+0x75/0xb0
[  272.365735][    C0]  nsim_dev_trap_report_work+0x1063/0x1430
[  272.371847][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  272.378170][    C0]  process_scheduled_works+0xb82/0x1e80
[  272.383925][    C0]  worker_thread+0xee4/0x1590
[  272.388789][    C0]  kthread+0x53f/0x600
[  272.393111][    C0]  ? __pfx_worker_thread+0x10/0x10
[  272.398407][    C0]  ? __pfx_kthread+0x10/0x10
[  272.403160][    C0]  ret_from_fork+0x20f/0x910
[  272.407892][    C0]  ? __switch_to+0x51c/0x750
[  272.412652][    C0]  ? __pfx_kthread+0x10/0x10
[  272.417415][    C0]  ret_from_fork_asm+0x1a/0x30
[  272.422371][    C0]  </TASK>
[  272.425821][    C0] Kernel Offset: disabled
[  272.430210][    C0] Rebooting in 86400 seconds..