last executing test programs:

2m9.982774803s ago: executing program 1 (id=723):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = dup3(0xffffffffffffffff, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m9.861827313s ago: executing program 1 (id=725):
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)

2m9.750986002s ago: executing program 1 (id=727):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080003", @ANYBLOB="140004006e6963"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240048d0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00"/13], 0x50)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
sendfile(r3, r3, 0x0, 0x4)
close(0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x17, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2m9.575034276s ago: executing program 1 (id=730):
syz_mount_image$udf(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f00000002c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
read$FUSE(r1, &(0x7f00000042c0)={0x2020, 0x0, 0x0, <r2=>0x0, <r3=>0x0}, 0x17a)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {r2, r3}}, './file0/file0\x00'})

2m9.088683515s ago: executing program 1 (id=734):
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
clock_adjtime(0x0, &(0x7f0000000000)={0x8003ff, 0x0, 0x23e654d4, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffd, 0x9, 0x10, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x8, 0x2, 0x3, 0x0, 0x3})
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x3)

2m8.699751696s ago: executing program 1 (id=738):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080003", @ANYBLOB="140004006e6963"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240048d0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00"/13], 0x50)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
sendfile(r3, r3, 0x0, 0x4)
close(0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x17, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2m8.699587566s ago: executing program 3 (id=739):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280), 0x0)

2m8.343056145s ago: executing program 32 (id=738):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080003", @ANYBLOB="140004006e6963"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x240048d0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00"/13], 0x50)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
sendfile(r3, r3, 0x0, 0x4)
close(0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x17, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2m8.335333416s ago: executing program 3 (id=742):
socket$igmp6(0xa, 0x3, 0x2)
io_uring_setup(0x3411, &(0x7f0000000240)={0x0, 0x763e, 0x842, 0x3, 0x104})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2181)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x200, 0xa)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f00000000c0), 0x0, 0x7f})

2m8.121808242s ago: executing program 3 (id=743):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m7.967418495s ago: executing program 3 (id=744):
syz_mount_image$udf(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f00000002c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
read$FUSE(r1, &(0x7f00000042c0)={0x2020, 0x0, 0x0, <r2=>0x0, <r3=>0x0}, 0x17a)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {r2, r3}}, './file0/file0\x00'})

2m7.29305635s ago: executing program 3 (id=749):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
setitimer(0x2, &(0x7f0000000000)={{0x10001, 0x9}, {0x8, 0x7}}, 0x0)

2m6.757427073s ago: executing program 3 (id=753):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
ftruncate(0xffffffffffffffff, 0xffff)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2m6.497548233s ago: executing program 33 (id=753):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
ftruncate(0xffffffffffffffff, 0xffff)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2m6.398692591s ago: executing program 0 (id=757):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f406", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m6.238683904s ago: executing program 0 (id=758):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
r1 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000640)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000300)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRES16=r1], 0x1000f)

2m6.063727288s ago: executing program 0 (id=759):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = dup3(r0, 0xffffffffffffffff, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a, 0x2})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m5.945273578s ago: executing program 0 (id=760):
syz_mount_image$udf(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x1014494, &(0x7f00000001c0)=ANY=[@ANYBLOB="696f636861727365743d63703933322c706172746974696f6e3d30303030303030303030303030303030303030332c6769643d666f726765742c6769643d666f726765742c6e6f6164696e6963622c756e64656c6574652c7569643d666f726765742c00fb5ebc1bbec00aea8217b7375ace1f91cad4e856ac3ce827902dd91a9a936650ca99205dc1adee73bc464ab6ea2dad7091eea47594f5ef5227a72684b2ed98640aa52eba3e04c81c829036f312ecb1c7483575d32ed9eef652c6b7284dc45cecea6a0ae3a01c5cd7b60af90431eddc00"/225], 0xfe, 0xc24, &(0x7f0000001480)="$eJzs3UFsHNd9B+D/Gy5Fym4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmFoSJNXIRtrQvfTQQ4Ci6CEnAq1RIEUDoymCHtnWBZKLD0VOPREtbARFD2wRIKeAxcy+lZY0ZcmmSFH299nUbznz3ux7b5YzkqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN976cKpZ9ODbgUAcJAuTX311Gn3fwD4RLnsz/8AAAAAAAAAAAAAAHDYpSjisUixeGkzzVTfdw1fbHdu3Jwen9i92tFU1Ryoypdfw8+ePnP2S8+NnevlB9e/356IV6YuX6i/uHB9cam1vNyaq0932rMLc617PsJe6+80Wg1A/fqrN+auXl2un37mzLbdN0feG3r0+Mj5sadOPtkrOz0+MTHVV6Y2+JHf/X3uNMPjSBRxMlI8/b2fpGZEFLH3sbjLZ2e/Ha06MVp1Ynp8ourIfLvZWSl3TvYGooio91Vq9MboAM7FnjQiVsvmlw0eLbs3tdhcal6Zb9Unm0sr7ZX2QmcydVtb9qceRZxLEWsRsTH0/sMNRhG1SPGdY5vpSkQM9Mbhi9XE4Du3o9jHPt6Dsp31wYi14iE4Z4fYUBTxcqT46dtFzJZjlr/iCxEvl/mDiDfLfCEilR+MsxHv7vI54uFUiyL+vDz/5zfTXHU96F1XLn6t/pXO1YW+sr3rykN/fzhIh/zaNBxFNKsr/mb66L/ZAQAAAAAAAAAAAAAAAOB+OxpFPBEpXvr3P6rmFUc1L/3Y+bHfH/nF/jnjj9/lOGXZZyJitbi3OblH8hTiyTSZ0gOeS/xJNhxF/HGe//fGg24MAAAAAAAAAAAAAAAAAADAJ9yPI8Xz75xIa9G/pni7c61+uXllvrsqbG/t396a6VtbW1v11M1GzpmcqznXcq7n3MgZRa6fs5FzJudqzrWc6zk3csZArp+zkXMm52rOtZzrOTdyRi3Xz9nIOZNzNedazvWcGznjkKzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwcVJEET+PFN/+xmaKFBGNiJno5vpQrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CANpSK+Hynqf9C4ta0WEan6v+tE+cvZaBwp89PRGCvzhWhcyNmsstZ44wG0n70ZTEX8KFIMDb9164Tn8z/Y/e7WxyDe/Obt736l1s2B3s6R94YePX7s/NjErz1+p9dptwaMXmx3btysT49PTEz1ba7ld/9037aR/L7F/ek6EbH82uuvNufnW0ufmBdFHIpmPKgXte6LWhyS9hzUi3y9il12FYfhp6BxWAaq9+IBX5g4EOX9/91I8dvv/Efvht+7//9C97tbd/j42Z/cvv8/v/NA+3T/f6xv2/P5dyODtYjhleuLg8cjhpdfe/1k+3rzWutaq3P21Kkvj419+cypwSMRw1fb862+V3seKgAAAAAAAAAAAAAAAICDlYr43UjR/NFmqkfEzWq+1sj5sadOPjkQA9V8q23ztl6Zunyh/uLC9cWl1vJya64+3WnPLsy17vXthqvpXtPjE/vSmbs6us/tPzr84sLia0vta3+4suv+R4YvXFleWWrO7r47jkYR0ejfMlo1eHp8omr0fLvZqapO7jqZ7sMbTEX8Z6SYPVs/0tuW5//tnOG/bf7/6s4D7dP8v0/1bSvfM6UifhYpfusvHo/PV+18JN43Zrnc30SK0XOfy+XiSFmu14bucwW6MwPLsv8bKf7h59vL9uZDPna77LP3Oq4Pi/L8H4sU3/+z78av523bn/+w+/l/ZOeB9un8f6Zv2yPbnlew566Tz//JSPHCY2/Fb+RtH/T8jyK2tra+FXEiF771fI59Ov+f7ds2Et33/c37130AAAAAAAAAAICH1mAq4m8jxZMTtfRc3nYv//5vbueB9unff/1y37a5A1qvaM+DCgAAAACHxGAq4seR4trKW7fmUG+f/903//N3bq+9Pp527K3+nu+XqucG3M+//+s3kt93Zu/dBgAAAAAAAAAAAAAAAAAAgEMlpSKey+upz9xlPfX1SPHSfz+dy6XjZbneOvAj1a/DlxY6Jy/Mzy/MNleaV+Zb9anF5myrrPuZSLH515/LdYtqffXP57rdNd6Ht3prsS9Fiom/65XtrsXeW5u8ux54dy32suynIsV//f32sr11rD97u+zpsuxfRYqv/9PuZY/fLnumLPvdSPHDr9d7ZR8py/aej9p9JulwLeZbz8wuzL/vUagAAAAAAAAAAAAAAAAAAADwYQ2mIv40UvzP9bVYrab9v3FrV85ab8Ob3+xb73+Hm9U6/yPV+v93ev1R1v8fuS+9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh0uKIl6PFIuXNtP6UPl91/DFdufGzenxid2rHU1VzYGqfPk1/OzpM2e/9NzYuV5+cP377Yl4ZeryhfqLC9cXl1rLy625+nSnPbsw17rnI+y1/u2h6xqtBqB+/dUbc1evLtdPP3Nm2+6bI+8NPXp85PzYUyef7JWdHp+YmOorUxv8EO/+oRp325Eo4i8jxdPf+0n656GIIvY+Fnf57Oy3o1UnRqtOTI9PVB2Zbzc7K+XOyd5AFBH1vkqN3hgdwLnYk0bEatn8ssGjZfemFptLzSvzrfpkc2mlvdJe6EymbmvL/tSjiHMpYi0iNob6D3QkZxGvRorvHNtM/zIUMdAbhy9emvrqqdN3bkexr728i29V7awPRqwVD8E5O8SGooh/jBQ/fftE/OtQRC26X/GFiJfL/EHEm2W+EJHKD8bZiHeHHnSruV9qUcT/lef//GZ6eyii+pGprisXv1b/SufqQl/Z3nVl5/1hKyIeqvvDQTrk16bhKOKH1RV/M/2bn2sAAAAAAAAAAAAAAACAQ6SIX40Uz79zIlXzg2/NKW53rtUvN6/Md6f19eb+9eZMb21tbdVTNxs5Z3Ku5lzLuZ5zI2cUuX7ORs6ZnKs513Ku59zIGQO5fs5GzpmcqznXcq7n3MgZtVw/ZyPnTM7VnGs513Nu5IxDMncPAAAAAAAAAAAAAAAAAAD4eCmq/1J8+xubaWuou770THRz3XqgH3v/HwAA//9wn/vk")
r0 = syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f00000002c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
read$FUSE(r1, &(0x7f00000042c0)={0x2020, 0x0, 0x0, <r2=>0x0, <r3=>0x0}, 0x17a)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {r2, r3}}, './file0/file0\x00'})

2m5.587614557s ago: executing program 0 (id=761):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
setitimer(0x2, &(0x7f0000000000)={{0x10001, 0x9}, {0x8, 0x7}}, 0x0)

2m5.080092808s ago: executing program 0 (id=762):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0x7005, 0x0)

2m4.596167617s ago: executing program 34 (id=762):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0x7005, 0x0)

38.301678955s ago: executing program 2 (id=1377):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
r4 = memfd_create(0x0, 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r6 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000000)={r4, 0x0, 0x0, 0x8000})
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000001, 0x12, r6, 0x21764000)
recvfrom(r2, 0x0, 0x0, 0x4100, 0x0, 0x0)

36.591964683s ago: executing program 2 (id=1382):
socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
chdir(&(0x7f0000000300)='./file0\x00')
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}]}], {0x14}}, 0xa0}}, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, 0x0, 0x0)
close_range(r1, r5, 0x0)

34.824666566s ago: executing program 2 (id=1384):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x2004000, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], 0xfe, 0x1227, &(0x7f00000024c0)="$eJzs3M9rHGUYB/DHTdrUxPxQa7WC9MVe9DIkOXhRkCApSBeUthFaQZiajS4Zd0NmCayI0ZNXL/4BXsWjN0G86SUe/Bu85eLRgzrSnbY2djVotRPD53PZh33nC8+7s7zwLvvO/gsfv7O5UWYb+SBaD7wYra2IyV9SpGjFLR/Es89/8+1Tl69eu7jSbq9eSunCypWl51JKc+e+ev29z5/+ejDz2hdzX07F3sIb+z8u/7B3Zu/s/q9X3u6WqVumXn+Q8nS93x/k14tOWu+Wm1lKrxadvOykbq/sbB8Y3yj6W1vDlPfWZ6e3tjtlmfLeMG12hmnQT4PtYcrfyru9lGVZmp0O7sXaZz9VVRVRVSfiZFRVVT0Y09GKh2I25mI+FuLheCQejdPxWJyJx+OJODu6qum+AQAAAAAAAAAAAAAAAAAA4HgZd/5/5q7z/59EjDv/f67h5gEAAAAAAAAAAAAAAAAAAOCYuHz12sWVdnv1UkqnIoqPdtZ21urXenxlI7pRRCcWYz5+jtHp/1pdn4z26mIaWYgPi92b+d2dtYmD+aXR4wTuyl94ub26VOfTwfxUTN+ZX475OD0+v/yH/PlR/lQ8c/6OfBbz8f2b0Y8i1uNG9vf8+0spvfRK+3b+u7167usN3hcAAAD4N2XptrH79yz7s/E6f9jvAzf214tj9/eT8eRks3Mnohy+u5kXRWe78eJWR/U7uxFxRBr7x0UrIo5AG39RnDj0mpkGGvt0JuIe4hMHvkhH4nP+PxaHrRwT/+m6xP1x86ZPNd0HAAAAAAAAAAAAf8/9+Dth03MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd24FgAAAAAQJi/dRodGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAQAA//+siMjP")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @auto="22b4858e6f021900"}})

34.113702063s ago: executing program 2 (id=1391):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@stripe={'stripe', 0x3d, 0x3}}, {@nouid32}, {@jqfmt_vfsold}, {@init_itable}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x80011, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
unlinkat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file2\x00', 0x0)

33.28181646s ago: executing program 2 (id=1399):
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xae37, 0x3000})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r5, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0)
sendfile(r4, r3, 0x0, 0x100000002)

31.1658437s ago: executing program 2 (id=1408):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1018ed8, &(0x7f00000002c0)={[{@sysvgroups}, {@noload}, {@data_err_ignore}, {}, {@grpid}, {@norecovery}, {@commit={'commit', 0x3d, 0x8000}}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

30.851014695s ago: executing program 35 (id=1408):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1018ed8, &(0x7f00000002c0)={[{@sysvgroups}, {@noload}, {@data_err_ignore}, {}, {@grpid}, {@norecovery}, {@commit={'commit', 0x3d, 0x8000}}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

29.453699028s ago: executing program 4 (id=1417):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000008c0)=0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x1082302, 0x0)
ioctl$TIOCGWINSZ(r3, 0x5413, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)

28.529654792s ago: executing program 4 (id=1422):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x1f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_int(r0, &(0x7f0000000240)=0x2, 0x12)

26.645712464s ago: executing program 4 (id=1428):
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

26.397666114s ago: executing program 4 (id=1431):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@stripe={'stripe', 0x3d, 0x3}}, {@nouid32}, {@jqfmt_vfsold}, {@init_itable}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x80011, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})

25.684241971s ago: executing program 4 (id=1435):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x1f})
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_int(r0, &(0x7f0000000240)=0x2, 0x12)

25.308546332s ago: executing program 6 (id=1438):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000008c0)=0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x1082302, 0x0)
ioctl$TIOCGWINSZ(r3, 0x5413, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)

24.291495094s ago: executing program 6 (id=1442):
unlinkat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file2\x00', 0x0)

23.971386309s ago: executing program 6 (id=1443):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)

23.537562874s ago: executing program 6 (id=1445):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@stripe={'stripe', 0x3d, 0x3}}, {@nouid32}, {@jqfmt_vfsold}, {@init_itable}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x80011, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})

22.987804119s ago: executing program 6 (id=1448):
socket$inet6(0xa, 0x80002, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0xc0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}]}], {0x14}}, 0xa0}}, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, 0x0, 0x0)
close_range(r1, r5, 0x0)

22.876274728s ago: executing program 4 (id=1449):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKU2aRJfKnioR9FiQe91SaahdNMt2U1pYsH2YC9epAgiFsS73j0W/wH/ioIWipSgBy+R2czmpdlNtukmu+1+PjDheWZm93memfk+eZ6dWTaAvjWS/SlEvBwR3yQRRyIiybcVI984srLf0uObU9mSxPLyp38l9f2yfOO9Gq87lGdeiojfvoo4VdhcbnVh8UqpXE7n8vxYbfbaWHVh8fTl2dJMOpNenZicPPv25MR7777Tsba+ceGf7z+5/+HZr08sfffLw6N3kzgXh/Nt69vxDG6tz4zESH5MBuPcEzuOd6CwXpJ0uwLsyEAe54OR9QFHYiCPeuDF92VELAN9KhH/0Kca44DG3L5D8+DnxqMPViZAm9tfXPlsJPbX50YHl5INM6NsvjvcgfKzMn79897dbInOfQ4BsK1btyPiTLG4uf9L8v5v5860sc+TZej/YO/cz8Y/bzYb/xRWxz/RZPxzqEns7sT28V942IFiWsrGf+/n5e7fUP7qTavhgTz3v/qYbzC5dLmcZn3b/yPiZAzuy/Jb3c85u/RgudW29eO/bMnKb4wF83o8LO7b+JrpUq30LG1e79HtiFeajn+T1fOfNDn/2fG40GYZx9N7r7Xatn37d9fyTxGvN53/rN3RSra+PzlWvx7GGlfFZn/fOf77xjVrR7Lb7c/O/8Gt2z+crL9fW336Mn7c/2/aatuG9kf71/9Q8lk9PZSvu1Gq1ebGI4aSjzevn1h7bSPf2D9r/8kTW/d/za7/AxHxeZvtv3Ps51fban+Xzv/0U53/p088+OiLH1qV317/91Y9dTJf007/124Fn+XYAQAAAAAAQK8pRMThSAqjq+lCYXR05fmOY3GwUK5Ua6cuVeavTkf9u7LDMVho3Ok+su55iPH8edhGfuKJ/GREHI2IbwcO1POjU5XydLcbDwAAAAAAAAAAAAAAAAAAAD3iUIvv/2f+GOh27YBd18ZPfg/tRT2Avbdt/Hfil56AntTG/3/gBSX+oX+Jf+hf4h/6l/iH/iX+oX+Jf+hf4h8AAAAAAAAAAAAAAAAAAAAAAAAAAAA66sL589myvPT45lSWn76+MH+lcv30dFot5LvMXRudqVRmyunoVGV2u/crVyrXxidi/sZYLa3WxqoLixdnK/NXaxcvz5Zm0ovp4K63CAAAAAAAAAAAAAAAAAAAAJ4/1YXFK6VyOZ2TkNhRotgb1ehSotgb1diFRLd7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY818AAAD//0h7Mcc=")
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, 0x0, 0x0, 0xfecc)

22.3510732s ago: executing program 36 (id=1449):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKU2aRJfKnioR9FiQe91SaahdNMt2U1pYsH2YC9epAgiFsS73j0W/wH/ioIWipSgBy+R2czmpdlNtukmu+1+PjDheWZm93memfk+eZ6dWTaAvjWS/SlEvBwR3yQRRyIiybcVI984srLf0uObU9mSxPLyp38l9f2yfOO9Gq87lGdeiojfvoo4VdhcbnVh8UqpXE7n8vxYbfbaWHVh8fTl2dJMOpNenZicPPv25MR7777Tsba+ceGf7z+5/+HZr08sfffLw6N3kzgXh/Nt69vxDG6tz4zESH5MBuPcEzuOd6CwXpJ0uwLsyEAe54OR9QFHYiCPeuDF92VELAN9KhH/0Kca44DG3L5D8+DnxqMPViZAm9tfXPlsJPbX50YHl5INM6NsvjvcgfKzMn79897dbInOfQ4BsK1btyPiTLG4uf9L8v5v5860sc+TZej/YO/cz8Y/bzYb/xRWxz/RZPxzqEns7sT28V942IFiWsrGf+/n5e7fUP7qTavhgTz3v/qYbzC5dLmcZn3b/yPiZAzuy/Jb3c85u/RgudW29eO/bMnKb4wF83o8LO7b+JrpUq30LG1e79HtiFeajn+T1fOfNDn/2fG40GYZx9N7r7Xatn37d9fyTxGvN53/rN3RSra+PzlWvx7GGlfFZn/fOf77xjVrR7Lb7c/O/8Gt2z+crL9fW336Mn7c/2/aatuG9kf71/9Q8lk9PZSvu1Gq1ebGI4aSjzevn1h7bSPf2D9r/8kTW/d/za7/AxHxeZvtv3Ps51fban+Xzv/0U53/p088+OiLH1qV317/91Y9dTJf007/124Fn+XYAQAAAAAAQK8pRMThSAqjq+lCYXR05fmOY3GwUK5Ua6cuVeavTkf9u7LDMVho3Ok+su55iPH8edhGfuKJ/GREHI2IbwcO1POjU5XydLcbDwAAAAAAAAAAAAAAAAAAAD3iUIvv/2f+GOh27YBd18ZPfg/tRT2Avbdt/Hfil56AntTG/3/gBSX+oX+Jf+hf4h/6l/iH/iX+oX+Jf+hf4h8AAAAAAAAAAAAAAAAAAAAAAAAAAAA66sL589myvPT45lSWn76+MH+lcv30dFot5LvMXRudqVRmyunoVGV2u/crVyrXxidi/sZYLa3WxqoLixdnK/NXaxcvz5Zm0ovp4K63CAAAAAAAAAAAAAAAAAAAAJ4/1YXFK6VyOZ2TkNhRotgb1ehSotgb1diFRLd7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY818AAAD//0h7Mcc=")
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, 0x0, 0x0, 0xfecc)

20.477829001s ago: executing program 6 (id=1460):
unlinkat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file2\x00', 0x0)

20.23970279s ago: executing program 37 (id=1460):
unlinkat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file2\x00', 0x0)

3.697698072s ago: executing program 5 (id=1522):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

3.325847472s ago: executing program 7 (id=1525):
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

3.177778114s ago: executing program 7 (id=1526):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)

2.948111562s ago: executing program 5 (id=1527):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8014}, 0x404c000)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000000180)=0xfffffe9f)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4040000)

2.935884373s ago: executing program 7 (id=1534):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@stripe={'stripe', 0x3d, 0x3}}, {@nouid32}, {@jqfmt_vfsold}, {@init_itable}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x80011, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000040))

2.874515269s ago: executing program 8 (id=1528):
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xae37, 0x3000})
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff"], 0x4}}, 0x0)
sendfile(r3, r2, 0x0, 0x100000002)

2.688755693s ago: executing program 5 (id=1529):
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xb}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x1, 0x4, 0xfffffffffffffff6, 0x7ff, 0x100000009, 0xf, 0x0, 0x8, 0x3, 0xe4b, 0x8000000000000002, 0x2, 0xfffffffffffffffe, 0x2200000000000103, 0x200000003, 0x1], 0xeeee0000, 0x141620})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.580930352s ago: executing program 9 (id=1461):
socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0xc0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
chdir(&(0x7f0000000300)='./file0\x00')
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}]}], {0x14}}, 0xa0}}, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, 0x0, 0x0)
close_range(r1, r5, 0x0)

2.458240062s ago: executing program 8 (id=1530):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="00ff00", 'gre0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

2.433864614s ago: executing program 7 (id=1531):
socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet(0x2, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
close_range(r0, 0xffffffffffffffff, 0x0)

2.22912516s ago: executing program 8 (id=1532):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})

2.10570878s ago: executing program 5 (id=1533):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000001400), 0x208e24b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
preadv(r0, &(0x7f00000015c0)=[{0x0}], 0x1, 0x0, 0x0)

1.993593389s ago: executing program 8 (id=1535):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0xc0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
chdir(&(0x7f0000000300)='./file0\x00')
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}]}], {0x14}}, 0xa0}}, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, 0x0, 0x0)
close_range(r1, r5, 0x0)

1.604541221s ago: executing program 8 (id=1536):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000008c0)=0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x1082302, 0x0)
ioctl$TIOCGWINSZ(r3, 0x5413, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)
recvmsg(r6, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x20)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1018ed8, &(0x7f00000002c0)={[{@sysvgroups}, {@noload}, {@data_err_ignore}, {}, {@grpid}, {@norecovery}, {@commit={'commit', 0x3d, 0x8000}}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

872.98049ms ago: executing program 5 (id=1537):
mknod(&(0x7f00000000c0)='./file0\x00', 0x8001420, 0x0)
mount$afs(0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0)

608.212271ms ago: executing program 8 (id=1538):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x0, 0x0})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

299.838306ms ago: executing program 9 (id=1539):
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x4000000805, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x9, 0x2)
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x4, 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"})

298.962405ms ago: executing program 7 (id=1540):
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xae37, 0x3000})
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff"], 0x4}}, 0x0)
sendfile(r3, r2, 0x0, 0x100000002)

298.319666ms ago: executing program 5 (id=1541):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000008c0)=0x2, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x1082302, 0x0)
ioctl$TIOCGWINSZ(r3, 0x5413, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)
recvmsg(r6, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x20)

0s ago: executing program 7 (id=1542):
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0xb}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x1, 0x4, 0xfffffffffffffff6, 0x7ff, 0x100000009, 0xf, 0x0, 0x8, 0x3, 0xe4b, 0x8000000000000002, 0x2, 0xfffffffffffffffe, 0x2200000000000103, 0x200000003, 0x1], 0xeeee0000, 0x141620})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

g error -71 req 04 val 1200
[  156.513381][   T23] usb 3-1: USB disconnect, device number 3
[  156.549826][  T787] pwc: Registered as video103.
[  156.567993][  T787] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input19
[  156.611851][  T787] usb 1-1: USB disconnect, device number 2
[  156.941484][ T7440] loop2: detected capacity change from 0 to 4096
[  156.960879][ T7440] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512).
[  157.381519][ T7446] netlink: 'syz.2.629': attribute type 72 has an invalid length.
[  158.143730][ T7471] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.639'.
[  159.105970][ T7494] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.649'.
[  159.114083][ T7495] binder: BINDER_SET_CONTEXT_MGR already set
[  159.127456][ T7495] binder: 7492:7495 ioctl 4018620d 2000000002c0 returned -16
[  159.264711][  T787] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  159.369255][ T7499] loop2: detected capacity change from 0 to 4096
[  159.373366][ T7501] overlayfs: missing 'lowerdir'
[  159.405002][ T7499] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512).
[  159.473722][  T787] usb 4-1: Using ep0 maxpacket: 32
[  159.486138][  T787] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  159.512206][  T787] usb 4-1: config 0 has no interface number 0
[  159.546870][  T787] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  159.556841][  T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.565762][  T787] usb 4-1: Product: syz
[  159.570071][  T787] usb 4-1: Manufacturer: syz
[  159.575212][  T787] usb 4-1: SerialNumber: syz
[  159.584226][  T787] usb 4-1: config 0 descriptor??
[  159.598553][  T787] smsc95xx v2.0.0
[  159.606107][  T787] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  159.647551][  T787] smsc95xx: probe of 4-1:0.67 failed with error -22
[  160.160339][ T7519] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.661'.
[  160.597464][ T5884] usb 4-1: USB disconnect, device number 4
[  160.841555][ T7530] loop1: detected capacity change from 0 to 4096
[  160.853439][ T7530] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  161.232781][ T5884] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  161.322924][ T7545] overlayfs: missing 'lowerdir'
[  161.433045][ T5884] usb 4-1: Using ep0 maxpacket: 32
[  161.447442][ T5884] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  161.461056][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.491356][ T5884] usb 4-1: config 0 descriptor??
[  161.714651][ T5884] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  161.734618][ T5884] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  161.762684][ T5884] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  162.044019][ T7559] loop2: detected capacity change from 0 to 4096
[  162.052949][ T7559] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512).
[  162.132490][ T5843] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  162.317065][ T7563] loop0: detected capacity change from 0 to 4096
[  162.326650][ T7563] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  162.335179][ T5843] usb 2-1: Using ep0 maxpacket: 32
[  162.356955][ T5843] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  162.376781][ T5843] usb 2-1: config 0 has no interface number 0
[  162.394011][ T5843] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  162.413977][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.432167][ T5843] usb 2-1: Product: syz
[  162.442163][ T5843] usb 2-1: Manufacturer: syz
[  162.447262][ T5843] usb 2-1: SerialNumber: syz
[  162.464403][ T5843] usb 2-1: config 0 descriptor??
[  162.475596][ T5843] smsc95xx v2.0.0
[  162.479315][ T5843] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  162.492761][ T5879] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  162.531021][ T5843] smsc95xx: probe of 2-1:0.67 failed with error -22
[  162.704873][ T5879] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.742137][ T5879] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  162.751739][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.816431][ T5879] usb 3-1: config 0 descriptor??
[  162.839332][ T5879] pwc: Askey VC010 type 2 USB webcam detected.
[  163.250952][ T5879] pwc: recv_control_msg error -32 req 02 val 2b00
[  163.269564][ T5879] pwc: recv_control_msg error -32 req 02 val 2700
[  163.289871][ T5879] pwc: recv_control_msg error -32 req 02 val 2c00
[  163.302838][ T5879] pwc: recv_control_msg error -32 req 04 val 1000
[  163.310742][ T5879] pwc: recv_control_msg error -32 req 04 val 1300
[  163.324320][ T5879] pwc: recv_control_msg error -32 req 04 val 1400
[  163.335678][ T5879] pwc: recv_control_msg error -32 req 02 val 2000
[  163.346038][ T5879] pwc: recv_control_msg error -32 req 02 val 2100
[  163.356415][ T5879] pwc: recv_control_msg error -32 req 04 val 1500
[  163.367528][ T5879] pwc: recv_control_msg error -32 req 02 val 2500
[  163.387541][ T5879] pwc: recv_control_msg error -32 req 02 val 2400
[  163.400490][ T5879] pwc: recv_control_msg error -32 req 02 val 2600
[  163.418891][ T5879] pwc: recv_control_msg error -32 req 02 val 2900
[  163.433002][ T5879] pwc: recv_control_msg error -32 req 02 val 2800
[  163.538153][    T8] usb 2-1: USB disconnect, device number 2
[  163.655185][ T5879] pwc: recv_control_msg error -71 req 04 val 1200
[  163.677802][ T5879] pwc: Registered as video103.
[  163.703525][ T5879] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input20
[  163.779191][ T5879] usb 3-1: USB disconnect, device number 4
[  164.386898][ T7596] loop1: detected capacity change from 0 to 40427
[  164.410486][ T7596] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff
[  164.419512][ T7596] F2FS-fs (loop1): Image doesn't support compression
[  164.426361][ T7596] F2FS-fs (loop1): Image doesn't support compression
[  164.466551][ T7596] F2FS-fs (loop1): invalid crc value
[  164.504705][ T7596] F2FS-fs (loop1): Found nat_bits in checkpoint
[  164.558593][ T7596] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  164.602403][ T7605] f2fs_ckpt-7:1: attempt to access beyond end of device
[  164.602403][ T7605] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  164.669768][ T7605] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  164.692466][ T7613] binder: BINDER_SET_CONTEXT_MGR already set
[  164.699232][ T7613] binder: 7611:7613 ioctl 4018620d 2000000002c0 returned -16
[  165.371239][ T7633] binder: BINDER_SET_CONTEXT_MGR already set
[  165.377506][ T7633] binder: 7632:7633 ioctl 4018620d 2000000002c0 returned -16
[  165.931124][ T7652] loop1: detected capacity change from 0 to 4096
[  165.942347][ T7652] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  166.207812][ T7656] binder: BINDER_SET_CONTEXT_MGR already set
[  166.215359][ T7656] binder: 7655:7656 ioctl 4018620d 2000000002c0 returned -16
[  166.251852][ T7658] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  166.264441][ T7658] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  166.678140][ T7671] loop1: detected capacity change from 0 to 2048
[  166.703441][ T7671] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  166.738397][ T7671] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  166.744053][ T7674] loop0: detected capacity change from 0 to 4096
[  166.765935][ T7674] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  166.776747][ T7671] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  167.035540][ T5790] UDF-fs: error (device loop1): udf_read_inode: (ino 1345) failed !bh
[  167.063556][ T5790] UDF-fs: error (device loop1): udf_read_inode: (ino 1345) failed !bh
[  167.235169][ T7680] overlayfs: missing 'lowerdir'
[  167.526766][   T54] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.672486][   T54] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.806018][   T54] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.906884][   T54] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.945113][ T7690] loop2: detected capacity change from 0 to 4096
[  167.961015][ T7690] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512).
[  168.308583][ T7698] loop3: detected capacity change from 0 to 2048
[  168.372760][ T7698] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  168.429370][ T7698] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  168.487283][ T7702] overlayfs: missing 'lowerdir'
[  168.501004][ T7698] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  168.824278][ T5789] UDF-fs: error (device loop3): udf_read_inode: (ino 1345) failed !bh
[  168.845205][ T5789] UDF-fs: error (device loop3): udf_read_inode: (ino 1345) failed !bh
[  168.864401][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  168.874973][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  168.883960][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  168.897405][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  168.909936][ T5802] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  168.917937][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  169.017720][ T7717] binder: 7716:7717 ioctl c0306201 200000000080 returned -14
[  170.240600][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  170.254433][ T7746] loop0: detected capacity change from 0 to 2048
[  170.255607][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  170.280958][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  170.294512][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  170.302717][ T7746] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  170.302745][ T5802] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  170.328973][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  170.340470][ T7746] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  170.394971][ T7746] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  170.508995][ T7711] chnl_net:caif_netlink_parms(): no params data found
[  170.535280][ T5787] UDF-fs: error (device loop0): udf_read_inode: (ino 1345) failed !bh
[  170.564385][ T5787] UDF-fs: error (device loop0): udf_read_inode: (ino 1345) failed !bh
[  170.906439][   T54] hsr_slave_0: left promiscuous mode
[  170.914472][   T54] hsr_slave_1: left promiscuous mode
[  170.927039][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  170.936123][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[  170.953928][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  170.965340][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[  170.976541][   T50] Bluetooth: hci2: command tx timeout
[  170.993822][   T54] bridge_slave_1: left allmulticast mode
[  171.002134][   T54] bridge_slave_1: left promiscuous mode
[  171.013729][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.041800][   T54] bridge_slave_0: left allmulticast mode
[  171.049662][   T54] bridge_slave_0: left promiscuous mode
[  171.055534][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.065334][    C1] vcan0: j1939_tp_rxtimer: 0xffff88801b779000: rx timeout, send abort
[  171.076926][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88801b779000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  171.125265][   T54] veth1_macvtap: left promiscuous mode
[  171.131662][   T54] veth0_macvtap: left promiscuous mode
[  171.140683][   T54] veth1_vlan: left promiscuous mode
[  171.146763][   T54] veth0_vlan: left promiscuous mode
[  172.079639][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  172.097798][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  172.107034][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  172.117535][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  172.127995][ T5802] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  172.135493][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  172.261749][   T54] team0 (unregistering): Port device team_slave_1 removed
[  172.320599][   T54] team0 (unregistering): Port device team_slave_0 removed
[  172.403896][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.417490][   T50] Bluetooth: hci3: command tx timeout
[  172.506363][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.061796][   T50] Bluetooth: hci2: command tx timeout
[  173.253123][   T54] bond0 (unregistering): Released all slaves
[  173.374312][ T7711] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.381985][ T7711] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.400564][ T7711] bridge_slave_0: entered allmulticast mode
[  173.416799][ T7711] bridge_slave_0: entered promiscuous mode
[  173.493687][ T7711] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.510505][ T7711] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.544026][ T7711] bridge_slave_1: entered allmulticast mode
[  173.551635][ T7711] bridge_slave_1: entered promiscuous mode
[  173.614482][ T7711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.638186][ T7711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  173.837878][ T7711] team0: Port device team_slave_0 added
[  173.928287][ T7711] team0: Port device team_slave_1 added
[  174.069524][ T7801] overlayfs: missing 'lowerdir'
[  174.152516][ T7711] batman_adv: batadv0: Adding interface: batadv_slave_0
[  174.176321][ T7711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  174.243128][ T7711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  174.267456][ T5802] Bluetooth: hci1: command tx timeout
[  174.284442][ T7711] batman_adv: batadv0: Adding interface: batadv_slave_1
[  174.292700][ T7711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  174.325465][ T7711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  174.377761][ T7747] chnl_net:caif_netlink_parms(): no params data found
[  174.468607][ T7711] hsr_slave_0: entered promiscuous mode
[  174.477433][ T7711] hsr_slave_1: entered promiscuous mode
[  174.486281][ T5802] Bluetooth: hci3: command tx timeout
[  174.498859][ T7711] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  174.510257][ T7711] Cannot create hsr debugfs directory
[  174.788995][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.796419][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.803786][ T7747] bridge_slave_0: entered allmulticast mode
[  174.827608][ T7747] bridge_slave_0: entered promiscuous mode
[  174.940758][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.948657][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.966182][ T7747] bridge_slave_1: entered allmulticast mode
[  174.973790][ T7747] bridge_slave_1: entered promiscuous mode
[  175.125966][ T5802] Bluetooth: hci2: command tx timeout
[  175.138251][ T7747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  175.195619][   T54] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.236115][ T7747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  175.352424][   T54] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.400330][ T7774] chnl_net:caif_netlink_parms(): no params data found
[  175.425269][ T7747] team0: Port device team_slave_0 added
[  175.436551][ T7747] team0: Port device team_slave_1 added
[  175.484882][   T54] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.583177][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.595518][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.632090][ T7747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.682789][   T54] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.750906][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.762669][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.790079][ T7747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.960250][ T7774] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.973245][ T7774] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.984780][ T7774] bridge_slave_0: entered allmulticast mode
[  175.996499][ T7774] bridge_slave_0: entered promiscuous mode
[  176.064670][ T7774] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.078094][ T7774] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.093511][ T7774] bridge_slave_1: entered allmulticast mode
[  176.101998][ T7774] bridge_slave_1: entered promiscuous mode
[  176.140717][ T7747] hsr_slave_0: entered promiscuous mode
[  176.154560][ T7747] hsr_slave_1: entered promiscuous mode
[  176.162197][ T7747] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.172254][ T7747] Cannot create hsr debugfs directory
[  176.282705][ T7774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.304340][ T7774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.317350][ T7711] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  176.325534][ T5802] Bluetooth: hci1: command tx timeout
[  176.334116][ T7711] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  176.384098][   T54] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.441358][ T7711] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  176.495451][ T7711] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  176.523349][   T54] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.555574][ T7774] team0: Port device team_slave_0 added
[  176.565305][ T5802] Bluetooth: hci3: command tx timeout
[  176.583582][ T7774] team0: Port device team_slave_1 added
[  176.608088][   T54] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.667461][ T7774] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.674672][ T7774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.701390][ T7774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.738343][   T54] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.777204][ T7774] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.784207][ T7774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.810314][    C1] vkms_vblank_simulate: vblank timer overrun
[  176.822752][ T7774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.937899][ T7774] hsr_slave_0: entered promiscuous mode
[  176.951195][ T7774] hsr_slave_1: entered promiscuous mode
[  176.959137][ T7774] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.967763][ T7774] Cannot create hsr debugfs directory
[  177.205441][ T5802] Bluetooth: hci2: command tx timeout
[  177.402781][ T7747] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  177.429508][ T7747] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  177.524392][ T7711] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.539824][ T7747] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  177.558695][ T7747] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  177.841973][ T7711] 8021q: adding VLAN 0 to HW filter on device team0
[  177.983831][  T130] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.991181][  T130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.078038][ T7774] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  178.095932][  T130] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.103186][  T130] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.152450][ T7774] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  178.169453][ T7774] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  178.181159][ T7774] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  178.362715][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.404301][ T5802] Bluetooth: hci1: command tx timeout
[  178.481399][ T7747] 8021q: adding VLAN 0 to HW filter on device team0
[  178.528514][  T130] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.535758][  T130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.644894][ T5802] Bluetooth: hci3: command tx timeout
[  178.687086][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.694378][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.937719][ T7747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  179.060241][   T54] hsr_slave_0: left promiscuous mode
[  179.074872][   T54] hsr_slave_1: left promiscuous mode
[  179.092125][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.113981][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.137309][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.155543][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.170045][   T54] bridge_slave_1: left allmulticast mode
[  179.177943][   T54] bridge_slave_1: left promiscuous mode
[  179.184641][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.196175][   T54] bridge_slave_0: left allmulticast mode
[  179.201896][   T54] bridge_slave_0: left promiscuous mode
[  179.208920][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.241520][   T54] hsr_slave_0: left promiscuous mode
[  179.250966][   T54] hsr_slave_1: left promiscuous mode
[  179.259151][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.267237][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.277756][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.291372][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.300105][   T54] bridge_slave_1: left allmulticast mode
[  179.307078][   T54] bridge_slave_1: left promiscuous mode
[  179.312845][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.326811][   T54] bridge_slave_0: left allmulticast mode
[  179.332681][   T54] bridge_slave_0: left promiscuous mode
[  179.345768][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.406561][   T54] veth1_macvtap: left promiscuous mode
[  179.412181][   T54] veth0_macvtap: left promiscuous mode
[  179.418249][   T54] veth1_vlan: left promiscuous mode
[  179.423986][   T54] veth0_vlan: left promiscuous mode
[  179.432120][   T54] veth1_macvtap: left promiscuous mode
[  179.437892][   T54] veth0_macvtap: left promiscuous mode
[  179.444333][   T54] veth1_vlan: left promiscuous mode
[  179.449716][   T54] veth0_vlan: left promiscuous mode
[  180.131260][   T54] team0 (unregistering): Port device team_slave_1 removed
[  180.178147][   T54] team0 (unregistering): Port device team_slave_0 removed
[  180.226937][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  180.274676][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  180.483282][ T5802] Bluetooth: hci1: command tx timeout
[  180.747390][   T54] bond0 (unregistering): Released all slaves
[  181.236918][   T54] team0 (unregistering): Port device team_slave_1 removed
[  181.284287][   T54] team0 (unregistering): Port device team_slave_0 removed
[  181.331366][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  181.379913][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.862461][   T54] bond0 (unregistering): Released all slaves
[  181.951451][ T7774] 8021q: adding VLAN 0 to HW filter on device bond0
[  181.976348][ T7774] 8021q: adding VLAN 0 to HW filter on device team0
[  182.019134][ T7711] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.058844][ T2927] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.066134][ T2927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.094474][ T2927] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.103083][ T2927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.309554][ T7774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  182.323951][ T7774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  182.393573][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.945006][ T7711] veth0_vlan: entered promiscuous mode
[  183.023317][ T7711] veth1_vlan: entered promiscuous mode
[  183.084498][ T7774] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.247091][ T7711] veth0_macvtap: entered promiscuous mode
[  183.297983][ T7711] veth1_macvtap: entered promiscuous mode
[  183.329307][ T7747] veth0_vlan: entered promiscuous mode
[  183.379947][ T7747] veth1_vlan: entered promiscuous mode
[  183.397203][ T7711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.408622][ T7711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.425863][ T7711] batman_adv: batadv0: Interface activated: batadv_slave_0
[  183.437911][ T7711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  183.461612][ T7711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.478440][ T7711] batman_adv: batadv0: Interface activated: batadv_slave_1
[  183.529583][ T7711] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  183.540670][ T7711] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  183.553446][ T7711] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  183.562560][ T7711] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  183.584736][ T7747] veth0_macvtap: entered promiscuous mode
[  183.646985][ T7747] veth1_macvtap: entered promiscuous mode
[  183.717766][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.730911][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.743374][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  183.754830][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.769920][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_0
[  183.805175][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  183.816884][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.828794][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  183.840438][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  183.863813][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_1
[  183.889598][ T7747] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  183.900532][ T7747] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  183.916956][ T7747] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  183.926403][ T7747] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  183.965594][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  183.992979][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.072045][ T2880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.093409][ T2880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.137220][ T7774] veth0_vlan: entered promiscuous mode
[  184.182387][ T2880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.190303][ T2880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.198158][ T7774] veth1_vlan: entered promiscuous mode
[  184.365234][ T7774] veth0_macvtap: entered promiscuous mode
[  184.389209][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.408493][ T7774] veth1_macvtap: entered promiscuous mode
[  184.417176][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.474131][ T7774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.496696][ T7774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.506886][ T7774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.521354][ T7774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.535053][ T7774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.547161][ T7774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.573384][ T7774] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.597945][ T7774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.635110][ T7774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.671166][ T7774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.683807][ T7774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.694103][ T7774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.704940][ T7774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.718350][ T7774] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.744613][ T7774] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.790972][ T7774] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.799852][ T7774] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.846609][ T7774] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.861722][ T7954] overlayfs: missing 'lowerdir'
[  185.099899][ T2880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.146384][ T2880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.257371][ T2880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.287305][ T2880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.449254][ T7970] overlayfs: missing 'workdir'
[  185.876752][ T7983] overlayfs: missing 'workdir'
[  186.200967][  T787] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  186.241320][ T7999] overlayfs: missing 'workdir'
[  186.420305][  T787] usb 3-1: Using ep0 maxpacket: 32
[  186.438886][  T787] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  186.450103][  T787] usb 3-1: config 0 has no interface number 0
[  186.463350][  T787] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  186.473194][  T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.481858][  T787] usb 3-1: Product: syz
[  186.486179][  T787] usb 3-1: Manufacturer: syz
[  186.491416][  T787] usb 3-1: SerialNumber: syz
[  186.601378][  T787] usb 3-1: config 0 descriptor??
[  186.635224][  T787] smsc95xx v2.0.0
[  186.638944][  T787] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  186.741509][  T787] smsc95xx: probe of 3-1:0.67 failed with error -22
[  186.808095][ T8008] loop4: detected capacity change from 0 to 32768
[  187.022515][ T7931] usb 3-1: USB disconnect, device number 5
[  187.256970][ T8014] loop6: detected capacity change from 0 to 4096
[  187.461399][ T8024] overlayfs: missing 'workdir'
[  187.482134][ T8025] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  187.867244][ T8033] overlayfs: missing 'workdir'
[  188.844250][ T8064] overlayfs: missing 'workdir'
[  189.099226][    T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  189.299762][    T8] usb 3-1: Using ep0 maxpacket: 32
[  189.360158][    T8] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  189.368336][    T8] usb 3-1: config 0 has no interface number 0
[  189.430359][    T8] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  189.444824][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.468085][    T8] usb 3-1: Product: syz
[  189.488668][    T8] usb 3-1: Manufacturer: syz
[  189.499117][    T8] usb 3-1: SerialNumber: syz
[  189.530939][    T8] usb 3-1: config 0 descriptor??
[  189.539354][    T8] smsc95xx v2.0.0
[  189.543157][    T8] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  189.588909][    T8] smsc95xx: probe of 3-1:0.67 failed with error -22
[  189.982529][   T27] usb 3-1: USB disconnect, device number 6
[  192.067458][   T23] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  192.213838][ T8140] loop2: detected capacity change from 0 to 32768
[  192.224285][ T8140] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.831 (8140)
[  192.253627][ T8140] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  192.264162][ T8140] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  192.273043][ T8140] BTRFS info (device loop2): turning on async discard
[  192.279952][ T8140] BTRFS info (device loop2): using free space tree
[  192.328082][   T23] usb 6-1: Using ep0 maxpacket: 32
[  192.389111][   T23] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  192.430599][ T8140] BTRFS info (device loop2): enabling ssd optimizations
[  192.438834][   T23] usb 6-1: config 0 has no interface number 0
[  192.523042][   T23] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  192.576393][   T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.620833][   T23] usb 6-1: Product: syz
[  192.625087][   T23] usb 6-1: Manufacturer: syz
[  192.640139][   T23] usb 6-1: SerialNumber: syz
[  192.665794][   T23] usb 6-1: config 0 descriptor??
[  192.700978][   T23] smsc95xx v2.0.0
[  192.744787][   T23] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  192.778659][   T23] smsc95xx: probe of 6-1:0.67 failed with error -22
[  192.966975][   T28] audit: type=1326 audit(1756021028.976:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  193.041497][   T28] audit: type=1326 audit(1756021029.006:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  193.065581][ T5786] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  193.137973][   T28] audit: type=1326 audit(1756021029.026:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f051198d550 code=0x7ffc0000
[  193.213982][   T28] audit: type=1326 audit(1756021029.026:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f051198d550 code=0x7ffc0000
[  193.236019][    C1] vkms_vblank_simulate: vblank timer overrun
[  193.278663][   T27] usb 6-1: USB disconnect, device number 2
[  193.363817][   T28] audit: type=1326 audit(1756021029.026:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  193.385943][    C1] vkms_vblank_simulate: vblank timer overrun
[  193.470115][   T28] audit: type=1326 audit(1756021029.026:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  193.577171][   T28] audit: type=1326 audit(1756021029.036:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  193.599335][    C1] vkms_vblank_simulate: vblank timer overrun
[  193.676892][   T28] audit: type=1326 audit(1756021029.036:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  193.699101][    C1] vkms_vblank_simulate: vblank timer overrun
[  193.753377][   T28] audit: type=1326 audit(1756021029.036:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.4.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051198ebe9 code=0x7ffc0000
[  194.657774][ T8197] loop4: detected capacity change from 0 to 256
[  194.723134][ T8204] binder: 8203:8204 ioctl c0306201 200000000080 returned -14
[  194.733129][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  194.742650][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  194.924837][ T8197] FAT-fs (loop4): Directory bread(block 64) failed
[  194.960009][ T8197] FAT-fs (loop4): Directory bread(block 65) failed
[  194.975690][ T8197] FAT-fs (loop4): Directory bread(block 66) failed
[  194.990689][ T8197] FAT-fs (loop4): Directory bread(block 67) failed
[  195.006686][ T8197] FAT-fs (loop4): Directory bread(block 68) failed
[  195.020869][ T8197] FAT-fs (loop4): Directory bread(block 69) failed
[  195.048315][ T8197] FAT-fs (loop4): Directory bread(block 70) failed
[  195.065303][ T8197] FAT-fs (loop4): Directory bread(block 71) failed
[  195.080082][ T8197] FAT-fs (loop4): Directory bread(block 72) failed
[  195.099499][ T8197] FAT-fs (loop4): Directory bread(block 73) failed
[  195.692150][ T8225] netlink: 20 bytes leftover after parsing attributes in process `syz.4.853'.
[  195.915775][ T5843] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  195.963632][ T8225] misc userio: Invalid payload size
[  196.001992][ T8232] binder: 8230:8232 ioctl 4018620d 0 returned -22
[  196.021579][ T8232] binder: 8230:8232 ioctl c0306201 200000000080 returned -14
[  196.115691][ T5843] usb 3-1: Using ep0 maxpacket: 16
[  196.125941][ T5843] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.155258][ T5843] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.198535][ T5843] usb 3-1: config 0 interface 0 has no altsetting 0
[  196.228711][ T5843] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  196.268659][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.289475][ T5843] usb 3-1: config 0 descriptor??
[  196.760516][ T5843] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  196.784672][ T5843] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  196.805395][ T5843] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  196.835696][ T5843] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  196.855086][ T5843] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0
[  196.931969][ T5843] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0
[  197.086872][ T5843] usb 3-1: USB disconnect, device number 7
[  197.175648][   T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  197.196813][ T8258] fido_id[8258]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  197.364718][   T23] usb 7-1: Using ep0 maxpacket: 32
[  197.373007][   T23] usb 7-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  197.383803][   T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.400195][   T23] usb 7-1: config 0 descriptor??
[  197.424052][   T23] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  197.709076][ T8272] loop5: detected capacity change from 0 to 256
[  197.809712][ T8272] FAT-fs (loop5): Directory bread(block 64) failed
[  197.834537][ T8272] FAT-fs (loop5): Directory bread(block 65) failed
[  197.874695][ T8272] FAT-fs (loop5): Directory bread(block 66) failed
[  197.900512][ T8272] FAT-fs (loop5): Directory bread(block 67) failed
[  197.923175][ T8272] FAT-fs (loop5): Directory bread(block 68) failed
[  197.941158][ T8272] FAT-fs (loop5): Directory bread(block 69) failed
[  197.948596][ T8280] loop2: detected capacity change from 0 to 7
[  197.958915][ T8272] FAT-fs (loop5): Directory bread(block 70) failed
[  197.966840][ T7925] Dev loop2: unable to read RDB block 7
[  197.972491][ T7925]  loop2: unable to read partition table
[  197.976837][ T8272] FAT-fs (loop5): Directory bread(block 71) failed
[  197.984083][ T7925] loop2: partition table beyond EOD, truncated
[  197.997689][ T8272] FAT-fs (loop5): Directory bread(block 72) failed
[  198.009693][ T8280] Dev loop2: unable to read RDB block 7
[  198.015826][ T8280]  loop2: unable to read partition table
[  198.015948][ T8272] FAT-fs (loop5): Directory bread(block 73) failed
[  198.026399][ T8280] loop2: partition table beyond EOD, truncated
[  198.055715][ T8280] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  198.294534][ T8285] binder: 8284:8285 ioctl 4018620d 0 returned -22
[  198.346439][ T8285] binder: 8284:8285 ioctl c0306201 200000000080 returned -14
[  199.091828][   T23] gspca_vc032x: reg_w err -71
[  199.100121][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.106849][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.112273][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.133811][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.139167][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.145272][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.150879][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.162929][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.168771][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.182273][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.190388][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.196453][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.201833][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.207882][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.213360][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.219354][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.225113][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.230488][   T23] gspca_vc032x: I2c Bus Busy Wait 00
[  199.237685][   T23] gspca_vc032x: Unknown sensor...
[  199.242893][   T23] vc032x: probe of 7-1:0.0 failed with error -22
[  199.252048][   T23] usb 7-1: USB disconnect, device number 2
[  199.642000][ T8322] misc userio: Invalid payload size
[  199.938136][ T8333] binder: 8330:8333 ioctl 4018620d 0 returned -22
[  199.970151][ T8333] binder: 8330:8333 ioctl c0306201 200000000080 returned -14
[  200.643254][   T23] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  200.756279][ T8354] netlink: 20 bytes leftover after parsing attributes in process `syz.2.883'.
[  200.833274][   T23] usb 5-1: Using ep0 maxpacket: 32
[  200.853511][   T23] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  200.873593][   T23] usb 5-1: config 0 has no interface number 0
[  200.896215][   T23] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  200.920025][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.938881][   T23] usb 5-1: Product: syz
[  200.951647][   T23] usb 5-1: Manufacturer: syz
[  200.969464][   T23] usb 5-1: SerialNumber: syz
[  201.008522][   T23] usb 5-1: config 0 descriptor??
[  201.022546][   T23] smsc95xx v2.0.0
[  201.031164][   T23] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  201.044977][   T23] smsc95xx: probe of 5-1:0.67 failed with error -22
[  201.195202][ T8354] misc userio: Invalid payload size
[  201.779148][ T5843] usb 5-1: USB disconnect, device number 2
[  201.796324][ T8377] binder: BINDER_SET_CONTEXT_MGR already set
[  201.874593][ T8377] binder: 8376:8377 ioctl 4018620d 200000000040 returned -16
[  201.883816][ T8372] loop6: detected capacity change from 0 to 40427
[  201.901375][ T8372] F2FS-fs (loop6): build fault injection attr: rate: 14, type: 0x7ffff
[  202.887377][ T8410] binder: BINDER_SET_CONTEXT_MGR already set
[  202.894308][ T8410] binder: 8409:8410 ioctl 4018620d 200000000040 returned -16
[  203.096027][ T5429] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  203.274833][ T8425] netlink: 20 bytes leftover after parsing attributes in process `syz.5.903'.
[  203.332477][ T5429] usb 7-1: Using ep0 maxpacket: 32
[  203.357619][ T5429] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  203.378696][ T5429] usb 7-1: config 0 has no interface number 0
[  203.397170][ T5429] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  203.419726][ T5429] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.437194][ T5429] usb 7-1: Product: syz
[  203.441452][ T5429] usb 7-1: Manufacturer: syz
[  203.461699][ T5429] usb 7-1: SerialNumber: syz
[  203.470662][ T5429] usb 7-1: config 0 descriptor??
[  203.490893][ T5429] smsc95xx v2.0.0
[  203.495013][ T5429] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  203.532850][ T5429] smsc95xx: probe of 7-1:0.67 failed with error -22
[  203.561297][ T8425] misc userio: Invalid payload size
[  203.838286][ T8445] binder: BINDER_SET_CONTEXT_MGR already set
[  203.850944][ T8445] binder: 8442:8445 ioctl 4018620d 200000000040 returned -16
[  204.217543][ T5429] usb 7-1: USB disconnect, device number 3
[  204.541407][  T787] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  204.598148][ T8476] binder: 8475:8476 ioctl c0306201 0 returned -14
[  204.741896][  T787] usb 6-1: Using ep0 maxpacket: 32
[  204.753038][  T787] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  204.781922][  T787] usb 6-1: config 0 has no interfaces?
[  204.787499][  T787] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  204.848161][  T787] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.870159][  T787] usb 6-1: config 0 descriptor??
[  205.398965][ T8503] binder: 8502:8503 ioctl c0306201 0 returned -14
[  205.617473][ T8513] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  205.875698][ T8521] loop2: detected capacity change from 0 to 256
[  205.996801][ T8521] FAT-fs (loop2): Directory bread(block 64) failed
[  206.034480][ T8521] FAT-fs (loop2): Directory bread(block 65) failed
[  206.043384][ T8521] FAT-fs (loop2): Directory bread(block 66) failed
[  206.049978][ T8521] FAT-fs (loop2): Directory bread(block 67) failed
[  206.079539][ T8521] FAT-fs (loop2): Directory bread(block 68) failed
[  206.117494][ T8521] FAT-fs (loop2): Directory bread(block 69) failed
[  206.151234][ T8521] FAT-fs (loop2): Directory bread(block 70) failed
[  206.157890][ T8521] FAT-fs (loop2): Directory bread(block 71) failed
[  206.207154][ T8521] FAT-fs (loop2): Directory bread(block 72) failed
[  206.231287][ T8521] FAT-fs (loop2): Directory bread(block 73) failed
[  206.318176][ T8535] binder: 8534:8535 ioctl c0306201 0 returned -14
[  207.320121][    T8] usb 6-1: USB disconnect, device number 3
[  207.872471][ T8594] netlink: 'syz.5.963': attribute type 5 has an invalid length.
[  207.922665][ T8594] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  207.932081][ T8594] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  207.941035][ T8594] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  207.950596][ T8594] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  208.025544][ T8594] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  208.035111][ T8594] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  208.044500][ T8594] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  208.053503][ T8594] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  208.309331][    T8] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  208.412780][ T8606] netlink: 24 bytes leftover after parsing attributes in process `syz.4.967'.
[  208.432037][ T8606] netlink: 24 bytes leftover after parsing attributes in process `syz.4.967'.
[  208.510239][    T8] usb 7-1: Using ep0 maxpacket: 32
[  208.541913][    T8] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.569286][    T8] usb 7-1: config 0 has no interfaces?
[  208.574864][    T8] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  208.619814][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.642434][    T8] usb 7-1: config 0 descriptor??
[  209.122820][ T8634] misc userio: Invalid payload size
[  209.607455][ T8647] netlink: 'syz.4.981': attribute type 5 has an invalid length.
[  209.732995][ T8647] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  209.741872][ T8647] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  209.750852][ T8647] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  209.759909][ T8647] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  209.784512][ T8647] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  209.793737][ T8647] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  209.802829][ T8647] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  209.811815][ T8647] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  210.816953][ T8668] misc userio: Invalid payload size
[  211.065070][  T787] usb 7-1: USB disconnect, device number 4
[  211.872426][ T8696] misc userio: Invalid payload size
[  212.160625][ T5802] Bluetooth: hci0: command 0x0406 tx timeout
[  212.620507][ T8698] loop5: detected capacity change from 0 to 65536
[  212.663989][ T8698] XFS (loop5): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  212.783232][ T8698] XFS (loop5): Ending clean mount
[  213.129935][ T7747] XFS (loop5): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  213.142896][ T8737] loop6: detected capacity change from 0 to 2048
[  213.172850][ T8737] EXT4-fs: Ignoring removed orlov option
[  213.321987][ T8737] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.447938][ T8737] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.735514][ T7774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.845045][ T8757] misc userio: Invalid payload size
[  213.868498][ T8761] loop5: detected capacity change from 0 to 16
[  213.937343][ T8761] erofs: (device loop5): mounted with root inode @ nid 36.
[  214.489886][ T8778] loop4: detected capacity change from 0 to 2048
[  214.581036][ T8778] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.607977][ T8778] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  214.659527][ T8783] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1025'.
[  214.681571][ T8778] fs-verity: sha512 using implementation "sha512-avx2"
[  214.698094][ T8783] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1025'.
[  214.852484][ T7711] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.936073][ T8788] misc userio: Invalid payload size
[  215.260241][ T8797] loop2: detected capacity change from 0 to 256
[  215.375622][ T8797] FAT-fs (loop2): Directory bread(block 64) failed
[  215.382249][ T8797] FAT-fs (loop2): Directory bread(block 65) failed
[  215.392594][ T8802] binder: 8801:8802 ioctl c0306201 200000000080 returned -14
[  215.415852][ T8797] FAT-fs (loop2): Directory bread(block 66) failed
[  215.432274][ T8797] FAT-fs (loop2): Directory bread(block 67) failed
[  215.473708][ T8797] FAT-fs (loop2): Directory bread(block 68) failed
[  215.495720][ T8797] FAT-fs (loop2): Directory bread(block 69) failed
[  215.502447][ T8797] FAT-fs (loop2): Directory bread(block 70) failed
[  215.585623][ T8797] FAT-fs (loop2): Directory bread(block 71) failed
[  215.592351][ T8797] FAT-fs (loop2): Directory bread(block 72) failed
[  215.614434][ T8797] FAT-fs (loop2): Directory bread(block 73) failed
[  215.660801][ T8808] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1036'.
[  215.696812][ T8808] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1036'.
[  215.986604][ T8816] loop2: detected capacity change from 0 to 16
[  216.033697][ T8816] erofs: (device loop2): mounted with root inode @ nid 36.
[  216.549511][ T8832] binder: 8830:8832 ioctl c0306201 200000000080 returned -14
[  216.567580][ T8832] binder: BINDER_SET_CONTEXT_MGR already set
[  216.584860][ T8832] binder: 8830:8832 ioctl 4018620d 200000000040 returned -16
[  216.757627][ T8837] loop4: detected capacity change from 0 to 256
[  216.881165][ T8837] FAT-fs (loop4): Directory bread(block 64) failed
[  216.892148][ T8837] FAT-fs (loop4): Directory bread(block 65) failed
[  216.918584][ T8844] misc userio: Invalid payload size
[  216.938283][ T8837] FAT-fs (loop4): Directory bread(block 66) failed
[  216.962836][ T8837] FAT-fs (loop4): Directory bread(block 67) failed
[  216.994272][ T8837] FAT-fs (loop4): Directory bread(block 68) failed
[  217.033338][ T8837] FAT-fs (loop4): Directory bread(block 69) failed
[  217.065192][ T8837] FAT-fs (loop4): Directory bread(block 70) failed
[  217.085196][ T8837] FAT-fs (loop4): Directory bread(block 71) failed
[  217.094025][ T8837] FAT-fs (loop4): Directory bread(block 72) failed
[  217.112622][ T8837] FAT-fs (loop4): Directory bread(block 73) failed
[  218.247455][ T8878] binder: 8876:8878 ioctl c0306201 200000000080 returned -14
[  218.525137][ T8887] loop5: detected capacity change from 0 to 16
[  218.538351][ T8888] loop6: detected capacity change from 0 to 256
[  218.588079][ T8887] erofs: (device loop5): mounted with root inode @ nid 36.
[  218.694335][ T8888] FAT-fs (loop6): Directory bread(block 64) failed
[  218.725496][ T8888] FAT-fs (loop6): Directory bread(block 65) failed
[  218.745471][ T8888] FAT-fs (loop6): Directory bread(block 66) failed
[  218.774340][ T8888] FAT-fs (loop6): Directory bread(block 67) failed
[  218.804240][ T8888] FAT-fs (loop6): Directory bread(block 68) failed
[  218.822272][ T8888] FAT-fs (loop6): Directory bread(block 69) failed
[  218.854007][ T8888] FAT-fs (loop6): Directory bread(block 70) failed
[  218.860627][ T8888] FAT-fs (loop6): Directory bread(block 71) failed
[  218.903480][ T8888] FAT-fs (loop6): Directory bread(block 72) failed
[  218.929132][ T8888] FAT-fs (loop6): Directory bread(block 73) failed
[  219.323313][ T8908] misc userio: Invalid payload size
[  219.698525][ T8921] binder: 8920:8921 ioctl c0306201 200000000080 returned -14
[  220.850595][ T8948] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1073'.
[  220.996055][ T8954] binder: 8953:8954 ioctl c0306201 200000000080 returned -14
[  221.144437][ T8959] misc userio: Invalid payload size
[  221.208826][ T8961] misc userio: Invalid payload size
[  221.241600][ T8963] netlink: 'syz.5.1079': attribute type 2 has an invalid length.
[  221.532046][ T8975] loop2: detected capacity change from 0 to 2048
[  221.605181][ T8975] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.660386][ T8975] ext4 filesystem being mounted at /275/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  221.750003][ T8986] binder: 8985:8986 ioctl c0306201 200000000080 returned -14
[  221.758105][   T28] audit: type=1800 audit(1756023617.789:14): pid=8975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1083" name="file0" dev="loop2" ino=13 res=0 errno=0
[  221.789169][ T8986] binder: BINDER_SET_CONTEXT_MGR already set
[  221.799270][ T8986] binder: 8985:8986 ioctl 4018620d 200000000040 returned -16
[  221.917720][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.973241][ T8990] misc userio: Invalid payload size
[  222.618432][ T9014] binder: 9013:9014 ioctl c0306201 200000000080 returned -14
[  222.639592][ T9014] binder: 9013:9014 ioctl c0306201 0 returned -14
[  222.652146][ T7931] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  222.735544][ T9018] misc userio: Invalid payload size
[  222.862810][ T7931] usb 5-1: Using ep0 maxpacket: 32
[  222.880622][ T7931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  222.914287][ T7931] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  222.937883][ T7931] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  222.959006][ T7931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.968226][ T9026] misc userio: Invalid payload size
[  222.978894][ T7931] usb 5-1: config 0 descriptor??
[  223.125826][ T9034] loop6: detected capacity change from 0 to 16
[  223.145785][ T9034] erofs: (device loop6): mounted with root inode @ nid 36.
[  223.321015][ T9038] binder: 9037:9038 ioctl c0306201 200000000080 returned -14
[  223.339614][ T9038] binder: 9037:9038 ioctl c0306201 0 returned -14
[  223.678625][ T9045] loop5: detected capacity change from 0 to 2048
[  223.718388][ T9045] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  223.755751][ T9045] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  223.772706][ T9040] loop6: detected capacity change from 0 to 40427
[  223.782921][ T9040] F2FS-fs (loop6): build fault injection attr: rate: 691, type: 0x7ffff
[  223.804425][ T9040] F2FS-fs (loop6): invalid crc value
[  223.815441][ T9040] F2FS-fs (loop6): Found nat_bits in checkpoint
[  223.886859][ T9040] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  223.975431][ T9040] syz.6.1108: attempt to access beyond end of device
[  223.975431][ T9040] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  223.990807][ T9040] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  224.028212][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.436672][ T9060] loop2: detected capacity change from 0 to 16
[  224.464268][ T9060] erofs: (device loop2): mounted with root inode @ nid 36.
[  224.736084][ T9072] binder: 9069:9072 ioctl c0306201 200000000080 returned -14
[  224.754258][ T9072] binder: 9069:9072 ioctl c0306201 0 returned -14
[  224.923270][ T9076] loop5: detected capacity change from 0 to 16
[  224.959278][ T9076] erofs: (device loop5): mounted with root inode @ nid 36.
[  225.227441][ T9082] loop2: detected capacity change from 0 to 2048
[  225.287862][ T9082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.319031][ T9082] ext4 filesystem being mounted at /287/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.416384][ T1186] usb 5-1: USB disconnect, device number 3
[  225.461555][ T5884] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  225.523971][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.553167][ T5884] dvb_usb_az6027: probe of 4-1:0.0 failed with error -110
[  225.662417][ T9097] loop6: detected capacity change from 0 to 16
[  225.708800][ T5884] usb 4-1: USB disconnect, device number 5
[  225.741421][ T9097] erofs: (device loop6): mounted with root inode @ nid 36.
[  226.072730][ T9111] binder: 9109:9111 ioctl c0306201 200000000080 returned -14
[  226.170591][ T9116] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1132'.
[  226.240839][ T9116] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1132'.
[  226.332198][ T9116] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  226.341675][ T9116] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  226.350910][ T9116] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  226.359768][ T9116] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  226.480349][ T9124] misc userio: Invalid payload size
[  226.526941][ T9122] loop5: detected capacity change from 0 to 4096
[  226.735539][ T9129] loop2: detected capacity change from 0 to 2048
[  226.834342][ T9129] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.871782][ T9129] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.074942][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.119273][ T9146] binder: 9144:9146 ioctl c0306201 200000000080 returned -14
[  227.388379][ T9152] loop2: detected capacity change from 0 to 16
[  227.401259][ T9154] loop6: detected capacity change from 0 to 16
[  227.442280][ T9152] erofs: (device loop2): mounted with root inode @ nid 36.
[  227.453971][ T9154] erofs: (device loop6): mounted with root inode @ nid 36.
[  227.723467][ T9163] misc userio: Invalid payload size
[  228.217455][ T9182] misc userio: Invalid payload size
[  228.230469][ T9184] binder: 9183:9184 ioctl c0306201 200000000080 returned -14
[  228.248587][ T9179] loop4: detected capacity change from 0 to 2048
[  228.328437][ T9179] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.358833][ T9179] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.473838][ T7711] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.517464][ T9195] loop2: detected capacity change from 0 to 16
[  228.543507][ T9195] erofs: (device loop2): mounted with root inode @ nid 36.
[  228.589087][ T5879] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  228.731048][ T9202] misc userio: Invalid payload size
[  228.789074][ T5879] usb 7-1: Using ep0 maxpacket: 16
[  228.806243][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  228.847001][ T5879] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  228.918938][ T5879] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  228.928161][ T5879] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.980109][ T5879] usb 7-1: config 0 descriptor??
[  229.306060][ T9221] misc userio: Invalid payload size
[  229.381677][ T9214] syzkaller1: entered promiscuous mode
[  229.387316][ T9214] syzkaller1: entered allmulticast mode
[  229.435392][ T5879] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v0.09 Device [HID 054c:0df2] on usb-dummy_hcd.6-1/input0
[  229.487850][ T9225] binder: 9223:9225 ioctl c0306201 200000000080 returned -14
[  229.616627][ T5879] playstation 0003:054C:0DF2.0002: Invalid reportID received, expected 9 got 0
[  229.648945][ T5879] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense pairing info: -22
[  229.667839][ T5879] playstation 0003:054C:0DF2.0002: Failed to get MAC address from DualSense
[  229.677312][ T5879] playstation 0003:054C:0DF2.0002: Failed to create dualsense.
[  229.723186][ T5879] playstation: probe of 0003:054C:0DF2.0002 failed with error -22
[  229.910015][ T5884] usb 7-1: USB disconnect, device number 5
[  229.979904][ T9236] misc userio: Invalid payload size
[  230.113598][ T9241] loop5: detected capacity change from 0 to 16
[  230.171669][ T9241] erofs: (device loop5): mounted with root inode @ nid 36.
[  230.220947][ T9241] overlayfs: missing 'lowerdir'
[  230.386121][ T9249] misc userio: Invalid payload size
[  230.592551][ T9256] binder: 9253:9256 ioctl c0306201 200000000080 returned -14
[  230.820171][ T9260] loop6: detected capacity change from 0 to 2048
[  230.912227][ T9268] misc userio: Invalid payload size
[  231.041000][ T9260] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.116947][ T9260] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.227747][ T9266] loop2: detected capacity change from 0 to 40427
[  231.237518][ T9266] F2FS-fs (loop2): build fault injection attr: rate: 691, type: 0x7ffff
[  231.259031][ T9266] F2FS-fs (loop2): invalid crc value
[  231.270726][ T9266] F2FS-fs (loop2): Found nat_bits in checkpoint
[  231.324696][ T9266] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  231.348327][ T9266] syz.2.1178: attempt to access beyond end of device
[  231.348327][ T9266] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  231.363815][ T9266] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  231.381307][ T7774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.909450][ T9290] misc userio: Invalid payload size
[  232.158231][ T9295] binder: 9294:9295 ioctl c0306201 200000000080 returned -14
[  232.197631][ T9297] misc userio: Invalid payload size
[  232.246517][ T9299] loop4: detected capacity change from 0 to 2048
[  232.417905][ T9299] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.500321][ T9299] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.562862][   T28] audit: type=1800 audit(1756023628.594:15): pid=9299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1189" name="file0" dev="loop4" ino=13 res=0 errno=0
[  232.668840][ T7711] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.802911][ T9317] loop6: detected capacity change from 0 to 8
[  232.902321][ T9318] misc userio: Invalid payload size
[  233.143459][ T9330] binder: 9329:9330 ioctl c0306201 200000000080 returned -14
[  233.215709][ T9332] misc userio: Invalid payload size
[  233.219306][ T9334] misc userio: Invalid payload size
[  233.267042][ T7931] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  233.348659][ T9337] loop4: detected capacity change from 0 to 16
[  233.377321][ T9337] erofs: (device loop4): mounted with root inode @ nid 36.
[  233.425692][ T9337] overlay: Unknown parameter '/'
[  233.480003][ T7931] usb 7-1: Using ep0 maxpacket: 8
[  233.516010][ T7931] usb 7-1: config 0 has no interfaces?
[  233.530185][ T7931] usb 7-1: New USB device found, idVendor=6933, idProduct=5001, bcdDevice=45.02
[  233.547878][ T7931] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.584983][ T7931] usb 7-1: Product: syz
[  233.599726][ T7931] usb 7-1: Manufacturer: syz
[  233.604414][ T7931] usb 7-1: SerialNumber: syz
[  233.684041][ T9348] loop5: detected capacity change from 0 to 2048
[  233.696236][ T7931] usb 7-1: config 0 descriptor??
[  233.842934][ T9348] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.906939][ T9348] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.021616][  T787] usb 7-1: USB disconnect, device number 6
[  234.026382][ T9350] loop2: detected capacity change from 0 to 40427
[  234.038183][ T9350] F2FS-fs (loop2): build fault injection attr: rate: 691, type: 0x7ffff
[  234.047886][   T28] audit: type=1800 audit(1756023630.075:16): pid=9348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1203" name="file0" dev="loop5" ino=13 res=0 errno=0
[  234.077562][ T9350] F2FS-fs (loop2): invalid crc value
[  234.109409][ T9350] F2FS-fs (loop2): Found nat_bits in checkpoint
[  234.174272][ T9350] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  234.201676][ T9350] syz.2.1204: attempt to access beyond end of device
[  234.201676][ T9350] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  234.216315][ T9350] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  234.288875][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.707159][ T9372] misc userio: Invalid payload size
[  234.750730][ T9375] misc userio: Invalid payload size
[  235.024270][ T9381] misc userio: Invalid payload size
[  235.226402][ T9389] binder: 9388:9389 ioctl c0306201 200000000080 returned -14
[  235.243637][ T9387] loop5: detected capacity change from 0 to 1024
[  235.293640][ T9387] EXT4-fs: Ignoring removed bh option
[  235.337904][ T9387] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  235.359659][ T9394] loop4: detected capacity change from 0 to 16
[  235.417556][ T9394] erofs: (device loop4): mounted with root inode @ nid 36.
[  235.442868][ T9387] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.799792][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.945488][ T9408] misc userio: Invalid payload size
[  236.262856][ T9419] misc userio: Invalid payload size
[  236.314039][ T9422] binder: 9420:9422 ioctl c0306201 200000000080 returned -14
[  236.468646][ T9426] loop6: detected capacity change from 0 to 16
[  236.545368][ T9426] erofs: (device loop6): mounted with root inode @ nid 36.
[  236.822717][ T9438] misc userio: Invalid payload size
[  237.082419][ T9444] misc userio: Invalid payload size
[  237.284789][ T9457] binder: 9452:9457 ioctl c0306201 200000000080 returned -14
[  237.327883][ T9454] loop2: detected capacity change from 0 to 2048
[  237.376402][ T9454] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.380765][ T9458] misc userio: Invalid payload size
[  237.394822][ T9454] ext4 filesystem being mounted at /317/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  237.676607][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.746092][ T9470] loop4: detected capacity change from 0 to 128
[  237.833690][ T9470] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  237.977502][ T9470] ext4 filesystem being mounted at /124/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  238.060106][ T9482] misc userio: Invalid payload size
[  238.167216][ T7931] IPVS: starting estimator thread 0...
[  238.226334][ T9487] binder: 9485:9487 ioctl c0306201 200000000080 returned -14
[  238.304819][ T9486] IPVS: using max 17 ests per chain, 40800 per kthread
[  238.458196][ T9496] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1249'.
[  238.470422][ T9496] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1249'.
[  238.641414][ T7711] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  238.659887][ T9501] loop6: detected capacity change from 0 to 2048
[  238.700121][ T9501] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.726661][ T9501] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.007074][ T7774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.117967][ T9519] binder: 9517:9519 ioctl c0306201 200000000080 returned -14
[  239.324026][ T9524] misc userio: Invalid payload size
[  239.843648][   T27] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  239.911162][ T9547] loop4: detected capacity change from 0 to 2048
[  239.970059][ T9547] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  239.990524][ T9547] ext4 filesystem being mounted at /129/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  240.044971][   T27] usb 7-1: Using ep0 maxpacket: 32
[  240.058735][   T27] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  240.071638][   T27] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.082941][   T27] usb 7-1: config 0 descriptor??
[  240.210536][ T7711] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.323775][   T27] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  240.356866][   T27] usb 7-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  240.394294][   T27] usb 7-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  240.642135][ T9573] misc userio: Invalid payload size
[  241.156267][ T9589] loop2: detected capacity change from 0 to 128
[  241.217901][ T9589] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  241.245420][ T9594] loop5: detected capacity change from 0 to 2048
[  241.267626][ T9589] ext4 filesystem being mounted at /326/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  241.333577][ T9594] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.381491][ T9594] ext4 filesystem being mounted at /129/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.471642][ T7931] IPVS: starting estimator thread 0...
[  241.561532][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.603267][ T9600] IPVS: using max 16 ests per chain, 38400 per kthread
[  241.696974][ T9607] misc userio: Invalid payload size
[  241.859017][ T9611] misc userio: Invalid payload size
[  242.073435][ T5786] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  242.077528][ T9616] misc userio: Invalid payload size
[  242.110349][ T9619] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1281'.
[  242.152310][ T9619] netlink: 'syz.5.1281': attribute type 5 has an invalid length.
[  242.192494][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1281'.
[  242.562142][   T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  242.628680][ T9635] loop4: detected capacity change from 0 to 2048
[  242.736357][ T9635] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.781723][ T9635] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.803327][   T23] usb 3-1: Using ep0 maxpacket: 32
[  242.814949][   T23] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  242.831311][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.855227][   T23] usb 3-1: config 0 descriptor??
[  242.950688][ T7711] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.087426][   T23] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  243.222762][ T9652] misc userio: Invalid payload size
[  243.466078][ T9657] misc userio: Invalid payload size
[  243.672620][ T9637] loop5: detected capacity change from 0 to 40427
[  243.741610][ T9637] F2FS-fs (loop5): build fault injection attr: rate: 691, type: 0x7ffff
[  243.785268][ T9637] F2FS-fs (loop5): invalid crc value
[  243.810841][ T9667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1295'.
[  243.839835][ T9637] F2FS-fs (loop5): Found nat_bits in checkpoint
[  243.847653][ T9667] netlink: 'syz.4.1295': attribute type 5 has an invalid length.
[  243.898607][ T9667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1295'.
[  244.073999][ T9637] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  244.093262][ T9676] loop6: detected capacity change from 0 to 128
[  244.147650][ T9637] syz.5.1288: attempt to access beyond end of device
[  244.147650][ T9637] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  244.192158][ T9637] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  244.256326][ T9676] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  244.342048][ T9676] ext4 filesystem being mounted at /118/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  244.565320][ T7931] IPVS: starting estimator thread 0...
[  244.691153][ T9687] IPVS: using max 16 ests per chain, 38400 per kthread
[  244.761436][ T9693] misc userio: Invalid payload size
[  244.983369][ T7774] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  245.551910][ T5843] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  245.590849][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.265548][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  246.510380][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.519012][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.527693][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.536594][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  246.545344][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.554088][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.562705][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.571315][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  246.880245][ T5843] usb 5-1: Using ep0 maxpacket: 32
[  247.304789][ T9684] loop2: detected capacity change from 0 to 40427
[  247.749521][ T5843] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  247.758644][ T5843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.787160][ T5843] usb 5-1: config 0 descriptor??
[  248.035987][ T5843] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  248.202988][ T9730] loop5: detected capacity change from 0 to 1024
[  248.241835][ T9730] EXT4-fs: Ignoring removed bh option
[  248.262526][ T9730] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  248.280545][ T9731] misc userio: Invalid payload size
[  248.348107][ T9730] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.532780][ T9740] loop2: detected capacity change from 0 to 128
[  248.594976][ T9740] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  248.637892][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.659622][ T9740] ext4 filesystem being mounted at /332/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  249.407574][ T5786] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  249.842415][ T9780] misc userio: Invalid payload size
[  249.999307][ T9754] loop6: detected capacity change from 0 to 40427
[  250.024097][ T9754] F2FS-fs (loop6): build fault injection attr: rate: 691, type: 0x7ffff
[  250.077192][ T9754] F2FS-fs (loop6): invalid crc value
[  250.105012][ T9754] F2FS-fs (loop6): Found nat_bits in checkpoint
[  250.354172][ T9754] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  250.440922][ T9754] syz.6.1317: attempt to access beyond end of device
[  250.440922][ T9754] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  250.484091][ T9754] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  251.110403][ T9816] loop5: detected capacity change from 0 to 1024
[  251.122506][ T9816] EXT4-fs: Ignoring removed bh option
[  251.170862][ T9816] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  251.241981][ T9816] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.282596][ T9821] misc userio: Invalid payload size
[  251.534971][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.105872][ T9848] misc userio: Invalid payload size
[  252.299158][ T9854] misc userio: Invalid payload size
[  252.582753][ T9865] misc userio: Invalid payload size
[  254.074095][ T9861] loop2: detected capacity change from 0 to 40427
[  254.093132][ T9861] F2FS-fs (loop2): build fault injection attr: rate: 691, type: 0x7ffff
[  254.127901][ T9861] F2FS-fs (loop2): invalid crc value
[  254.154624][ T9861] F2FS-fs (loop2): Found nat_bits in checkpoint
[  254.451317][ T9861] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  254.526934][ T9893] misc userio: Invalid payload size
[  255.055900][ T1186] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  255.276002][ T1186] usb 6-1: Using ep0 maxpacket: 32
[  255.286071][ T1186] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  255.295276][ T1186] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.344737][ T1186] usb 6-1: config 0 descriptor??
[  255.595969][ T1186] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  255.765682][ T9934] misc userio: Invalid payload size
[  255.893037][ T9938] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1364'.
[  256.132530][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  256.139965][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  256.407881][ T9956] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1367'.
[  256.832385][ T9960] loop6: detected capacity change from 0 to 1024
[  256.860180][ T9960] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  256.906043][ T9960] EXT4-fs (loop6): can't mount with commit=32768, fs mounted w/o journal
[  257.633503][ T9993] misc userio: Invalid payload size
[  257.980843][T10008] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1378'.
[  261.158464][T10022] misc userio: Invalid payload size
[  261.482203][T10030] misc userio: Invalid payload size
[  261.559759][T10035] misc userio: Invalid payload size
[  261.772040][T10033] loop2: detected capacity change from 0 to 8192
[  261.937328][T10047] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1389'.
[  262.003349][T10050] syzkaller1: entered promiscuous mode
[  262.008901][T10050] syzkaller1: entered allmulticast mode
[  262.147369][T10052] loop2: detected capacity change from 0 to 1024
[  262.184167][T10052] EXT4-fs: Ignoring removed oldalloc option
[  262.238871][T10052] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  262.307989][T10052] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  262.378455][T10058] misc userio: Invalid payload size
[  262.508278][T10065] misc userio: Invalid payload size
[  262.662871][T10069] misc userio: Invalid payload size
[  262.801607][ T5786] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /352/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  262.851569][ T5786] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  262.875137][T10077] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1397'.
[  262.909448][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  262.947336][ T5786] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /352/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  262.984282][ T5786] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.054768][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.082703][ T5786] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /352/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.155921][ T5786] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.175747][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.190714][ T5786] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /352/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.238988][ T5786] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.282397][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.299735][ T5786] EXT4-fs error (device loop2): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /352/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.328132][ T5786] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  263.352529][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.385773][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.417228][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.448531][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.465475][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.506222][ T5786] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  263.604468][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1400'.
[  264.200683][T10108] loop5: detected capacity change from 0 to 1024
[  264.230473][T10108] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  264.295654][T10108] EXT4-fs (loop5): can't mount with commit=32768, fs mounted w/o journal
[  264.577330][T10106] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1403'.
[  264.735997][T10128] misc userio: Invalid payload size
[  264.796387][ T7778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.944991][T10130] misc userio: Invalid payload size
[  265.015951][   T48] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.041085][   T48] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.072402][T10135] misc userio: Invalid payload size
[  265.217112][   T48] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.234662][   T48] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.350056][   T48] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.371168][   T48] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.495683][   T48] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  265.509287][   T48] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.879147][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  265.890351][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  265.912381][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  265.922056][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  265.929935][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  265.940601][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  266.194435][T10158] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1414'.
[  266.408843][T10164] misc userio: Invalid payload size
[  266.839217][T10179] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1417'.
[  266.856899][T10148] chnl_net:caif_netlink_parms(): no params data found
[  267.031920][T10183] misc userio: Invalid payload size
[  267.181930][T10186] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1419'.
[  267.275496][   T48] hsr_slave_0: left promiscuous mode
[  267.316151][   T48] hsr_slave_1: left promiscuous mode
[  267.325334][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  267.333167][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  267.343046][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  267.351184][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  267.359147][   T48] bridge_slave_1: left allmulticast mode
[  267.365036][   T48] bridge_slave_1: left promiscuous mode
[  267.371052][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.384819][   T48] bridge_slave_0: left allmulticast mode
[  267.390936][   T48] bridge_slave_0: left promiscuous mode
[  267.396742][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.435573][   T48] veth1_macvtap: left promiscuous mode
[  267.441530][   T48] veth0_macvtap: left promiscuous mode
[  267.448307][   T48] veth1_vlan: left promiscuous mode
[  267.455672][   T48] veth0_vlan: left promiscuous mode
[  268.039557][ T5802] Bluetooth: hci0: command tx timeout
[  268.115492][T10200] misc userio: Invalid payload size
[  268.283207][   T48] team0 (unregistering): Port device team_slave_1 removed
[  268.356767][   T48] team0 (unregistering): Port device team_slave_0 removed
[  268.452893][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  268.538582][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.088208][   T48] bond0 (unregistering): Released all slaves
[  269.165885][T10148] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.173796][T10148] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.183530][T10148] bridge_slave_0: entered allmulticast mode
[  269.200883][T10148] bridge_slave_0: entered promiscuous mode
[  269.235466][T10207] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1425'.
[  269.250522][T10148] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.257846][T10148] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.265239][T10148] bridge_slave_1: entered allmulticast mode
[  269.275866][T10148] bridge_slave_1: entered promiscuous mode
[  269.473500][T10148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.509446][T10213] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1427'.
[  269.541502][T10148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.686797][T10217] loop5: detected capacity change from 0 to 1024
[  269.706654][T10217] EXT4-fs: Ignoring removed bh option
[  269.725617][T10217] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  269.806454][T10148] team0: Port device team_slave_0 added
[  269.853050][T10217] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.856224][T10224] loop4: detected capacity change from 0 to 1024
[  269.913367][T10148] team0: Port device team_slave_1 added
[  269.917521][T10224] EXT4-fs: Ignoring removed oldalloc option
[  269.986952][T10224] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  270.057046][T10224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.095343][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.104624][T10148] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.104643][T10148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.104670][T10148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.129049][T10148] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.138228][    C1] vkms_vblank_simulate: vblank timer overrun
[  270.142079][ T5802] Bluetooth: hci0: command tx timeout
[  270.163964][   T48] IPVS: stop unused estimator thread 0...
[  270.176824][T10148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  270.203716][T10148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.430039][ T7711] EXT4-fs error (device loop4): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /164/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  270.475801][T10148] hsr_slave_0: entered promiscuous mode
[  270.491958][ T7711] EXT4-fs error (device loop4): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  270.517195][T10148] hsr_slave_1: entered promiscuous mode
[  270.598476][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  270.620944][ T7711] EXT4-fs error (device loop4): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /164/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  270.761070][ T7711] EXT4-fs error (device loop4): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  270.850340][T10247] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1437'.
[  270.857948][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  270.912859][ T7711] EXT4-fs error (device loop4): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /164/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  270.944440][ T7711] EXT4-fs error (device loop4): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  270.978237][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  270.998371][ T7711] EXT4-fs error (device loop4): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /164/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  271.125566][ T7711] EXT4-fs error (device loop4): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  271.130277][T10253] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  271.168435][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.180973][ T7711] EXT4-fs error (device loop4): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /164/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  271.208055][ T7711] EXT4-fs error (device loop4): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  271.237914][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.277481][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.317946][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.353482][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.389604][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.421797][ T7711] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  271.445980][T10262] loop5: detected capacity change from 0 to 1024
[  271.468741][T10262] EXT4-fs: Ignoring removed bh option
[  271.475436][T10148] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  271.514739][T10262] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  271.531417][T10148] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  271.577527][T10148] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  271.608305][T10262] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.628146][T10148] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  271.802314][ T7747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.111369][T10148] 8021q: adding VLAN 0 to HW filter on device bond0
[  272.162594][T10148] 8021q: adding VLAN 0 to HW filter on device team0
[  272.210186][ T5802] Bluetooth: hci0: command tx timeout
[  272.234941][ T2927] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.242237][ T2927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  272.332413][T10023] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.339864][T10023] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.739652][T10291] loop6: detected capacity change from 0 to 1024
[  272.768147][T10291] EXT4-fs: Ignoring removed oldalloc option
[  272.797295][T10291] EXT4-fs (loop6): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  272.871229][T10291] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.897615][T10293] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1446'.
[  273.085057][ T7711] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.131780][ T7774] EXT4-fs error (device loop6): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /171/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.153237][    C1] vkms_vblank_simulate: vblank timer overrun
[  273.181223][ T7774] EXT4-fs error (device loop6): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.241068][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  273.267165][ T7774] EXT4-fs error (device loop6): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /171/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.328837][ T7774] EXT4-fs error (device loop6): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.394194][T10023] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.421282][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  273.441323][ T7774] EXT4-fs error (device loop6): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /171/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.503269][ T7774] EXT4-fs error (device loop6): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.543508][T10304] syzkaller1: entered promiscuous mode
[  273.560052][T10304] syzkaller1: entered allmulticast mode
[  273.567029][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  273.607020][ T7774] EXT4-fs error (device loop6): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /171/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.650847][ T7774] EXT4-fs error (device loop6): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.670035][    C1] vkms_vblank_simulate: vblank timer overrun
[  273.682344][T10148] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.686053][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  273.704012][ T7774] EXT4-fs error (device loop6): ext4_readdir:263: inode #11: block 32: comm syz-executor: path /171/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.821590][ T7774] EXT4-fs error (device loop6): ext4_empty_dir:3145: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  273.849876][T10023] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.901861][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  273.934460][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  273.989794][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  274.043390][T10023] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.055179][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  274.072916][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  274.126221][ T7774] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #11: comm syz-executor: directory missing '.'
[  274.191043][T10023] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.276943][ T5802] Bluetooth: hci0: command tx timeout
[  274.504172][T10325] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1454'.
[  274.830036][T10148] veth0_vlan: entered promiscuous mode
[  274.895285][   T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  274.908539][   T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  274.918267][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  274.949387][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  274.959602][   T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  274.976880][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  275.133984][T10148] veth1_vlan: entered promiscuous mode
[  275.487187][ T7774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.759547][T10148] veth0_macvtap: entered promiscuous mode
[  275.817343][T10148] veth1_macvtap: entered promiscuous mode
[  276.069429][T10148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.105355][T10148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.125306][T10148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.161312][T10148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.171573][T10148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.189783][T10148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.204561][T10148] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.282033][T10148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.293760][T10148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.304536][T10148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.316080][T10148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.323482][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  276.331283][T10148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.339869][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  276.344246][T10148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.352687][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  276.372353][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  276.381121][ T5802] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  276.389113][T10148] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.395665][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  276.439250][T10148] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.448158][T10148] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.457890][T10148] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.467881][T10148] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  277.030343][T10023] hsr_slave_0: left promiscuous mode
[  277.048931][T10023] hsr_slave_1: left promiscuous mode
[  277.057867][T10023] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  277.075033][T10023] batman_adv: batadv0: Removing interface: batadv_slave_0
[  277.075333][ T5802] Bluetooth: hci2: command tx timeout
[  277.099779][T10023] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  277.119825][T10023] batman_adv: batadv0: Removing interface: batadv_slave_1
[  277.144994][T10023] bridge_slave_1: left allmulticast mode
[  277.150753][T10023] bridge_slave_1: left promiscuous mode
[  277.180636][T10023] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.213685][T10023] bridge_slave_0: left allmulticast mode
[  277.231194][T10023] bridge_slave_0: left promiscuous mode
[  277.239983][T10023] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.316718][T10023] veth1_macvtap: left promiscuous mode
[  277.322352][T10023] veth0_macvtap: left promiscuous mode
[  278.132341][T10023] team0 (unregistering): Port device team_slave_1 removed
[  278.196734][T10023] team0 (unregistering): Port device team_slave_0 removed
[  278.258173][T10023] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  278.323879][T10023] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  278.438428][ T5802] Bluetooth: hci1: command tx timeout
[  279.109685][T10023] bond0 (unregistering): Released all slaves
[  279.168147][ T5802] Bluetooth: hci2: command tx timeout
[  279.230608][T10332] chnl_net:caif_netlink_parms(): no params data found
[  279.297546][T10388] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1467'.
[  279.445244][T10391] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1468'.
[  279.489765][ T2913] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.519561][ T2913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.672405][T10332] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.681723][T10332] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.690705][T10332] bridge_slave_0: entered allmulticast mode
[  279.698979][T10332] bridge_slave_0: entered promiscuous mode
[  279.751175][T10332] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.758674][T10332] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.766784][T10332] bridge_slave_1: entered allmulticast mode
[  279.775667][T10332] bridge_slave_1: entered promiscuous mode
[  279.784088][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.793551][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.858822][T10332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.893146][T10332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  280.004926][T10023] IPVS: stop unused estimator thread 0...
[  280.056173][T10332] team0: Port device team_slave_0 added
[  280.068281][T10359] chnl_net:caif_netlink_parms(): no params data found
[  280.111037][T10332] team0: Port device team_slave_1 added
[  280.302500][T10332] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.312350][T10332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.338343][    C1] vkms_vblank_simulate: vblank timer overrun
[  280.401557][T10332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.489432][T10332] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.503039][T10332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.540257][ T5802] Bluetooth: hci1: command tx timeout
[  280.594146][T10332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.943787][T10359] bridge0: port 1(bridge_slave_0) entered blocking state
[  280.951084][T10359] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.965629][T10359] bridge_slave_0: entered allmulticast mode
[  280.974733][T10359] bridge_slave_0: entered promiscuous mode
[  281.057550][T10332] hsr_slave_0: entered promiscuous mode
[  281.080071][T10332] hsr_slave_1: entered promiscuous mode
[  281.092544][T10332] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  281.115966][T10332] Cannot create hsr debugfs directory
[  281.132399][T10359] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.141987][T10359] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.157808][T10359] bridge_slave_1: entered allmulticast mode
[  281.176475][T10359] bridge_slave_1: entered promiscuous mode
[  281.233352][ T5802] Bluetooth: hci2: command tx timeout
[  281.267436][T10429] syzkaller1: entered promiscuous mode
[  281.275902][T10429] syzkaller1: entered allmulticast mode
[  281.351807][T10359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  281.436787][T10359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  281.570071][T10023] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.733862][T10023] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.768267][T10359] team0: Port device team_slave_0 added
[  281.855618][T10359] team0: Port device team_slave_1 added
[  281.926812][T10023] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.979869][T10359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  281.997080][T10359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.045707][T10359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.138968][T10023] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.196171][T10359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.212866][T10359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.247923][T10359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.350453][T10441] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1476'.
[  282.528418][T10442] loop7: detected capacity change from 0 to 1024
[  282.582352][T10442] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  282.592951][ T5802] Bluetooth: hci1: command tx timeout
[  282.612232][T10442] EXT4-fs (loop7): can't mount with commit=32768, fs mounted w/o journal
[  283.002939][T10359] hsr_slave_0: entered promiscuous mode
[  283.021507][T10359] hsr_slave_1: entered promiscuous mode
[  283.030264][T10359] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  283.065847][T10359] Cannot create hsr debugfs directory
[  283.312812][ T5802] Bluetooth: hci2: command tx timeout
[  283.436545][T10332] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  283.474714][T10452] loop5: detected capacity change from 0 to 1024
[  283.478503][T10332] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  283.494650][T10452] hfsplus: unable to parse mount options
[  283.529941][T10332] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  283.566191][ T7925] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  283.600522][T10332] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  283.608487][T10452] kAFS: No cell specified
[  283.987544][T10467] misc userio: Invalid payload size
[  284.445168][T10359] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  284.489646][T10359] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  284.642664][T10359] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  284.671794][ T5802] Bluetooth: hci1: command tx timeout
[  284.697133][T10359] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  285.500128][T10332] 8021q: adding VLAN 0 to HW filter on device bond0
[  285.694618][T10332] 8021q: adding VLAN 0 to HW filter on device team0
[  285.768630][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.775873][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  285.876818][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.884096][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  285.945686][T10023] hsr_slave_0: left promiscuous mode
[  285.955443][T10023] hsr_slave_1: left promiscuous mode
[  285.971229][T10023] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  285.989281][T10023] batman_adv: batadv0: Removing interface: batadv_slave_0
[  286.013666][T10023] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  286.038166][T10023] batman_adv: batadv0: Removing interface: batadv_slave_1
[  286.062233][T10023] bridge_slave_1: left allmulticast mode
[  286.067961][T10023] bridge_slave_1: left promiscuous mode
[  286.096913][T10023] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.118535][T10023] bridge_slave_0: left allmulticast mode
[  286.128935][T10023] bridge_slave_0: left promiscuous mode
[  286.139246][T10023] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.206462][T10023] veth1_macvtap: left promiscuous mode
[  286.216340][T10023] veth0_macvtap: left promiscuous mode
[  286.516301][T10521] misc userio: Invalid payload size
[  287.186404][T10023] team0 (unregistering): Port device team_slave_1 removed
[  287.251837][T10023] team0 (unregistering): Port device team_slave_0 removed
[  287.357463][T10023] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  287.431585][T10023] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.233522][T10023] bond0 (unregistering): Released all slaves
[  288.458703][T10332] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  288.557439][T10359] 8021q: adding VLAN 0 to HW filter on device bond0
[  288.642394][T10359] 8021q: adding VLAN 0 to HW filter on device team0
[  288.676561][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  288.683846][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  288.777326][ T2913] bridge0: port 2(bridge_slave_1) entered blocking state
[  288.784588][ T2913] bridge0: port 2(bridge_slave_1) entered forwarding state
[  288.897805][T10546] misc userio: Invalid payload size
[  289.165076][T10023] IPVS: stop unused estimator thread 0...
[  289.460108][T10332] 8021q: adding VLAN 0 to HW filter on device batadv0
[  289.767121][T10359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  290.582915][T10332] veth0_vlan: entered promiscuous mode
[  290.621349][T10332] veth1_vlan: entered promiscuous mode
[  290.774770][T10332] veth0_macvtap: entered promiscuous mode
[  290.803425][T10332] veth1_macvtap: entered promiscuous mode
[  290.967980][T10359] veth0_vlan: entered promiscuous mode
[  290.995107][T10332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.020731][T10332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.046176][T10332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.063269][T10332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.100199][T10332] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.126291][T10332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.149467][T10602] misc userio: Invalid payload size
[  291.164274][T10332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.197720][T10332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.210241][T10606] loop7: detected capacity change from 0 to 1024
[  291.228093][T10332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.249597][T10332] batman_adv: batadv0: Interface activated: batadv_slave_1
[  291.268509][T10606] EXT4-fs: Ignoring removed oldalloc option
[  291.282543][T10332] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  291.292263][T10606] EXT4-fs (loop7): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  291.305442][T10332] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  291.316477][T10332] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  291.325657][T10332] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  291.354774][T10606] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.371476][T10359] veth1_vlan: entered promiscuous mode
[  291.497273][T10606] overlayfs: missing 'lowerdir'
[  291.583833][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.596726][T10359] veth0_macvtap: entered promiscuous mode
[  291.615365][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  291.634289][T10148] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.636525][T10359] veth1_macvtap: entered promiscuous mode
[  291.691263][T10618] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1517'.
[  291.818995][T10023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.835599][T10023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  291.859341][T10359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.890711][T10359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.911103][T10359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.949426][T10359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.993214][T10359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  292.007515][T10359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.028382][T10359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  292.050973][T10359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.065743][T10359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.076182][T10359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.087378][T10359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.098164][T10359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.109916][T10359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.138875][T10359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.155546][T10359] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.165509][T10359] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.192632][T10359] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.202741][T10359] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  292.388546][T10634] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1450'.
[  293.162557][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.191237][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.272059][T10654] loop7: detected capacity change from 0 to 1024
[  293.279884][T10654] EXT4-fs: Ignoring removed oldalloc option
[  293.297095][T10654] EXT4-fs (loop7): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  293.325113][ T2913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.341426][ T2913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.434150][T10654] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  293.499852][T10654] overlayfs: missing 'lowerdir'
[  293.699241][T10670] misc userio: Invalid payload size
[  293.739893][T10148] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.027397][   T50] Bluetooth: hci3: command 0x0406 tx timeout
[  294.374036][T10692] misc userio: Invalid payload size
[  294.760439][T10700] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1536'.
[  294.901251][T10700] loop8: detected capacity change from 0 to 1024
[  294.951551][T10700] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  294.975890][T10700] EXT4-fs (loop8): can't mount with commit=32768, fs mounted w/o journal
[  295.961735][T10712] loop8: detected capacity change from 0 to 32768
[  296.084545][T10712] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  296.194751][T10712] 
[  296.197181][T10712] ======================================================
[  296.204226][T10712] WARNING: possible circular locking dependency detected
[  296.211445][T10712] 6.6.102-syzkaller #0 Not tainted
[  296.216570][T10712] ------------------------------------------------------
[  296.223596][T10712] syz.8.1538/10712 is trying to acquire lock:
[  296.229702][T10712] ffff888021c84608 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_setattr+0x95a/0x1b20
[  296.238704][T10712] 
[  296.238704][T10712] but task is already holding lock:
[  296.246167][T10712] ffff88807716ea20 (&oi->ip_alloc_sem){+.+.}-{3:3}, at: ocfs2_setattr+0x94b/0x1b20
[  296.255505][T10712] 
[  296.255505][T10712] which lock already depends on the new lock.
[  296.255505][T10712] 
[  296.266085][T10712] 
[  296.266085][T10712] the existing dependency chain (in reverse order) is:
[  296.275109][T10712] 
[  296.275109][T10712] -> #4 (&oi->ip_alloc_sem){+.+.}-{3:3}:
[  296.282962][T10712]        down_write+0x97/0x1f0
[  296.287764][T10712]        ocfs2_try_remove_refcount_tree+0xb7/0x320
[  296.294294][T10712]        ocfs2_xattr_set+0x596/0x11f0
[  296.299697][T10712]        ocfs2_set_acl+0x4e1/0x590
[  296.304830][T10712]        ocfs2_iop_set_acl+0x1ab/0x2a0
[  296.310303][T10712]        vfs_remove_acl+0x4e3/0x740
[  296.315617][T10712]        ovl_workdir_create+0x409/0x760
[  296.321355][T10712]        ovl_get_workdir+0x300/0x1740
[  296.326755][T10712]        ovl_fill_super+0x1345/0x3560
[  296.332137][T10712]        get_tree_nodev+0xb5/0x140
[  296.337261][T10712]        vfs_get_tree+0x8c/0x280
[  296.342205][T10712]        do_new_mount+0x24b/0xa40
[  296.347242][T10712]        __se_sys_mount+0x2da/0x3c0
[  296.352470][T10712]        do_syscall_64+0x55/0xb0
[  296.357425][T10712]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  296.363864][T10712] 
[  296.363864][T10712] -> #3 (&oi->ip_xattr_sem){++++}-{3:3}:
[  296.371836][T10712]        down_read+0x46/0x2e0
[  296.376635][T10712]        ocfs2_init_acl+0x2fa/0x720
[  296.381868][T10712]        ocfs2_mknod+0x12e5/0x20f0
[  296.386993][T10712]        ocfs2_mkdir+0x196/0x410
[  296.391956][T10712]        vfs_mkdir+0x296/0x440
[  296.396815][T10712]        do_mkdirat+0x1d4/0x440
[  296.401679][T10712]        __x64_sys_mkdir+0x6e/0x80
[  296.406819][T10712]        do_syscall_64+0x55/0xb0
[  296.411782][T10712]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  296.418226][T10712] 
[  296.418226][T10712] -> #2 (jbd2_handle){++++}-{0:0}:
[  296.425644][T10712]        start_this_handle+0x1e9d/0x20c0
[  296.431312][T10712]        jbd2__journal_start+0x2bb/0x5b0
[  296.437047][T10712]        jbd2_journal_start+0x2a/0x40
[  296.442436][T10712]        ocfs2_start_trans+0x376/0x6c0
[  296.447921][T10712]        ocfs2_mknod+0xe47/0x20f0
[  296.452962][T10712]        ocfs2_mkdir+0x196/0x410
[  296.457997][T10712]        vfs_mkdir+0x296/0x440
[  296.462805][T10712]        do_mkdirat+0x1d4/0x440
[  296.467754][T10712]        __x64_sys_mkdir+0x6e/0x80
[  296.472876][T10712]        do_syscall_64+0x55/0xb0
[  296.477921][T10712]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  296.484544][T10712] 
[  296.484544][T10712] -> #1 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  296.493852][T10712]        down_read+0x46/0x2e0
[  296.498548][T10712]        ocfs2_start_trans+0x36a/0x6c0
[  296.504057][T10712]        ocfs2_mknod+0xe47/0x20f0
[  296.509091][T10712]        ocfs2_mkdir+0x196/0x410
[  296.514035][T10712]        vfs_mkdir+0x296/0x440
[  296.518821][T10712]        do_mkdirat+0x1d4/0x440
[  296.523688][T10712]        __x64_sys_mkdir+0x6e/0x80
[  296.528809][T10712]        do_syscall_64+0x55/0xb0
[  296.533759][T10712]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  296.540192][T10712] 
[  296.540192][T10712] -> #0 (sb_internal#4){.+.+}-{0:0}:
[  296.547688][T10712]        __lock_acquire+0x2ddb/0x7c80
[  296.553078][T10712]        lock_acquire+0x197/0x410
[  296.558127][T10712]        ocfs2_start_trans+0x26b/0x6c0
[  296.563799][T10712]        ocfs2_setattr+0x95a/0x1b20
[  296.569034][T10712]        notify_change+0xb0d/0xe10
[  296.574164][T10712]        ovl_workdir_create+0x5de/0x760
[  296.579722][T10712]        ovl_get_workdir+0x300/0x1740
[  296.585108][T10712]        ovl_fill_super+0x1345/0x3560
[  296.590489][T10712]        get_tree_nodev+0xb5/0x140
[  296.595618][T10712]        vfs_get_tree+0x8c/0x280
[  296.600562][T10712]        do_new_mount+0x24b/0xa40
[  296.605596][T10712]        __se_sys_mount+0x2da/0x3c0
[  296.610802][T10712]        do_syscall_64+0x55/0xb0
[  296.615751][T10712]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  296.622189][T10712] 
[  296.622189][T10712] other info that might help us debug this:
[  296.622189][T10712] 
[  296.632430][T10712] Chain exists of:
[  296.632430][T10712]   sb_internal#4 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem
[  296.632430][T10712] 
[  296.645661][T10712]  Possible unsafe locking scenario:
[  296.645661][T10712] 
[  296.653114][T10712]        CPU0                    CPU1
[  296.658489][T10712]        ----                    ----
[  296.663860][T10712]   lock(&oi->ip_alloc_sem);
[  296.668467][T10712]                                lock(&oi->ip_xattr_sem);
[  296.675598][T10712]                                lock(&oi->ip_alloc_sem);
[  296.682725][T10712]   rlock(sb_internal#4);
[  296.687100][T10712] 
[  296.687100][T10712]  *** DEADLOCK ***
[  296.687100][T10712] 
[  296.695279][T10712] 5 locks held by syz.8.1538/10712:
[  296.700477][T10712]  #0: ffff88802c5440e0 (&type->s_umount_key#56/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x920
[  296.710704][T10712]  #1: ffff888021c84418 (sb_writers#26){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  296.720042][T10712]  #2: ffff88807716c2d8 (&sb->s_type->i_mutex_key#29/1){+.+.}-{3:3}, at: ovl_workdir_create+0x150/0x760
[  296.731260][T10712]  #3: ffff88807716ed98 (&sb->s_type->i_mutex_key#31){+.+.}-{3:3}, at: ovl_workdir_create+0x557/0x760
[  296.742257][T10712]  #4: ffff88807716ea20 (&oi->ip_alloc_sem){+.+.}-{3:3}, at: ocfs2_setattr+0x94b/0x1b20
[  296.752044][T10712] 
[  296.752044][T10712] stack backtrace:
[  296.758042][T10712] CPU: 1 PID: 10712 Comm: syz.8.1538 Not tainted 6.6.102-syzkaller #0
[  296.766214][T10712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.776291][T10712] Call Trace:
[  296.779670][T10712]  <TASK>
[  296.782621][T10712]  dump_stack_lvl+0x16c/0x230
[  296.787319][T10712]  ? load_image+0x3b0/0x3b0
[  296.791848][T10712]  ? show_regs_print_info+0x20/0x20
[  296.797151][T10712]  ? print_circular_bug+0x12b/0x1a0
[  296.802364][T10712]  check_noncircular+0x2bd/0x3c0
[  296.807322][T10712]  ? print_deadlock_bug+0x5d0/0x5d0
[  296.812560][T10712]  ? lockdep_lock+0xe0/0x220
[  296.817269][T10712]  ? _find_first_zero_bit+0xd3/0x100
[  296.822579][T10712]  __lock_acquire+0x2ddb/0x7c80
[  296.827453][T10712]  ? verify_lock_unused+0x140/0x140
[  296.832686][T10712]  ? verify_lock_unused+0x140/0x140
[  296.837903][T10712]  ? verify_lock_unused+0x140/0x140
[  296.843123][T10712]  lock_acquire+0x197/0x410
[  296.847643][T10712]  ? ocfs2_setattr+0x95a/0x1b20
[  296.852603][T10712]  ? __might_sleep+0xe0/0xe0
[  296.857206][T10712]  ? do_raw_spin_lock+0x121/0x2c0
[  296.862249][T10712]  ? read_lock_is_recursive+0x20/0x20
[  296.867636][T10712]  ? __rwlock_init+0x150/0x150
[  296.872415][T10712]  ? do_raw_spin_unlock+0x121/0x230
[  296.877628][T10712]  ocfs2_start_trans+0x26b/0x6c0
[  296.882644][T10712]  ? ocfs2_setattr+0x95a/0x1b20
[  296.887518][T10712]  ? ocfs2_recovery_exit+0x50/0x50
[  296.892693][T10712]  ? setattr_prepare+0x1e6/0xac0
[  296.897651][T10712]  ocfs2_setattr+0x95a/0x1b20
[  296.902356][T10712]  ? ocfs2_extend_allocation+0x1760/0x1760
[  296.908179][T10712]  ? ktime_get_coarse_real_ts64+0x3a/0x120
[  296.914001][T10712]  ? seqcount_lockdep_reader_access+0x176/0x1c0
[  296.920262][T10712]  ? ktime_get_coarse_real_ts64+0x110/0x120
[  296.926169][T10712]  ? current_time+0x18e/0x270
[  296.930872][T10712]  ? inode_set_ctime_current+0x2d0/0x2d0
[  296.936517][T10712]  ? down_write+0x162/0x1f0
[  296.941034][T10712]  ? evm_inode_setattr+0x94/0x6a0
[  296.946080][T10712]  ? bpf_lsm_inode_setattr+0x9/0x10
[  296.951296][T10712]  ? try_break_deleg+0x79/0x120
[  296.956167][T10712]  ? ocfs2_extend_allocation+0x1760/0x1760
[  296.962005][T10712]  notify_change+0xb0d/0xe10
[  296.966618][T10712]  ovl_workdir_create+0x5de/0x760
[  296.971660][T10712]  ? ovl_statfs+0x2f0/0x2f0
[  296.976177][T10712]  ? rcu_read_lock_any_held+0xb4/0x120
[  296.981650][T10712]  ? __mnt_want_write+0x223/0x2a0
[  296.986692][T10712]  ovl_get_workdir+0x300/0x1740
[  296.991552][T10712]  ? ovl_fill_super+0x3560/0x3560
[  296.996593][T10712]  ? ovl_inuse_trylock+0xbd/0xd0
[  297.001542][T10712]  ? __lock_acquire+0x7c80/0x7c80
[  297.006580][T10712]  ? __rwlock_init+0x150/0x150
[  297.011357][T10712]  ? clone_mnt+0xa10/0xc60
[  297.015791][T10712]  ? do_raw_spin_unlock+0x121/0x230
[  297.021001][T10712]  ? _raw_spin_unlock+0x28/0x40
[  297.025871][T10712]  ? ovl_inuse_trylock+0xbd/0xd0
[  297.030830][T10712]  ovl_fill_super+0x1345/0x3560
[  297.035710][T10712]  ? ida_alloc_range+0x79e/0x830
[  297.040667][T10712]  ? virtio_fs_zero_page_range+0x140/0x140
[  297.046511][T10712]  ? sget_fc+0x7f0/0x8d0
[  297.050785][T10712]  ? __lock_acquire+0x7c80/0x7c80
[  297.055823][T10712]  ? down_write+0x162/0x1f0
[  297.060344][T10712]  ? down_read_killable+0x340/0x340
[  297.065568][T10712]  ? sget_fc+0x7f0/0x8d0
[  297.069834][T10712]  ? kill_litter_super+0xb0/0xb0
[  297.074785][T10712]  ? virtio_fs_zero_page_range+0x140/0x140
[  297.080775][T10712]  get_tree_nodev+0xb5/0x140
[  297.085384][T10712]  vfs_get_tree+0x8c/0x280
[  297.089814][T10712]  do_new_mount+0x24b/0xa40
[  297.094330][T10712]  __se_sys_mount+0x2da/0x3c0
[  297.099045][T10712]  ? __x64_sys_mount+0xc0/0xc0
[  297.103822][T10712]  ? lockdep_hardirqs_on+0x98/0x150
[  297.109045][T10712]  ? __x64_sys_mount+0x20/0xc0
[  297.113824][T10712]  do_syscall_64+0x55/0xb0
[  297.118271][T10712]  ? clear_bhb_loop+0x40/0x90
[  297.122970][T10712]  ? clear_bhb_loop+0x40/0x90
[  297.127653][T10712]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  297.133573][T10712] RIP: 0033:0x7f917778ebe9
[  297.138187][T10712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.157826][T10712] RSP: 002b:00007f91786a0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  297.166253][T10712] RAX: ffffffffffffffda RBX: 00007f91779b5fa0 RCX: 00007f917778ebe9
[  297.174250][T10712] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  297.182253][T10712] RBP: 00007f9177811e19 R08: 0000200000000380 R09: 0000000000000000
[  297.190238][T10712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  297.198222][T10712] R13: 00007f91779b6038 R14: 00007f91779b5fa0 R15: 00007ffde2e0e818
[  297.206228][T10712]  </TASK>
[  297.209331][    C1] sched: RT throttling activated
[  297.209380][    C1] vkms_vblank_simulate: vblank timer overrun
[  297.226060][T10712] overlayfs: upper fs does not support tmpfile.
[  297.233907][T10712] overlayfs: upper fs does not support RENAME_WHITEOUT.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  297.244198][T10712] overlayfs: upper fs missing required features.
[  297.245708][T10730] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1541'.
[  297.595327][T10332] ocfs2: Unmounting device (7,8) on (node local)
[  298.350597][   T11] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.493779][   T11] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.578865][   T11] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.709086][   T11] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.578300][   T11] hsr_slave_0: left promiscuous mode
[  299.584982][   T11] hsr_slave_1: left promiscuous mode
[  299.592904][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  299.601733][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  299.620728][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  299.629583][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  299.639118][   T11] bridge_slave_1: left allmulticast mode
[  299.645795][   T11] bridge_slave_1: left promiscuous mode
[  299.651562][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.667863][   T11] bridge_slave_0: left allmulticast mode
[  299.675374][   T11] bridge_slave_0: left promiscuous mode
[  299.681141][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.698151][   T11] veth1_macvtap: left promiscuous mode
[  299.705456][   T11] veth0_macvtap: left promiscuous mode
[  299.711126][   T11] veth1_vlan: left promiscuous mode
[  299.719462][   T11] veth0_vlan: left promiscuous mode
[  299.962891][   T11] team0 (unregistering): Port device team_slave_1 removed
[  299.978229][   T11] team0 (unregistering): Port device team_slave_0 removed
[  300.008861][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  300.038472][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  300.124581][   T11] bond0 (unregistering): Released all slaves
[  300.648469][   T11] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.719220][   T11] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.761642][   T11] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.834529][   T11] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.995375][   T11] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.055552][   T11] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.120339][   T11] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.204486][   T11] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.320015][   T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.369656][   T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.430655][   T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.492227][   T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.196207][   T23] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  302.197943][ T5843] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  302.212387][   T27] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  302.228874][ T1186] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  302.254569][   T23] dvb_usb_az6027: probe of 3-1:0.0 failed with error -2
[  302.287116][ T5843] dvb_usb_az6027: probe of 5-1:0.0 failed with error -2
[  302.312143][ T1186] dvb_usb_az6027: probe of 6-1:0.0 failed with error -2
[  302.334773][   T27] dvb_usb_az6027: probe of 7-1:0.0 failed with error -110
[  302.384582][   T23] usb 3-1: USB disconnect, device number 8
[  302.410724][   T27] usb 7-1: USB disconnect, device number 7
[  302.412203][ T5843] usb 5-1: USB disconnect, device number 4
[  302.447967][ T1186] usb 6-1: USB disconnect, device number 4
[  302.925910][   T11] hsr_slave_0: left promiscuous mode
[  302.938172][   T11] hsr_slave_1: left promiscuous mode
[  302.944968][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  302.952967][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  302.960681][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  302.968488][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  302.976626][   T11] bridge_slave_1: left allmulticast mode
[  302.982362][   T11] bridge_slave_1: left promiscuous mode
[  302.988217][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.996952][   T11] bridge_slave_0: left allmulticast mode
[  303.002803][   T11] bridge_slave_0: left promiscuous mode
[  303.008509][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.019264][   T11] hsr_slave_0: left promiscuous mode
[  303.025230][   T11] hsr_slave_1: left promiscuous mode
[  303.031040][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  303.038628][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  303.048281][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  303.055940][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  303.063649][   T11] bridge_slave_1: left allmulticast mode
[  303.069301][   T11] bridge_slave_1: left promiscuous mode
[  303.075174][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.084113][   T11] bridge_slave_0: left allmulticast mode
[  303.089790][   T11] bridge_slave_0: left promiscuous mode
[  303.095837][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.107287][   T11] hsr_slave_0: left promiscuous mode
[  303.113620][   T11] hsr_slave_1: left promiscuous mode
[  303.119395][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  303.127138][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  303.134931][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  303.142795][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  303.150406][   T11] bridge_slave_1: left allmulticast mode
[  303.156283][   T11] bridge_slave_1: left promiscuous mode
[  303.162116][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.171007][   T11] bridge_slave_0: left allmulticast mode
[  303.177004][   T11] bridge_slave_0: left promiscuous mode
[  303.182956][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.196394][   T11] veth1_macvtap: left promiscuous mode
[  303.202892][   T11] veth0_macvtap: left promiscuous mode
[  303.209479][   T11] veth1_macvtap: left promiscuous mode
[  303.215436][   T11] veth0_macvtap: left promiscuous mode
[  303.222763][   T11] veth1_macvtap: left promiscuous mode
[  303.228300][   T11] veth0_macvtap: left promiscuous mode
[  303.528688][   T11] team0 (unregistering): Port device team_slave_1 removed
[  303.558429][   T11] team0 (unregistering): Port device team_slave_0 removed
[  303.588077][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.622539][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  303.698319][   T11] bond0 (unregistering): Released all slaves
[  303.865716][   T11] team0 (unregistering): Port device team_slave_1 removed
[  303.904532][   T11] team0 (unregistering): Port device team_slave_0 removed
[  303.938677][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.980225][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.071686][   T11] bond0 (unregistering): Released all slaves
[  304.236030][   T11] team0 (unregistering): Port device team_slave_1 removed
[  304.264958][   T11] team0 (unregistering): Port device team_slave_0 removed
[  304.296033][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.327880][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.408007][   T11] bond0 (unregistering): Released all slaves