last executing test programs:

6.028241839s ago: executing program 3 (id=3174):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffb}]}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0)

5.885759194s ago: executing program 3 (id=3177):
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r0, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x7fffffffffffffff)
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
shutdown(r2, 0x0)
r7 = accept4(r0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="12010102cb4b6940d21940001f85010203010902"], &(0x7f0000000180)={0x0, 0x0, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="050f"]})
sendmmsg$inet(r1, &(0x7f0000002ac0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x4, 0x0)
sendmmsg$inet6(r7, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0)

5.72730575s ago: executing program 2 (id=3179):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)

5.577227351s ago: executing program 2 (id=3182):
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="0f02000039000511d25a80648c63940d0324fc600b003540280009000200002037153e37eb010280060410000a00", 0x33fe0}], 0x1}, 0x0)

5.449527492s ago: executing program 0 (id=3183):
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffffffffffffffd)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x0, 0xffff3dfa}}}}]}, 0x78}}, 0x0)

5.39749514s ago: executing program 2 (id=3184):
r0 = io_uring_setup(0x79af, &(0x7f0000001240))
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
preadv2(r1, &(0x7f0000000640)=[{&(0x7f0000000540)=""/252, 0xfc}], 0x1, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4ba, &(0x7f0000000080), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

5.24355594s ago: executing program 0 (id=3185):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630100f80000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x2000010, &(0x7f0000000140)=ANY=[], 0x3, 0x6b5, &(0x7f0000001240)="$eJzs3c1vHGcdB/DvrNeOHargtEkaoaJaiVSQIhInVgrhQkAI5VChqhw4W4nTWNkkle0it0LgQgUnJA79AwqSb5yQkDgGhXM50auPlZC4RBwiLkYzO2uv7d14Hb+XzycazzP7vMxvfvvMjHed1Qb4v3XrUpqPU+TWpbcWy+2V5anWyvLUibq6laQsv5Q0kzSSFA+T4klys6wvkozW6/b2x73388nsjXc+f7ryRXurWS9Vv0ZX/0H0aLtUL5lIMlSvtxoedBcbxrvdPv5NRgYda0PDMmkXOwcPh211i6WddN/JeQscMZ27U9G+b24xnpys7/HV7wT11aFxcBHujx1d5QAAAOCY+uzRYUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx0/9/f9FvTTqdSZSdL7/f6TzWF0+1h4fdgAAAAAAAAAAsAdef5ZnWcypzvZqUf3N/0K1cSb/XU2+kvczn5nM5XIWM52FLGQuV5OMdw00sji9sDB3da1nqXfPaz17XjuoIwYAAAAAAACAL6Vf5db63/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAoKJKh9qpaznTK42k028WMlD+Wkn90ysdE0evBxwcfBwAAAOzK6Av0+eqzPMtiTv3zr+3t1aJ6zX+uer08mvfzMAuZzUJamcmd+jV0+aq/sbI81VpZnnpQLlvH/f6/dxRGNWLa7z303vP5qsVY7ma2euRyblfB3Emj6lk634mnd1wflTEV36sNGFmzTmu5s9/3exdhT+z0rYjxMrhkLSOTdWyNZDhJmYGieqOmLL++oeu2z05z857SyPDanq6msfbOz5l9yPnJel0ez2/2Nec7tZaJRqpMXOuafeeen4nkG3/500/vtR7ev3d3/tLROaRtDPV5fPOcmOrKxKvHOhPNHbafrDJxdm37Vn6Un+RSJvJ25jKbn2U6C5nJal0/Xc/n8uf48zN1c8PW29tFMlI/L+3nbJuYGmVME/lhFd10LlR9T2U2RR7lTmbyZvXvWq7m27me67nR9Qyf7Rt3dWzVWd9YP+tX16uS/K1n8Be/WRfGkvy2Xm/JwSb9ZudeaV/7y7ye7spre9Y/XWt1uus8mOzK0stlZvrflV/k2tj8Wl0o9/Hren00jNeZKE+gzl2iE90r7XnSrO9Lm+f5H6oJMt96eH/u3vR7fcZf2rT9Rr0up9Xy1weNcnjwA3ph5Xx5OaP1lWTj7CjrXlm7ypzecFcdqf/i0q5rbKk7W9UVRedM/XHfM3UkmTjXc6Rr1Uiv9qybqurOd9Vt+H0rj9LKnQPIHwC7NJ6TI2P/Gvts7NOxj8fujb01+oMT3znx2kiG/z783ebk0BuN14o/59P8IqcOO1IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgymP/gw/vTrdbMXO9Co3/VNoXtRt5UKOov9HmhfW0snNhd976Fp6PJwI1Hs6nxcPnA/gT2nMLY5jC2FFZ/mRxcPHWh8yWCvdv8riw0M8iAN7dr89EA8Zw44CflaBWG0nsCHPKFCdh3VxYevHdl/oMPvzX7YPrdmXdnHg5fv35j8sb1N6eu3J1tzUy2fx52lMB+WL/pH3YkAAAAAAAAAAAAwKB6fTDgwks7+KBL/894+J+FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ64dSnNxylydfLyZLm9sjzVKpdOeb1lM0mjkRQ/T4onyc20l4x3DVfkj0+y2mM/n8zeeOfzpytfrI/VbLdPGvV6F5bqJRNJhur1Xo13e9fjFf/pHGGZsIudxMFh+18AAAD//9kP8rA=")
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x81, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x4, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}})
request_key(&(0x7f0000000280)='blacklist\x00', 0x0, &(0x7f0000000440)='\x00', 0xfffffffffffffffb)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r3, 0x4068aea3, &(0x7f0000000080)={[{0x80, 0x0, 0x0, 0x0, 0x7}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000004f00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
semop(0x0, 0x0, 0xfffffffffffffd1e)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0xe5, {{0x29, 0x0, 0x2000000, @dev, 0x5}}}, 0x88)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0)

5.164820413s ago: executing program 2 (id=3186):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x0, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000140)={0x28, 0x0, r2, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000340), 0x208e24b)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})

3.063924777s ago: executing program 0 (id=3189):
r0 = io_uring_setup(0x177f, &(0x7f0000000340))
r1 = socket(0x2b, 0x1, 0x1)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x1e, &(0x7f0000000200), 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)

3.005168628s ago: executing program 1 (id=3190):
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$int_in(r0, 0x5452, &(0x7f0000000240)=0x80000000)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
listen(r0, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000217100000001010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000016d8ce4db711d5e46c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e30000000000000000000000014000100677265e52ea619052f9c08000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e64300000000000000000000000140001006970766c616e31"], 0x4b0}}, 0x0)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r3 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
socket$kcm(0x10, 0x2, 0x10)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@restrict]}, {0x0, [0x0, 0x61, 0x5f]}}, &(0x7f00000004c0)=""/7, 0x29, 0x7, 0x1}, 0x20)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_aout(r4, &(0x7f0000000800)=ANY=[], 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r4, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
connect$bt_sco(r2, &(0x7f00000000c0), 0x8)

2.921812735s ago: executing program 2 (id=3191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r0}, 0x48)
bpf$MAP_UPDATE_BATCH(0x18, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38)

2.676571737s ago: executing program 1 (id=3193):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)

2.656300027s ago: executing program 0 (id=3194):
capset(&(0x7f00000132c0)={0x20071026}, &(0x7f0000013300))
init_module(0x0, 0x0, 0x0)

2.647762838s ago: executing program 2 (id=3195):
r0 = socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800483, &(0x7f0000000940), 0x0, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+f3UFv6xPW33hn56OTrX3z2VzL55U8nkzgWv55plLWfx2YZi7H4o1b7YPn+9N/16GZXlpNy6+/krmT5DrasSiPCYzAiHouRKLf9b47Ehy/n2jigr2pJRA0oqET8Q0E1xwHN9/a9vQ8u9XlUAjwIS8fTnwMd4r/SuDYYozEQEXuXPa/DJb0NSev47tuT19Mt+nQdDuhs8dqOLLU8/pN6bI7Gznpu153SPdd50xHAqewx3f/KBusfW5YX//DgLF6LiMc7jf/Xjv832uL/zQ3WL/4BAAAAAABg89w6HhHPdrr/V8ruze2Mp+r3/5LG/b8f7q4QPLYJ9a99/690exOqATpYOh7xUsf5v605vqPlLPf/xmzA5My56uzBbG3t/hjYkeYnV6njwMe7b3Qra5//l25p/c25gFk7bld23Pucmen56fs5Z6Bh6VrEE5Xu83/S/j9p7/8z6evB5R7r2L335qluZWvHP9Avtc8j9nXs/5PWMcnqn88xUR8PTDRHBSs9+d4nX3WrX/xDftL+f9fq8T+atH9ez9z6fv9gRBxaqNS6lW90/D+YvFZu/v7Uu9Pz81cmIwaTEyv3T62vzbBdNeOhGS9p/O9/evXrf63xf1scDkXEYo91PvrP8M/dyvT/kJ80/mfW1f+vPzF1c/TrbvX31v8frvfp+7M9rv/B6noN0LzbCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RaWI+F8kpfFWulQaH48YjohHYlepemlu/pkzl96+OJOW1b//v9T8pt+RRj5pfv//aFt+aln+UEQ8HBGflofq+fHTl6ozeZ88AAAAAAAAAAAAAAAAAAAAbBHDXdb/p34p5906oO8q2aN4h+Kp5N0AIDfiH4pL/ENxiX8oLvEPxbXB+He7ALYB/T8U1UBvh+3sdzuAPOj/AQAAAABgW7n14vM3kohYfGGovqUGs7LWjcGhvFoH9FMp7wYAuTGHF4rL1B8orh4n/wLbWNJK/VnrVN599n/SnwYBAAAAAAAAAAAAACvs23PrxzXX/wPbkvX/UFzW/0NxWf8PxeU9PrDWKn7r/wEAAAAAAAAAAAAgf3MLV89PV6uzVyQktlpiICK2QDNySAzmH545vzABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt/wYAAP//FislCQ==")
sched_setscheduler(0x0, 0x1, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write(0x1, &(0x7f0000000000)={0x1001}, 0x10)
modify_ldt$write(0x1, &(0x7f0000001700), 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setpriority(0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14)
io_setup(0x9, &(0x7f0000000100)=<r5=>0x0)
io_getevents(r5, 0x2, 0x1, &(0x7f0000000740)=[{}], &(0x7f0000000780))

2.627426527s ago: executing program 1 (id=3196):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800051000000000000006808500000050000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f00000007c0)='ext4_es_find_extent_range_exit\x00', r1}, 0x10)
write(r0, &(0x7f0000004200)='t', 0x1)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r2, &(0x7f0000000400)=[{&(0x7f0000000980)='\x00', 0x1}], 0x1, 0x7bff, 0x0, 0x3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r4, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000100)=ANY=[], 0xfffffe3e)

2.4885029s ago: executing program 0 (id=3197):
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0xfe, 0x619d, &(0x7f0000000780)="$eJzs3cuOHFcZB/Cv+jaXEMfKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgCYsmKB8iCLTseAEs2EiirFKqZc8Y1nW732M509cz5/aRx1denavqU/119marqEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/PAHPz5bRcTlX6Ubjkd8LvoRvYiVpl6LiJW143n5QUQ8H9vN8VxEDJciqtz4TMRrEfHRsYh792+vNzed22c/vv+Xf/7hJ0/96B9/Gp7+319v9l+fttytW7/979/uPP72AgAAQInquq6r9DH/RPp83+u6UwDAXOTX/zrJt6sXrt5csP6o1Wq1+hDWbfVkd9pFRGy212neMzgcDwCHzGZ83HUX6JD8izaIiKe67gSw0KquO8CBuHf/9nqV8q3arwdrO+35XJA9+W9Wu9d3TJvOMn6OybweX1vRj2en9GdlTn1YJDn/3nj+l3faR2m5g85/XqblP9q59Kk4Of/+eP5jjk7+vYn5lyrnP3ik/PvyBwAAAACABZb//n+84+O/S0++KfvysOO/a3PqAwAAAAAAAAB81p50/L9dlfH/AAAAYFE1n9Ubvzv24LZp38XW3H6pinh6bHmgMOlimdWu+wEAAAAAAAAAAAAAJRnsnMN7qYoYRsTTq6t1XTc/beP1o3rS9Q+70rcfStb1kzwAAOz46NjYtfxVxHJEXErf9TdcXV2t6+WV1Xq1XlnK72dHS8v1SutzbZ42ty2N9vGGeDCqm1+23Fqvbdbn5Vnt47+vua9R3d9Hx+ajw8ABICJ2Xo3ueUU6Yur6mej6XQ6Hg/3/6LH/sx9dP04BAACAg1fXdV2lr/M+kY7597ruFAAwF/n1f/y4gFqtVqvV6qNXt9WT3WkXEbHZXqd5z2A4fgA4ZDbj4667QIfkX7RBRDzfdSeAhVZ13QEOxL37t9erlG/Vfj1I47vnc0H25L9Zba+X1580nWX8HJN5Pb62oh/PTunPc3PqwyLJ+ffG87+80z5Kyx10/vMyLf9mO4930J+u5fz74/mPOTr59ybmX6qc/+CR8u/LHwAAAAAAFlj++//xhTr+O3rczZnpYcd/1w7sXgEAAAAAAADgYN27f3s9X/eaj/9/YcJyrv88mnL+lfyLlPPvjeX/1bHl+q35u289yP8/92+v//Hmvz+fp/vNfynPVOmRVaVHRJXuqRqk6ZNs3adtDfuj5p6GVa8/SOf81MN34mpci404s2fZXvr/eNB+dk9709Phdnvd32k/t6d9sNue1z+/p32YznSqV3L7qViPn8e1eHu7vWlbmrH9yzPa6xntOf++/b9IOf9B66fJfzW1V2PTxt0Pe5/a79vTSffz5tUv/ubMwW/OTFvR3922tmb7XuygP9v/J0+N4pc3Nq6funXl5s3rZyNN9tx6LtLkM5bzH6af3ef/l3ba8/N+e3+9++HokfNfFFsxmJr/S635ZntfnnPfupDzH6WfnP/bqX3y/n+Y85++/7/SQX8AAAAAAAAAAAAAAADgYeq63r5E9M2IuJCu/+nq2kwAYL7y63+d5NvnVfcfd/0/792OrvqvVs+5rhasP3OtP6kXqz9q9WGs2+rJ3mgXEfH39jrNe4ZfT/plAMAi+yQi/tV1J+iM/AuWv++vmZ7sujPAXN14/4OfXrl2beP6ja57AgAAAAAAAAA8rjz+51pr/OeTdV3fGVtuz/ivb8Xak47/OcgzuwOMThmouv/o2/QwW71Rv9cabvyFmDb+93B37mHjfw9m3N9wRvtoRvvSjPblGe0TL/Royfm/0Brv/GREnBgbfr2E8V/Hx7wvQc7/xdbjucn/K2PLtfOvf3+Y8+/tyf/0zfd+cfrG+x+8evW9K+9uvLvxs/Nnz545f+HCxYsXT79z9drGmZ1/O+zxwcr557GvnQdalpx/zlz+Zcn5fynV8i9Lzv/LqZZ/WXL++f2e/MuS88+ffeRflpz/y6mWf1ly/l9LtfzLkvN/JdXyL0vO/+upln9Zcv6vplr+Zcn5n0q1/MuS8z+d6n3mv3LQ/WI+cv75CJf9vyw5/3xmg/zLkvM/l2r5lyXnfz7V8i9Lzv+1VMu/LDn/b6Ra/mXJ+V9ItfzLkvP/ZqrlX5ac/8VUy78sOf9vpVr+Zcn5fzvV8i9Lzv/1VMu/LDn/76Ra/mXJ+X831fIvS87/e6mWf1ly/m+kWv5lefD9/2bMmDGTZ7p+ZgIAAAAAAAAAAAAAxs3jdOKutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKe3cXI9dZ3w/8zL557UBiIOTv5G/C2jHGOJvs+iV+oXUx4bXhrSSEQl+wXe/aLPgNr10CjWpHgRIJo6KKtuGiLSDU5qbCqrigFaBcoFaVKpH2gt4gKlQuoiqggFSJVpCtZs7zPDszOzuz6x07Z875fKTkl505M+fMmWdm92vnuwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBsy5tmP1PLsqxWq+UXbMyyl9Tn+omNjUte/+IeHwAAALB2v2z8+/lb0gWHV3Cjpm3+6c7vfn1hYWEh+8Dwn45+YWEhXTGRZaPrsqxxXXT1hx+sNW8TPJ6N14aavh7qsfvhHteP9Lh+tMf1Yz2uX9fj+vEe1y85AUusz2rpzrY1/nNjfkqzW7PRxnXbOtzq8dq6ofq5S7fNao3bLIyeyOayU9lsNt2yfb5trbH9N7fU9/X2LO5rqGlfm+sr5KePHo/HUAvneFvLvhbvM/rxG7OJn/300eN/feG52zvNnqeh5f7y49yxtX6cnwqX5Mday9alcxKPc6jpODd3eE6GW46z1rhd/b/bj/P5FR7n8OJh3lDtz/l4NtT472ca52mklnU4T5vDZT+/K8uyy4uH3b7Nkn1lQ9mGlkuGFp+f8XxF1u+jvpReno2sap1uWcE6rc+Zba3rtP01EZ//LeF2I8scQ/PT9OPHxpqe918sXMs6jeqPernXSvsa7PdrpShrMK6LZxoP+omOa3BbePyPbl9+DXZcOx3WYHrcTWtwa681ODQ23Djm9CTUGrdZXIO7WrYfbuyp1pjPbu++BqcunD43Nf+JT94zd/rYydmTs2f27No1vWffvgMHDkydmDs1O53/+xrPdvFtyIbSa2BrOHfxNfDatm2bl+rCl8eWvP9e6+twvMvrcGPbtv1+HY60P7jajXlBLl3T+WvjffWTPn5lKFvmNdZ4fnau/XWYHnfT63Ck6XXY8XtKh9fhyApeh/Vtzu1c2c8sI03/dDqG5b8XrG0Nbmxag+0/j7SvwX7/PFKUNTge1sX3dy7/vWBzON4nJlf788jwkjWYHm5476lfkn7eHz/QGJ3W5R31K24ayy7Oz56/95FjFy6c35WFcUO8ommttK/XDU2PKVuyXodWvV4Pz935xB0dLt8YztX4PfV/jS/7XNW32Xtv9+eq8d2t8/lsuXR3Fkaf3ejz2em7ef18jmXZF7/z2IPfevSLb1r2fNbz5qem1v6zeMqlTe+/o8u8/8bc/0K+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56dW9n48Gv650e/Ht3Z5P97Utm2/349H2x9cfD+u9frTjrVpfz7Hwzo5Nd39/bi+zabdq12TI13fj+8KsxbO/+tCUki5qGntLLdu075GRkbD4xqJe2hdp3tath8N2ay+r6d2X9s63XFXfl/D6dEtulHrdKJt236v0/RnX8ut01qvP327Nu3P53hYF7fu6b5O69s8vXft753r4382vXeO9VqDo8Nj9WMeTYuw8X6fLayPa/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/bvR75aYua3BH27b9XoPp+9hya682svTB90H78zke1sWT93Vfg/Vt3ry/vz+77giXpG2afnZt//O15f7M646203S91spIOM7v7O/+Z7P1bU4dWG3O7H6e7g6X3NThPLW/fpd7Tc1kN+Y8bQrH+dyB5c9T/Xjq23zh4ArX0+Esyy597P7Gn/eGv1/5u4vf+3rL37t0+judSx+7/ycvPfGPqzl+AAbfC/nYkH+va/qbqZX8/T8AAAAwEGLuHwozkf8BAACgNGLuj/9XeCL/AwAAQGnE3D8SZlKR/L/pzc/NvXApS838hSBen07DA/l2seM6Hb6eWFhUv/z+r87+9z9cWtm+h7Is+8UDf9Bx+00PxOPKTYTjvPqW1suX+Po9K9r30Ycvpf0299e/FO4/Pp6VLoNOFdzpLMu+ecvnGvuZ+OCVxnz6gaON+eDlJx6vb/P8wfzrePtnX5Fv/xeh/Hv4xLGW2z8bzsOPwpx+R+fzEW/3tSuv27z//Yv7i7erbb258bCf/FB+v/H35Hz+8Xz7eJ6XO/5vffapr9W3f+Q1nY//0lDn438q3O9Xw/yfV+XbNz8H9a/j7T4djj/uL97u3q98u+PxX/1Mvv25t+bbHQ0z7n9H+HrbW5+baz5fj9SOtTyu7G35dnH/09/748b18f7i/bcf//iRKy3no319PP1v+f1MtW0fL4/7if6+bf/1+2len3H/T/3R0Zbz3Gv/Vx989lX1+23f/91t25372M7G/hfvr/U3Nv3lpz/XcX/xeA7/7bmWx3P4veF1HPb/5IfCegzX/+/V/P7af7vC0fe2vv/E7b+08VLL44ne/rN8/1ffcLIx142v33DTS1568+VX189dlj2zLr+/Xvs/+VdnW47/y7fl5yNeHzv67ftfTtz/+Y9Pnjk7f3FuJp3VR29p/O6cd+bHE4/3lvDe2v71kbMXPjx7fmJ6YjrLJsr7K/Su2VfC/Ek+LnffemHJO+jOh8Pzeceff3PD9n/9bLz839+XX37lHfn3rdeG7T4fLt8Ynr/V7X+pJ7fc1nh9154OR7iw9PcFr8Xmbf91YEUbhsff/nNBXO/nXvnhxnmoX9f4vhFf12s8/h/M5PfzjXBeF8JvZt562+L+mrePvxvhykP5633N5y+8zcXn9W/C8/2uH+X3H48rPt4fhJ9jvr2p9f0uro9vXBpqv//Gb/G4HN5Pssv59XGreL6vPH9bx8OLv4cku3x74+s/Sfdz+6oe5nLmPzE/dWruzMVHpi7Mzl+Ymv/EJ4+cPnvxzIUjjd/leeQjvW6/+P60ofH+NDO7b2/WeLc6m4/r7MU+/nMPH5/ZP719ZvbEsYsnLjx8bvb8yePz88dnZ+a3HztxYvbjvW4/N3No1+6De/bvnjw5N3PowMGDew5Ozp05Wz+M/KB62Df90ckz5480bjJ/aO/BXffdt3d68vTZmdlD+6enJy/2un3je9Nk/da/P3l+9tSxC3OnZyfn5z45e2jXwX37dvf8bYCnz52Yn5g6f/HM1MX52fNT+WOZuNC4uP69r9ftKaf5/8h/nm1Xy38RX/aeu/el389a99XHlr2rfJO2XyD6XPhdNP/8snMHVvJ1zP2jYSYVyf8AAABQBTH3j4WZyP8AAABQGjH3rwszkf8BAACgNGLuHw8zqUj+L13/f9OlFe1f/1//v/l86f9XrP//UNH6//n7hf5/f6y1f6//H+j/6//r/+v/6//TB0Xr/8fcvz7LKpn/AQAAoApi7t8QZiL/AwAAQGnE3H9TmIn8DwAAAKURc/9Lwkwqkv/1//X/9f/1//X/O+9f/38w6f93p//fg/7/VFat/v/lfh6//r/+P0sVrf8fc/9Lw0wqkv8BAACgCmLuvznMRP4HAACA0oi5/5YwE/kfAAAASiPm/o1hJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/9/n/+v/6//TV0Xr/8fc/7Iwk4rkfwAAAKiCmPtfHmYi/wMAAEDxjFzbzWLuf0WYyZL8f407AAAAAF50MfffmrUVwSvy9//6//r/xe//r0vX6f/r/2eF7P8PZ/r/xaH/353+fw/6//r/+v/6//RV0fr/jdyfjWevDDOpSP4HAACAKoi5/7YwE/kfAAAASiPm/v8XZiL/AwAAQGnE3L8pzKQi+V//X/+/+P1/n/+v/1/0/r/P/y8S/f/u9P970P/X/9f/1/+nr4rW/4+5//Ywk4rkfwAAAKiCmPvvCDOR/wEAAKA0Yu7//2Em8j8AAACURsz9m8NMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfFWZSkfwPAAAAVRBz/51hJvI/AAAAlEbM/a8OM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/i1hJhXJ/wAAAFAFMfdvDTOR/wEAAKA0Yu6/K8xE/gcAAIDSiLl/W5hJRfK//v9A9P8z/X/9f/1//X/9/5XR/+9O/78H/X/9f5//r/9PXxWt/x9z/2vCTCqS/wEAAKAKYu7fHmYi/wMAAEBpxNz/2jAT+R8AAABKI+b+HWEmFcn/+v/6//r/+v/6/533r/8/mPT/u9P/70H/X/9f/1//n74qWv8/5v7XhZlUJP8DAABAFcTcvzPMRP4HAACA0oi5/+4wE/kfAAAASiPm/skwk4rkf/1//X/9f/1//f/O+9f/H0z6/93p//eg/6//r/+v/09fFa3/H3P/PWEmFcn/AAAAUAUx998bZiL/AwAAQGnE3D8VZiL/AwAAQGnE3D8dZlKR/K//r/+v/6//v6r+/6sX71f/P6f/Xyz6/93p//eg/6///6L3/0f1/ymVovX/Y+7fFWZSkfwPAAAAVRBz/+4wE/kfAAAASiPm/j1hJvI/AAAAlEbM/XvDTCqS//X/9f/1//X/ff5/5/3r/w8m/f/u+t//jw9R/1//X//f5//r/7NU0fr/MfffF2ZSkfwPAAAAVRBz/74wE/kfAAAASiPm/v1hJvI/AAAAlEbM/QfCTCqS//X/9f/1//X/9f8771//fzDp/3fn8/970P/X/9f/1/9njR76w+avitb/j7n/YJhJRfI/AAAAVEHM/a8PM5H/AQAAoDRi7v+VMBP5HwAAAEoj5v5fDTOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/+v/6//r/9FXR+v8x9x8KM6lI/gcAAIAqiLn/18JM5H8AAAAojZj73xBmIv8DAABAacTcfzjMpCL5X/9f/1//X/9f/7/z/m90/38s3q/+/5ro/3en/9+D/r/+v/6//j99VbT+f8z9bwwzqUj+BwAAgCqIuf/+MBP5HwAAAEoj5v43hZnI/wAAAFAaMfe/OcykIvlf/1//X/9f/1//v/P+ff7/YNL/707/vwf9f/1//X/9f/qqaP3/mPvfEmZSkfwPAAAAVRBz/1vDTOR/AAAAKI2Y+98WZiL/AwAAQGnE3P/2MJOK5H/9f/1//X/9f/3/zvvX/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/6+HmVQk/wMAAEAVxNz/QJiJ/A8AAAClEXP/O8JM5H8AAAAojZj73xlmUpH8r/+v/6//r/+v/995//r/g0n/v7sB6///8uZwuf5/Tv+/2Me/2v7/SNvX16X//8Pl+v8L69pvr//P9VC0/n/M/e8KM6lI/gcAAIAqiLn/3WEm8j8AAACURsz97wkzkf8BAACgNGLu/40wk4rkf/3/+nEstpf1/8va/x/S/9f/1/+vCP3/7gas/+/z/9vo/xf7+H3+v/4/SxWt/x9z/3vDTCqS/wEAAKAKYu5/MMxE/gcAAIDSiLn/oTAT+R8AAABKI+b+94WZVCT/6//7/P9q9P99/n+m/6//XxH6/93p//eg/6//X7T+/3/q/zPYitb/j7n/4TCTiuR/AAAAqIKY+98fZiL/AwAAQGnE3P+bYSbyPwAAAJRGzP0fCDOpSP7X/x+U/v/EgPb/H9P/v479/ztvzrfT/9f/Z5H+f3f6/z3o/+v/F63/7/P/GXBF6//H3P/BMJOV5//xFW8JAAAAvChi7v+tMJOK/P0/AAAAVEHM/b8dZiL/AwAAQGnE3P87YSYVyf/6/4PS//f5/5n+v8//b3s8+v/6/53cuP5/fOfR/9f/1/+P9P/1//X/aVe0/n/M/b8bZlKR/A8AAABVEHP/h8JM5H8AAAAYCJ3+n+x2MfcfCTOR/wEAAKA0Yu4/GmZSkfyv/6//r/9f0P7/n239l+9/991Hd+n/6//r/6/KDf38//qL3+f/6//r/yf6//r/+v+0K1r/P+b+Y2EmFcn/AAAAUAUx9/9emIn8DwAAAKURc//xMBP5HwAAAEoj5v6ZMJOK5H/9f/1//f+C9v8H+PP/4/nQ/2/Vt/5/fNPV/+8o79+nVXR9+//vX+yJ6/+vtv8/1vFS/X/9/0E+fv1//X+WKlr/P+b+2TCTiuR/AAAAqIKQ+4dO5HPxCvkfAAAASiPm/pNhJvI/AAAAlEbM/R8OM6lI/tf/1//X/9f/9/n/nfffrf9fG/H5/0WV+vc/b7xQ9P/bFKf/35n+v/7/IB+//r/+P0sVrf8fc/9cmElF8j8AAABUQcz9Hwkzkf8BAACgNGLu/2iYifwPAAAApRFz/6kwk4rkf/1//X/9f/1//f/O+y/s5//r/3e11v69/n+g/6//r/+v/6//Tx8Urf8fc//pMJOK5H8AAACogpj7z4SZyP8AAABQGjH3/x97d9JkWVntcfjkvUVUVnAHd3YHd2KEQz8CAx3rB3DgxIFGGA5ERcWewr5FUbFXBPsGGxBEVLBvwA7FHlTs+wY7RIkyyFprVWXmzn0yq05m7v2+zzNgyZHkHIkK4F9ZP/f5cYv9DwAAAM3I3f/YuKWT/a//1/832/8/UP+/0/vr//X/LdP/j9P/L6H/1//r//X/rNTU+v/c/Y+LWzrZ/wAAANCD3P2Pj1vsfwAAAGhG7v4L4hb7HwAAAJqRu/8JcUsn+39L/7+26LP/z4xX/99S/+/5/zu+v/5f/9+yg+3/L77v73z6f/2//j/o/3fV/x/d6ev1/7Roav1/7v4nxi2d7H8AAADoQe7+J8Ut9j8AAAA0I3f/hXGL/Q8AAADNyN3/5Lilk/2/uuf/H9t4fab9f9H/6/83XtD/6//1/7Pl+f/jeur/L7jt3Mfcdd3/X7+X99f/6/89/1//z2pNrf/P3f+UuKWT/Q8AAAA9yN3/1LjF/gcAAIBm5O5/Wtxi/wMAAEAzcvc/PW7pZP+vrv+f9fP/i/5f/7/xgv5f/6//ny39/7ie+v8zeX/9v/5f/6//Z7Wm1v/n7n9G3NLJ/gcAAIAe5O5/Ztxi/wMAAEAzcvdfFLfY/wAAANCM3P3H45ZO9r/+f//7/3v1//r/uPp//b/+f//p/8fp/5fQ/+v/9f/6f1Zqav1/7v6L45ZO9j8AAAD0IHf/s+IW+x8AAACakbv/2XGL/Q8AAADNyN3/nLilk/2v//f8f/2//l//P/z++v950v+P0/8vof8/237+HP2//l//z+n22P/fM/K37ZX0/7n7nxu3dLL/AQAAoAe5+58Xt9j/AAAA0Izc/c+PW+x/AAAAaEbu/hfELZ3sf/2//l//r/8/4/5/+w+9Dfr/Yfr/g6H/HzeZ/n/tyODL+v/Z9/+e/6//1/+zydSe/5+7/4VxSyf7HwAAAHqQu/9FccvI/t/zT+YDAAAAhyp3/4vjFt//BwAAgNnL6ix3/0vilk72v/5f/6//1/97/v/w+4/1/9ef9vn0/9Oi/x83mf5/B/p//f+cP7/+X//PdlPr/3P3vzRu6WT/AwAAQA9y918St9j/AAAA0Izc/S+LW+x/AAAAaEbu/pfHLZ3s/+H+/9R/r//fHf3/5s+v/x/+8bGq/j//jPr/0f7/QZ7/3yf9/7iD7/+P6v83//n1//vosD9/4/3/sWVfr/9nyNT6/9z9l8Ytnex/AAAA6EHu/lfELfY/AAAANCN3/yvjFvsfAAAAmpG7/1VxSyf73/P/9f/6//n1/57/f9JhPv9/ceD9/xH9/y7p/8d5/v8S+n/9v/7f8/9Zqan1/7n7L4tbOtn/AAAA0IPL7l5s7P5XLxb2PwAAAMzR6b92YOsvKA25+18Tt9j/AAAA0Izc/a+NWzrZ//p//b/+X/+v/x9+/2n1/57/v1v6/3H6/yX0//vRzx9prP+/fKevn0L/f5H+n4nZ1P/feOr1w+r/c/e/Lm7pZP8DAABAD3L3vz5usf8BAACgGbn73xC32P8AAADQjNz9b4xbOtn/+97/H9v5vfX/+n/9v/5f/6//XzX9/zj9/xL6f8//9/x//T8rtan/P81h9f+5+98Ut3Sy/wEAAKAHufvfHLfY/wAAANCM3P2Xxy32PwAAADQjd/9b4pZO9r/n/+v/9f/6f/3/8Pvr/+dJ/z9O/7+E/l//r//X/7NSU+v/c/dfEbd0sv8BAACgB7n7r4xb7H8AAABoRu7+t8Yt9j8AAAA0I3f/2+KWTva//n9/+/98Xf+v/1/o//X/+v8D0W3/vzb0T6Ltduj/b3nU8YdsfkX/r//X/+v/9f+swCT6/xOn/u0yd//b45ZO9j8AAAD0IHf/O+IW+x8AAACakbv/nXGL/Q8AAADNyN3/rrhlj/v/f1f6qQ6O/t/z//X/+n/9//D76//nqdv+f5c8/38J/b/+X/+v/2elJtH/n/b7ufvfHbf4/j8AAAA0I3f/e+IW+x8AAACakbv/vXGL/Q8AAADNyN3/vrilk/2v/9f/6//1//r/4fc/0/5/fTFM/38w9P/j9P9L6P/1//p//T8rNbX+P3f/VXFLJ/sfAAAAepC7//1xi/0PAAAAzcjd/4G4xf4HAACAZuTu/2Dc0sn+1//r//X/+n/9//D7e/7/POn/x+n/F4vF1SMfYKj/P3FU/6//1//r/zlDU+v/c/d/KG7pZP8DAABAD3L3Xx232P8AAADQjNz918Qt9j8AAAA0I3f/h+OWTva//l//r//X/+v/h99f/z9P+v9x+v8lPP9f/6//1/+zUlPr/3P3Xxu3dLL/AQAAoAe5+6+LW+x/AAAAaEbu/o/ELfY/AAAANCN3//VxSyf7X/+v/9f/6//3pf8/rv/fSv9/MPav/1/o//X/+v8l9P/6f/0/Wx1U/39P/P1+Wf+fu/+jcUsn+x8AAAB6kLv/hrjF/gcAAIBm5O7/WNxi/wMAAEAzcvd/PG7pZP/r//X/+n/9v+f/D7+//n+ePP9/nP5/Cf2//l//r/9npQ6q/9+p99/6+7n7PxG3dLL/AQAAoAe5+2+MW+x/AAAAaEbu/pviFvsfAAAAmpG7/5NxSyf7X/+v/9/c/y8W+n/9v/7/pAPo/9cX+v+V0/+P0/8vof9vs///r0VD/f+xHb9e/88UTa3/z93/qbilk/0PAAAAPcjd/+m4xf4HAACAZuTu/0zcYv8DAABAM3L3fzZuaWn/37tz+jb//v/oli/U/y8Wi9sv9Px//f/I++v/J9P/119V/f/q6P/H6f+X0P+32f97/r/+n0Mztf4/d//n4paW9j8AAAB0Lnf/5+MW+x8AAACakbv/C3GL/Q8AAADNyN3/xbilk/0///5/6xfq/xdn9fx//f/GC/p//b/+f7bOtr+/Yj3+mab/1//r/wf7+bUd/r1nof/X/+v/GTC1/j93/5filk72PwAAAPQgd//NcYv9DwAAAM3I3X9L3GL/AwAAQDNy9385bulk/+v/9f/6/3n2/+v6f/2//n/QVJ7/f955D75V/6//b7H/H6P/1//r/9lqav1/7v6vxC2d7H8AAADoQe7+r8Yt9j8AAAA0I3f/1+IW+x8AAACakbv/63FLJ/t/e/9/zuJkoXrSUP8fjZr+/zT6/82fX/8//OPD8//1//r//TeV/t/z/8/s8+v/9f9z/vx76v/vt/3r9f+0aGr9f+7+W+OWTvY/AAAA9CB3/zfiFvsfAAAAmpG7/5txi/0PAAAAzcjdf1vc0sn+9/x//b/+X/+v/x9+f/3/POn/x+n/l9D/6/89///8R/y3/p/VmVr/n7v/W3HLxvC7//+c4f9MAAAAYEJy9387bunk+/8AAADQg9z934lb7H8AAABoRu7+78Ytnex//b/+X/+v/9f/D7+//n+e9P/j9P9L9NP/rw+9eNj9/Nk67M/fTP/v+f+s0NT6/9z934tbOtn/AAAA0IPc/d+PW+x/AAAAaEbu/h/ELfY/AAAANCN3/+1xSyf7X/+v/2+//3+4/n/L++v/9f8t0//nP9GH6f+X6Kf/H3TY/fzcP7/+X//PdlPr/3P33xG3dLL/AQAAoAe5+38Yt9j/AAAA0Izc/T+KW+x/AAAAaEbu/h/HLZ3sf/1/X/3/2qLH/t/z//X/+v+ezKf/v/LI0Kue/6//1//P9/Pr//X/bDe1/j93/51rR7rc/wAAADBXD33Ao+/Y7R9758Zv1xc/iVvsfwAAAGhG7v6fxi32PwAAADQjd//P4pZO9r/+v6/+v8/n/+v/9f/6/57Mp/8fpv/X/+v/5/v59f/6f7abWv+fu//ncctpw2/w/6AHAAAAmI3c/b+IWzr5/j8AAAD0IHf/L+OWbfv/xC5/VTsAAAAwNbn7fxW3dPL9f/3/xPv/xT71//HH6f9P0v/r/4feX/8/T/r/cWfZ/59Y0//r/0fo//X/+n+2mlr/n7v/hmsXXe5/AAAAaNSmn1H49cZv1xe/iVvsfwAAAGhG7v7fxi32PwAAADQjd//v4pZO9r/+f+L9/xk9//9Y/SfP/++8/79kffD99f/6/5bp/8d5/v8S+n/9v/5f/89K7aH/3xik+93/5+7/fdzSyf4HAACAHuTu/0PcYv8DAABAM3L3/zFusf8BAACgGbn7/xS3dLL/9f+H0P9fenSx2Nf+fxfP/9f/99H/7/D+7fT//3fu8Zsf9shrrtL/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/+e4pZP9DwAAAD3I3X9X3GL/AwAAQDNy9/8lbrlv/990WJ8KAAAAWKXc/X+NWzr5/r/+v8Xn/8+z/8+/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu/9vcUsn+x8AAAB6kLv/73FL7v+1Pf/UPQAAADAxufv/Ebf4/j8AAAA0I3f/3XFLJ/tf/6//n0r/nzz//9TXef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Ytnex/AAAA6EHu/nviFvsfAAAAmpG7/19xi/0PAAAAzcjd/++4pZP9r//X/+v/9f/6/+H31//Pk/5/nP5/Cf2//l//r/9npabW/+fu/08AAAD//zekcr0=")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
fanotify_init(0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000006c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000006bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
setxattr$trusted_overlay_upper(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240), &(0x7f0000000380)=ANY=[], 0xff27, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x8000)

2.426976675s ago: executing program 1 (id=3198):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_open_dev$loop(&(0x7f0000000200), 0x0, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000240))
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, 0x0, 0x0)
bind$inet6(r3, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x0, @auto="d32cd1a317250a1c"})
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r6, 0x8010661b, &(0x7f0000000100)=@v1={0x0, @aes256, 0x0, @desc1})
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000340)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x0, 0x0, 0xfffb}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010003020000082505a1a440000102030109023b00f300000000092400000002060000052406000005240000000d240f010000000000000000000905820200000000000905030200000000002e1a58893cb58550e05b8ef3972ff720e13838efe0a660b77ab58f78323d56721ad73b7a4dc0f37f899e3129d2bc5b61ff2ee5e535812181efea7f13"], &(0x7f00000027c0)={0x0, 0x0, 0xf, &(0x7f0000002480)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0x24}]}, 0x2, [{0x0, 0x0}, {0x0, 0x0}]})
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r7, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6}]}, 0x10)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'wg0\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000180)="0b03feffe2ff020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r9}, 0x14)
setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000180), 0x4)

2.226297601s ago: executing program 4 (id=3199):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffd7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$VFAT_IOCTL_READDIR_BOTH(r6, 0x82307201, &(0x7f0000000340)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000040))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000001e00431b000000000000000007000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r7, 0x8010aa01, &(0x7f0000000300)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}})
r8 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0)
fspick(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x1)
bind$inet6(r2, &(0x7f0000000300)={0xa, 0x4e21, 0x8, @loopback, 0x4}, 0x1c)

2.114964953s ago: executing program 3 (id=3200):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
bind$tipc(r0, 0x0, 0x0)

1.254634958s ago: executing program 4 (id=3201):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x90)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3, 0x25, 0x0, @val=@perf_event}, 0x40)
syz_emit_ethernet(0x101f, &(0x7f00000026c0)=ANY=[], 0x0)
syz_emit_ethernet(0x12, &(0x7f0000001900)={@random="1104a6829ef7", @link_local, @val={@void}}, 0x0)

1.238295186s ago: executing program 3 (id=3202):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x180, 0x0, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x6}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318)

1.112419785s ago: executing program 3 (id=3203):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@data_err_ignore}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}]}, 0x3, 0x45a, &(0x7f00000009c0)="$eJzs3MuPFMUfAPBv9z74/XjtivgAUVeJceNjl11AOXjRaOIBo4ke8LjuLoQwsIZdEyFEVmPwYmJI9Gw8mvgXePNi1JOJV70bEqJcQONhTfd0w8wws8vAMLPrfD5JQ9VU9VTVVNd0dVfPBtC3xrJ/koitEfFrRIxUo/UZxqr/XbtybvavK+dmk1hZefOPJM939cq52TJrud+WIjKeRqQfJ0Uh9RbPnD0xU6nMny7ik0sn351cPHP22eMnZ47NH5s/NX3o0IH9U88/N32wI+3M2nV19wcLe3a9+vbF12aPXHznx2+y+m4t0mvb0SljWcP/XMk1pj3R6cJ6bFtNOBnsYUVoy0BEZN01lI//kRiIG503Eq981NPKAXdVdm7a1Dp5eQX4D0ui1zUAeqM80WfXv+XWpanHunD5xeoFUNbua8VWTRmMtMgz1HB920ljEXFk+e8vsy3u0n0IAIBan85+cTieaTb/S+P+mnzbizWU0Yi4JyJ2RMS9EbEzIu6LyPM+EBEPtll+49LQzfOf9NJtNewWZfO/F4q1rfr5Xzn7i9GBIrYtb/9QcvR4ZX5f8ZmMx9CmLD61ShnfvfzLZ63Saud/2ZaVX84Fi3pcGmy4QTc3szSTT0o74PKHEbsHm7U/ub4SkETErojY3d5bby8Dx5/6ek+rTGu3fxUdWGda+SriyWr/L0dD+0vJ6uuTk/+Lyvy+yfKouNlPP194o1X5d9T+Dsj6f3P98d+YZTSpXa9dbL+MC7990vKa5naP/+HkrbxfhovX3p9ZWjo9FTGcHM7jda9P39i3jJf5s/aP720+/ncU+2TlPBQR2UH8cEQ8EhGPFnV/LCIej4i9q7T/h5dap62H/p9r+v13/fhv6P/2AwMnvv+2Vfm31v8H8tB48Ur+/beGW63gnXx2AAAAsFGk+TPwSTpxPZymExPVZ/h3xua0srC49PTRhfdOzVWflR+NobS80zVScz90Klku3rEany7uFZfp+4v7xp8P/D+PT8wuVOZ63Hbod1tajP/M7wNr7f1Pk1+2ABtKs3W06eEeVATousbxn9ZHz7/ezcoA3bOlI8/RABvUGuM/7VY9gO5z/of+1Wz8n2+Ir7kWAGxIzv/Qv4x/6F/GP/Qv4x/60p38rr8/Agfb+GsC/RSIdF1UQ+AuBXr9zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAZ/wYAAP//nv7xVA==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f00000005c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @struct}})
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000025a77693850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$binfmt_script(r6, &(0x7f00000003c0), 0xb)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
fchmodat(r7, &(0x7f00000000c0)='./file1\x00', 0x0)
openat(r7, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000080dcb7c98c64c3c6bc55a000000000000000000000018010000786c6c2500000000002020207b1af8ff00200000000000000000000007010000f8ffffffb7022c90a6371565b6bae8ce1f3ef94c4b000008000000b7030000fdffff5098b14e1f9211644d0608b22dfa231ec92eb5beb9e031ea026b6fa93661d434594fbb927e00ed60610f497c8b5336f8cf1b817b046f103c2abc663e3dd488d2e331cd1c9421d02778f30f2a03dd3267e267b089097109e2582ac7b314f9b036e61c77e2e7462d8c0b4606a4fe4a67"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d00)={&(0x7f0000000200)='ext4_fc_commit_start\x00', r8}, 0x10)
write$cgroup_type(r3, &(0x7f0000000180), 0x2009)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r9}, 0x10)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x49}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x9}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x4, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f00000001c0)='syzkaller\x00', 0x20, 0x1000, &(0x7f0000000d40)=""/4096, 0x41000, 0x10, '\x00', 0x0, 0xd, r3, 0x8, &(0x7f0000000340)={0xa, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r2, 0xa, 0x0, &(0x7f0000000380)=[{0x1, 0x2, 0x8, 0x8}, {0x4, 0x5, 0x10, 0x5}, {0x5, 0x4, 0xa, 0x5}, {0x5, 0x2, 0x1, 0x4}, {0x5, 0x5, 0xd, 0x4}, {0x1, 0x3, 0xc, 0x4}, {0x1, 0x3, 0xe, 0xa}, {0x2, 0x3, 0xa, 0x1}, {0x2, 0x2, 0x3, 0x1}, {0x3, 0x5, 0xe, 0xb}], 0x10, 0x9}, 0x90)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100), 0xc, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000000000000000000040000000800340000000000050030bca7c278615b9f9bab00000000000600280000000000080034000000000005003700000000"], 0x44}}, 0x0)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000500), 0x2, 0x0)

1.011369445s ago: executing program 4 (id=3204):
r0 = io_uring_setup(0x177f, &(0x7f0000000340))
r1 = socket(0x2b, 0x1, 0x1)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x1e, &(0x7f0000000200), 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)

747.608644ms ago: executing program 4 (id=3205):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096}, 0x70)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x48, &(0x7f0000000040)=ANY=[@ANYRES8=r0], 0x90)

497.834639ms ago: executing program 4 (id=3206):
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x410, &(0x7f0000000240)=ANY=[], 0x11, 0x489, &(0x7f0000000a40)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO")
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

262.734117ms ago: executing program 1 (id=3207):
syz_mount_image$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
setxattr$incfs_id(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x0, 0x0, 0x0)

259.574653ms ago: executing program 3 (id=3208):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000200000000000000006b790095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r0, r2, 0x25, 0x2, @val=@iter={0x0}}, 0x40)
syz_emit_ethernet(0x36, &(0x7f0000000240)=ANY=[], 0x0)

96.925945ms ago: executing program 1 (id=3209):
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x82, &(0x7f0000000200)={[{@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@nostrict}, {@gid_forget}, {@anchor={'anchor', 0x3d, 0x3}}, {@fileset={'fileset', 0x3d, 0x3ff}}, {@uid}, {@gid}, {@anchor={'anchor', 0x3d, 0x2}}]}, 0x10, 0xc34, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIbtowvfTQQ4Ci6CEnAq1RIEUDoymKHtnWBZKLD4VPPREtbARFD2wRIKeAxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi6fxWmq0+dw2fa3euXpuZmLx9tZFU1Ryoypc/w8+fOHnqSy+Mn+7lh9ffa0/Fa9MXztZfXryytNxaWWnN12c67bnF+dY9b2G39W82Vh2A+pXXr85furRSP/HcyRu+vjb6wdDjR0bPjD9z7Ole2ZmJycnpvjK1wY+891vcaYTHoSjiWKR49vs/Ts2IKGL3x+Iu185+G6k6MVZ1YmZisurIQrvZWS2/nOodiCKi3lep0TtGD+Bc7EojYq1sftngsbJ700vN5ebFhVZ9qrm82l5tL3amUre1ZX/qUcTpFLEeEZtDt25uMIqoRYrvHt5KFyNioHccvlgNDL5zO4p97OM9KNtZH4xYLx6Bc3aADUURr0aKn7xTxFx5zPJPfCHi1TL/MeKtMl+KSOWFcSri/eo6GnnILWcv1KKIPyvP/5mtNF/dD3r3lXNfq3+lc2mxr2zvvvLIPx8epAN+bxqOIprVHX8rffTf7AAAAAAAAAAAAAAAAACw10aiiKcixSv//gfVuOKoxqUfPjP+u6M/3z9m/Mm7bKcs+1xErBX3Nib3UB5CPJWmUnrIY4k/yYajiD/K4/++/bAbAwAAAAAAAAAAAAAAAAAA8IlWxHuR4sV3j6b16J9TvN25XL/QvLjQnRW2N/dvb8707e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjluvnbOSczbmWcz3nRs7NnHFA5u4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg4KaKIn0WK73xjK0WKiEbEbHRzY6hXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4mIZSET+IFPXfa1xfV4uIVP3bdbT85VQ0DpX56WiMl/lSNM7mbFZZa3z7IbSf3RlMRfwoUgwNv339hOfzP9j9dP0yiLe+ufPpl2rdHOh9OfrB0ONHDp8Zn/yVJ++0nG7XgLFz7c7Va/WZicnJ6b7Vtbz3T/etG837Lfam60TEyhtvvt5cWGgtW/hkLNS6C7XY0y2PROztBvduodZdyPereOjtucNC42A0Y2chqnv/be/ZfGyUz//3I8VvvvsfvQd+7/n/c91P15/w8dM/3nn+v3jzhvbp+f9E37oX8+9GBmsRw6tXlgaPRAyvvPHmsfaV5uXW5Vbn1PHjXx4f//LJ44OHIoYvtRdafUu7PlQAAAAAAAAAAAAAAAAAD1Yq4rcjRfNHW6keEdeq8VqjZ8afOfb0QAxU461uGLf12vSFs/WXF68sLbdWVlrz9ZlOe25xvnWvuxuuhnvNTEzuS2fuamSf2z8y/PLi0hvL7cu/v3rb7x8bPntxZXW5OXf7r2MkiohG/5qxqsEzE5NVoxfazU5VdWqPBmYOpiL+M1LMnaqnz+d1efxfGe8N9pXtH/+/1re+Wt6n8X+fumk/KRXx00jxG3/+ZHy+audjccsxy+X+OlKMnf5cLheHynK9NnTfK9AdGViW/d9I8fc/u7Fsr+9P7JR9/v6O7sFXnv/DkeIHf/q9+NW87sb3P+yM/+w//4/dvKF9Ov+f6Vv32A3vK9h118nn/1ikeOmJt+PX8roPe/9HEdvb29+KOJoLX38/xz6d/8/2rRuN7n5/fe+6DwAAAAAAAAAA8MgaTEX8TaR4erKWXsjr7uXv/83fvKF9+vtfv9i3bv4BzVe064MKAAAAAAfEYCrivUhxefXt62Oo+8Z/3zj+87d25l6fSDd9W/053y9U7w3Yyz//6zea9zu7+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dRn7zKf+kakeOW/n83l0pGyXG8e+NHq1+Hzi51jZxcWFueaq82LC6369FJzrlXW/Uyk2Pqrz+W6RTW/em+++e4c78PbvbnYlyPF5N/2ynbnYu/NTd6dD7w7F3tZ9lOR4r/+7sayvXmsP7tT9kRZ9i8jxdf/6fZlj+yUPVmW/V6k+OHX672yj5Vle+9H7b6TdLgWC63n5hYXbnkVKgAAAAAAAAAAAAAAAAAAANyvwVTEn0SK/7myHmt52H+e/783A3+tV/atb/bN93+Ta9U8/6PV/P93Wv4o8/+P7llPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg0ZGiiDcjxdL5rbQxVH7uGj7X7ly9NjMxeftqI6mqOVCVL3+Gnz9x8tSXXhg/3csPr7/XnorXpi+crb+8eGVpubWy0pqvz3Tac4vzrXvewm7r7xy6rrHqANSvvH51/tKllfqJ507e8PW10Q+GHj8yemb8mWNP98rOTExOTveVqQ3ex97vq3E7DkURfxEpnv3+j9M/D0UUsftjcZdrZ7+NVJ0YqzoxMzFZdWSh3eysll9O9Q5EEVHvq9ToHaMHcC52pRGxVja/bPBY2b3ppeZy8+JCqz7VXF5tr7YXO1Op29qyP/Uo4nSKWI+IzaFbNzcYRbweKb57eCv9y1DEQO84fPH89FePn7hzO4p97OM9KNtZH4xYLx6Bc3aADUUR/xApfvLO0fjXoYhadH/iCxGv9hd8KSKVF8apiPdvcx3xaKpFEf9Xnv8zW+mdofJ+0LuvnPta/SudS4t9ZXv3lYP0fNi+/2txZA92e+8O+L1pOIr4YXXH30r/5r9rAAAAAAAAAAAAAAAAgAOkiF+OFC++ezRV44Ovjyludy7XLzQvLnSH9fXG/tUj/rDM7e3t7XrqZiPnbM61nOs5N3Ju5owi18/ZyDmbcy3nes6NnJs5YyDXz9nIOZtzLed6zo2cmzmjVsX29va3uvVruX7OtZzrtYiirJ8/b+aMAzJ2DwAAAAAAAAAAAAAAAAAA+Hgpqn9SfOcbW6maS7URMRvd3DAf6Mfe/wcAAP//3sf+xA==")
unlink(&(0x7f0000000040)='./file0\x00')

96.419545ms ago: executing program 4 (id=3210):
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2a, 0xb3, 0xdf, 0x8, 0x4bb, 0x901, 0x56a0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xc7, 0xad, 0xd8}}]}}]}}, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20048004, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r2, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev}]}]}, 0x28}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r4, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0)

0s ago: executing program 0 (id=3211):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xa, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x85}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x90)

kernel console output (not intermixed with test programs):

42.920821][T15099] veth1_macvtap: entered promiscuous mode
[  842.931626][ T5153] gfs2: fsid=syz:syz.0: jid=0: Done
[  842.952723][T15220] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  842.972775][T15263] netlink: 'syz.2.2675': attribute type 2 has an invalid length.
[  843.012125][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.066059][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.085245][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.132603][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.171000][T15269] loop4: detected capacity change from 0 to 256
[  843.172847][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.208494][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.242622][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.263350][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.273932][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.284647][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.302205][T15269] loop4: detected capacity change from 0 to 1024
[  843.308754][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  843.308780][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.331394][T15269] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  843.383863][T15099] batman_adv: batadv0: Interface activated: batadv_slave_0
[  843.427915][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.486771][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.633107][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.673109][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.710807][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.755078][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.769295][T15279] loop1: detected capacity change from 0 to 1024
[  843.775417][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.787253][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.797540][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.799609][T15279] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  843.808430][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.949661][T15099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  844.215671][T15099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  844.250203][T15099] batman_adv: batadv0: Interface activated: batadv_slave_1
[  844.348565][T15099] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  844.377129][T15099] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  844.399056][T15099] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  844.472938][T15099] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.497073][T14523] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  845.622755][   T29] audit: type=1326 audit(2000000528.293:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15291 comm="syz.0.2685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5dd9d75b59 code=0x0
[  847.182728][   T54] Bluetooth: hci4: command 0x0406 tx timeout
[  848.207019][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  848.271971][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  848.342249][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  848.402557][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  848.593764][T15312] tun0: tun_chr_ioctl cmd 1074025677
[  848.599579][T15312] tun0: linktype set to 823
[  848.602234][T15314] loop1: detected capacity change from 0 to 1024
[  848.634253][T15317] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  848.639688][T15314] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  848.673937][T15318] vivid-008: disconnect
[  848.688567][T15316] vivid-008: reconnect
[  848.783629][T14523] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  848.859056][   T29] audit: type=1800 audit(2000000531.533:325): pid=15324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2695" name="file1" dev="overlay" ino=30 res=0 errno=0
[  850.568573][T15359] loop0: detected capacity change from 0 to 2048
[  850.667531][T15359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  850.701714][   T29] audit: type=1326 audit(2000000533.373:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15355 comm="syz.4.2708" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe42b175b59 code=0x0
[  850.705796][T15359] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  850.870945][T15369] loop1: detected capacity change from 0 to 1024
[  851.141912][T15369] hfsplus: xattr searching failed
[  851.197855][T15369] hfsplus: xattr searching failed
[  851.652428][T14341] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  851.729399][T15377] loop2: detected capacity change from 0 to 1024
[  851.766343][T15377] EXT4-fs: Ignoring removed orlov option
[  851.785168][T15377] EXT4-fs (loop2): Test dummy encryption mode enabled
[  851.805514][T15377] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  851.831348][T15377] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  851.964750][ T5154] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  852.051229][   T29] audit: type=1326 audit(2000000534.723:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15391 comm="syz.0.2718" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5dd9d75b59 code=0x0
[  852.093799][T15394] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  852.174986][ T5154] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  852.197676][ T5154] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  852.216057][ T5154] usb 5-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  852.226723][ T5154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  852.252115][ T5154] usb 5-1: config 0 descriptor??
[  852.595759][T15407] loop1: detected capacity change from 0 to 2048
[  852.608446][T13626] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  852.661166][T15407] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  852.676057][T15407] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  852.772238][ T5154] holtek 0003:1241:5015.0009: unknown main item tag 0x5
[  852.807992][T14523] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  852.810632][T15414] Bluetooth: MGMT ver 1.23
[  852.840398][ T5154] holtek 0003:1241:5015.0009: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.4-1/input0
[  852.861240][ T5154] holtek 0003:1241:5015.0009: no inputs found
[  852.963199][   T29] audit: type=1326 audit(2000000535.643:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15421 comm="syz.1.2728" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4649175b59 code=0x0
[  853.023236][ T5154] usb 5-1: USB disconnect, device number 18
[  853.167567][   T29] audit: type=1800 audit(2000000535.843:329): pid=15434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2734" name="file1" dev="overlay" ino=86 res=0 errno=0
[  853.197355][T15434] Invalid ELF header magic: != ELF
[  853.331078][T15441] loop3: detected capacity change from 0 to 64
[  853.792892][ T5153] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  853.985564][T15452] vivid-002: disconnect
[  854.014607][ T5153] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  854.019128][T15449] vivid-002: reconnect
[  854.042683][ T5153] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  854.078082][ T5153] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  854.097734][ T5153] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  854.131063][ T5153] usb 1-1: SerialNumber: syz
[  854.134155][ T6300] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.369634][ T6300] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.388995][T15444] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2738'.
[  854.410392][T15448] loop4: detected capacity change from 0 to 32768
[  854.433622][T15448] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2741 (15448)
[  854.453507][T15448] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  854.484468][T15448] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  854.494439][T15448] BTRFS info (device loop4): using free-space-tree
[  854.584621][T15461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  854.608494][ T6300] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.641500][T15461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  854.688660][   T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  854.712326][   T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  854.724883][   T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  854.743141][   T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  854.751023][   T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  854.758832][   T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  854.921614][T15448] BTRFS info (device loop4): rebuilding free space tree
[  854.931900][ T5153] usb 1-1: 0:2 : does not exist
[  854.978932][ T6300] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  855.016290][ T5153] usb 1-1: USB disconnect, device number 18
[  855.213675][T14301] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  855.515741][ T6300] bridge_slave_1: left allmulticast mode
[  855.521629][ T6300] bridge_slave_1: left promiscuous mode
[  855.529053][ T6300] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.570855][ T6300] bridge_slave_0: left allmulticast mode
[  855.577805][ T6300] bridge_slave_0: left promiscuous mode
[  855.584096][ T6300] bridge0: port 1(bridge_slave_0) entered disabled state
[  856.152692][ T5154] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  856.362655][ T5154] usb 5-1: Using ep0 maxpacket: 8
[  856.370837][ T5154] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  856.430865][ T5154] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  856.473025][ T5154] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  856.494178][ T5154] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  856.515997][   T29] audit: type=1800 audit(2000000539.173:330): pid=15524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2766" name="file1" dev="overlay" ino=316 res=0 errno=0
[  856.517941][T15524] Invalid ELF header magic: != ELF
[  856.543558][ T5154] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  856.584964][ T5154] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  856.604876][ T5154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.631329][ T5154] usb 5-1: config 0 descriptor??
[  856.649718][T15503] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  856.871701][   T54] Bluetooth: hci5: command tx timeout
[  856.910043][T15536] loop0: detected capacity change from 0 to 2048
[  856.941706][T15536] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  857.044788][T15536] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  857.668949][T15297] Bluetooth: hci7: Frame reassembly failed (-84)
[  857.865073][ T5100] Bluetooth: hci6: Opcode 0x0c03 failed: -71
[  857.865541][ T8601] usb 5-1: USB disconnect, device number 19
[  858.058910][ T6300] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  858.071349][ T6300] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  858.097002][ T6300] bond0 (unregistering): Released all slaves
[  858.238596][T15471] chnl_net:caif_netlink_parms(): no params data found
[  858.633041][   T29] audit: type=1800 audit(2000000541.303:331): pid=15563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2779" name="file1" dev="overlay" ino=317 res=0 errno=0
[  858.648608][T15563] Invalid ELF header magic: != ELF
[  858.654399][ T6300] hsr_slave_0: left promiscuous mode
[  858.666716][ T6300] hsr_slave_1: left promiscuous mode
[  858.682857][ T6300] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  858.692853][ T6300] batman_adv: batadv0: Removing interface: batadv_slave_0
[  858.694848][    C0] eth0: bad gso: type: 1, size: 1408
[  858.721518][ T6300] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  858.742711][ T6300] batman_adv: batadv0: Removing interface: batadv_slave_1
[  858.808088][ T6300] veth1_macvtap: left promiscuous mode
[  858.822619][ T6300] veth0_macvtap: left promiscuous mode
[  858.822946][T13395] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  858.828251][ T6300] veth1_vlan: left promiscuous mode
[  858.854319][ T6300] veth0_vlan: left promiscuous mode
[  858.942961][ T5100] Bluetooth: hci5: command tx timeout
[  859.019928][T13395] usb 1-1: Using ep0 maxpacket: 8
[  859.028588][T13395] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  859.040982][T13395] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  859.051138][T13395] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  859.068904][T13395] usb 1-1: SerialNumber: syz
[  859.111326][T13395] usb 1-1: config 0 descriptor??
[  859.146730][T13395] usb 1-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  859.177120][T13395] usb 1-1: No valid video chain found.
[  859.362223][T13395] usb 1-1: USB disconnect, device number 19
[  859.663464][   T54] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  859.717044][T15586] netlink: 'syz.4.2786': attribute type 2 has an invalid length.
[  860.089842][T15582] loop1: detected capacity change from 0 to 32768
[  860.110121][T15582] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2787 (15582)
[  860.140165][T15582] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  860.161260][T15582] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  860.172192][T15582] BTRFS info (device loop1): using free-space-tree
[  860.661255][T14523] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  860.879243][T15614] loop4: detected capacity change from 0 to 2048
[  861.008225][T15590] loop0: detected capacity change from 0 to 32768
[  861.032619][ T5100] Bluetooth: hci5: command tx timeout
[  861.107841][T15590] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  861.185454][T15626] Invalid option length (1045406) for dns_resolver key
[  861.211549][T15590] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  861.276443][ T6300] team0 (unregistering): Port device team_slave_1 removed
[  861.283447][T15590] XFS (loop0): Starting recovery (logdev: internal)
[  861.341141][T15590] XFS (loop0): Ending recovery (logdev: internal)
[  861.428477][T15628] loop1: detected capacity change from 0 to 512
[  861.487459][T15628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  861.505234][T15628] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  861.528961][ T6300] team0 (unregistering): Port device team_slave_0 removed
[  861.576544][T14341] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  861.756733][T14523] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  861.951384][T15636] netlink: 'syz.0.2795': attribute type 2 has an invalid length.
[  863.049580][T15646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2800'.
[  863.123073][ T5100] Bluetooth: hci5: command tx timeout
[  863.132096][   T29] audit: type=1326 audit(2000000545.803:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15645 comm="syz.1.2800" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4649175b59 code=0x0
[  863.244762][   T29] audit: type=1326 audit(2000000545.923:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15645 comm="syz.1.2800" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4649175b59 code=0x0
[  863.794577][T15471] bridge0: port 1(bridge_slave_0) entered blocking state
[  863.801818][T15471] bridge0: port 1(bridge_slave_0) entered disabled state
[  863.809968][T15471] bridge_slave_0: entered allmulticast mode
[  863.817104][T15471] bridge_slave_0: entered promiscuous mode
[  863.822544][    C1] DEBUG: holding rtnl_mutex for 523 jiffies.
[  863.829000][    C1] task:syz-executor    state:R  running task     stack:21728 pid:15471 tgid:15471 ppid:15453  flags:0x0000400a
[  863.831476][T15471] bridge0: port 2(bridge_slave_1) entered blocking state
[  863.840816][    C1] Call Trace:
[  863.840829][    C1]  <TASK>
[  863.840844][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  863.840878][    C1]  ? rtnetlink_rcv_msg+0x744/0xd00
[  863.848167][T15471] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.851299][    C1]  ? rtnetlink_rcv_msg+0x1a7/0xd00
[  863.856820][T15471] bridge_slave_1: entered allmulticast mode
[  863.859290][    C1]  ? __lock_acquire+0x1384/0x2050
[  863.866235][T15471] bridge_slave_1: entered promiscuous mode
[  863.871612][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  863.899436][    C1]  ? netlink_rcv_skb+0x1e3/0x430
[  863.904476][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  863.909990][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  863.915428][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  863.920683][    C1]  ? netlink_unicast+0x7f6/0x990
[  863.925726][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  863.931063][    C1]  ? __virt_addr_valid+0x183/0x530
[  863.936285][    C1]  ? __check_object_size+0x49c/0x900
[  863.941710][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  863.946922][    C1]  ? netlink_sendmsg+0x8e4/0xcb0
[  863.952001][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.957475][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  863.963518][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  863.968473][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  863.973823][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  863.979708][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.985043][    C1]  ? __sock_sendmsg+0x221/0x270
[  863.989996][    C1]  ? __sys_sendto+0x3a4/0x4f0
[  863.995001][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  864.000130][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  864.006162][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  864.012566][    C1]  ? __x64_sys_sendto+0xde/0x100
[  864.017621][    C1]  ? do_syscall_64+0xf3/0x230
[  864.022303][    C1]  ? clear_bhb_loop+0x35/0x90
[  864.027023][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.033170][    C1]  </TASK>
[  864.036223][    C1] 
[  864.036223][    C1] Showing all locks held in the system:
[  864.044041][    C1] 2 locks held by getty/4851:
[  864.048819][    C1]  #0: ffff88802ae170a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  864.058630][    C1]  #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  864.068786][    C1] 4 locks held by kworker/u8:10/6300:
[  864.074388][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  864.085430][    C1]  #1: ffffc90004787d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  864.096040][    C1]  #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  864.105683][    C1]  #3: ffffffff8e33cd40 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530
[  864.115727][    C1] 3 locks held by kworker/1:10/8601:
[  864.121039][    C1] 3 locks held by kworker/0:2/13395:
[  864.126411][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  864.137487][    C1]  #1: ffffc900036bfd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  864.148577][    C1]  #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[  864.159092][    C1] 2 locks held by kworker/u8:4/15298:
[  864.164601][    C1]  #0: ffff88801834b948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  864.176002][    C1]  #1: ffffc9000a9ffd00 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  864.188311][    C1] 2 locks held by syz-executor/15471:
[  864.193742][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00
[  864.203273][    C1]  #1: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  864.214321][    C1] 1 lock held by syz.2.2790/15592:
[  864.219598][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: packet_mc_add+0x28/0x950
[  864.228690][    C1] 1 lock held by syz.2.2790/15596:
[  864.233888][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: packet_mc_add+0x28/0x950
[  864.242997][    C1] 1 lock held by syz.2.2790/15602:
[  864.245999][T15656] netlink: 'syz.1.2801': attribute type 2 has an invalid length.
[  864.248238][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: packet_mc_add+0x28/0x950
[  864.265053][    C1] 1 lock held by syz.4.2793/15614:
[  864.270192][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: packet_mc_drop+0x28/0x5e0
[  864.279507][    C1] 1 lock held by syz.0.2799/15644:
[  864.284680][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00
[  864.294405][    C1] 1 lock held by syz.1.2801/15652:
[  864.299560][    C1]  #0: ffffffff8e1f2628 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x51/0x180
[  864.309293][    C1] 1 lock held by syz.1.2801/15653:
[  864.314465][    C1] 4 locks held by kvm-nx-lpage-re/15651:
[  864.320122][    C1]  #0: ffffffff8e365ba8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x27/0xe0
[  864.330108][    C1]  #1: ffffffff8e1d1bb0 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_attach_lock+0x11/0x40
[  864.340068][    C1]  #2: ffffffff8e365d90 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_attach_task_all+0x31/0xe0
[  864.351073][    C1]  #3: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  864.362072][    C1] 1 lock held by kvm-nx-lpage-re/15655:
[  864.367698][    C1]  #0: ffffffff8e365ba8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x27/0xe0
[  864.377785][    C1] 
[  864.380143][    C1] =============================================
[  864.380143][    C1] 
[  864.461830][T15592] vlan1: entered promiscuous mode
[  864.473065][T15596] batadv_slave_1: entered promiscuous mode
[  864.485652][T15602] batadv_slave_1: left promiscuous mode
[  864.496663][T15602] vlan1: left promiscuous mode
[  864.580245][T15471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  864.627104][T15471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  864.869124][T15471] team0: Port device team_slave_0 added
[  864.963839][T15471] team0: Port device team_slave_1 added
[  865.124993][T15471] batman_adv: batadv0: Adding interface: batadv_slave_0
[  865.162890][T15471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  865.225020][T15471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  865.264356][T15471] batman_adv: batadv0: Adding interface: batadv_slave_1
[  865.283332][T15471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  865.336911][T15471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  865.491955][T15679] loop1: detected capacity change from 0 to 512
[  865.526942][T15679] EXT4-fs: Ignoring removed nobh option
[  865.555101][T15679] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  865.719132][T15471] hsr_slave_0: entered promiscuous mode
[  865.731351][T15471] hsr_slave_1: entered promiscuous mode
[  865.741140][T15471] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  865.813641][T15695] loop4: detected capacity change from 0 to 1024
[  867.015219][T15679] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  867.049061][T15471] Cannot create hsr debugfs directory
[  867.062410][T15679] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  867.094466][T15687] hfsplus: xattr searching failed
[  867.103271][T15687] hfsplus: xattr searching failed
[  867.259386][T14523] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  867.659995][T15712] loop2: detected capacity change from 0 to 1024
[  867.677606][T15712] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  867.746613][T15712] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  868.534836][   T29] audit: type=1326 audit(2000000551.203:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15714 comm="syz.1.2819" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4649175b59 code=0x0
[  868.618976][T13626] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  868.992149][T15737] loop1: detected capacity change from 0 to 64
[  869.107113][T15739] loop4: detected capacity change from 0 to 1024
[  869.175055][T15739] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  869.223035][T15739] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  869.234143][T15471] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  869.255791][T15471] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  869.260510][T15746] loop0: detected capacity change from 0 to 1024
[  869.273998][T15471] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  869.287349][T15471] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  869.308451][T15746] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  869.386287][T15746] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  869.413517][T14301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  869.467966][T15756] loop2: detected capacity change from 0 to 256
[  869.520828][T15471] 8021q: adding VLAN 0 to HW filter on device bond0
[  869.612337][T15471] 8021q: adding VLAN 0 to HW filter on device team0
[  869.660935][ T8601] bridge0: port 1(bridge_slave_0) entered blocking state
[  869.662313][T14341] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  869.668928][ T8601] bridge0: port 1(bridge_slave_0) entered forwarding state
[  869.776698][ T8601] bridge0: port 2(bridge_slave_1) entered blocking state
[  869.783975][ T8601] bridge0: port 2(bridge_slave_1) entered forwarding state
[  870.006087][T15770] loop0: detected capacity change from 0 to 64
[  870.329304][T15471] 8021q: adding VLAN 0 to HW filter on device batadv0
[  870.484063][T15471] veth0_vlan: entered promiscuous mode
[  870.525008][T15471] veth1_vlan: entered promiscuous mode
[  870.549607][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  870.556717][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  870.626631][T15471] veth0_macvtap: entered promiscuous mode
[  870.657212][T15471] veth1_macvtap: entered promiscuous mode
[  870.710613][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.723608][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.749562][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.758379][T15764] loop2: detected capacity change from 0 to 32768
[  870.779179][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.820816][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.820965][T15764] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  870.861532][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.898870][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.903346][T15788] loop0: detected capacity change from 0 to 4096
[  870.952552][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.962439][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.979467][T15788] ntfs3: loop0: Failed to load $Volume (-22).
[  871.053909][T15764] XFS (loop2): Ending clean mount
[  871.059958][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.072632][T15764] XFS (loop2): Quotacheck needed: Please wait.
[  871.100340][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.132407][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.168030][T15471] batman_adv: batadv0: Interface activated: batadv_slave_0
[  871.173233][ T5154] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  871.236313][T15764] XFS (loop2): Quotacheck: Done.
[  871.241506][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.254331][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.265002][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.277761][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.290636][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.302710][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.320871][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.345496][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.361335][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.382651][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.401264][T15471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.415255][ T5154] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  871.419889][T15471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.480628][ T5154] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  871.482153][T15471] batman_adv: batadv0: Interface activated: batadv_slave_1
[  871.533524][ T5154] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  871.548159][T15471] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  871.552693][ T5154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.591402][T15795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  871.625710][T15471] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  871.646012][T15471] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  871.656827][T15471] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  871.794288][T15805] loop1: detected capacity change from 0 to 256
[  871.968279][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  871.998261][   T25] usb 5-1: USB disconnect, device number 20
[  872.028142][T13626] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  872.043709][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.125029][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  872.145567][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.297883][T15816] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2855'.
[  873.225741][T15833] ip6t_srh: unknown srh match flags  4000
[  873.372110][T15828] loop1: detected capacity change from 0 to 32768
[  873.412223][T15828] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  873.518625][T15844] macvlan2: entered allmulticast mode
[  873.549541][T15844] geneve1: entered promiscuous mode
[  873.572184][T15844] geneve1: entered allmulticast mode
[  873.601625][T15847] loop3: detected capacity change from 0 to 256
[  873.602683][T15844] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  873.734896][T15828] XFS (loop1): Ending clean mount
[  873.759093][T15828] XFS (loop1): Quotacheck needed: Please wait.
[  873.789062][T15848] bond0: entered promiscuous mode
[  873.806517][T15848] bond_slave_0: entered promiscuous mode
[  873.830612][T15848] bond_slave_1: entered promiscuous mode
[  873.856927][T15848] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  873.864191][T15853] netlink: 'syz.4.2864': attribute type 10 has an invalid length.
[  873.887947][T15853] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.2864'.
[  873.898367][T15848] macvlan2: entered promiscuous mode
[  873.912093][T15828] XFS (loop1): Quotacheck: Done.
[  874.148545][T14523] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  874.482822][T15879] loop2: detected capacity change from 0 to 4096
[  875.337233][T15891] loop4: detected capacity change from 0 to 1024
[  875.374524][T15891] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  875.455310][T15891] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  875.656631][T14301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  875.723584][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2881'.
[  876.062672][ T5160] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  876.304093][ T5160] usb 3-1: Using ep0 maxpacket: 8
[  876.343405][ T5160] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  876.382572][ T5160] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.390704][ T5160] usb 3-1: Product: syz
[  876.423218][ T5160] usb 3-1: Manufacturer: syz
[  876.432342][ T5160] usb 3-1: SerialNumber: syz
[  876.463365][ T5160] usb 3-1: config 0 descriptor??
[  876.498538][T15930] loop4: detected capacity change from 0 to 64
[  876.578715][T15930] hfs: found bad thread record in catalog
[  876.596619][T15930] hfs: get root inode failed
[  876.628106][   T54] Bluetooth: hci5: command 0x0405 tx timeout
[  876.679714][ T5160] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  876.713924][ T5160] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  876.737149][T15928] loop0: detected capacity change from 0 to 4096
[  876.774704][ T5160] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  876.785251][T15900] loop3: detected capacity change from 0 to 32768
[  876.803725][ T5160] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  876.847481][ T5160] usb 3-1: USB disconnect, device number 22
[  876.902465][T15900] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  877.077567][T15950] loop4: detected capacity change from 0 to 4096
[  877.096361][T15900] XFS (loop3): Ending clean mount
[  877.120506][T15952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  877.147361][T15900] XFS (loop3): Quotacheck needed: Please wait.
[  877.179900][T15955] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  877.243255][T15900] XFS (loop3): Quotacheck: Done.
[  877.259921][   T29] audit: type=1800 audit(2000000559.933:335): pid=15950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2898" name="file2" dev="loop4" ino=16 res=0 errno=0
[  877.321400][T15951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  877.362078][T15951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  877.484471][T15471] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  877.997301][T15969] veth0_vlan: entered allmulticast mode
[  878.074657][T15973] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2906'.
[  878.279021][T15983] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2911'.
[  878.457243][T15984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2910'.
[  878.489601][ T5160] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  878.664879][T15994] loop1: detected capacity change from 0 to 256
[  878.687022][T15994] vfat: Bad value for 'uni_xlate'
[  878.691964][T15996] loop3: detected capacity change from 0 to 512
[  878.717732][ T5160] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  878.745898][ T5160] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  878.773495][T15996] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  878.792618][ T5160] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  878.825124][ T5160] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  878.832995][T15986] loop4: detected capacity change from 0 to 32768
[  878.838846][ T8610] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  878.852785][T15996] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  878.854773][ T5160] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  878.883111][ T5160] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  878.891739][ T5160] usb 1-1: Manufacturer: syz
[  878.898606][ T5160] usb 1-1: config 0 descriptor??
[  878.933414][T15986] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  878.958477][T15996] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[  878.968786][T15996] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  878.987153][T15996] EXT4-fs error (device loop3): __ext4_remount:6491: comm syz.3.2916: Abort forced by user
[  879.016517][T15996] EXT4-fs (loop3): Remounting filesystem read-only
[  879.032930][ T8610] usb 3-1: Using ep0 maxpacket: 8
[  879.050767][ T8610] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  879.060550][ T8610] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  879.068693][ T8610] usb 3-1: Product: syz
[  879.073129][ T8610] usb 3-1: Manufacturer: syz
[  879.079864][ T8610] usb 3-1: SerialNumber: syz
[  879.087388][ T8610] usb 3-1: config 0 descriptor??
[  879.089517][T15986] XFS (loop4): Ending clean mount
[  879.137873][T15471] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  879.149732][T15986] XFS (loop4): Quotacheck needed: Please wait.
[  879.288101][T15986] XFS (loop4): Quotacheck: Done.
[  879.317363][ T5160] appleir 0003:05AC:8243.000A: No inputs registered, leaving
[  879.336252][T16019] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2922'.
[  879.343626][ T8610] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  879.363993][ T8610] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  879.382983][ T5160] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  879.403494][ T8610] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  879.423243][ T8610] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  879.431254][T16016] veth0_vlan: entered allmulticast mode
[  879.443045][ T8610] usb 3-1: USB disconnect, device number 23
[  879.479720][T14301] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  879.697637][T16029] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  879.704252][T16029] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  879.715251][T16029] vhci_hcd vhci_hcd.0: Device attached
[  879.787625][T16033] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2928'.
[  879.960581][ T5108] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  879.967271][T16036] loop2: detected capacity change from 0 to 1024
[  879.991213][T16036] hfsplus: bad catalog entry type
[  880.015414][T15298] hfsplus: b-tree write err: -5, ino 4
[  880.022663][ T8610] usb 16-1: SetAddress Request (2) to port 0
[  880.029627][ T8610] usb 16-1: new SuperSpeed USB device number 2 using vhci_hcd
[  880.155813][ T5108] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  880.167208][ T5108] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  880.177150][ T5108] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  880.186405][ T5108] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.196704][ T5108] usb 2-1: config 0 descriptor??
[  880.413334][ T5108] usbhid 2-1:0.0: can't add hid device: -71
[  880.420915][ T5108] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  880.432564][ T5108] usb 2-1: USB disconnect, device number 22
[  880.522346][T16030] vhci_hcd: connection reset by peer
[  880.543818][ T6300] vhci_hcd: stop threads
[  880.548617][ T6300] vhci_hcd: release socket
[  880.575131][   T25] usb 1-1: USB disconnect, device number 20
[  880.583330][ T6300] vhci_hcd: disconnect device
[  880.672458][T16046] loop2: detected capacity change from 0 to 256
[  880.705887][T16046] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  880.748905][T16046] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  880.989792][T16049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  881.064405][T16052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  881.138621][T16049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  881.613501][T16059] loop3: detected capacity change from 0 to 512
[  881.629128][T16059] ext4: Unknown parameter 'context'
[  882.260657][T16057] sp0: Synchronizing with TNC
[  882.367638][T16061] loop0: detected capacity change from 0 to 1024
[  882.401561][T16061] EXT4-fs: Ignoring removed orlov option
[  882.426877][T16061] EXT4-fs (loop0): Test dummy encryption mode enabled
[  882.436579][T16067] netlink: 'syz.1.2938': attribute type 10 has an invalid length.
[  882.446477][T16061] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  882.471950][T16067] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2938'.
[  882.503665][T16067] team0: entered promiscuous mode
[  882.508770][T16067] team_slave_0: entered promiscuous mode
[  882.548535][T16067] team_slave_1: entered promiscuous mode
[  882.583586][T16061] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  882.590618][T16067] bridge0: port 3(team0) entered blocking state
[  882.608557][T16067] bridge0: port 3(team0) entered disabled state
[  882.624540][T16067] team0: entered allmulticast mode
[  882.630897][T16067] team_slave_0: entered allmulticast mode
[  882.637077][T16067] team_slave_1: entered allmulticast mode
[  882.656632][T16067] bridge0: port 3(team0) entered blocking state
[  882.663116][T16067] bridge0: port 3(team0) entered forwarding state
[  882.777216][T16073] loop2: detected capacity change from 0 to 64
[  882.847275][T16073] hfs: found bad thread record in catalog
[  882.881971][T16073] hfs: get root inode failed
[  883.263521][T14341] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  883.323128][T16082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2940'.
[  883.336791][T16092] loop2: detected capacity change from 0 to 256
[  883.345825][T16088] loop1: detected capacity change from 0 to 512
[  883.366289][T16088] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  883.373204][T16092] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  883.425962][T16092] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  883.554573][T13395] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  883.629592][T16102] loop2: detected capacity change from 0 to 128
[  883.634044][T16101] syz.1.2948[16101] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  883.636000][T16101] syz.1.2948[16101] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  883.663085][   T25] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  883.713215][ T5154] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  883.723886][T16102] syz.2.2949: attempt to access beyond end of device
[  883.723886][T16102] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128
[  883.764326][T13395] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  883.786343][T13395] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  883.808100][T13395] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  883.812898][T16105] syz.2.2949: attempt to access beyond end of device
[  883.812898][T16105] loop2: rw=0, sector=177, nr_sectors = 1 limit=128
[  883.851068][T13395] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.859965][T16100] syz.2.2949: attempt to access beyond end of device
[  883.859965][T16100] loop2: rw=0, sector=177, nr_sectors = 1 limit=128
[  883.863540][T16090] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  883.874392][   T25] usb 4-1: Using ep0 maxpacket: 8
[  883.899466][   T25] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  883.905016][T16106] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  883.921865][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.930848][T16100] buffer_io_error: 5 callbacks suppressed
[  883.930866][T16100] Buffer I/O error on dev loop2, logical block 177, async page read
[  883.941442][ T5154] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  883.945197][   T25] usb 4-1: Product: syz
[  883.962372][T16100] syz.2.2949: attempt to access beyond end of device
[  883.962372][T16100] loop2: rw=0, sector=178, nr_sectors = 1 limit=128
[  883.968254][ T5154] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.975927][   T25] usb 4-1: Manufacturer: syz
[  883.991081][T16100] Buffer I/O error on dev loop2, logical block 178, async page read
[  884.001692][   T25] usb 4-1: SerialNumber: syz
[  884.017602][T16100] syz.2.2949: attempt to access beyond end of device
[  884.017602][T16100] loop2: rw=0, sector=179, nr_sectors = 1 limit=128
[  884.032290][T16100] Buffer I/O error on dev loop2, logical block 179, async page read
[  884.038075][ T5154] usb 1-1: config 0 descriptor??
[  884.042069][   T25] usb 4-1: config 0 descriptor??
[  884.055832][T16100] syz.2.2949: attempt to access beyond end of device
[  884.055832][T16100] loop2: rw=0, sector=180, nr_sectors = 1 limit=128
[  884.065044][ T5154] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  884.069931][T16100] Buffer I/O error on dev loop2, logical block 180, async page read
[  884.086927][T16100] syz.2.2949: attempt to access beyond end of device
[  884.086927][T16100] loop2: rw=0, sector=181, nr_sectors = 1 limit=128
[  884.104183][T16100] Buffer I/O error on dev loop2, logical block 181, async page read
[  884.114501][T16100] syz.2.2949: attempt to access beyond end of device
[  884.114501][T16100] loop2: rw=0, sector=182, nr_sectors = 1 limit=128
[  884.130765][T16100] Buffer I/O error on dev loop2, logical block 182, async page read
[  884.143579][T16100] syz.2.2949: attempt to access beyond end of device
[  884.143579][T16100] loop2: rw=0, sector=183, nr_sectors = 1 limit=128
[  884.157999][T16100] Buffer I/O error on dev loop2, logical block 183, async page read
[  884.166565][T16100] syz.2.2949: attempt to access beyond end of device
[  884.166565][T16100] loop2: rw=0, sector=184, nr_sectors = 1 limit=128
[  884.180768][T16100] Buffer I/O error on dev loop2, logical block 184, async page read
[  884.190341][T16100] Buffer I/O error on dev loop2, logical block 177, async page read
[  884.202582][T16100] Buffer I/O error on dev loop2, logical block 178, async page read
[  884.272762][ T5160] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  884.303820][   T25] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  884.331556][   T25] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  884.349198][   T25] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  884.359230][   T25] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  884.376061][   T25] usb 4-1: USB disconnect, device number 21
[  884.556931][ T5160] usb 2-1: too many configurations: 12, using maximum allowed: 8
[  884.684796][ T5160] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  884.710829][ T5160] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.752063][ T5160] usb 2-1: config 0 descriptor??
[  884.871036][    C0] hrtimer: interrupt took 60458 ns
[  884.905914][T13291] usb 5-1: USB disconnect, device number 21
[  885.060108][ T5154] gp8psk: usb in 128 operation failed.
[  885.157354][ T8610] usb 16-1: device descriptor read/8, error -110
[  885.193717][T16112] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  885.197693][ T5154] gp8psk: usb in 137 operation failed.
[  885.200256][T16112] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  885.266713][ T5154] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22)
[  885.293259][ T5154] dvb_usb_gp8psk 1-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22
[  885.305934][T16110] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(9)
[  885.312498][T16110] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  885.321207][T16112] vhci_hcd vhci_hcd.0: Device attached
[  885.338649][ T5154] usb 1-1: USB disconnect, device number 21
[  885.362305][T16112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2952'.
[  885.372645][T16110] vhci_hcd vhci_hcd.0: Device attached
[  885.482739][ T8610] usb 16-1: SetAddress Request (3) to port 0
[  885.489325][ T8610] usb 16-1: new SuperSpeed USB device number 3 using vhci_hcd
[  885.532743][T13291] vhci_hcd: vhci_device speed not set
[  885.634749][T13291] usb 11-2: new full-speed USB device number 5 using vhci_hcd
[  885.838752][T16108] loop2: detected capacity change from 0 to 32768
[  885.874773][T16108] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2951 (16108)
[  885.918221][T16108] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  885.949090][T16108] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  885.951373][T16115] vhci_hcd: connection reset by peer
[  885.971043][T16108] BTRFS info (device loop2): using free-space-tree
[  885.996965][   T52] vhci_hcd: stop threads
[  886.008272][   T52] vhci_hcd: release socket
[  886.039258][   T52] vhci_hcd: disconnect device
[  886.162109][T16146] netlink: 'syz.0.2957': attribute type 1 has an invalid length.
[  886.534388][T16119] vhci_hcd: connection reset by peer
[  886.546363][ T5160] usb 2-1: string descriptor 0 read error: -71
[  886.556447][ T1037] vhci_hcd: stop threads
[  886.558249][ T5160] usb 2-1: USB disconnect, device number 23
[  886.560710][ T1037] vhci_hcd: release socket
[  886.593063][ T1037] vhci_hcd: disconnect device
[  886.717443][T16160] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2961'.
[  886.735564][T16161] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2960'.
[  887.242812][ T5108] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  887.818589][T16170] Cannot find set identified by id 0 to match
[  887.878766][ T5108] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  887.912715][ T5108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.942084][ T5108] usb 1-1: config 0 descriptor??
[  887.995812][ T5108] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  888.013041][T13626] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  888.142919][T16173] can0: slcan on ptm0.
[  889.482624][T16183] veth1_macvtap: entered allmulticast mode
[  889.776745][ T5108] gp8psk: usb in 128 operation failed.
[  889.845052][T16193] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2972'.
[  889.857362][ T5108] gp8psk: usb in 137 operation failed.
[  889.880791][T16195] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2973'.
[  889.882664][ T5108] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22)
[  890.041129][ T5108] dvb_usb_gp8psk 1-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22
[  890.054832][ T5108] usb 1-1: USB disconnect, device number 22
[  890.267241][T16168] can0 (unregistered): slcan off ptm0.
[  890.562587][ T8610] usb 16-1: device descriptor read/8, error -110
[  890.590420][T16206] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  890.723099][ T8610] usb usb16-port1: attempt power cycle
[  890.832686][T13291] vhci_hcd: vhci_device speed not set
[  891.162646][ T5154] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  891.353380][T16170] kexec: Could not allocate control_code_buffer
[  891.504103][ T8610] usb usb16-port1: unable to enumerate USB device
[  891.565189][ T5154] usb 3-1: too many configurations: 12, using maximum allowed: 8
[  891.660229][ T5154] usb 3-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  891.695751][ T5154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.733541][ T5154] usb 3-1: config 0 descriptor??
[  891.869977][T16203] loop4: detected capacity change from 0 to 32768
[  891.946362][T16203] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  892.284769][T16207] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(9)
[  892.291329][T16207] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  892.306820][T16230] loop3: detected capacity change from 0 to 2048
[  892.454441][T16230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  892.471305][T16207] vhci_hcd vhci_hcd.0: Device attached
[  892.507500][T16203] XFS (loop4): Ending clean mount
[  892.563948][T16203] XFS (loop4): Quotacheck needed: Please wait.
[  892.670424][T16230] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  892.724384][   T25] vhci_hcd: vhci_device speed not set
[  892.748380][T16230] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 12 with max blocks 6 with error 28
[  892.790225][T16230] EXT4-fs (loop3): This should not happen!! Data will be lost
[  892.790225][T16230] 
[  892.804347][   T25] usb 13-2: new full-speed USB device number 3 using vhci_hcd
[  892.833652][T16203] XFS (loop4): Quotacheck: Done.
[  892.834087][T16230] EXT4-fs (loop3): Total free blocks count 0
[  892.901429][T16230] EXT4-fs (loop3): Free/Dirty block details
[  892.923599][T16230] EXT4-fs (loop3): free_blocks=2415919104
[  892.950508][T16230] EXT4-fs (loop3): dirty_blocks=32
[  892.963671][T16234] vhci_hcd: connection reset by peer
[  892.967933][ T5154] usb 3-1: string descriptor 0 read error: -71
[  892.981912][T16230] EXT4-fs (loop3): Block reservation details
[  892.981951][ T6300] vhci_hcd: stop threads
[  892.992397][T16230] EXT4-fs (loop3): i_reserved_data_blocks=2
[  893.009544][ T6300] vhci_hcd: release socket
[  893.013775][ T5154] usb 3-1: USB disconnect, device number 24
[  893.022284][ T6300] vhci_hcd: disconnect device
[  893.104619][ T6300] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  893.125540][ T5100] Bluetooth: hci0: command 0x0406 tx timeout
[  893.201674][    C0] eth0: bad gso: type: 1, size: 1408
[  893.214544][T16248] loop3: detected capacity change from 0 to 16
[  893.221726][T16248] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  893.227158][T14301] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  893.275265][ T8601] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  893.499637][ T8601] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  893.526529][ T8601] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.575276][ T8601] usb 2-1: config 0 descriptor??
[  893.595585][ T8601] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  893.864511][T16252] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2987'.
[  896.010907][ T8601] gp8psk: usb in 128 operation failed.
[  896.028798][ T8601] gp8psk: usb in 137 operation failed.
[  896.034446][ T8601] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22)
[  896.043488][ T8601] dvb_usb_gp8psk 2-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22
[  896.057073][ T8601] usb 2-1: USB disconnect, device number 24
[  896.097664][ T1037] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  896.285951][ T1037] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  896.370197][T16271] bridge_slave_0: left allmulticast mode
[  896.404696][T16271] bridge_slave_0: left promiscuous mode
[  896.412451][T16271] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.520053][T16271] bridge_slave_1: left allmulticast mode
[  896.540386][T16271] bridge_slave_1: left promiscuous mode
[  896.567683][T16271] bridge0: port 2(bridge_slave_1) entered disabled state
[  896.623831][T16271] bond0: (slave bond_slave_0): Releasing backup interface
[  896.676881][T16271] bond_slave_0: left promiscuous mode
[  896.704724][T16271] bond0: (slave bond_slave_1): Releasing backup interface
[  896.716205][T16271] bond_slave_1: left promiscuous mode
[  897.474999][ T5100] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  897.486258][ T5100] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  897.503813][ T5100] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  897.510953][T16274] fuse: Unknown parameter 'fŒ00x0000000000000006'
[  897.532372][ T5100] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  897.544801][T16284] loop2: detected capacity change from 0 to 1024
[  897.555420][T16271] team0: Port device team_slave_0 removed
[  897.561726][ T5100] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  897.571954][ T5100] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  897.574989][T16284] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  897.658591][T16284] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002]
[  897.692934][T16271] team0: Port device team_slave_1 removed
[  897.703745][T16271] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  897.729306][T16284] System zones: 0-1, 3-36
[  897.733843][T16271] batman_adv: batadv0: Removing interface: batadv_slave_0
[  897.749036][T16271] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  897.774131][T16271] batman_adv: batadv0: Removing interface: batadv_slave_1
[  897.801250][T16284] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  897.835298][T16271] bond0: (slave netdevsim0): Releasing backup interface
[  897.859992][T16271] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  897.906054][   T25] vhci_hcd: vhci_device speed not set
[  897.925149][T16271] bond0: (slave macvlan2): Releasing backup interface
[  897.947327][T16284] EXT4-fs (loop2): Online resizing not supported with bigalloc
[  897.963582][T16271] macvlan2: left promiscuous mode
[  897.984511][T16271] geneve1: left allmulticast mode
[  898.000414][T16271] geneve1: left promiscuous mode
[  898.018786][T13626] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  898.043111][T16275] bond0: left promiscuous mode
[  898.049779][T16275] 8021q: adding VLAN 0 to HW filter on device bond0
[  898.075919][T16275] team0: Port device bond0 added
[  898.188897][ T1037] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.317027][T16274] loop1: detected capacity change from 0 to 40427
[  898.444143][T16274] F2FS-fs (loop1): Found nat_bits in checkpoint
[  898.625316][ T1037] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.626143][T16274] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  898.726213][T16302] loop4: detected capacity change from 0 to 64
[  898.820941][T16273] bio_check_eod: 184 callbacks suppressed
[  898.820961][T16273] syz.1.2997: attempt to access beyond end of device
[  898.820961][T16273] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  899.039445][T16291] loop2: detected capacity change from 0 to 32768
[  899.065001][ T1037] bridge_slave_1: left allmulticast mode
[  899.152743][ T1037] bridge_slave_1: left promiscuous mode
[  899.164757][T14523] syz-executor: attempt to access beyond end of device
[  899.164757][T14523] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  899.164875][ T1037] bridge0: port 2(bridge_slave_1) entered disabled state
[  899.191367][    C0] eth0: bad gso: type: 1, size: 1408
[  899.222720][T14523] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  899.276795][ T1037] bridge_slave_0: left allmulticast mode
[  899.283040][T16291] XFS (loop2): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  899.286701][ T1037] bridge_slave_0: left promiscuous mode
[  899.310959][T16310] loop4: detected capacity change from 0 to 2048
[  899.312960][ T1037] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.548538][T16310] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  899.604585][T16291] XFS (loop2): Ending clean mount
[  899.628451][T16291] XFS (loop2): Quotacheck needed: Please wait.
[  899.663740][   T54] Bluetooth: hci5: command tx timeout
[  900.432638][T16291] XFS (loop2): Quotacheck: Done.
[  900.545778][T16327] loop0: detected capacity change from 0 to 1024
[  900.572810][T16310] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  900.589424][T16327] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  900.612926][T16310] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 12 with max blocks 6 with error 28
[  900.652351][T16310] EXT4-fs (loop4): This should not happen!! Data will be lost
[  900.652351][T16310] 
[  900.687164][T16327] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002]
[  900.709431][T16327] System zones: 0-1, 3-36
[  900.714037][T16310] EXT4-fs (loop4): Total free blocks count 0
[  900.735164][T16327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  900.752674][T16310] EXT4-fs (loop4): Free/Dirty block details
[  900.758624][T16310] EXT4-fs (loop4): free_blocks=2415919104
[  900.782603][T16310] EXT4-fs (loop4): dirty_blocks=32
[  900.792943][T16310] EXT4-fs (loop4): Block reservation details
[  900.955347][T16310] EXT4-fs (loop4): i_reserved_data_blocks=2
[  901.236898][T16327] EXT4-fs (loop0): Online resizing not supported with bigalloc
[  901.387618][T14341] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  901.405672][ T6300] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28
[  901.417878][T13626] XFS (loop2): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  901.663957][ T8604] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  901.751663][   T54] Bluetooth: hci5: command tx timeout
[  901.874949][ T8604] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  901.884284][ T8604] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.937367][ T8604] usb 2-1: config 0 descriptor??
[  901.971349][ T8604] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  903.377945][ T8604] gp8psk: usb in 128 operation failed.
[  903.395910][ T8604] gp8psk: usb in 137 operation failed.
[  903.403370][ T8604] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22)
[  903.414778][ T8604] dvb_usb_gp8psk 2-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22
[  903.511389][T16355] fuse: Unknown parameter '0xffffffffffffffff'
[  903.572976][   T29] audit: type=1804 audit(2000000586.143:336): pid=16355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3019" name="/newroot/125/bus/bus" dev="overlay" ino=699 res=1 errno=0
[  903.694931][T16344] fuse: Unknown parameter 'fŒ00x0000000000000006'
[  903.717075][ T8604] usb 2-1: USB disconnect, device number 25
[  903.832122][   T54] Bluetooth: hci5: command tx timeout
[  904.071819][T16362] loop0: detected capacity change from 0 to 1024
[  904.079299][ T1037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  904.089841][T16362] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  904.119538][T16362] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002]
[  904.128843][ T1037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  904.142743][T16362] System zones: 0-1, 3-36
[  904.167251][ T1037] bond0 (unregistering): Released all slaves
[  904.193454][T16362] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  904.386790][T16362] EXT4-fs (loop0): Online resizing not supported with bigalloc
[  904.484530][ T8604] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  904.516861][T14341] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  904.620453][T16282] chnl_net:caif_netlink_parms(): no params data found
[  904.682943][ T8604] usb 5-1: Using ep0 maxpacket: 32
[  904.700642][ T8604] usb 5-1: New USB device found, idVendor=10cf, idProduct=8068, bcdDevice=2e.fd
[  904.736411][ T8604] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.803518][ T8604] usb 5-1: config 0 descriptor??
[  904.840619][ T8604] vmk80xx 5-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  905.062461][T16375] loop0: detected capacity change from 0 to 16
[  905.348604][T16375] erofs: (device loop0): mounted with root inode @ nid 36.
[  905.681395][T16365] loop1: detected capacity change from 0 to 32768
[  905.868443][T16365] XFS (loop1): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  905.903132][   T54] Bluetooth: hci5: command tx timeout
[  905.960823][T16365] XFS (loop1): Ending clean mount
[  905.966778][ T1037] hsr_slave_0: left promiscuous mode
[  905.981457][T16365] XFS (loop1): Quotacheck needed: Please wait.
[  906.008491][ T1037] hsr_slave_1: left promiscuous mode
[  906.060997][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  906.097258][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_0
[  906.125957][T16365] XFS (loop1): Quotacheck: Done.
[  906.142439][    C0] eth0: bad gso: type: 1, size: 1408
[  906.143804][ T1037] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  906.160195][ T1037] batman_adv: batadv0: Removing interface: batadv_slave_1
[  906.169203][T16395] loop2: detected capacity change from 0 to 1024
[  906.227859][T16395] hfsplus: invalid catalog entry type in lookup
[  906.244204][ T1037] veth1_macvtap: left promiscuous mode
[  906.250121][ T1037] veth0_macvtap: left promiscuous mode
[  906.280402][ T1037] veth1_vlan: left promiscuous mode
[  906.294666][ T1037] veth0_vlan: left promiscuous mode
[  906.493113][T15297] hfsplus: b-tree write err: -5, ino 4
[  906.958059][ T5153] kernel write not supported for file /admmidi2 (pid: 5153 comm: kworker/1:6)
[  907.163310][ T8610] usb 5-1: USB disconnect, device number 22
[  907.189552][T14523] XFS (loop1): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6
[  907.402741][ T8601] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  907.631042][ T8601] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  907.652260][ T8601] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.682917][ T8601] usb 3-1: config 0 descriptor??
[  907.878063][T16418] loop4: detected capacity change from 0 to 1024
[  907.914932][T16418] hfsplus: invalid catalog entry type in lookup
[  907.976994][ T8601] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  907.990183][ T6300] hfsplus: b-tree write err: -5, ino 4
[  908.002975][ T8601] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  908.021101][ T8601] [drm:udl_init] *ERROR* Selecting channel failed
[  908.108098][ T8601] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  908.115044][ T8601] [drm] Initialized udl on minor 2
[  908.157311][ T8601] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  908.217120][ T8601] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  908.240102][ T5108] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  908.257895][ T8601] usb 3-1: USB disconnect, device number 25
[  908.278987][ T5108] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  908.450739][T16416] fuse: Unknown parameter 'fŒ00x0000000000000006'
[  908.473697][ T5100] Bluetooth: hci2: command 0x0406 tx timeout
[  908.552985][ T5108] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  908.972901][ T5108] usb 5-1: config 0 has no interfaces?
[  909.215049][T16429] fuse: Unknown parameter '0xffffffffffffffff'
[  909.236656][   T29] audit: type=1804 audit(2000000591.763:337): pid=16429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3041" name="/newroot/202/bus/bus" dev="overlay" ino=1121 res=1 errno=0
[  909.531464][ T5108] usb 5-1: New USB device found, idVendor=19d2, idProduct=0040, bcdDevice=85.1f
[  909.540937][ T5108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.549038][ T5108] usb 5-1: Product: syz
[  909.562599][ T5108] usb 5-1: Manufacturer: syz
[  909.572675][ T5108] usb 5-1: SerialNumber: syz
[  909.609458][ T5108] usb 5-1: config 0 descriptor??
[  909.870897][ T5153] usb 5-1: USB disconnect, device number 23
[  909.883402][ T1037] team0 (unregistering): Port device team_slave_1 removed
[  909.962675][ T5108] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  910.022652][ T1037] team0 (unregistering): Port device team_slave_0 removed
[  910.182748][ T5108] usb 3-1: Using ep0 maxpacket: 32
[  910.233364][ T5108] usb 3-1: New USB device found, idVendor=10cf, idProduct=8068, bcdDevice=2e.fd
[  910.252588][ T5108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.259811][T16416] loop0: detected capacity change from 0 to 40427
[  910.268242][ T5108] usb 3-1: config 0 descriptor??
[  910.394254][T16416] F2FS-fs (loop0): Found nat_bits in checkpoint
[  910.462412][ T5108] vmk80xx 3-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  911.028768][T16449] loop1: detected capacity change from 0 to 1024
[  911.083240][T16449] hfsplus: invalid catalog entry type in lookup
[  911.083624][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  911.156568][  T141] hfsplus: b-tree write err: -5, ino 4
[  911.182559][    C1] DEBUG: waiting rtnl_mutex for 526 jiffies.
[  911.188669][    C1] task:syz-executor    state:D stack:21728 pid:16282 tgid:16282 ppid:16268  flags:0x00004000
[  911.198926][    C1] Call Trace:
[  911.202284][    C1]  <TASK>
[  911.205297][    C1]  __schedule+0x1800/0x4a60
[  911.209993][    C1]  ? __pfx___schedule+0x10/0x10
[  911.214981][    C1]  ? __pfx_lock_release+0x10/0x10
[  911.220106][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  911.225734][    C1]  ? schedule+0x90/0x320
[  911.230064][    C1]  schedule+0x14b/0x320
[  911.234382][    C1]  schedule_preempt_disabled+0x13/0x30
[  911.239913][    C1]  __mutex_lock+0x6a4/0xd70
[  911.244522][    C1]  ? __mutex_lock+0x527/0xd70
[  911.249279][    C1]  ? rtnetlink_rcv_msg+0x6eb/0xd00
[  911.254544][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  911.259655][    C1]  ? get_rtnl_holder+0x144/0x190
[  911.265333][    C1]  rtnetlink_rcv_msg+0x6eb/0xd00
[  911.270394][    C1]  ? rtnetlink_rcv_msg+0x1a7/0xd00
[  911.275639][    C1]  ? __lock_acquire+0x1384/0x2050
[  911.280738][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  911.286533][    C1]  netlink_rcv_skb+0x1e3/0x430
[  911.291381][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  911.297067][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  911.302525][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  911.307788][    C1]  netlink_unicast+0x7f6/0x990
[  911.312684][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  911.318075][    C1]  ? __virt_addr_valid+0x183/0x530
[  911.323317][    C1]  ? __check_object_size+0x49c/0x900
[  911.328681][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  911.333936][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  911.338895][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  911.344295][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  911.350351][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  911.355425][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  911.360776][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  911.366375][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  911.372025][    C1]  __sock_sendmsg+0x221/0x270
[  911.376826][    C1]  __sys_sendto+0x3a4/0x4f0
[  911.381423][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  911.386597][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  911.392681][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  911.399166][    C1]  __x64_sys_sendto+0xde/0x100
[  911.404090][    C1]  do_syscall_64+0xf3/0x230
[  911.408858][    C1]  ? clear_bhb_loop+0x35/0x90
[  911.413635][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  911.419639][    C1] RIP: 0033:0x7f13a45778ec
[  911.424151][    C1] RSP: 002b:00007fff8daaeca0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  911.432665][    C1] RAX: ffffffffffffffda RBX: 00007f13a5234620 RCX: 00007f13a45778ec
[  911.440805][    C1] RDX: 0000000000000028 RSI: 00007f13a5234670 RDI: 0000000000000003
[  911.448880][    C1] RBP: 0000000000000000 R08: 00007fff8daaecf4 R09: 000000000000000c
[  911.456984][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  911.465071][    C1] R13: 0000000000000000 R14: 00007f13a5234670 R15: 0000000000000000
[  911.473179][    C1]  </TASK>
[  911.476265][    C1] DEBUG: holding rtnl_mutex for 555 jiffies.
[  911.482314][    C1] task:kworker/u8:6    state:D stack:20336 pid:1037  tgid:1037  ppid:2      flags:0x00004000
[  911.492639][    C1] Workqueue: netns cleanup_net
[  911.497474][    C1] Call Trace:
[  911.500809][    C1]  <TASK>
[  911.503852][    C1]  __schedule+0x1800/0x4a60
[  911.508470][    C1]  ? __pfx___schedule+0x10/0x10
[  911.513453][    C1]  ? __pfx_lock_release+0x10/0x10
[  911.518574][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  911.524568][    C1]  ? kthread_data+0x52/0xd0
[  911.529123][    C1]  ? wq_worker_sleeping+0x66/0x240
[  911.534374][    C1]  ? schedule+0x90/0x320
[  911.538671][    C1]  schedule+0x14b/0x320
[  911.543027][    C1]  synchronize_rcu_expedited+0x684/0x830
[  911.548759][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  911.555077][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  911.560422][    C1]  ? __pfx___might_resched+0x10/0x10
[  911.565810][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  911.571867][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[  911.578028][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  911.584506][    C1]  synchronize_rcu+0x11b/0x360
[  911.589319][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[  911.594696][    C1]  lockdep_unregister_key+0x4b7/0x540
[  911.600143][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  911.606137][    C1]  ? rcu_is_watching+0x15/0xb0
[  911.610946][    C1]  ? qdisc_reset+0x3bf/0x5b0
[  911.615645][    C1]  __qdisc_destroy+0x165/0x410
[  911.620499][    C1]  dev_shutdown+0x9b/0x450
[  911.625028][    C1]  unregister_netdevice_many_notify+0x97b/0x1c40
[  911.631444][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  911.638349][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  911.644370][    C1]  ? batadv_softif_destroy_netlink+0x1e3/0x270
[  911.650587][    C1]  default_device_exit_batch+0xa0f/0xa90
[  911.656382][    C1]  ? __pfx___might_resched+0x10/0x10
[  911.661741][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  911.668026][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  911.673415][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  911.679635][    C1]  cleanup_net+0x89d/0xcc0
[  911.684159][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  911.689171][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  911.694663][    C1]  ? process_scheduled_works+0x945/0x1830
[  911.700614][    C1]  process_scheduled_works+0xa2c/0x1830
[  911.706345][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  911.712410][    C1]  ? assign_work+0x364/0x3d0
[  911.717123][    C1]  worker_thread+0x86d/0xd40
[  911.721834][    C1]  ? __kthread_parkme+0x169/0x1d0
[  911.726977][    C1]  ? __pfx_worker_thread+0x10/0x10
[  911.732158][    C1]  kthread+0x2f0/0x390
[  911.736374][    C1]  ? __pfx_worker_thread+0x10/0x10
[  911.741561][    C1]  ? __pfx_kthread+0x10/0x10
[  911.746274][    C1]  ret_from_fork+0x4b/0x80
[  911.750743][    C1]  ? __pfx_kthread+0x10/0x10
[  911.755433][    C1]  ret_from_fork_asm+0x1a/0x30
[  911.760257][    C1]  </TASK>
[  911.763360][    C1] 
[  911.763360][    C1] Showing all locks held in the system:
[  911.771119][    C1] 3 locks held by kworker/1:0/25:
[  911.776238][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  911.787328][    C1]  #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  911.798443][    C1]  #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  911.798934][T16465] fuse: Unexpected value for 'default_permissions'
[  911.807554][    C1] 2 locks held by kworker/u8:5/141:
[  911.807574][    C1]  #0: ffff88801834b948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  911.807643][    C1]  #1: ffffc90002d5fd00 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  911.842944][    C1] 5 locks held by kworker/u8:6/1037:
[  911.848285][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  911.859330][    C1]  #1: ffffc90004057d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  911.869992][    C1]  #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  911.879517][    C1]  #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  911.889679][    C1]  #4: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  911.900755][    C1] 2 locks held by getty/4851:
[  911.905547][    C1]  #0: ffff88802ae170a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  911.915477][    C1]  #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  911.925779][    C1] 1 lock held by syz-executor/14301:
[  911.931127][    C1] 1 lock held by syz-executor/16282:
[  911.936562][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00
[  911.946143][    C1] 2 locks held by syz.2.3043/16432:
[  911.949646][T16468] Cannot find add_set index 0 as target
[  911.951390][    C1]  #0: ffffc9000baa7b40 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[  911.967177][    C1]  #1: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  911.977232][    C1] 1 lock held by syz.2.3043/16433:
[  911.982411][    C1] 1 lock held by syz.1.3052/16460:
[  911.987731][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00
[  911.997321][    C1] 
[  911.999682][    C1] =============================================
[  911.999682][    C1] 
[  912.777276][ T5108] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  912.978572][ T5108] usb 1-1: config 0 has no interfaces?
[  912.986902][ T5108] usb 1-1: New USB device found, idVendor=19d2, idProduct=0040, bcdDevice=85.1f
[  913.022535][    C1] DEBUG: waiting rtnl_mutex for 617 jiffies.
[  913.028635][    C1] task:kworker/1:0     state:D stack:19824 pid:25    tgid:25    ppid:2      flags:0x00004000
[  913.038913][    C1] Workqueue: events linkwatch_event
[  913.044197][    C1] Call Trace:
[  913.047472][    C1]  <TASK>
[  913.050478][    C1]  __schedule+0x1800/0x4a60
[  913.055023][    C1]  ? __pfx___schedule+0x10/0x10
[  913.060121][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  913.066118][    C1]  ? __pfx_lock_release+0x10/0x10
[  913.071158][    C1]  ? kick_pool+0x45c/0x620
[  913.075617][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  913.080829][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  913.086061][    C1]  ? schedule+0x90/0x320
[  913.090290][    C1]  schedule+0x14b/0x320
[  913.094454][    C1]  schedule_preempt_disabled+0x13/0x30
[  913.099897][    C1]  __mutex_lock+0x6a4/0xd70
[  913.104425][    C1]  ? __mutex_lock+0x527/0xd70
[  913.109092][    C1]  ? linkwatch_event+0xe/0x60
[  913.113800][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  913.118836][    C1]  ? get_rtnl_holder+0x144/0x190
[  913.123778][    C1]  ? process_scheduled_works+0x945/0x1830
[  913.129500][    C1]  linkwatch_event+0xe/0x60
[  913.134042][    C1]  process_scheduled_works+0xa2c/0x1830
[  913.139637][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  913.145648][    C1]  ? assign_work+0x364/0x3d0
[  913.150231][    C1]  worker_thread+0x86d/0xd40
[  913.154861][    C1]  ? __kthread_parkme+0x169/0x1d0
[  913.159878][    C1]  ? __pfx_worker_thread+0x10/0x10
[  913.165010][    C1]  kthread+0x2f0/0x390
[  913.169093][    C1]  ? __pfx_worker_thread+0x10/0x10
[  913.174215][    C1]  ? __pfx_kthread+0x10/0x10
[  913.178796][    C1]  ret_from_fork+0x4b/0x80
[  913.183228][    C1]  ? __pfx_kthread+0x10/0x10
[  913.187828][    C1]  ret_from_fork_asm+0x1a/0x30
[  913.192658][    C1]  </TASK>
[  913.195711][    C1] DEBUG: waiting rtnl_mutex for 727 jiffies.
[  913.201976][    C1] task:syz-executor    state:D stack:21728 pid:16282 tgid:16282 ppid:16268  flags:0x00004000
[  913.212181][    C1] Call Trace:
[  913.215478][    C1]  <TASK>
[  913.218428][    C1]  __schedule+0x1800/0x4a60
[  913.223045][    C1]  ? __pfx___schedule+0x10/0x10
[  913.227893][    C1]  ? __pfx_lock_release+0x10/0x10
[  913.232985][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[  913.238557][    C1]  ? schedule+0x90/0x320
[  913.242814][    C1]  schedule+0x14b/0x320
[  913.247044][    C1]  schedule_preempt_disabled+0x13/0x30
[  913.252880][    C1]  __mutex_lock+0x6a4/0xd70
[  913.257373][    C1]  ? __mutex_lock+0x527/0xd70
[  913.262304][    C1]  ? rtnetlink_rcv_msg+0x6eb/0xd00
[  913.267454][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  913.272514][    C1]  ? get_rtnl_holder+0x144/0x190
[  913.277499][    C1]  rtnetlink_rcv_msg+0x6eb/0xd00
[  913.282599][    C1]  ? rtnetlink_rcv_msg+0x1a7/0xd00
[  913.287760][    C1]  ? __lock_acquire+0x1384/0x2050
[  913.292806][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  913.298280][    C1]  netlink_rcv_skb+0x1e3/0x430
[  913.303085][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  913.308541][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  913.314122][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  913.319348][    C1]  netlink_unicast+0x7f6/0x990
[  913.324136][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  913.329417][    C1]  ? __virt_addr_valid+0x183/0x530
[  913.334555][    C1]  ? __check_object_size+0x49c/0x900
[  913.339825][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[  913.344950][    C1]  netlink_sendmsg+0x8e4/0xcb0
[  913.349704][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  913.355012][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  913.360985][    C1]  ? aa_sock_msg_perm+0x91/0x160
[  913.365946][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  913.371235][    C1]  ? security_socket_sendmsg+0x87/0xb0
[  913.376722][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  913.382005][    C1]  __sock_sendmsg+0x221/0x270
[  913.386718][    C1]  __sys_sendto+0x3a4/0x4f0
[  913.391212][    C1]  ? __pfx___sys_sendto+0x10/0x10
[  913.396342][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  913.402331][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  913.408689][    C1]  __x64_sys_sendto+0xde/0x100
[  913.413464][    C1]  do_syscall_64+0xf3/0x230
[  913.417989][    C1]  ? clear_bhb_loop+0x35/0x90
[  913.422679][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.428561][    C1] RIP: 0033:0x7f13a45778ec
[  913.432989][    C1] RSP: 002b:00007fff8daaeca0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  913.441668][    C1] RAX: ffffffffffffffda RBX: 00007f13a5234620 RCX: 00007f13a45778ec
[  913.449652][    C1] RDX: 0000000000000028 RSI: 00007f13a5234670 RDI: 0000000000000003
[  913.457641][    C1] RBP: 0000000000000000 R08: 00007fff8daaecf4 R09: 000000000000000c
[  913.465622][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  913.473610][    C1] R13: 0000000000000000 R14: 00007f13a5234670 R15: 0000000000000000
[  913.481577][    C1]  </TASK>
[  913.484622][    C1] DEBUG: holding rtnl_mutex for 756 jiffies.
[  913.490579][    C1] task:kworker/u8:6    state:D stack:20336 pid:1037  tgid:1037  ppid:2      flags:0x00004000
[  913.500758][    C1] Workqueue: netns cleanup_net
[  913.505539][    C1] Call Trace:
[  913.508822][    C1]  <TASK>
[  913.511750][    C1]  __schedule+0x1800/0x4a60
[  913.516321][    C1]  ? __pfx___schedule+0x10/0x10
[  913.521214][    C1]  ? __pfx_lock_release+0x10/0x10
[  913.526255][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  913.532141][    C1]  ? kthread_data+0x52/0xd0
[  913.536665][    C1]  ? wq_worker_sleeping+0x66/0x240
[  913.541765][    C1]  ? schedule+0x90/0x320
[  913.546016][    C1]  schedule+0x14b/0x320
[  913.550165][    C1]  synchronize_rcu_expedited+0x684/0x830
[  913.555821][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  913.561977][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  913.567265][    C1]  ? __pfx___might_resched+0x10/0x10
[  913.572579][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  913.578555][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[  913.584663][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  913.591250][    C1]  synchronize_rcu+0x11b/0x360
[  913.596057][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[  913.601358][    C1]  lockdep_unregister_key+0x4b7/0x540
[  913.606742][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[  913.612643][    C1]  ? rcu_is_watching+0x15/0xb0
[  913.617410][    C1]  ? qdisc_reset+0x3bf/0x5b0
[  913.622082][    C1]  __qdisc_destroy+0x165/0x410
[  913.626861][    C1]  dev_shutdown+0x9b/0x450
[  913.631269][    C1]  unregister_netdevice_many_notify+0x97b/0x1c40
[  913.637628][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  913.644408][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[  913.650291][    C1]  ? batadv_softif_destroy_netlink+0x1e3/0x270
[  913.656463][    C1]  default_device_exit_batch+0xa0f/0xa90
[  913.662101][    C1]  ? __pfx___might_resched+0x10/0x10
[  913.667416][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  913.673584][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[  913.678852][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[  913.685025][    C1]  cleanup_net+0x89d/0xcc0
[  913.689434][    C1]  ? __pfx_cleanup_net+0x10/0x10
[  913.694385][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  913.699754][    C1]  ? process_scheduled_works+0x945/0x1830
[  913.705505][    C1]  process_scheduled_works+0xa2c/0x1830
[  913.711056][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  913.717055][    C1]  ? assign_work+0x364/0x3d0
[  913.721673][    C1]  worker_thread+0x86d/0xd40
[  913.726293][    C1]  ? __kthread_parkme+0x169/0x1d0
[  913.731311][    C1]  ? __pfx_worker_thread+0x10/0x10
[  913.736447][    C1]  kthread+0x2f0/0x390
[  913.740502][    C1]  ? __pfx_worker_thread+0x10/0x10
[  913.745714][    C1]  ? __pfx_kthread+0x10/0x10
[  913.750291][    C1]  ret_from_fork+0x4b/0x80
[  913.754763][    C1]  ? __pfx_kthread+0x10/0x10
[  913.759345][    C1]  ret_from_fork_asm+0x1a/0x30
[  913.764131][    C1]  </TASK>
[  913.767183][    C1] 
[  913.767183][    C1] Showing all locks held in the system:
[  913.774986][    C1] 3 locks held by kworker/1:0/25:
[  913.779997][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  913.791094][    C1]  #1: ffffc900001f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  913.802202][    C1]  #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  913.811223][    C1] 3 locks held by kworker/u8:3/52:
[  913.816445][    C1] 5 locks held by kworker/u8:6/1037:
[  913.821853][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  913.832771][    C1]  #1: ffffc90004057d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  913.843339][    C1]  #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  913.852773][    C1]  #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  913.862799][    C1]  #4: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  913.873728][    C1] 2 locks held by getty/4851:
[  913.878391][    C1]  #0: ffff88802ae170a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  913.888299][    C1]  #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  913.898520][    C1] 3 locks held by kworker/1:3/5108:
[  913.903754][    C1] 1 lock held by syz-executor/16282:
[  913.909194][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00
[  913.918797][    C1] 1 lock held by syz.2.3043/16433:
[  913.923917][    C1] 1 lock held by syz.1.3052/16460:
[  913.929010][    C1]  #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00
[  913.938448][    C1] 
[  913.940754][    C1] =============================================
[  913.940754][    C1] 
[  913.953761][ T5108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.961920][ T5108] usb 1-1: Product: syz
[  913.972720][ T5108] usb 1-1: Manufacturer: syz
[  913.982678][ T5108] usb 1-1: SerialNumber: syz
[  913.994171][ T5108] usb 1-1: config 0 descriptor??
[  914.031613][ T8604] usb 3-1: USB disconnect, device number 26
[  914.338473][ T8604] usb 1-1: USB disconnect, device number 23
[  914.368956][T16282] bridge0: port 1(bridge_slave_0) entered blocking state
[  914.392387][T16282] bridge0: port 1(bridge_slave_0) entered disabled state
[  914.413148][T16282] bridge_slave_0: entered allmulticast mode
[  914.430401][T16282] bridge_slave_0: entered promiscuous mode
[  914.436539][T13291] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  914.447971][T16460] veth1_macvtap: left promiscuous mode
[  914.471525][T16282] bridge0: port 2(bridge_slave_1) entered blocking state
[  914.479106][T16282] bridge0: port 2(bridge_slave_1) entered disabled state
[  914.492970][T16282] bridge_slave_1: entered allmulticast mode
[  914.538293][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[  914.540941][T16282] bridge_slave_1: entered promiscuous mode
[  914.587103][T16494] loop2: detected capacity change from 0 to 1024
[  914.619103][T16494] EXT4-fs: Ignoring removed nobh option
[  914.655036][T16282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  914.671900][T16282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  914.697207][T13291] usb 5-1: Using ep0 maxpacket: 32
[  914.705729][T16494] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  914.720745][T13291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  914.732000][T13291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  914.743441][T13291] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  914.752962][T13291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  914.777378][T13291] usb 5-1: config 0 descriptor??
[  914.783583][T16483] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  914.793338][T13291] hub 5-1:0.0: USB hub found
[  914.896139][T16282] team0: Port device team_slave_0 added
[  914.921923][T16282] team0: Port device team_slave_1 added
[  914.943218][T13626] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  914.990098][T16282] batman_adv: batadv0: Adding interface: batadv_slave_0
[  914.994801][T13291] hub 5-1:0.0: 2 ports detected
[  915.010632][T16282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  915.036704][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.091931][T16282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  915.107382][T16499] Cannot find add_set index 0 as target
[  915.117599][T16282] batman_adv: batadv0: Adding interface: batadv_slave_1
[  915.142231][T16282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  915.168179][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.202624][T16282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  915.230232][T13291] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  915.247107][T13291] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  915.298731][T13291] usbhid 5-1:0.0: can't add hid device: -71
[  915.313653][T13291] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  915.372929][T13291] usb 5-1: USB disconnect, device number 24
[  915.403145][T16282] hsr_slave_0: entered promiscuous mode
[  915.444055][T16282] hsr_slave_1: entered promiscuous mode
[  915.469157][T16282] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  915.490710][T16282] Cannot create hsr debugfs directory
[  916.105148][T16532] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  916.191014][ T5108] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  916.262688][ T5150] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  916.404864][ T5108] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  916.421095][T16282] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  916.428350][ T5108] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  916.443124][T13291] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  916.455570][ T5108] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  916.458588][T16282] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  916.471960][ T5108] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.482092][T16536] loop2: detected capacity change from 0 to 1024
[  916.491117][ T5150] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  916.507717][ T5150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.510969][T16282] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  916.547116][ T5150] usb 1-1: config 0 descriptor??
[  916.558183][T16527] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  916.599592][T16282] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  916.643799][T13291] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  916.682234][T13291] usb 5-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  916.703460][T13291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.735453][T13291] usb 5-1: config 0 descriptor??
[  916.842860][ T5150] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  916.851514][ T5150] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  916.865374][T16282] 8021q: adding VLAN 0 to HW filter on device bond0
[  916.907625][ T5150] [drm:udl_init] *ERROR* Selecting channel failed
[  916.991470][T16282] 8021q: adding VLAN 0 to HW filter on device team0
[  916.993058][ T5150] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  917.034231][ T5150] [drm] Initialized udl on minor 2
[  917.085904][ T8602] bridge0: port 1(bridge_slave_0) entered blocking state
[  917.093383][ T8602] bridge0: port 1(bridge_slave_0) entered forwarding state
[  917.116807][T16541] loop2: detected capacity change from 0 to 256
[  917.124211][ T5150] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  917.146775][T16543] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(9)
[  917.153333][T16543] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  917.165471][T16543] vhci_hcd vhci_hcd.0: Device attached
[  917.193270][ T5150] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  917.199611][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state
[  917.207025][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  917.282181][ T5150] usb 1-1: USB disconnect, device number 24
[  917.288665][   T25] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  917.314806][   T29] audit: type=1800 audit(2000000599.993:338): pid=16541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3082" name="bus" dev="loop2" ino=1048844 res=0 errno=0
[  917.315223][   T25] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  917.392730][ T8602] vhci_hcd: vhci_device speed not set
[  917.468657][   T25] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  917.483475][ T8602] usb 17-2: new full-speed USB device number 5 using vhci_hcd
[  917.686833][   T25] usb 2-1: USB disconnect, device number 26
[  918.216618][T16282] 8021q: adding VLAN 0 to HW filter on device batadv0
[  918.349542][T16282] veth0_vlan: entered promiscuous mode
[  918.380227][T16282] veth1_vlan: entered promiscuous mode
[  918.442633][ T5154] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  918.494260][T16282] veth0_macvtap: entered promiscuous mode
[  918.516043][T16282] veth1_macvtap: entered promiscuous mode
[  918.531882][T16544] vhci_hcd: connection reset by peer
[  918.555223][T13291] usb 5-1: string descriptor 0 read error: -71
[  918.565659][ T6300] vhci_hcd: stop threads
[  918.569952][ T6300] vhci_hcd: release socket
[  918.585229][T13291] usb 5-1: USB disconnect, device number 25
[  918.592997][ T6300] vhci_hcd: disconnect device
[  918.599922][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.617875][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.628357][ T5154] usb 1-1: Using ep0 maxpacket: 32
[  918.640524][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.659729][ T5154] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  918.674666][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.685317][ T5154] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  918.696680][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.708517][ T5154] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  918.720355][   T54] Bluetooth: hci4: unexpected event for opcode 0x0c25
[  918.728456][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.738868][ T5154] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  918.747342][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.760056][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.770893][ T5154] usb 1-1: config 0 descriptor??
[  918.781901][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.796602][T16557] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  918.803681][T16564] loop2: detected capacity change from 0 to 2048
[  918.812726][ T5154] hub 1-1:0.0: USB hub found
[  918.813460][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.862102][T16282] batman_adv: batadv0: Interface activated: batadv_slave_0
[  918.901753][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  918.963089][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.995393][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  919.018934][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.032862][ T5154] hub 1-1:0.0: 2 ports detected
[  919.045219][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  919.058481][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.092978][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  919.134683][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.152558][T16282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  919.169512][T16282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.211405][T16282] batman_adv: batadv0: Interface activated: batadv_slave_1
[  919.271889][ T5154] hub 1-1:0.0: hub_hub_status failed (err = -71)
[  919.299498][ T5154] hub 1-1:0.0: config failed, can't get hub status (err -71)
[  919.301177][T16282] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  919.340689][ T5154] usbhid 1-1:0.0: can't add hid device: -71
[  919.355073][ T5154] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  919.387218][T16282] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  919.405106][ T5154] usb 1-1: USB disconnect, device number 25
[  919.430835][T16282] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  919.464982][T16282] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  919.567126][T16577] loop4: detected capacity change from 0 to 256
[  919.753628][T15298] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  919.786277][T15298] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  919.884527][T15298] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  919.901551][T15298] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  921.227989][T16600] team_slave_0: entered promiscuous mode
[  921.234685][T16600] team_slave_1: entered promiscuous mode
[  921.275924][T16600] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  921.347653][T16600] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  921.414319][T16611] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  922.240641][ T8601] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  922.264936][T16600] bond0: entered promiscuous mode
[  922.270216][T16600] bond_slave_0: entered promiscuous mode
[  922.276698][T16600] bond_slave_1: entered promiscuous mode
[  922.312901][ T5160] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  922.391425][T16600] macvlan2: entered promiscuous mode
[  922.447381][T16600] team0: entered promiscuous mode
[  922.509801][ T5100] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  922.599055][ T5160] usb 2-1: too many configurations: 12, using maximum allowed: 8
[  922.622823][ T8602] vhci_hcd: vhci_device speed not set
[  922.624302][ T8601] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  922.669008][ T8601] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  922.674717][ T5160] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  922.701215][ T8601] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  922.724314][ T8601] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.727397][ T5160] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.760361][ T5160] usb 2-1: config 0 descriptor??
[  922.766039][T16597] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  922.784257][ T5100] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  922.793575][ T5100] Bluetooth: hci4: Injecting HCI hardware error event
[  922.808050][ T5106] Bluetooth: hci4: hardware error 0x00
[  923.263029][ T5100] Bluetooth: hci1: command tx timeout
[  923.309411][T16630] batman_adv: batadv0: Adding interface: ipvlan2
[  923.362716][T16630] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  923.507449][T16630] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[  923.607941][T16635] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(9)
[  923.614508][T16635] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  923.648083][T16635] vhci_hcd vhci_hcd.0: Device attached
[  923.799765][ T8602] usb 3-1: USB disconnect, device number 27
[  923.842690][ T5154] vhci_hcd: vhci_device speed not set
[  923.903297][ T5100] Bluetooth: hci3: command 0x0406 tx timeout
[  923.935717][ T5154] usb 11-2: new full-speed USB device number 6 using vhci_hcd
[  924.419359][T16636] vhci_hcd: connection reset by peer
[  924.423085][ T5160] usb 2-1: string descriptor 0 read error: -71
[  924.445182][   T52] vhci_hcd: stop threads
[  924.453576][   T52] vhci_hcd: release socket
[  924.460896][ T5160] usb 2-1: USB disconnect, device number 27
[  924.470145][   T52] vhci_hcd: disconnect device
[  924.489629][T16653] loop4: detected capacity change from 0 to 256
[  924.848172][T16657] loop4: detected capacity change from 0 to 4096
[  924.858493][T16657] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  924.864468][ T5106] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  924.928907][   T29] audit: type=1804 audit(2000000607.603:339): pid=16661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3120" name="/newroot/5/bus/file0" dev="overlay" ino=53 res=1 errno=0
[  924.959841][T16657] ntfs3: loop4: mft corrupted
[  924.980058][T16657] ntfs3: loop4: Failed to load $Extend (-22).
[  924.990083][T16657] ntfs3: loop4: Failed to initialize $Extend.
[  925.056863][T16657] ntfs3: loop4: ino=1e, "file1" failed to parse mft record
[  925.065010][T16657] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  925.082839][   T25] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  925.099622][T16657] ntfs3: loop4: ino=1e, "file1" attr_set_size
[  925.207431][T16671] batman_adv: batadv0: Adding interface: ipvlan2
[  925.214328][T16671] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  925.241692][T16671] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[  925.302565][   T25] usb 1-1: Using ep0 maxpacket: 8
[  925.317588][   T25] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  925.333799][ T5106] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  925.341894][   T25] usb 1-1: config 179 has no interface number 0
[  925.351372][   T25] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  925.363515][   T25] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  925.387585][   T25] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  925.420841][   T25] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  925.471074][   T25] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  925.524182][   T25] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  925.570120][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  925.618038][T16659] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  925.722938][ T5108] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  925.877552][   T25] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input36
[  925.932837][ T5108] usb 4-1: Using ep0 maxpacket: 32
[  925.961919][ T5108] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  925.978081][ T5108] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  925.994671][ T5108] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  926.007494][ T5108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.023853][ T5108] usb 4-1: config 0 descriptor??
[  926.030162][T16682] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  926.040219][ T5108] hub 4-1:0.0: USB hub found
[  926.106265][   T29] audit: type=1804 audit(2000000608.783:340): pid=16690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3132" name="/newroot/129/bus/file0" dev="overlay" ino=716 res=1 errno=0
[  926.116821][   T25] usb 1-1: USB disconnect, device number 26
[  926.116868][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  926.142467][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  926.170651][   T25] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  926.446438][T16697] loop2: detected capacity change from 0 to 8
[  926.541011][ T5108] hub 4-1:0.0: 2 ports detected
[  926.945732][ T5108] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  926.961723][ T5108] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  926.995007][ T5108] usbhid 4-1:0.0: can't add hid device: -71
[  927.010166][ T5108] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  927.065510][ T5108] usb 4-1: USB disconnect, device number 22
[  927.153686][T16705] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  927.523705][ T5160] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  927.666244][T16720] Bluetooth: MGMT ver 1.23
[  927.739530][ T5160] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  927.894640][T16723] loop3: detected capacity change from 0 to 1024
[  928.397702][T16723] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  928.413145][T16723] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  928.652818][ T5160] usb 5-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  928.676473][ T5160] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.686182][ T5160] usb 5-1: config 0 descriptor??
[  928.703539][T16723] jbd2_journal_init_inode: Cannot locate journal superblock
[  928.710881][T16723] EXT4-fs (loop3): Could not load journal inode
[  929.202980][ T5154] vhci_hcd: vhci_device speed not set
[  930.006454][T16741] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(9)
[  930.013024][T16741] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  930.051090][T16741] vhci_hcd vhci_hcd.0: Device attached
[  930.162802][ T5108] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  930.262806][ T5153] vhci_hcd: vhci_device speed not set
[  930.347234][ T5153] usb 17-2: new full-speed USB device number 6 using vhci_hcd
[  930.372749][ T5108] usb 1-1: Using ep0 maxpacket: 8
[  930.394639][ T5108] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  930.412841][ T5108] usb 1-1: config 179 has no interface number 0
[  930.419558][ T5108] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  930.451858][ T5108] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  930.514930][ T5108] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  930.530193][T16743] vhci_hcd: connection reset by peer
[  930.541629][ T5108] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  930.562611][ T5108] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  930.582888][ T5108] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  930.620161][ T5108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.810822][ T5160] usb 5-1: string descriptor 0 read error: -71
[  930.823921][ T5160] usb 5-1: USB disconnect, device number 26
[  930.827600][T16737] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  930.863123][ T6300] vhci_hcd: stop threads
[  930.870910][ T6300] vhci_hcd: release socket
[  930.889113][ T6300] vhci_hcd: disconnect device
[  930.972705][ T5154] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  931.172635][ T5154] usb 3-1: Using ep0 maxpacket: 32
[  931.216614][ T5154] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  931.222916][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3157'.
[  931.238679][ T5154] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  931.262425][ T5154] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  931.270380][ T5108] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input37
[  931.272406][ T5154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.315846][ T5154] usb 3-1: config 0 descriptor??
[  931.321808][T16757] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  931.368210][ T5154] hub 3-1:0.0: USB hub found
[  931.522776][ T5160] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  931.570601][ T5154] hub 3-1:0.0: 2 ports detected
[  931.634414][ T5108] usb 1-1: USB disconnect, device number 27
[  931.634469][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  931.634509][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  931.680404][ T5108] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  931.736375][ T5160] usb 2-1: Using ep0 maxpacket: 8
[  931.750382][ T5160] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d
[  931.772970][ T5160] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.797093][ T5160] usb 2-1: Product: syz
[  931.814198][ T5160] usb 2-1: Manufacturer: syz
[  931.818913][ T5160] usb 2-1: SerialNumber: syz
[  931.835417][ T5154] hub 3-1:0.0: hub_hub_status failed (err = -71)
[  931.841845][ T5154] hub 3-1:0.0: config failed, can't get hub status (err -71)
[  931.863742][ T5160] usb 2-1: config 0 descriptor??
[  931.884806][ T5154] usbhid 3-1:0.0: can't add hid device: -71
[  931.890995][ T5154] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  931.966521][ T5154] usb 3-1: USB disconnect, device number 28
[  931.993170][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  931.999773][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  932.126140][ T5160] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  932.146278][ T5160] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  932.162250][ T5160] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  932.172681][ T5160] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  932.184305][ T5160] usb 2-1: USB disconnect, device number 28
[  932.402625][ T5108] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  932.559540][T16794] loop2: detected capacity change from 0 to 512
[  932.598846][ T5108] usb 5-1: config 0 has an invalid interface number: 80 but max is 0
[  932.616347][T16794] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.3169: corrupted in-inode xattr: invalid ea_ino
[  932.620584][ T5108] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  932.652546][ T5108] usb 5-1: config 0 has no interface number 0
[  932.652675][T16794] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.3169: couldn't read orphan inode 15 (err -117)
[  932.659582][ T5108] usb 5-1: config 0 interface 80 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  932.681782][ T5108] usb 5-1: config 0 interface 80 altsetting 0 has a duplicate endpoint with address 0x81, skipping
[  932.693823][ T5108] usb 5-1: config 0 interface 80 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  932.724397][T16794] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  932.728717][ T5108] usb 5-1: New USB device found, idVendor=15e8, idProduct=9110, bcdDevice=23.10
[  932.757438][ T5108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  932.770804][ T5108] usb 5-1: Product: syz
[  932.775212][ T5108] usb 5-1: Manufacturer: syz
[  932.780815][ T5108] usb 5-1: SerialNumber: syz
[  932.794702][ T5108] usb 5-1: config 0 descriptor??
[  932.800496][ T5160] kernel write not supported for file /dsp (pid: 5160 comm: kworker/0:6)
[  932.841210][T16794] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.3169: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  932.878113][T16794] EXT4-fs error (device loop2): ext4_lookup:1815: inode #2: comm syz.2.3169: deleted inode referenced: 15
[  932.893320][T16794] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.3169: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  932.956570][T16812] overlayfs: failed to resolve './file2': -2
[  933.029720][ T5108] pegasus 5-1:0.80: probe with driver pegasus failed with error -71
[  933.060491][ T5108] usb 5-1: USB disconnect, device number 27
[  933.125581][T13626] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  933.373890][T16828] netlink: 'syz.2.3182': attribute type 9 has an invalid length.
[  933.382406][T16828] netlink: 399 bytes leftover after parsing attributes in process `syz.2.3182'.
[  933.585964][ T5108] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  933.782242][ T5108] usb 4-1: config 0 has no interfaces?
[  933.795245][ T5108] usb 4-1: New USB device found, idVendor=19d2, idProduct=0040, bcdDevice=85.1f
[  933.933583][ T5108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.942046][ T5108] usb 4-1: Product: syz
[  933.952583][ T5108] usb 4-1: Manufacturer: syz
[  933.957543][ T5108] usb 4-1: SerialNumber: syz
[  933.978533][ T5108] usb 4-1: config 0 descriptor??
[  934.693578][T16845] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  935.728179][T16847] loop4: detected capacity change from 0 to 164
[  935.876288][T16847] rock: directory entry would overflow storage
[  935.942966][T16847] rock: sig=0x4f50, size=4, remaining=3
[  935.952575][T13395] usb 4-1: USB disconnect, device number 23
[  935.978671][T16847] iso9660: Corrupted directory entry in block 4 of inode 1792
[  935.982631][ T5153] vhci_hcd: vhci_device speed not set
[  936.139013][T16854] team_slave_0: entered promiscuous mode
[  936.144877][T16854] team_slave_1: entered promiscuous mode
[  936.177715][T16854] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  936.204936][T16854] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  936.333827][T16866] loop2: detected capacity change from 0 to 1024
[  936.353441][T16866] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  936.390758][T16866] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  936.408800][T16854] bond0: entered promiscuous mode
[  936.424216][T16866] jbd2_journal_init_inode: Cannot locate journal superblock
[  936.431968][T16854] bond_slave_0: entered promiscuous mode
[  936.442125][T16866] EXT4-fs (loop2): Could not load journal inode
[  936.449094][T16854] bond_slave_1: entered promiscuous mode
[  936.468364][T16854] macvlan2: entered promiscuous mode
[  936.478424][T16854] team0: entered promiscuous mode
[  936.752807][T13395] usb 2-1: new low-speed USB device number 29 using dummy_hcd
[  937.107699][T13395] usb 2-1: config 0 has too many interfaces: 243, using maximum allowed: 32
[  937.322032][T13395] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 243
[  937.488802][T13395] usb 2-1: string descriptor 0 read error: -22
[  937.512803][T13395] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  937.521968][T13395] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.623528][T13395] usb 2-1: config 0 descriptor??
[  937.668166][T16880] No such timeout policy "syz0"
[  937.820688][T16883] loop3: detected capacity change from 0 to 512
[  937.903213][T16883] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.3203: corrupted in-inode xattr: invalid ea_ino
[  937.973118][T13291] usb 2-1: USB disconnect, device number 29
[  937.979259][T16883] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3203: couldn't read orphan inode 15 (err -117)
[  938.066527][T16883] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  938.273438][T16883] EXT4-fs error (device loop3): ext4_find_dest_de:2067: inode #2: block 13: comm syz.3.3203: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  938.315969][T16883] EXT4-fs error (device loop3): ext4_lookup:1815: inode #2: comm syz.3.3203: deleted inode referenced: 15
[  938.363200][T16883] EXT4-fs error (device loop3): ext4_find_dest_de:2067: inode #2: block 13: comm syz.3.3203: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  938.430370][T16883] overlayfs: failed to resolve './file2': -2
[  938.445977][T16895] loop4: detected capacity change from 0 to 128
[  938.484507][T16895] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  938.518169][T16895] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  938.610406][T16282] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  938.841923][    C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN PTI
[  938.841952][    C0] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
[  938.841970][    C0] CPU: 0 UID: 0 PID: 16901 Comm: syz.3.3208 Not tainted 6.10.0-next-20240718-syzkaller #0
[  938.841991][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  938.842003][    C0] RIP: 0010:__cpu_map_flush+0x42/0xd0
[  938.842037][    C0] Code: e8 13 8c d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 ad f9 3d 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 8f f9 3d 00 4c 8b 23 48 8d 7b c0
[  938.842055][    C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010203
[  938.842075][    C0] RAX: 0000000000000008 RBX: 0000000000000046 RCX: ffff888020780000
[  938.842090][    C0] RDX: 0000000080000102 RSI: 0000000000000000 RDI: ffffc9000384f1a0
[  938.842104][    C0] RBP: dffffc0000000000 R08: ffffffff896d3a3a R09: 1ffffffff1f5f995
[  938.842120][    C0] R10: dffffc0000000000 R11: fffffbfff1f5f996 R12: ffffc9000384f1a0
[  938.842135][    C0] R13: ffffc9000384f160 R14: ffffc9000384f1a0 R15: dffffc0000000000
[  938.842149][    C0] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  938.842166][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  938.842180][    C0] CR2: 00007f329edffed8 CR3: 000000007170a000 CR4: 00000000003506f0
[  938.842197][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  938.842209][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  938.842222][    C0] Call Trace:
[  938.842230][    C0]  <IRQ>
[  938.842239][    C0]  ? __die_body+0x88/0xe0
[  938.842269][    C0]  ? die_addr+0x108/0x140
[  938.842296][    C0]  ? exc_general_protection+0x3dd/0x5d0
[  938.842330][    C0]  ? asm_exc_general_protection+0x26/0x30
[  938.842355][    C0]  ? xdp_do_check_flushed+0x10a/0x240
[  938.842383][    C0]  ? __cpu_map_flush+0x42/0xd0
[  938.842408][    C0]  xdp_do_check_flushed+0x136/0x240
[  938.842437][    C0]  __napi_poll+0xe4/0x490
[  938.842466][    C0]  net_rx_action+0x89b/0x1240
[  938.842500][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  938.842525][    C0]  ? sched_clock+0x4a/0x70
[  938.842553][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  938.842585][    C0]  handle_softirqs+0x2c4/0x970
[  938.842616][    C0]  ? __irq_exit_rcu+0xf4/0x1c0
[  938.842641][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  938.842663][    C0]  ? irqtime_account_irq+0xd4/0x1e0
[  938.842691][    C0]  __irq_exit_rcu+0xf4/0x1c0
[  938.842714][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  938.842741][    C0]  irq_exit_rcu+0x9/0x30
[  938.842764][    C0]  common_interrupt+0xaa/0xd0
[  938.842786][    C0]  </IRQ>
[  938.842794][    C0]  <TASK>
[  938.842801][    C0]  asm_common_interrupt+0x26/0x40
[  938.842824][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[  938.842850][    C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 ce cf 5c f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> c3 69 c4 f5 65 8b 05 04 5f 65 74 85 c0 74 43 48 c7 04 24 0e 36
[  938.842867][    C0] RSP: 0018:ffffc9000384f9c0 EFLAGS: 00000206
[  938.842884][    C0] RAX: a1c08e7522236200 RBX: 1ffff92000709f3c RCX: ffffffff94807903
[  938.842900][    C0] RDX: dffffc0000000000 RSI: ffffffff8bcad5c0 RDI: 0000000000000001
[  938.842915][    C0] RBP: ffffc9000384fa60 R08: ffffffff8fafccaf R09: 1ffffffff1f5f995
[  938.842931][    C0] R10: dffffc0000000000 R11: fffffbfff1f5f996 R12: dffffc0000000000
[  938.842946][    C0] R13: 1ffff92000709f38 R14: ffffc9000384f9e0 R15: 0000000000000246
[  938.842970][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  938.842993][    C0]  ? percpu_ref_put+0x19/0x180
[  938.843015][    C0]  ? percpu_ref_put+0xfa/0x180
[  938.843041][    C0]  exit_tasks_rcu_start+0x1d6/0x280
[  938.843064][    C0]  do_exit+0xa54/0x27f0
[  938.843085][    C0]  ? __pfx_do_exit+0x10/0x10
[  938.843103][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  938.843127][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  938.843155][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  938.843181][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[  938.843206][    C0]  do_group_exit+0x207/0x2c0
[  938.843225][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  938.843245][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  938.843269][    C0]  get_signal+0x16a1/0x1740
[  938.843300][    C0]  ? __pfx_get_signal+0x10/0x10
[  938.843326][    C0]  arch_do_signal_or_restart+0x96/0x830
[  938.843353][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  938.843377][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  938.843409][    C0]  ? syscall_exit_to_user_mode+0xa3/0x370
[  938.843438][    C0]  syscall_exit_to_user_mode+0xc9/0x370
[  938.843466][    C0]  do_syscall_64+0x100/0x230
[  938.843494][    C0]  ? clear_bhb_loop+0x35/0x90
[  938.843518][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.843541][    C0] RIP: 0033:0x7f13a4575b59
[  938.843557][    C0] Code: Unable to access opcode bytes at 0x7f13a4575b2f.
[  938.843568][    C0] RSP: 002b:00007f13a53300f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  938.843588][    C0] RAX: fffffffffffffe00 RBX: 00007f13a4705f68 RCX: 00007f13a4575b59
[  938.843610][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f13a4705f68
[  938.843623][    C0] RBP: 00007f13a4705f60 R08: 00007f13a53306c0 R09: 00007f13a53306c0
[  938.843634][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13a4705f6c
[  938.843648][    C0] R13: 000000000000000b R14: 00007fff8daaf000 R15: 00007fff8daaf0e8
[  938.843670][    C0]  </TASK>
[  938.843677][    C0] Modules linked in:
[  938.843730][    C0] ---[ end trace 0000000000000000 ]---
[  939.052585][ T5153] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  939.055851][    C0] RIP: 0010:__cpu_map_flush+0x42/0xd0
[  939.392176][    C0] Code: e8 13 8c d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 ad f9 3d 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 8f f9 3d 00 4c 8b 23 48 8d 7b c0
[  939.411945][    C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010203
[  939.418340][    C0] RAX: 0000000000000008 RBX: 0000000000000046 RCX: ffff888020780000
[  939.426482][    C0] RDX: 0000000080000102 RSI: 0000000000000000 RDI: ffffc9000384f1a0
[  939.434596][    C0] RBP: dffffc0000000000 R08: ffffffff896d3a3a R09: 1ffffffff1f5f995
[  939.442709][    C0] R10: dffffc0000000000 R11: fffffbfff1f5f996 R12: ffffc9000384f1a0
[  939.450748][    C0] R13: ffffc9000384f160 R14: ffffc9000384f1a0 R15: dffffc0000000000
[  939.458865][    C0] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  939.468119][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  939.474904][    C0] CR2: 00007f329edffed8 CR3: 000000000e134000 CR4: 00000000003526f0
[  939.483037][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  939.491117][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  939.499217][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  939.506693][    C0] Kernel Offset: disabled
[  939.511014][    C0] Rebooting in 86400 seconds..