last executing test programs:

14.35990706s ago: executing program 4 (id=807):
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x22842, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x0)
fcntl$setstatus(r4, 0x4, 0x2400)
close(r3)

12.645144051s ago: executing program 4 (id=812):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x4})
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000280)=""/74})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000480)={0x1, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)={0x4, 0x0, [{0xd000, 0x1000, &(0x7f0000001e00)=""/4096}, {0xf000, 0x7f, &(0x7f00000004c0)=""/127}, {0x2, 0x56, &(0x7f0000000600)=""/86}, {0x10000, 0x29, &(0x7f0000000200)=""/41}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

12.565569758s ago: executing program 3 (id=813):
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10)
mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r3, 0x2284, &(0x7f0000000040))

11.574836429s ago: executing program 3 (id=818):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x2}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd1fc}, {@private}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2}, {@private=0xa010101}, {}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

10.517286626s ago: executing program 4 (id=822):
openat$fuse(0xffffff9c, 0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bond0\x00', <r1=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="df559fdab89a"}, 0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x6, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="600000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000001000000003000128009000100766c616e000000002000028006000100000000000c0002000a0019001b0000000600050088a8000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x60}}, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r5, 0x114, 0x4, 0x0, 0x1c)
write$FUSE_DIRENT(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f00000057c0)={{0x12, 0x1, 0x0, 0x0, 0xba, 0x9e, 0x8, 0x2019, 0x4901, 0x5933, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xbc, 0x19, 0x8e, 0x0, [], [{{0x9, 0x5, 0x8, 0x2, 0x8}}]}}]}}]}}, &(0x7f0000005cc0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)

10.295909804s ago: executing program 3 (id=824):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000380)={[{@discard}, {@dioread_nolock}, {@resuid}, {@noblock_validity}, {@minixdf}, {@errors_remount}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000600)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_all\x00', 0x275a, 0x0)
ftruncate(r0, 0x653f)
socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x12, r0, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x10, &(0x7f0000000000), 0x20000000)

9.278324007s ago: executing program 2 (id=825):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$setlease(r1, 0x8, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'veth0_to_batadv\x00', <r3=>0x0})
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000200)=0x5, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
sendto$packet(r2, &(0x7f00000000c0)="3f030e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

9.277917807s ago: executing program 3 (id=826):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000882b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32=r4, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034800400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030000000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350076657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000030c0)=ANY=[@ANYBLOB="380000004800010800000000000000000a000000", @ANYRES32=r7, @ANYBLOB="00008000140001000000000000000000000004000000149b080002"], 0x38}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=@ipv6_newaddrlabel={0x60, 0x48, 0x1, 0x70bd2b, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x0, 0x0, 0x47f8}, [@IFAL_ADDRESS={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x16}}, @IFAL_ADDRESS={0x14, 0x1, @loopback}, @IFAL_LABEL={0x8, 0x2, 0x7}, @IFAL_ADDRESS={0x14, 0x1, @remote}]}, 0x60}, 0x1, 0x0, 0x0, 0x4085}, 0x24000044)

9.276921048s ago: executing program 1 (id=835):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRES32=0x0, @ANYRESOCT, @ANYRES8, @ANYBLOB="e1cc9e585bf1ccbca5939bcef3ab754c3b730034e20162", @ANYRESOCT, @ANYRES16, @ANYRESDEC], 0x1, 0x1d2, &(0x7f0000000580)="$eJzslU9rE0EYxn+zO2kSzaFnrxbbi7bZgvgN7AfwAxjStRYT/3QDmlAweunFg/glCn4KD4LePYgIXupBQQ8VTxWJzM474ywNRMVQCvPA8j7vM++fmVlm5mZxr6gDPw93uyxSQtHivVJoYFlZ7WjB2m9iJ4JP2vpt0Z+L/Si2GI7ePLF0dKvT6+U7xXAGUQpmxVTIcUn/cbMp5PXjqqL4tzrzJ4PU7uzxoacVpT4tRnI58VXMg3xvQah8/t8tasx7FeCVH63Zv+ndM/s7p8akkt6kui2njyR/lVUg11dx9VHC19J5e7jbNeS63GJG27SfOxJljHFeBjHnNIxBpUx8HV3elrAMrA76d1eL4ejidr+zlW/lt7Ns/fLaq7NyRCcPYbuXr6lgGokhGg9zTpvBeA348Ht8TAAVTM3gDCiX61Lc5bxyPkhsQhLkhjUMGrzw/euipfS5xgUawP2xGc6wu7WEqaa5YZa2gSIVp62DecIRCY1y4FL3Tm9zD4VyaftoX6N9QM07mTimUb5+xS9/T+yS2A2x+2IPxLq3y71JuqzwRbyVMSzwoDMY7JSPl2Vey7yWLfrOiXR1r6FyM6kTEREREREREXFK8CsAAP//TTFPEQ==")
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={@remote, 0x16, r3})
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x56, &(0x7f0000000300)=@string={0x56, 0x3, "4f512758cd70d4acb68be8180f6158ca28dc5677e09d9bff9eadd64d51fb756ac85c0970cc8910eabf327a798f3e818d3f30fbe1370d747590bbd151d2c25b3f44550df4f47490c0283a31f4e9ee7c1f0b76a6ef"}}, {0x0, 0x0}]})
syz_usb_connect$uac1(0x2, 0x9f, &(0x7f0000000400)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d, 0x3, 0x1, 0x0, 0x40, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x1}, [@processing_unit={0xc, 0x24, 0x7, 0x5, 0x0, 0x0, "32341681c7"}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x0, 0x4, 0x6}, @selector_unit={0xa, 0x24, 0x5, 0x0, 0x0, "e0182c1423"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x9, 0x3, 0x1}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x4, 0xa1}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x1, 0x3f, 0x0, {0x7, 0x25, 0x1, 0x2, 0xff, 0x3f}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x0, 0x4, 0x9, {0x7, 0x25, 0x1, 0x80, 0x84, 0x1}}}}}}}]}}, &(0x7f00000006c0)={0xa, &(0x7f00000004c0)={0xa, 0x6, 0x201, 0x81, 0x40, 0x4, 0x20, 0x81}, 0x29, &(0x7f0000000500)={0x5, 0xf, 0x29, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0xf7, "79f03953c4c96fe6b1d67b8b584cc085"}, @ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0xc, 0xf00, 0x101, [0xc000]}]}, 0x4, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x415}}, {0x9d, &(0x7f0000000580)=@string={0x9d, 0x3, "79594b8573ba1de807f914061bb486a9eeb5549fd83515f82e0ca4117d5ecd579cf2a3eafef7377079eb0ecbf1b89b7a7dd3f19e9d890fe3648f133d8272af8bcd089bd8594252b1872d5a6286907b9542e69738c76ff4da43850d9423d6322609bc995eb8b7b088fd0910d90259ac61a382107a555f6cbedf657fae87a95e5a3336f40b91e28bfeca08fe7e43e2139e2a1b34eefdf6f454730039"}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0xc1a}}, {0x3e, &(0x7f0000000680)=@string={0x3e, 0x3, "a162a8057c983cc4c9206ba7e83958361307aac221a037db83269f2d9458f0e1fc84a4f2230f3e9d90a6275173d68b06f6dc97ca15d80e9efad8aae5"}}]})
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20000004}, 0x4)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r6, 0x0, 0x4)
getdents(r6, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001800010000000000000000000200000000000008000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="63fe1680080004000000000008000500e0000001ffa0604497a43ddefd8e486ecc5de8255062b4c317f5603d94cbb7270b1f697b72117d10e0e87de262642be68fb0112dc1060000000000000075479c30873c801bb4fd8f3a44bdf14d96ee8ded3ecd009f88f3889d87e408dd8641aed478b9390860626dbdb032ad7ed7807d39b4d67b99284965195415c1e4d1fdd0f67ee9210dad496ec3e381e5602755eacc174bf24d4cff97c22ca5a253f0524f8aa3c2fb90c071814af5f01984b9c5e08d7f7acee27edfeb"], 0x3c}}, 0x0)

8.613744382s ago: executing program 2 (id=828):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4)
shmget$private(0x0, 0x13000, 0x0, &(0x7f0000fed000/0x13000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100000000000600d, 0x1)
truncate(&(0x7f0000001700)='./file0\x00', 0x1)
creat(&(0x7f0000000080)='./file0\x00', 0xc5)
open(&(0x7f0000000040)='./file0\x00', 0x10100, 0xc4)
inotify_init1(0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x2040)
set_mempolicy_home_node(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r1, 0x29, 0x48, &(0x7f0000000000)=0xd00, 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0)

8.613393422s ago: executing program 3 (id=829):
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
unshare(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, 0x0}, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$pppl2tp(0x18, 0x1, 0x1)
mount$afs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
socket(0x23, 0x5, 0x5)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x44a43, 0x0)

8.296367078s ago: executing program 2 (id=831):
pipe2$9p(&(0x7f0000000240), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000480)=0x102, 0x4)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100), 0x6)
ioctl$sock_bt_hci(r4, 0x400448e7, &(0x7f0000000000))

6.418946272s ago: executing program 4 (id=834):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f0000000040)=0x3, 0x4)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0xc}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_evict_inode\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, 0x0, &(0x7f00000003c0)=r1}, 0x20)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2800480, &(0x7f00000001c0), 0x1, 0x774, &(0x7f00000007c0)="$eJzs3d1rW+UfAPDvSdt17fb7tYKg86ogaGEstbNuCl5MvBDBwUCv3UKaldm0GU061lJwQwRvBBUvBL3ZtS/zzltfbvW/8EI2pnbDiRdSOWmyZWvSpWuTDPL5wNM+zzkneZ5vnnOe8yTnkATQtybSP5mIQxHxURIxVlueRMRQNTcYcWJzu9vra/k0JbGx8eYfSXWbW+tr+Wh4TOpArfBkRPz4fsThzNZ6yyur87lisbBUK09VFs5PlVdWj5xbyM0V5gqLx6ZnZo4ef+H4sb2L9a9fVg9e//i1Z7858c97T1z98KckTsTB2rrGOPbKREzUXpOh9CW8x6t7XVmPJb1uAA8lPTQHNo/yOBRjMVDNtTDSzZYBAJ3ybkRsAAB9JnH+B4A+U/8c4Nb6Wr6eevuJRHfdeCUi9m/GX7++ublmsHbNbn/1OujoreSeKyNJRIzvQf0TEfHFd29/labo0HVIgGYuXY6IM+MTW8f/ZMs9Czv1XBvbTNxXNv5B93yfzn9ebDb/y9yZ/0ST+c9wk2P3YTz4+M9c24NqWkrnfy833Nt2uyH+mvGBWul/1TnfUHL2XLGQjm3/j4jJGBpOy9Pb1DF589+brdY1zv/+/OSdL9P60/93t8hcGxy+9zGzuUpuNzE3unE54qnBZvEnd/o/aTH/PdVmHa+/9MHnrdal8afx1tPW+Dtr40rEM037/+4dbcm29ydOVXeHqfpO0cS3v3422qr+xv5PU1p//b1AN6T9P7p9/ONJ4/2a5Z3X8fOVsR9arXtw/M33/33JW9X8vtqyi7lKZWk6Yl/yxtblR+8+tl6ub5/GP/l08+N/u/0/fU94ps34B6///vXDx99ZafyzO+r/nWeu3p4faFV/e/0/U81N1pa0M/6128DdvHYAAAAAAAAAAAAAAAAAAAAAAAAA0K5MRByMJJO9k89kstnN3/B+PEYzxVK5cvhsaXlxNqq/lT0eQ5n6V12ONXwf6nTt+/Dr5aP3lZ+PiMci4tPhkWo5my8VZ3sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHGjx+/+p34Z73ToAoGP297oBAEDXOf8DQP/Z2fl/pGPtAAC6x/t/AOg/zv8A0H+c/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiwUydPpmnj7/W1fFqevbCyPF+6cGS2UJ7PLizns/nS0vnsXKk0Vyxk86WFlk90afNfsVQ6PxOLyxenKoVyZaq8snp6obS8WDl9biE3VzhdGOpaZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQvvLK6nyuWCws7SaTPtFePI+MjMwjkmkcJUZ6Nj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOr+CwAA///vXCkU")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x123340, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[], 0xfe46)

5.529871455s ago: executing program 1 (id=836):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @my=0x1}, 0x10, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r1, 0x1)
ppoll(&(0x7f00000002c0)=[{r1}], 0x1, 0x0, 0x0, 0xfffffffffffffd4c)

5.137790177s ago: executing program 1 (id=838):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000380)={[{@discard}, {@dioread_nolock}, {@resuid}, {@noblock_validity}, {@minixdf}, {@errors_remount}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000600)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_all\x00', 0x275a, 0x0)
ftruncate(r0, 0x653f)
socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x12, r0, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x10, &(0x7f0000000000), 0x20000000)

4.915201996s ago: executing program 4 (id=839):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x6}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xa00}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x0, 0xb, 0x9, 0x0, 0xa}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x2, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {0x7, 0x0, 0x0, 0x6}, {0x5, 0x0, 0x7, 0x2, 0x0, 0x2}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4e7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r4 = dup(r3)
bind$bt_l2cap(r4, &(0x7f0000000080), 0xe)
listen(r4, 0x0)
setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000100)=0x1, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffbb, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r5}, 0x10)
syz_usb_control_io(r1, &(0x7f0000000300)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00W'], 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x2f21, &(0x7f0000000000)={0x0, 0x7b75, 0x80, 0x2, 0x2d0, 0x0, r0})

4.767359918s ago: executing program 0 (id=840):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$KEYCTL_MOVE(0x1e, r5, r4, r5, 0x0)

4.572273914s ago: executing program 1 (id=841):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x3f, 0x8]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private, 0xffffff14}, {@multicast1}, {@remote}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private}]}, @timestamp_prespec={0x44, 0x2c, 0x2c, 0x3, 0x0, [{@dev}, {@remote}, {@private}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@rand_addr, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @local, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.683877417s ago: executing program 0 (id=842):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0}, 0x90)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00'}, 0x90)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r1, r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00'}, 0x90)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r4, r6}, 0x10)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\a\a\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

3.576717206s ago: executing program 0 (id=843):
r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee01, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0xb, r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rename(&(0x7f0000000000)='./file1\x00', 0x0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0x722)

3.4073632s ago: executing program 2 (id=844):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
writev(r3, &(0x7f0000000580)=[{&(0x7f0000000080)="268292", 0xfff6}], 0x1)

2.539912251s ago: executing program 0 (id=845):
mremap(&(0x7f0000df6000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmmsg$inet6(r3, &(0x7f0000005180)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000001300)}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d2", 0x1}], 0x1, &(0x7f00000012c0)=ANY=[], 0x18}}], 0x2, 0x4404c000)
r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000080))

1.902552613s ago: executing program 2 (id=846):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x210008, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc43, &(0x7f00000011c0)="$eJzs3U9sHOd9N/DfM1qKK/l9KyZ2FCeNi01bpLJiufoXU7EKd1XTbAPIshCKuQXgiqTUhSmSIKlGNtKC6aWHHgIURQ85EWiNAikaGE0R9Mi0LpBcfChy6oloYSMoemCLADkFLGb2WXFJkRYjkhJlfT429Z2dfZ6Z55lZzVAEn3kCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIj4vdcunT6THnUrAICH6crIV0+fdf8HgCfKNf/+BwAAAAAAAAAAAACAgy5FEU9Hitkrq2mset1Rv9zuu31ndGh462pHUlXzUFW+/KqfOXvu/JdeGrzQzcvt6Y+ov9c+G2+MXLvUeHXm1uzc5Pz85ERjdLo9PjMxueMt7Lb+ZierA9C49ebtiRs35htnXzy34e07Ax/2P3V84OLg86ee65YdHRoeHlkvUu8tX3vghnRsN8LjcBRxKlK88L2fplZEFLH7Y1F/uOd+syNVJ05WnRgdGq46MtVuTS+Ub17tHogiotFTqdk9Rlufi6j1PdQ+bK8ZsVg2v2zwybJ7I7Otudb1qcnG1dbcQnuhPTN9NXVaW/anEUVcSBFLEbHSf+/m+qKIWqT4zrHVdD0iDnWPwxergcHbt6PYxz7uQNnORl/EUvEYnLMDrD+KeD1S/Oy9EzGerzPVteYLEa+X+YOId8p8JSKVH4zzER9s8Tni8VSLIv68PP8XV9NEdT3oXlcuf63xlekbMz1lu9eVX/L+cM+V4hHdH45syofjgF+b6lFEq7rir6YH/2YHAAAAAAAAAAAAAAAAgL12JIr4TKR47d/+qBpXHNW49GMXB39/4P/3jhl/9j7bKcu+GBGLxc7G5B7OAwOvpqspPeKxxE+yehTxx3n837cedWMAAAAAAAAAAAAAAAAAAACeaEX8JFK8/P6JtBS9c4q3p282rrWuT3Vmhe3O/dudM31tbW2tkTrZzDmWczHnUs7lnCs5o8j1czZzjuVczLmUcznnSs44lOvnbOYcy7mYcynncs6VnFHL9XM2c47lXMy5lHM550rOOCBz9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfJwUUcQvIsW3v7GaIkVEM2IsOrnc/6hbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU+lMR348UjT9o3l1Xi4hU/d9xovzjfDQPl/nJaA6W+Uo0L+VsVVlrfusRtJ/d6UtF/DhS9NffvXvC8/nv67y6+zGId765/uqztU4e6r45UETEsYuDw7/2bAx82P/U8XuX01YNOHm5PX37TmN0aHh4pGd1Le/9kz3rBvJ+i73pOhEx/9bbb7ampibnHnyh/AjsovpjtJBqT0pPLVQLUTsQzXgIC/35etDTd54A5f3/g0jx2+//e/eG37n/1+P/dV7dvcPHz/9k/f7/8uYNbXPP33z/r22ul+//5T19q/v/0z3rXs7fjfTVIuoLt2b7jkfU5996+1T7Vuvm5M3J6fOnT395cPDL5073HY6o32hPTfYs7cnhAgAAAAAAAAAAAAAAAHh4UhG/GylaP15NjYi4U43XGrg4+Pyp5w7FoWq81YZx22+MXLvUeHXm1uzc5Pz85ERjdLo9PjMxudPd1avhXqNDw/vSmfs6ss/tP1J/dWb2rbn2zT9c2PL9o/VL1+cX5lrjW78dR6KIaPauOVk1eHRouGr0VLs1XVW9uuVg+l9eXyriPyLF+PlG+nxel8f/bx7hv2H8/+LmDe1w/N897jP+/xM968p9plTEzyPFb/3Fs/H5qp1H455jlsv9TaQ4eeFzuVwcLst129B5rkBnZGBZ9n8ixT/8YmPZ7njIp9fLntnxgX1MlOf/WKT4/p99N349r9v4/Ietz//RzRval/Nfj2d61h3d8LyCPeg81fk/FSleefrd+I287qOe/9F99saJXPju8zn26e//p3rWDeT9/ubedB0AAAAAAAAAAOCx1peK+NtI8cPhWnopr9vJ7/9NbN7QPv3+16d71k3szXxF913Y9UEFAAAAgAOiLxXxk0hxc+Hdu2OoN47/7hn/+Tvr4z+H0qZ3q5/z/Ur13IC9/Plfr4G837HddxsAAAAAAAAAAAAAAAAAAAAOlJSKeCnPpz5Wjeef2HY+9eVI8dp/vZDLpeNlue488APVn/UrM9OnLk1NzYy3FlrXpyYbI7Ot8cmy7jORYvWvP5frFtX86t355jtzvK/PxT4XKYb/rlu2Mxd7d27yZ9bLninLfiJS/Offbyzbncf6U+tlz5Zl/ypSfP2fti57fL3subLsdyPFj77e6JY9WpbtPh/10+tlXxyfKfbhrAAAAAAAAAAAAAAAAAAAAPCk6UtF/Gmk+O9bS3fH8uf5//t6Xlbe+WbPfP+b3Knm+R+o5v/fbvlB5v+vniuwuN1eAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg4ylFEW9Hitkrq2m5v3zdUb/cnr59Z3RoeOtqR1JV81BVvvyqnzl77vyXXhq80M2Prr/XPhNvjFy71Hh15tbs3OT8/OREY3S6PT4zMbnjLey2/mYnqwPQuPXm7YkbN+YbZ188t+HtOwMf9j91fODi4POnnuuWHR0aHh7pKVPre+C93yNts/5wFPGXkeKF7/00/bA/oojdH4v7fHb225GqEyerTowODVcdmWq3phfKN692D0QR0eip1Oweo4dwLnalGbFYNr9s8MmyeyOzrbnW9anJxtXW3EJ7oT0zfTV1Wlv2pxFFXEgRSxGx0n/v5vqiiDcjxXeOraZ/7o841D0OX7wy8tXTZ7dvR7GPfdyBsp2Nvoil4jE4ZwdYfxTxj5HiZ++diH/pj6hF5yu+EPF6mT+IeCc65zuVH4zzER9s8Tni8VSLIv63PP8XV9N7/eX1oHtdufy1xlemb8z0lO29rpQe2/vDw3TAr031KOJH1RldTf/q7zUAAAAAAAAAAAAAAADAAVLEr0aKl98/karxwXfHFLenbzauta5PdYb1dcf+dcdMr62trTVSJ5s5x3Iu5lzKuZxzJWcUuX7OZpn1tbWx/Hox51LO5ZwrOeNQrp+zmXMs52LOpZzLOVdyRi3Xz9nMOZZzMedSzuWcKznjgIzdAwAAAAAAAAAAAAAAAAAAPl6K6r8U3/7Galrr78wvPRadXDYf6Mfe/wUAAP//n3DyMQ==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
creat(&(0x7f0000000d00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305839, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='./file0\x00')

1.321912761s ago: executing program 0 (id=847):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3000010, &(0x7f0000000000), 0x41, 0x51b, &(0x7f0000000100)="$eJzs3c9vI1cdAPDvTOLd7G6KU0CoVKJUtGi3grU3DW0jhKBc4FQJKPclJE4UxY6j2CmbqKKp+A8QEkicOHFB4g9AQj3wB6BKleCCOCBAIARbOCABHTTjsZp17CTQrJ3Gn4/04vfm1/e9sfw8M36ZCWBqPRkRL0bETEQ8ExHVcnpaprt54bC33Nv3X13NUxJZ9vJfk0jKaf1t5eXZiLjRWyXmIuJrX474ZnI8bmf/YGul2WzsluV6t7VT7+wf3N5srWw0NhrbS0uLzy+/sPzc8p2s9J7audDP/PhLn//5p7/1u7t/vvXtvFqf+0hUYqAd56nX9EqxL/ryfbT7MIJNwEzZnsqkKwIAwJnkx/gfjIhPFMf/1ZgpjuYGzEyiZgAAAMB5yb4wH/9OIjIAAADg0kojYj6StFaOBZiPNL1SXhv4cFxPm+1O91Pr7b3ttXxexEJU0vXNZuNOOVZ4ISpJXl4sx9j2y88OlJci4tGI+F71WlGurbabaxO+9gEAAADT4sbA+f8/qmmRP92Q/xMAAAAALq6FkQUAAADgsnDKDwAAAJff4Pm/+/0DAADApfKVl17KU9Z//vXaK/t7W+1Xbq81Olu11t5qbbW9u1PbaLc3inv2tU7bXrPd3vlMbO/dq3cbnW69s39wt9Xe2+7e3XzgEdgAAADAGD368Td+nUTE4WevFSnK+wACPOAPk64AcJ4M9YPp5S7eML0qk64AMHHJKfMN3gEAgPe/mx89/vt///n/rg3A5WasDwBMH7//w/SqGAEIU2u2vAbwgV7x6qjlRv7+/8uzRsqyiDerR6e4vggAAOM1X6QkrZXnAfORprVaxCMR6UJUkvXNZuNOeX7wq2rlal5eLNZMTh0zDAAAAAAAAAAAAAAAAAAAAAAAAAD0ZFkSGQAAAHCpRaR/Soq7+UfcrD49P3h94Eryz2r8sSz88OXv31vpdncX8+l/K57ldSUiuj8opz878vFhAAAAwHlLDkfO6p2nl6+LY60VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFPg7fuvrvbTOOP+5YsRsTAs/mzMFa9zUYmI639PYvbIeklEzJxD/MPXI+KxYfGTeCfLXouyFsPiX3vI8ReKXTM8fhoRN84hPkyzN/L+58Vhn780nixeh3/+Zsv0Xo3u/9Iy8mNFPzes/3nk2NZaQ2M8/tZP671c5Xj81yMenx3e//T732RE/KeObe1fWZYdj/+Nrx8cjGp/9qOIm0O/f5IHYtW7rZ16Z//g9mZrZaOx0dheWlp8fvmF5eeW79TXN5uN8u/QGN/92M/eGRU/b//1IfF/+5te/3tS+58etdEB/3nr3v0P9bLH3oA8/q2nhn7/zsWI+Gn53ffJMp/Pv9nPH/byRz3xkzefOKn9ayP2/2nv/60ztv+Zr37n92dcFAAYg87+wdZKs9nYPSEzd4Zl3o+ZX8xdiGr8j5nstd47d1Hq8/9m8qPVd6f0W3UBKnYkk40l1tXieP6sa10ZU9sn2i0BAAAPwbsH/ZOuCQAAAAAAAAAAAAAAAAAAAEyvcdxKbTDm4WSaCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwov8GAAD//3QT3Gw=")
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x0, &(0x7f0000000840)=ANY=[], 0x1, 0x37f, &(0x7f0000000440)="$eJzs3c9rI2UYwPFn0jQ/umyTgygK0ge96GVoq2e1SBeEgkt3I+4Kwux2oiFjUmZCJCK2nryKN/8BwWUPHhY8LKj/QC/e1osXT9vLgqCLiCPzK8l0p0mTZmm6+/3Abt7kfZ/M+04m5XkCeXP4/tefNOueWbc6kivdF0NE5KFIVXKSMKKbgmTYl1cv/HnvxSvXrhdFZHNb9dLG1dfWVXV55adPPy/Hw+4W5aD64eGD9T8Onj14/vC/qx83PG142mp31NIb7d871g3H1p2G1zRVLzu25dnaaHm2G/W3o/66097d7anV2rm4tOvanqdWq6dNu6edtnbcnlofWY2WmqapF5eyphsrjug7r0pTxNRubW9bG1Me8OaUcZi1f3zfH9HtuhvWgohZDt+vw2q3HvvcAADA3Enn//ptkrBXJddPKI24FiiE7XQZEOT/SXtra3Nbg2JhkP/ffumXzoX37izH+f/dQlb+//pvUXwq/w+OPvP8//sj98uzO5HzYm+SwafK/zEfVtLvyPuDij0W5P/Bu6Ff0X/5we3VsEH+DwAAAAAAAAAAAAAAAAAAAADAefDQ9yu+71eS2+Tf4CsE8f2QsT/yi8Y4d3KS/foX4x0F+tcDnkhXrl2XUvjFvfyyiPNVt9atRbdxfzJwVSryb3g9xKINJ6L9BDRQlZ+dvW5tMQ5YCP/fKIiKI7asSUWqqfiwfemdrc01jUTx4fH3ujUjvxTE16URxq9LRZ7Jjl/PjC/IKy8PxZtSkV9vSlsc2Qmv60H8F2uqb7+7dSS+HI7L8ubjfUkAAAAAAJg5U7UUl8/VdP0b1e+mqZrVH9TyMlyfP/r5QL++Xs2sz/OVF/Jnu3YAAAAAAJ4WXuGzpuU4tuv1jm2UZdyY5Pc0Rj9PdiM/yeCgcS9sLI4aszC0wpM+cyH+BY0JJi+TrdRynL+Kknkyky1cU12lU5xVy0nWf4LBpUlfAtfLTb522/VWgvnoVMsZaiQfG0WPLDxy6uTyceE/GEnUZAdNds4dN/i5b777e7p1GfGuvcNdb9wppVZ6TLhx5JH9MRftA98fO5/F7L8WP07zIzMAAAAA5kSS9Je95JG3znZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8hU63E9vJGme9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBe/B8AAP//Tuzx8g==")
r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x4c00)
dup3(r2, r1, 0x0)
io_setup(0x6, &(0x7f0000000240)=<r3=>0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, "9a45f284b495a86f9746c97f091739e9b0978edeca500a23eb326db6e50275d2cb224958f2df083ae6f1bb8d2483534692ddbe9a7f0179f155275d5f5edf4041", "17b137058ea26b5e78afc281dfe04591e879fb0645d9bf0867d0faddbf22c239ebe77c0732e9314d5b0eeeda5dc6b10ed8975bff00000000000000c7bef40feb", "6f089760d405f5971952f48100144fc9852c627ff339cfc7900048d3e1edce4f"})
io_submit(r3, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x8, 0x0, 0x0, r1, &(0x7f0000000000), 0x200a07, 0x20000}])

1.272723175s ago: executing program 1 (id=848):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @loopback}, 0x1, 0x0, 0x4000}}, 0x2e)

1.156713265s ago: executing program 4 (id=849):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

1.133552056s ago: executing program 0 (id=850):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x12, 0xc3, 0x5b, 0x40, 0x403, 0x6010, 0xc698, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf5, 0x75, 0xf6}}]}}]}}, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xc})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000004000000000000000100850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r2}, 0x90)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
madvise(&(0x7f000068b000/0x2000)=nil, 0x2000, 0x8)
dup3(r3, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="40101300000012a4b694b8c12196fa7721"], &(0x7f0000000240)={0x0, 0x3, 0x84, @string={0x84, 0x3, "ab531b7075dcb05c188eedca060f4a87dd6c2d83a6aff815207ee82cddf33d58cb4e88193c15f898e902220a105434c3ff10541bcd0c14fc36b815f8e783f56ee37c75f27c43cdd5ac0b6a0acc56a3877733c4d664c696f7a0b8f3045169a7fef258e4e81bd500ffffd7adbff6766988b5595ab808bac28dca6331f111d5d0c82a12"}}, &(0x7f0000000300)={0x0, 0xf, 0xfe, {0x5, 0xf, 0xfe, 0x4, [@ssp_cap={0x20, 0x10, 0xa, 0x29, 0x5, 0x0, 0x0, 0x47, [0xff00c0, 0xff000f, 0x3f, 0x30, 0xc0]}, @ss_container_id={0x14, 0x10, 0x4, 0x40, "40fc4d03d0fb83cfe6c8b57d67a28fb6"}, @generic={0xbe, 0x10, 0xb, "2f8eb580a4fadb3af0b22ea94f16e33a9880c911a59450324914c824858e5b33c234bd75353a3d6595ead5a5eed4dce85477b43d4add38dfd44ba20ba4505bea6ace1017141b30576b0276d62350f4de124e2ff056617945e87f3d0463534a245a31fd6faac51af9d2f789c03e2e2b46d36a86b5280efd06c8c4ac637d68fe45c43295651eeb848bb4a1d8ea4af0cce21662cefedbf399b9b4b9ae0d5774a022cce22c9a481b7f105135914c5b625118cb6469368d8c8963d5231b"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x1, 0x8, 0x7}]}}, &(0x7f0000000040)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x8, 0x7, 0x4, "55862fbb", "c58623a8"}}, &(0x7f0000000180)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x40, 0x0, 0x0, 0xb3, 0x0, 0x3, 0x4}}}, &(0x7f0000000980)={0x84, &(0x7f0000000440)={0x0, 0x8, 0xb7, "5baf224a0dd4157a14174b90684463226e37f6f2f090ae2921cd47872899a56e3b05d6f2b38c043f65a124c03d6153468a0edc5aa91cae4a9bb2be68fff4f606f38a2301fa77b0741dfb7d38fe26f94ec1461a44fa703d716d14436c66719b47b9339e709500afeb69344b6b5b5b93887c2df01088a376b6d314cddeeee2e3dacf05207222339ef2a90dcf86ba2254aa5837c5cab08fb7fefb8543b2d51a300e5d82d630c0da1403bd28ab87e12d1c951f0804062df55a"}, &(0x7f0000000500)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x40}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x8, 0x80}}, &(0x7f0000000640)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x90}, &(0x7f00000006c0)={0x40, 0xb, 0x2, 'cD'}, &(0x7f0000000700)={0x40, 0xf, 0x2, 0x1}, &(0x7f0000000740)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, &(0x7f0000000780)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "bd12"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0x20}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x1f}, &(0x7f00000008c0)={0x40, 0x21, 0x1}})
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r4, 0xc0045516, &(0x7f0000000140))

1.122048377s ago: executing program 3 (id=851):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbf}]})
r0 = mq_open(&(0x7f0000000000)='eth0\x00#\x13\xaeu\xe0\xfb\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\xd7\x8a\x8cn\x8c\xbeF\xdb.\x15\xdar,\xf0\x92\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'J\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00'/577, 0x40, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x1c, r3, 0x331, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)
bind$netlink(r1, &(0x7f0000000300)={0x10, 0x0, 0x25dfdbfd, 0x800000}, 0xc)
syz_genetlink_get_family_id$gtp(&(0x7f0000000180), r1)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r4=>r0, {r0}}, './file0\x00'})
write$usbip_server(r4, 0x0, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0)="1a00000019000000", 0x8)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r5, 0x84, 0x16, 0x0, 0x0)
syz_mount_image$ocfs2(&(0x7f00000048c0), &(0x7f0000004900)='./file0\x00', 0x0, &(0x7f0000000680)={[{}, {}, {}, {}, {}, {}]}, 0x1, 0x48a6, &(0x7f0000009240)="$eJzs3VtsHFfBB/Cza7e5tWmStl/Sy8O26qdWAhm7KmpJX5yr69SJ01x7keqsHTdxuvGmvrQgIRGEykuQENBKRVCpoPqhvAReSqFIRIiLCBJNJZBIKTQvFTRQVFAFKkgx2pu9M97NbDy5oOT3k5LxnJlz5sz+d87Ozno92aqJ/SPjuZHxXH40Vxx6Yvzu3NPFwuTB4ZC9SC719mnNhchJ9pdO/7qN23fdHcKHbd9+anp6ejqUtIeGuup+/tffPztUP63JxuqU2m3cWsUHn/vqhz/NnG2NJI+GEG6Y06+SthDC1h+HsCCEsKZatrY6XRRCWFrt79Ld99yUa3Fr30pY3tu7etOiI5unjt7zzi09t/Udb7piJoQF269ecuKZvt+9Nv3en1rcPAAAAAAAAAAAAAAAAAAAl7mebf07t3Z2hWOZ0D6Vmft93Z7qtPb92O+M/PGxgbbZ5dPnz4KLuNsAAAAAAAAAAAAAAAAAAADwP2X2+/+5zNUNvv+/vjrtrk6/cHLJmcfr7tc9PT3ddhG7y3nWu6V//YbOrur93+feiP2+atH7a9rC8gb3fY/f/31NrH7j+7/Pbuflk0Mrrk3R/1r/attdFjLZjsh8NtvREUJ+XWV+VWZxtlAcn/jYE8XJ0b0pNnyZiOZfuXt/5FnQXpm8v6a9pfzXxtpPuv//J597dMn3s2n24PoQf9aW5vfMfSrTQDT/5kP5y5/PtJT/uli9pPxP//ONl85cnWYPrk9T+YoXzb9ysC+qX6G7cnCW8v9Ke3L+62PtJ+X/85Un331+HsfqzSGEXKbU11xkBCidw5TKu8+9yStSNP+rymWROKoPZLPj/z+x/DfE2k/K/7uv/OH3K1KN1Y3H/8PxFyIaiuZfGYgXRtaYPf6XZ5OP/42x9pPy/9qLz43+MOX4H8+/1P/DXv9bEs2/+ifY2iOrlB/JVsf/nlj7Sfnf+dG9K6fm0e/HstV+Ls1EngFTmUp5bh5tXomi+VeO/Mihs7QyKR//y5LH/wdi7Sfl/73jrx3c0p5mDxqP/y8Z/1sSzb9y5pcm/95Y+0n5/+Sto88+mWoPGuc/540IDUXzXzxn+ez1n2xL7/82xeonXf85ufvaL/35qvn3v9a/2nZr139qh/9dmcr1HxqL5r9kzvJzzf/BWP2k/F/ffCC3O8W5Wq1/te3K/9xE87+m6Xqtnv/1xeoljf+vT937zNspzv+7y+//ma9o/s2vxLea/+ZYvaT8f/2rr9/4iRTnf/JPJ5p/5WQveu1sWfn/VvPfEms/Kf9Tb75x8+l5fIJYviqxsJb/7AvImQWV8j3O/1oSzf+6puu1mn9/rF5S/nes/NmJt4z/l0w0/8qx3ugCcPn9X2Zu7h/F8t8aaz9x/N/55f//zHm+/lcqOJzqM8UrRzT/5ZXCc8j/37H8H4q1n5T/L24//dsd5/nz33L+t6dp88oRzX9F0/VK+b/Zwvu/bbF61fybnuE9ndv3m7+kOv5D6HStf96i+Td/JW01/+2xeknHf9uWX766KtX1X/mnEc3/hqbrlcf/hcn574jVS8r/G9+8/9CrKfK7c/5VmZP/jU3XazX/nbF6Sfn/7R/Pr9iQ4jdI5Z9ONP//K5c1+v2/Vj//2RVrPyn/t5f/9UT/Bfj875jP/1oSzX9luSxN/rtj7Sflv/q9O549mGoPGud/Sv4tiea/qlyWJv+HY+0n5f/K4y+2/eg8v/8vzedc/2tJNP+bymVp8n8k1n5S/iNHXriv7wKM/93yBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhobXW6LGSyHZH5bLajI4R11flVYXFmML93YLBQHHpyPIT11fJcWJHZVygO5gsDI6PFvcMD+UKhOBTChuryG8LCzHihODFwMH9o40xbizL7h/NjE4PD+YkQQk+1/NZwba2twZGJg/lDIYQHZuosyeSfmixO5Dsmx4fHQu9M+TW18n1jxclDm2baui5bHDu0Pz86sHdkbHVnZ2dneLDpsq7QN7M/yzPDn54YHp2o7EmlZgibz7K8K4SwZabtZZm6B6Jcvb/5sq6tdftxoDg5NpovlOs8VC2/K1re1SzH7up0fe+2Hdv65q62JxPN+9Z3fzB46qoQttX1rVAcyhfq+r29+bKuHXWPx8TY5OhQfmJ4oFDcV3u8dp5leal3u+rarsu1XH1382VdD9e1W597bbuPVJd/0GB50wfvMpCUfz6W/xd3fHzowOKL1z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgdcfu/9QLIYT2ylw2hJCr/ZCp/ovo7V29adGRzVNH73nnlp7b+o43WgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgvu3JswiAYBgH0S0iTGdLEHWzUAeQXncwFXMDaFaxdwlUs1EJwAeE9OLiDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSeaqGCLis693RPzP8jpykVLZfPtunPL1V2ftcvcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb27uc1jioOAPh3ZrOJgdBs8dqjkB7q0uIllFZYY/0Buo1ie67Ea8A95dAEKj0UvIj/QJHg2dZbKYLao6CXHnLsyfbSHAIpBX9VZnfGbraliaz4NrufD8y8eflO3vuGF2bm8p0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4N/49JVHc0V75fRsd2ssRMyUsemIWMx6x9utWhyNiMc76yvxnLbSGhh/t7bZ6e/PdvfZP/1b8598c2SI/Kv8qnkbkeXNvv7xLM+bzSEmGFOLr238vDYVkadOhCS2ztxcrUdELXUiJPHkwZ2N4vo+lToRkli4f32uWP966kRIYv7sw2P18hmPybO2fPlE/70/2+f8/eIcLncvXr2XW1QAAAAAAAAAAAAAAICR90NZ/5+V2556cPUhY+vaR+/9+l3qJEjm2ucX3k+dAwAAAAAAAAAAAAAAAAAAsNcL6/8ZW+r/J5v6fwAAAAAAAAAAAAAAAAAAGD2dsv7/yunZ7tZYiJgpY9PF7kjv+OvPsjjaiHi8s75S9Kv297KtvDMw/m5ts/Oi+b/96dZqe2qYv+Dl7nsL+hX9r94YZszx9+dvr7ZvT3nfw6TaOnNztR4RtdSJkMSTB3c2iuv7UJdeDq2F+9fnivWvp06EJObPPjxWr57xmDhry5dP9N/7B5+hB+0X53C5e/HqvdyiAgAAAAAAAAAAAAAAjLwfff9/It344vVH36dOgmR8/x8AAAAAAAAAAAAAAAAAAEaP+v/JpP5/sqn/BwAAAAAAAAAAAAAAAACA0fP2h+cvLJ88FZHFS3/NROzWNjv98XbZXlrqtVu/dLY/yJ7Ga/9nsvzn3m2ff/PcyVPlumfPxBfLH2238m70j531lXhOW/l4ae/vD/4/9Tyd58u3bp+7Mf3sGZeWDpZ/lV81byOyvBkRrTJ+PMvzZvNgYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwNztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqQAAAP//LfLpGA==")

63.794575ms ago: executing program 1 (id=852):
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000007bc0), 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00')
pread64(r3, &(0x7f0000000340)=""/254, 0xfe, 0x0)

0s ago: executing program 2 (id=853):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f00000001c0)={[{@quota}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@norecovery}, {@dioread_lock}]}, 0x3, 0x4c1, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLocymU/AmlEGjfSyktoU3Shz60VZF81SSubMvEshLr84Hje8+9V/5+j4SOdO656AbQsU5FxFhEdEXE2YjoT7dn0hJr66V63IP7tyarJYlK5dqXSSTptvr/StLlkfRhvRHxr39E/Df5adzSyurcRKGQX0rrufL8Yq60snpudn5iJj+TXxgbGb44emn0wujQrrX18t8+e+WFt/5++f0/3vhk/Isz/6um1Zfue7wdzVhr8rj1pvfUnou67ohY2kmwZ1hX2p6edicCAEBTqt/xfx4Rv42Ih6+3OxsAAACgFSp/6Ytvk4gKAAAAsG9latfAJplsei1AX2Qy2ez6Nby/jMOZQrFU/sN0cXlhav1a2YHoyUzPFvJD6bXCA9GTVOvDtfVH9fMb6iMRcSwiXuo/VKtnJ4uFqXaf/AAAAIAOcWTD+P/r/vXxPwAAALDPDLQ7AQAAAKDljP8BAABg/9t0/J90720iAAAAQCv888qVaqnU7389dX1lea54/dxUvjSXnV+ezE4WlxazM8XiTO03++a3+3+FYnHxT7GwfDNXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAYO8d+82dj5OIWPvzoVqpOpDua2KsPtba7IBWyuzs8KRVeQB7r6vdCQBt4wJf6Fzm44FtBvYvb6jv8LQBAADwLBj81VPN/5sPhOeYgTx0LvP/0LnM/0PnMv8PHe7g9of0brbjg13OBQAAaJm+Wkky2XQusC8ymWw24mjttgA9yfRsIT8UET+LiI/6ew5W68PtThoAAAAAAAAAAAAAAAAAAAAAAAAAnjOVShIVAAAAYF+LyHyepDfyH+w/3bfx/MCB5Jv+2jIibrxx7dWbE+Xy0nB1+1c/bi+/lm4/344zGAAAAMBG9XF6fRwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvpwf1bk/Wyl3Hv/TUiBhrF747e2rL33f6IOPwwie7HHpdERNcuxF+7HRHHG8VPqmnFQJrFxviZiDjU5vhHdiE+dLI71f5nrNH7LxOnasvG77/utDyte6c26/8y9f6v1s816v+ONhnjxN13cpvGvx1xortx/1OPnzxl//uff6+ubrav8mbEYMPPn+SJWLny/GKutLJ6bnZ+YiY/k18YGRm+OHpp9MLoUG56tpBP/zaM8eKv3/t+q/Yf3iT+wDbtP91k+7+7e/P+L7aIf+Z3jV//41vErz73v08/B6r7B+vra+vrjzv59ocnt2r/1Cbt3+71P9Nk+89e/f+nTR4KAOyB0srq3EShkF+yYsXK/lu5mr7Rd/zwNndMAADArnv0pb/dmQAAAAAAAAAAAAAAAAAAAEDnavmPkB188pcFetvXVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf0QAAD//9sy0wA=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
r3 = eventfd(0x0)
readv(r3, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/61, 0x3d}], 0x1)
fcntl$setsig(r1, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r2}], 0x1, 0x0, 0x0, 0x0)
dup2(r1, r2)
fcntl$setown(r2, 0x8, r0)
tkill(r0, 0x13)
open(0x0, 0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

egistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.142063][ T4749] EXT4-fs: Ignoring removed orlov option
[  130.187501][ T4465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.210511][ T4749] EXT4-fs: Ignoring removed nomblk_io_submit option
[  130.220113][ T4465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.262100][ T4465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.291880][ T4749] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8803c118, mo2=0002]
[  130.307517][ T4749] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  130.361147][ T4465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.396108][ T4465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.407764][ T4465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.431267][ T4465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.446861][ T4465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.465326][ T4465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.501339][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  130.520113][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  130.569225][    T9] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.632238][ T4465] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.646617][ T4465] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.676101][ T4465] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.684884][ T4465] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.720448][ T4694] device hsr_slave_0 entered promiscuous mode
[  130.745727][ T4694] device hsr_slave_1 entered promiscuous mode
[  130.774534][ T4694] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  130.795870][ T3635] Bluetooth: hci3: command tx timeout
[  130.798411][ T4694] Cannot create hsr debugfs directory
[  130.820062][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  130.905155][    T9] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.275639][ T4775] netlink: 164 bytes leftover after parsing attributes in process `syz.3.245'.
[  131.312075][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.349816][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.503906][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  131.528190][ T4305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.583727][ T4305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.638352][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  131.971190][ T4787] device team0 entered promiscuous mode
[  132.013844][ T4787] device team_slave_0 entered promiscuous mode
[  132.033087][ T4787] device team_slave_1 entered promiscuous mode
[  132.073318][ T4787] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  132.106491][ T4787] device team0 left promiscuous mode
[  132.111832][ T4787] device team_slave_0 left promiscuous mode
[  132.138200][ T4787] device team_slave_1 left promiscuous mode
[  132.709017][ T1262] ieee802154 phy0 wpan0: encryption failed: -22
[  132.788838][ T1262] ieee802154 phy1 wpan1: encryption failed: -22
[  132.866532][ T3635] Bluetooth: hci3: command tx timeout
[  135.279845][ T3635] Bluetooth: hci3: command tx timeout
[  138.764020][ T4824] Zero length message leads to an empty skb
[  138.785802][ T4694] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  138.815223][ T4694] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  138.851419][ T4694] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  138.908257][ T4827] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  138.956096][   T32] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  139.093490][ T4694] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  139.365284][   T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.451548][   T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.665585][   T32] usb 4-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[  139.780561][   T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.831813][   T32] usb 4-1: config 0 descriptor??
[  139.952956][ T4694] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.290185][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  141.357691][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  141.417362][   T32] wacom 0003:056A:0315.0003: Unknown device_type for 'HID 056a:0315'. Assuming pen.
[  141.425698][ T4694] 8021q: adding VLAN 0 to HW filter on device team0
[  141.428798][   T32] wacom 0003:056A:0315.0003: hidraw0: USB HID v8.00 Device [HID 056a:0315] on usb-dummy_hcd.3-1/input0
[  141.449959][   T32] input: Wacom Intuos Pro M Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0315.0003/input/input6
[  141.521111][    T9] device hsr_slave_0 left promiscuous mode
[  141.579577][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.601049][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.641532][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.649579][ T3683] usb 4-1: USB disconnect, device number 6
[  141.669373][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.719760][    T9] device dummy0 left promiscuous mode
[  141.725367][    T9] bridge0: port 3(dummy0) entered disabled state
[  141.746596][    T9] device bridge_slave_1 left promiscuous mode
[  141.756444][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.775549][    T9] device bridge_slave_0 left promiscuous mode
[  141.786983][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.814468][    T9] device hsr_slave_1 left promiscuous mode
[  141.822821][    T9] device veth1_macvtap left promiscuous mode
[  141.829009][    T9] device veth0_macvtap left promiscuous mode
[  141.836635][    T9] device veth1_vlan left promiscuous mode
[  141.842525][    T9] device veth0_vlan left promiscuous mode
[  142.426601][ T4873] kcapi: manufacturer command 0 unknown.
[  144.436411][    T9] team0 (unregistering): Port device team_slave_1 removed
[  144.512739][    T9] team0 (unregistering): Port device team_slave_0 removed
[  144.590298][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  144.662158][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  145.430854][    T9] bond0 (unregistering): Released all slaves
[  145.516874][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  145.525470][ T4905] syz.2.273 uses obsolete (PF_INET,SOCK_PACKET)
[  145.526318][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.571183][ T3868] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.578371][ T3868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.617481][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  145.627168][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  145.635850][ T3868] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.643011][ T3868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.714351][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.723807][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.752675][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.763294][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.800275][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.848745][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.881427][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.966528][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.990800][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  146.029282][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  146.063309][ T4694] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  146.109295][ T4694] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  146.128110][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  146.148922][ T3868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  146.213887][ T4921] Driver unsupported XDP return value 0 on prog  (id 60) dev N/A, expect packet loss!
[  147.584401][ T4934] loop3: detected capacity change from 0 to 1024
[  147.721396][ T4934] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  147.876441][ T4934] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  148.125292][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  148.133939][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  148.237822][ T4694] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.468131][ T4950] netlink: 36 bytes leftover after parsing attributes in process `syz.3.281'.
[  148.805776][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  150.113593][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  150.265329][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  150.386594][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  150.395125][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  150.423428][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  150.461661][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  150.509540][ T4694] device veth0_vlan entered promiscuous mode
[  150.534647][ T4694] device veth1_vlan entered promiscuous mode
[  150.591979][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  150.607311][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  150.639657][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  150.687131][ T3728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  150.715448][ T4694] device veth0_macvtap entered promiscuous mode
[  150.733439][ T4694] device veth1_macvtap entered promiscuous mode
[  150.780009][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.815717][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.944689][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.125933][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.311488][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.503606][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.556310][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.571850][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.646616][ T4694] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.655801][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  151.669652][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  151.709042][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  151.739574][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  151.772335][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.799603][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.821705][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.842162][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.873857][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.902034][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.924702][ T4694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.954006][ T4694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.989964][ T4694] batman_adv: batadv0: Interface activated: batadv_slave_1
[  152.556276][ T3635] Bluetooth: hci0: command tx timeout
[  152.792321][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  152.868135][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  152.883930][ T4694] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  152.903084][ T4694] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.056099][ T4694] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.101596][ T4694] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.235771][ T3687] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.263173][ T3687] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.296487][    C0] eth0: bad gso: type: 1, size: 1408
[  154.309477][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.328533][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  154.346058][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.371558][ T3687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  154.406107][ T3676] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  154.766406][ T3676] usb 3-1: Using ep0 maxpacket: 32
[  154.906767][ T3676] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  154.988865][ T3676] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.246210][ T3676] usb 3-1: config 0 descriptor??
[  155.315785][ T5015] loop4: detected capacity change from 0 to 2048
[  155.324770][ T3676] gspca_main: nw80x-2.14.0 probing 055f:d001
[  155.370020][ T5015] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  155.441658][ T5020] device syzkaller0 entered promiscuous mode
[  155.455785][ T5018] loop1: detected capacity change from 0 to 764
[  155.552576][ T5018] rock: directory entry would overflow storage
[  155.564637][ T5018] rock: sig=0x4654, size=5, remaining=4
[  155.697716][ T5027] loop1: detected capacity change from 0 to 512
[  155.703446][ T4694] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0
[  156.005812][   T26] audit: type=1400 audit(1724253298.940:48): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=26260AE10CCA7C2B08C9DFF78977F306B457C51CCA93031D371D06D2E59E880583300E11E8 pid=5001 comm="syz.2.296"
[  156.174764][ T4694] EXT4-fs (loop4): unmounting filesystem.
[  156.366211][ T3676] gspca_nw80x: reg_r err -71
[  156.370885][ T3676] nw80x: probe of 3-1:0.0 failed with error -71
[  156.391476][ T3676] usb 3-1: USB disconnect, device number 2
[  156.464552][   T26] audit: type=1326 audit(1724253299.400:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.546990][   T26] audit: type=1326 audit(1724253299.440:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.635941][   T26] audit: type=1326 audit(1724253299.440:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.706483][   T26] audit: type=1326 audit(1724253299.440:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.757243][ T5043] loop3: detected capacity change from 0 to 1024
[  156.786676][ T5043] EXT4-fs: Ignoring removed nobh option
[  156.805831][   T26] audit: type=1326 audit(1724253299.440:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.844237][   T26] audit: type=1326 audit(1724253299.450:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.867632][   T26] audit: type=1326 audit(1724253299.450:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.892179][   T26] audit: type=1326 audit(1724253299.450:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  156.904262][ T5043] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  156.927874][   T26] audit: type=1326 audit(1724253299.450:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5029 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  158.522562][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  158.709857][ T5067] loop4: detected capacity change from 0 to 1024
[  158.735219][ T5070] process 'syz.3.314' launched '/dev/fd/4' with NULL argv: empty string added
[  158.841901][ T5072] loop1: detected capacity change from 0 to 1024
[  158.868266][ T5072] EXT4-fs: Ignoring removed orlov option
[  158.874332][ T5072] ext4: Unknown parameter 'dont_hash'
[  159.048315][ T5078] loop3: detected capacity change from 0 to 256
[  159.088353][ T4845] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  160.120845][ T5066] loop2: detected capacity change from 0 to 32768
[  160.907105][ T5093] loop3: detected capacity change from 0 to 512
[  161.011145][ T5093] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  161.028933][ T3635] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  161.038091][ T3635] Bluetooth: hci3: Injecting HCI hardware error event
[  161.050337][ T3649] Bluetooth: hci3: hardware error 0x00
[  161.289375][ T5093] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  161.402647][ T5103] loop1: detected capacity change from 0 to 1024
[  161.478002][ T5093] EXT4-fs error (device loop3): mb_free_blocks:1815: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  161.539618][ T5093] EXT4-fs (loop3): Remounting filesystem read-only
[  161.557944][ T5093] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.324: invalid indirect mapped block 1 (level 1)
[  161.613785][ T5093] EXT4-fs (loop3): 1 truncate cleaned up
[  161.627069][ T5093] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  161.778245][ T5093] Bluetooth: MGMT ver 1.22
[  161.862139][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  161.870117][ T3868] hfsplus: b-tree write err: -5, ino 4
[  162.688670][    C0] eth0: bad gso: type: 1, size: 1408
[  162.996557][   T26] kauditd_printk_skb: 15 callbacks suppressed
[  162.997013][   T26] audit: type=1326 audit(1724253305.920:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5123 comm="syz.2.333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b179e79 code=0x0
[  163.186175][ T3649] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  163.470024][ T5124] loop2: detected capacity change from 0 to 2048
[  163.612197][ T5124]  loop2: unable to read partition table
[  163.629809][ T5124] loop_reread_partitions: partition scan of loop2 () failed (rc=-5)
[  165.338519][ T5134] loop1: detected capacity change from 0 to 1024
[  165.360737][ T3091] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  165.430083][ T3091] Buffer I/O error on dev loop2, logical block 0, async page read
[  165.456230][ T3091] ldm_validate_partition_table(): Disk read failed.
[  165.484366][ T5134] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  165.496067][ T3091] Dev loop2: unable to read RDB block 0
[  165.548322][ T5134] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038 (0x7fffffff)
[  165.577835][ T3091]  loop2: unable to read partition table
[  165.584207][ T3091] loop2: partition table beyond EOD, truncated
[  166.387070][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  167.588879][ T5176] (syz.1.341,5176,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  167.597778][ T5176] (syz.1.341,5176,0):ocfs2_fill_super:1176 ERROR: status = -22
[  169.414494][   T26] audit: type=1326 audit(1724253312.350:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5189 comm="syz.0.350" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x0
[  169.904269][ T5203] loop1: detected capacity change from 0 to 512
[  170.047126][ T5203] ext4: Bad value for 'auto_da_alloc'
[  170.099250][ T5204] netlink: 'syz.0.355': attribute type 1 has an invalid length.
[  170.225905][ T5208] loop3: detected capacity change from 0 to 256
[  170.600115][ T5208] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  170.653173][ T5204] 8021q: adding VLAN 0 to HW filter on device bond1
[  170.719927][ T5214] device vlan2 entered promiscuous mode
[  170.787226][ T5216] loop1: detected capacity change from 0 to 1024
[  170.868457][ T5216] JBD2: no valid journal superblock found
[  170.898659][ T5216] EXT4-fs (loop1): error loading journal
[  171.714409][ T5222] loop4: detected capacity change from 0 to 47
[  172.411979][ T5234] netlink: 25 bytes leftover after parsing attributes in process `syz.0.363'.
[  172.426876][ T5234] device gretap0 entered promiscuous mode
[  172.486599][ T5234] netlink: 5 bytes leftover after parsing attributes in process `syz.0.363'.
[  172.517979][ T5234] 0�X��D��: renamed from gretap0
[  172.521256][ T5237] loop3: detected capacity change from 0 to 2048
[  172.531066][ T5234] device 
00�X��D�� left promiscuous mode
[  172.533872][ T5237] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  172.567576][ T5237] UDF-fs: warning (device loop3): udf_fill_super: No partition found (2)
[  172.608240][   T26] audit: type=1800 audit(1724253315.550:75): pid=5240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.364" name="/" dev="fuse" ino=1 res=0 errno=0
[  172.643469][ T5242] loop2: detected capacity change from 0 to 512
[  172.681073][ T5242] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  172.695389][ T5242] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.366: invalid indirect mapped block 83886080 (level 1)
[  172.702897][ T5242] EXT4-fs (loop2): 1 orphan inode deleted
[  172.702922][ T5242] EXT4-fs (loop2): 1 truncate cleaned up
[  172.702946][ T5242] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  172.770585][ T5242] EXT4-fs error (device loop2): __ext4_get_inode_loc:4506: comm syz.2.366: Invalid inode table block 5 in block_group 0
[  172.773841][ T5242] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.366: Invalid inode bitmap blk 4 in block_group 0
[  172.884132][ T4465] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  172.937535][ T4465] EXT4-fs (loop2): unmounting filesystem.
[  173.093766][ T5253] loop1: detected capacity change from 0 to 512
[  173.163999][ T5253] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.369: inode #1: comm syz.1.369: iget: illegal inode #
[  173.181450][ T5253] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.369: error while reading EA inode 1 err=-117
[  173.200727][ T5253] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.369: inode #1: comm syz.1.369: iget: illegal inode #
[  173.220322][ T5253] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.369: error while reading EA inode 1 err=-117
[  173.233993][ T5253] EXT4-fs (loop1): 1 orphan inode deleted
[  173.242207][ T5253] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  173.383193][   T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.541982][   T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.630180][   T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.644106][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  173.761797][   T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.666106][ T3637] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  174.681681][ T3637] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  174.693720][ T3637] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  174.708925][ T3637] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  174.716913][ T3637] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  174.724217][ T3637] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  175.199910][ T5280] netlink: 'syz.1.377': attribute type 4 has an invalid length.
[  175.518879][ T5282] loop1: detected capacity change from 0 to 8
[  175.664787][ T5284] loop3: detected capacity change from 0 to 256
[  175.723740][ T5284] exfat: Bad value for 'dmask'
[  178.268904][ T3637] Bluetooth: hci4: command tx timeout
[  179.312998][ T5272] chnl_net:caif_netlink_parms(): no params data found
[  179.333311][ T5325] loop4: detected capacity change from 0 to 1024
[  180.306844][ T3643] Bluetooth: hci4: command tx timeout
[  180.866435][   T48] Bluetooth: hci1: command 0x0406 tx timeout
[  180.866549][ T3637] Bluetooth: hci2: command 0x0406 tx timeout
[  180.879243][ T3637] Bluetooth: hci0: command tx timeout
[  181.383662][ T5272] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.391292][ T5272] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.406505][ T5272] device bridge_slave_0 entered promiscuous mode
[  181.598855][ T5272] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.733113][ T5272] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.905039][ T5272] device bridge_slave_1 entered promiscuous mode
[  182.134629][ T5272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.203202][ T5272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  182.623707][ T5377] input: syz1 as /devices/virtual/input/input10
[  182.650850][ T5342] Bluetooth: hci4: command tx timeout
[  182.884843][   T11] device hsr_slave_0 left promiscuous mode
[  182.904565][   T11] device hsr_slave_1 left promiscuous mode
[  182.921521][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  182.968442][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.979439][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.987691][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.996395][   T11] device bridge_slave_1 left promiscuous mode
[  183.002730][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.024388][   T11] device bridge_slave_0 left promiscuous mode
[  183.112145][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.174893][   T11] device veth1_macvtap left promiscuous mode
[  184.716174][ T5342] Bluetooth: hci4: command tx timeout
[  185.017771][   T11] device veth0_macvtap left promiscuous mode
[  185.040401][   T11] device veth1_vlan left promiscuous mode
[  185.101866][   T11] device veth0_vlan left promiscuous mode
[  185.155535][ T5398] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[  186.419241][ T5411] loop3: detected capacity change from 0 to 1024
[  186.590283][ T5415] netlink: 'syz.4.401': attribute type 1 has an invalid length.
[  186.706584][ T3683] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  186.976150][ T3683] usb 2-1: Using ep0 maxpacket: 16
[  187.116275][ T3683] usb 2-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=a3.85
[  187.139517][ T3683] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.182571][   T11] team0 (unregistering): Port device team_slave_1 removed
[  187.182940][ T3683] usb 2-1: config 0 descriptor??
[  187.282850][ T3683] usb 2-1: interface 1 not found
[  187.291618][   T11] team0 (unregistering): Port device team_slave_0 removed
[  187.383231][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.464074][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.583622][ T3678] usb 2-1: USB disconnect, device number 4
[  187.947550][   T11] bond0 (unregistering): Released all slaves
[  188.010650][ T5272] team0: Port device team_slave_0 added
[  188.020942][ T5272] team0: Port device team_slave_1 added
[  188.089395][ T5272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.101103][ T5272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.127249][ T5272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.173863][ T5272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.201513][ T5272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.271442][ T5272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.141735][ T5272] device hsr_slave_0 entered promiscuous mode
[  190.171642][ T5272] device hsr_slave_1 entered promiscuous mode
[  190.204072][ T5272] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  190.299608][ T5272] Cannot create hsr debugfs directory
[  191.146206][ T3683] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  191.566425][ T3683] usb 5-1: config 0 has no interfaces?
[  191.746375][ T3683] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  191.760081][ T3683] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.778806][ T3683] usb 5-1: Product: syz
[  191.786891][ T3683] usb 5-1: Manufacturer: syz
[  191.801765][ T3683] usb 5-1: SerialNumber: syz
[  191.817536][ T3683] usb 5-1: config 0 descriptor??
[  192.050045][ T5272] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  192.081229][ T5272] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  192.168864][ T5272] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  192.214591][ T5272] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  193.053974][ T5272] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.070603][ T3872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  193.082019][ T3872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  193.099838][ T5272] 8021q: adding VLAN 0 to HW filter on device team0
[  193.121206][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  193.149993][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  193.179267][  T102] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.186517][  T102] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.234210][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  193.253631][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  193.263824][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  193.272856][  T102] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.280227][  T102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.291456][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  193.313195][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  193.323029][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  193.344423][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  193.365277][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  193.398449][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  193.427537][ T5272] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  193.456070][ T5272] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  193.482849][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  193.493858][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  193.520142][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  193.531805][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  193.549854][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  193.561453][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  193.887515][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  193.895123][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  193.921260][ T5272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.960187][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  193.976881][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  194.020179][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  194.113911][  T945] usb 5-1: USB disconnect, device number 3
[  194.130949][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  194.149505][ T1262] ieee802154 phy0 wpan0: encryption failed: -22
[  194.155813][ T1262] ieee802154 phy1 wpan1: encryption failed: -22
[  194.191949][ T5272] device veth0_vlan entered promiscuous mode
[  194.204947][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  194.215627][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  194.235225][ T5272] device veth1_vlan entered promiscuous mode
[  194.275433][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  194.299413][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  194.312083][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  194.321500][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  194.333764][ T5272] device veth0_macvtap entered promiscuous mode
[  194.343998][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  194.363477][ T5272] device veth1_macvtap entered promiscuous mode
[  194.395724][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  194.412258][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.425087][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  194.442578][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.453708][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  194.473067][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.484932][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  194.502744][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.522288][ T5272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  194.533464][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  194.549663][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  194.565126][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.583408][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.593904][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.604771][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.615046][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.625863][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.636552][ T5272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.647371][ T5272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.678569][ T5272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  194.691942][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  194.711357][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  194.725601][ T5272] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  194.736402][ T5272] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  194.745121][ T5272] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  194.755453][ T5272] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  194.877812][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.892831][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.913451][  T102] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  194.934895][  T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  194.948107][  T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.967935][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  196.032088][ T5519] loop1: detected capacity change from 0 to 64
[  196.235889][ T5525] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[  196.771966][ T5533] netlink: 'syz.1.415': attribute type 25 has an invalid length.
[  196.798135][ T5533] netlink: 'syz.1.415': attribute type 8 has an invalid length.
[  196.821983][ T5533] netlink: 44 bytes leftover after parsing attributes in process `syz.1.415'.
[  196.831554][ T5533] netlink: 40 bytes leftover after parsing attributes in process `syz.1.415'.
[  197.799827][ T5542] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[  198.656096][ T3683] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  202.304405][ T3683] usb 5-1: device not accepting address 4, error -71
[  204.387084][  T945] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  206.096227][  T945] usb 2-1: unable to read config index 0 descriptor/start: -71
[  206.114218][  T945] usb 2-1: can't read configurations, error -71
[  206.276445][ T5607] loop1: detected capacity change from 0 to 512
[  206.298617][ T5607] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  206.363951][ T5607] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended
[  206.392674][ T5607] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[  206.419467][ T5607] System zones: 0-2, 18-18, 34-34
[  206.451272][ T5607] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz.1.434: bad orphan inode 15
[  206.470450][ T5607] ext4_test_bit(bit=14, block=18) = 1
[  206.476079][ T5607] is_bad_inode(inode)=0
[  206.517028][ T5607] NEXT_ORPHAN(inode)=2264924160
[  206.571520][ T5607] max_ino=32
[  206.599206][ T5607] i_nlink=0
[  206.637684][ T5607] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  206.806578][ T5607] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.434: bg 0: block 80: padding at end of block bitmap is not set
[  206.824157][ T5607] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6172: Corrupt filesystem
[  206.944981][ T5607] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  207.698399][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  208.653393][ T5627] 9pnet_fd: p9_fd_create_tcp (5627): problem connecting socket to 127.0.0.1
[  209.415383][ T5645] loop2: detected capacity change from 0 to 1024
[  214.499500][ T5676] loop1: detected capacity change from 0 to 256
[  215.044709][ T5678] loop3: detected capacity change from 0 to 512
[  215.159509][ T5678] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  215.257385][ T5678] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[  215.282333][ T5678] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[  215.321856][ T5678] System zones: 0-2, 18-18, 34-34
[  215.436038][ T5678] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz.3.455: bad orphan inode 15
[  215.581169][ T5678] ext4_test_bit(bit=14, block=18) = 1
[  215.792410][ T5678] is_bad_inode(inode)=0
[  215.816353][ T5678] NEXT_ORPHAN(inode)=2264924160
[  215.838231][ T5678] max_ino=32
[  215.851252][ T5678] i_nlink=0
[  215.911462][ T5678] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  215.999839][ T5678] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.455: bg 0: block 80: padding at end of block bitmap is not set
[  216.044164][ T5678] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6172: Corrupt filesystem
[  216.056725][ T5678] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  216.685421][  T152] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  216.892778][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  217.086424][  T152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.120387][  T152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.158907][  T152] usb 2-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00
[  217.200782][  T152] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.677622][  T152] usb 2-1: config 0 descriptor??
[  219.016364][ T5738] netlink: 320 bytes leftover after parsing attributes in process `syz.2.473'.
[  219.396623][  T152] logitech 0003:046D:C219.0004: invalid report_size 213086753
[  219.404428][  T152] logitech 0003:046D:C219.0004: item 0 4 1 7 parsing failed
[  219.419554][  T152] logitech 0003:046D:C219.0004: parse failed
[  219.426348][  T152] logitech: probe of 0003:046D:C219.0004 failed with error -22
[  219.467812][ T5738] infiniband syz0: set active
[  219.522885][ T5738] infiniband syz0: added veth0_vlan
[  219.798728][ T5597] usb 2-1: USB disconnect, device number 7
[  219.887694][ T5738] RDS/IB: syz0: added
[  219.891769][ T5738] smc: adding ib device syz0 with port count 1
[  219.906113][ T5738] smc:    ib device syz0 port 1 has pnetid 
[  220.497514][ T5752] loop3: detected capacity change from 0 to 2048
[  220.556514][ T5759] loop2: detected capacity change from 0 to 512
[  220.579383][ T5759] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  220.932721][ T5752] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  220.990217][ T5759] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[  221.092584][ T5759] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[  221.124362][ T5752] UDF-fs: Scanning with blocksize 512 failed
[  221.137287][ T5759] System zones: 0-2, 18-18, 34-34
[  221.154155][ T5759] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz.2.477: bad orphan inode 15
[  221.175758][ T5759] ext4_test_bit(bit=14, block=18) = 1
[  221.186569][ T5752] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  221.188908][ T5759] is_bad_inode(inode)=0
[  221.200150][ T5759] NEXT_ORPHAN(inode)=2264924160
[  221.225243][ T5759] max_ino=32
[  221.228947][ T5759] i_nlink=0
[  221.232244][ T5759] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1085: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  221.254379][ T5759] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.477: bg 0: block 80: padding at end of block bitmap is not set
[  221.306142][ T5759] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6172: Corrupt filesystem
[  221.318695][ T5759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  223.658842][ T5272] EXT4-fs (loop2): unmounting filesystem.
[  223.794063][ T5785] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  226.248853][ T5823] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(27698285337225) <= P.seqno(0) <= S.SWH(27698285337299)) and (P.ackno exists or LAWL(175535909115162) <= P.ackno(175535909115166) <= S.AWH(175535909115166), sending SYNC...
[  228.332357][   T26] audit: type=1326 audit(1724253371.270:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.362960][   T26] audit: type=1326 audit(1724253371.300:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.382529][ T5342] Bluetooth: hci2: unexpected event 0x09 length: 13 > 3
[  228.476405][   T26] audit: type=1326 audit(1724253371.330:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.573706][   T26] audit: type=1326 audit(1724253371.330:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.646097][   T26] audit: type=1326 audit(1724253371.340:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.701114][   T26] audit: type=1326 audit(1724253371.340:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.748425][   T26] audit: type=1326 audit(1724253371.340:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.775706][   T26] audit: type=1326 audit(1724253371.340:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.799222][   T26] audit: type=1326 audit(1724253371.350:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  228.881996][   T26] audit: type=1326 audit(1724253371.350:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5847 comm="syz.0.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  231.510726][ T3643] Bluetooth: hci1: command 0x0406 tx timeout
[  231.607881][ T5881] loop1: detected capacity change from 0 to 512
[  231.645508][ T5881] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  231.700943][ T5881] EXT4-fs (loop1): 1 truncate cleaned up
[  231.711219][ T5881] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  231.843411][ T5893] EXT4-fs (loop1): re-mounted. Quota mode: none.
[  232.458387][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  234.179130][ T5925] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  234.215942][ T3643] Bluetooth: hci1: unexpected event for opcode 0x0c46
[  234.229090][ T3643] Bluetooth: hci1: unexpected event 0x03 length: 16 > 11
[  236.710673][ T5958] loop4: detected capacity change from 0 to 512
[  237.612782][ T5969] loop3: detected capacity change from 0 to 128
[  237.720855][ T5969] FAT-fs (loop3): Unrecognized mount option "showexeC" or missing value
[  238.601428][ T5958] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  238.614035][ T5982] netlink: 4 bytes leftover after parsing attributes in process `syz.1.538'.
[  238.634663][ T5958] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038 (0x7fffffff)
[  238.729408][ T5982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.538'.
[  238.820572][ T5982] netlink: 4 bytes leftover after parsing attributes in process `syz.1.538'.
[  238.853515][ T4694] EXT4-fs (loop4): unmounting filesystem.
[  239.050763][ T5992] netlink: 20 bytes leftover after parsing attributes in process `syz.4.541'.
[  239.090121][ T5992] device bridge_slave_1 left promiscuous mode
[  239.117314][ T5992] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.172102][ T5992] bridge1: port 1(bridge_slave_1) entered blocking state
[  239.192985][ T5992] bridge1: port 1(bridge_slave_1) entered disabled state
[  239.227453][ T5992] device bridge_slave_1 entered promiscuous mode
[  239.259372][ T5992] bridge1: port 1(bridge_slave_1) entered blocking state
[  239.268127][ T5992] bridge1: port 1(bridge_slave_1) entered forwarding state
[  239.408185][ T5994] bridge1: port 2(veth1_to_bond) entered blocking state
[  239.416195][ T5994] bridge1: port 2(veth1_to_bond) entered disabled state
[  239.439677][ T5994] device veth1_to_bond entered promiscuous mode
[  240.386636][   T22] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  240.463506][ T5995] loop2: detected capacity change from 0 to 40427
[  240.666319][   T22] usb 2-1: Using ep0 maxpacket: 32
[  240.786688][   T22] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  240.811138][ T5995] F2FS-fs (loop2): Found nat_bits in checkpoint
[  240.924231][ T5995] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2
[  240.939638][ T5995] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  241.026335][   T22] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  241.043298][   T22] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  241.055673][   T22] usb 2-1: Product: syz
[  241.065377][   T22] usb 2-1: Manufacturer: syz
[  241.071984][   T22] usb 2-1: SerialNumber: syz
[  241.111390][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  241.147327][   T22] usb 2-1: config 0 descriptor??
[  241.390259][   T22] usb 2-1: USB disconnect, device number 8
[  241.801989][ T5272] syz-executor: attempt to access beyond end of device
[  241.801989][ T5272] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  241.843159][ T6023] loop3: detected capacity change from 0 to 64
[  245.193381][ T6062] loop1: detected capacity change from 0 to 512
[  245.212952][ T6062] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  245.294057][ T6062] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.558: iget: bad i_size value: -67835469387268086
[  245.335148][ T6062] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.558: couldn't read orphan inode 15 (err -117)
[  245.393097][ T6062] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  245.445534][ T6062] ext2 filesystem being mounted at /117/file0 supports timestamps until 2038 (0x7fffffff)
[  245.543162][ T6062] EXT4-fs error (device loop1): ext4_add_entry:2484: inode #2: comm syz.1.558: Directory hole found for htree leaf block 0
[  246.622573][ T6083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'.
[  246.944131][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  248.810072][ T6112] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  248.831121][   T26] audit: type=1804 audit(1724253391.770:86): pid=6116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.573" name="/newroot/129/bus/file0" dev="overlay" ino=755 res=1 errno=0
[  248.961700][ T6120] netlink: 'syz.1.575': attribute type 7 has an invalid length.
[  248.969622][ T6120] netlink: 'syz.1.575': attribute type 39 has an invalid length.
[  248.995522][ T6120] bridge1: port 1(gretap1) entered blocking state
[  249.002571][ T6120] bridge1: port 1(gretap1) entered disabled state
[  249.011285][ T6120] device gretap1 entered promiscuous mode
[  249.021428][ T6106] loop3: detected capacity change from 0 to 40427
[  249.030173][ T6120] netlink: 'syz.1.575': attribute type 7 has an invalid length.
[  249.040548][ T6120] netlink: 'syz.1.575': attribute type 39 has an invalid length.
[  249.048343][ T6106] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  249.069795][ T6106] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  249.106729][  T945] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  249.136618][ T6106] F2FS-fs (loop3): Found nat_bits in checkpoint
[  249.174248][ T6125] loop4: detected capacity change from 0 to 512
[  249.223463][ T6125] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  249.303588][ T6106] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  249.321266][ T6106] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  249.363623][ T6125] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.576: iget: bad i_size value: -67835469387268086
[  249.377140][  T945] usb 3-1: Using ep0 maxpacket: 16
[  249.384990][ T6125] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.576: couldn't read orphan inode 15 (err -117)
[  249.426407][ T6125] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  249.571755][ T6125] ext2 filesystem being mounted at /56/file0 supports timestamps until 2038 (0x7fffffff)
[  249.988229][ T6129] loop1: detected capacity change from 0 to 1024
[  250.053636][ T6129] EXT4-fs: Ignoring removed nobh option
[  250.086417][  T945] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  250.106347][ T6129] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  250.119935][ T6125] EXT4-fs error (device loop4): ext4_add_entry:2484: inode #2: comm syz.4.576: Directory hole found for htree leaf block 0
[  250.148334][  T945] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.169528][ T6129] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  250.193281][  T945] usb 3-1: config 0 descriptor??
[  250.237851][ T6129] netlink: 16 bytes leftover after parsing attributes in process `syz.1.578'.
[  250.307858][  T945] gspca_main: sonixj-2.14.0 probing 0471:0327
[  250.353544][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  250.374952][ T6138] F2FS-fs (loop3): Inconsistent error blkaddr:5663, sit bitmap:0
[  250.414100][ T6138] CPU: 0 PID: 6138 Comm: syz.3.570 Not tainted 6.1.106-syzkaller #0
[  250.422150][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  250.432206][ T6138] Call Trace:
[  250.435497][ T6138]  <TASK>
[  250.438427][ T6138]  dump_stack_lvl+0x1e3/0x2cb
[  250.443136][ T6138]  ? nf_tcp_handle_invalid+0x642/0x642
[  250.448597][ T6138]  ? f2fs_dirty_node_folio+0x513/0xa60
[  250.455026][ T6138]  f2fs_is_valid_blkaddr+0xc61/0x1270
[  250.460393][ T6138]  f2fs_truncate_data_blocks_range+0x5d4/0xe50
[  250.466550][ T6138]  f2fs_do_truncate_blocks+0x546/0xd50
[  250.472022][ T6138]  ? addrs_per_block+0x110/0x110
[  250.476981][ T6138]  f2fs_truncate_blocks+0x109/0x2f0
[  250.482215][ T6138]  do_convert_inline_dir+0xded/0x1c90
[  250.487722][ T6138]  ? f2fs_try_convert_inline_dir+0x4c0/0x4c0
[  250.493731][ T6138]  ? pagecache_get_page+0x120/0x250
[  250.498955][ T6138]  ? f2fs_grab_cache_page+0x38/0x3c0
[  250.504263][ T6138]  ? _find_next_zero_bit+0x101/0x140
[  250.509573][ T6138]  ? _find_next_bit+0xe9/0x120
[  250.514360][ T6138]  ? f2fs_room_for_filename+0x90/0xb0
[  250.519754][ T6138]  f2fs_add_inline_entry+0x503/0x8d0
[  250.525050][ T6138]  ? do_convert_inline_dir+0x1c90/0x1c90
[  250.530686][ T6138]  ? f2fs_init_casefolded_name+0x6c0/0x6c0
[  250.536503][ T6138]  f2fs_add_dentry+0xb6/0x1e0
[  250.541264][ T6138]  f2fs_do_add_link+0x21a/0x340
[  250.546143][ T6138]  ? f2fs_add_dentry+0x1e0/0x1e0
[  250.551084][ T6138]  ? up_read+0x20/0x20
[  250.555235][ T6138]  ? f2fs_dquot_initialize+0xd6/0x2e0
[  250.560604][ T6138]  f2fs_create+0x749/0xa10
[  250.565018][ T6138]  ? f2fs_lookup+0xae0/0xae0
[  250.569694][ T6138]  path_openat+0x12f1/0x2e60
[  250.574298][ T6138]  ? do_filp_open+0x480/0x480
[  250.578983][ T6138]  do_filp_open+0x230/0x480
[  250.583543][ T6138]  ? vfs_tmpfile+0x4a0/0x4a0
[  250.588145][ T6138]  ? _raw_spin_unlock+0x24/0x40
[  250.592994][ T6138]  ? alloc_fd+0x5a0/0x640
[  250.597325][ T6138]  do_sys_openat2+0x13b/0x4f0
[  250.602028][ T6138]  ? do_sys_open+0x220/0x220
[  250.606620][ T6138]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  250.612618][ T6138]  __x64_sys_creat+0x11f/0x160
[  250.617377][ T6138]  ? __x64_compat_sys_openat+0x290/0x290
[  250.623527][ T6138]  ? syscall_enter_from_user_mode+0x2e/0x230
[  250.629496][ T6138]  ? lockdep_hardirqs_on+0x94/0x130
[  250.634681][ T6138]  ? syscall_enter_from_user_mode+0x2e/0x230
[  250.640649][ T6138]  do_syscall_64+0x3b/0xb0
[  250.645058][ T6138]  ? clear_bhb_loop+0x45/0xa0
[  250.649726][ T6138]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  250.655633][ T6138] RIP: 0033:0x7fc486979e79
[  250.660038][ T6138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.679640][ T6138] RSP: 002b:00007fc48773f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  250.688043][ T6138] RAX: ffffffffffffffda RBX: 00007fc486b16058 RCX: 00007fc486979e79
[  250.696007][ T6138] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000e00
[  250.703975][ T6138] RBP: 00007fc4869e7916 R08: 0000000000000000 R09: 0000000000000000
[  250.711936][ T6138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  250.719894][ T6138] R13: 0000000000000000 R14: 00007fc486b16058 R15: 00007ffc2af7fb38
[  250.727866][ T6138]  </TASK>
[  252.846855][  T945] gspca_sonixj: i2c_w8 err -110
[  252.917386][  T945] sonixj: probe of 3-1:0.0 failed with error -110
[  254.566764][  T152] usb 3-1: USB disconnect, device number 3
[  255.606541][ T1262] ieee802154 phy0 wpan0: encryption failed: -22
[  255.612889][ T1262] ieee802154 phy1 wpan1: encryption failed: -22
[  255.705957][ T6192] loop2: detected capacity change from 0 to 1024
[  258.272317][ T4694] EXT4-fs (loop4): unmounting filesystem.
[  258.597514][ T6205] loop1: detected capacity change from 0 to 32768
[  258.611304][ T6205] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.593 (6205)
[  258.635125][ T6213] device syz_tun entered promiscuous mode
[  258.683417][ T6205] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  258.694039][ T6205] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  258.702849][ T6205] BTRFS info (device loop1): using free space tree
[  258.718221][ T6213] device batadv_slave_0 entered promiscuous mode
[  258.899565][ T6215] loop4: detected capacity change from 0 to 4096
[  258.956126][ T6215] ntfs: (device loop4): parse_ntfs_boot_sector(): Mft record size (8192) exceeds the PAGE_SIZE on your system (4096).  This is not supported.  Sorry.
[  258.991589][ T6215] ntfs: (device loop4): ntfs_fill_super(): Unsupported NTFS filesystem.
[  259.012298][ T6205] BTRFS info (device loop1): enabling ssd optimizations
[  259.032803][ T6230] loop3: detected capacity change from 0 to 512
[  259.261755][ T6230] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2766: inode #12: comm syz.3.597: corrupted xattr block 142
[  260.215741][ T6230] EXT4-fs (loop3): Remounting filesystem read-only
[  260.225780][ T6230] EXT4-fs (loop3): 1 truncate cleaned up
[  260.284938][ T6230] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  260.509746][ T3634] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  260.548846][ T6230] syz.3.597[6230] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  260.548949][ T6230] syz.3.597[6230] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.759546][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  262.791874][ T6272] loop4: detected capacity change from 0 to 4096
[  262.836638][ T6272] ntfs: (device loop4): parse_options(): Unrecognized mount option disabl�sparse.
[  262.925423][ T6272] loop4: detected capacity change from 0 to 64
[  265.219718][ T6307] loop1: detected capacity change from 0 to 512
[  265.378946][ T6307] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  265.521887][ T6307] EXT4-fs (loop1): 1 truncate cleaned up
[  265.527813][ T6307] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  265.668839][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  266.620946][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'.
[  267.325113][ T6313] loop3: detected capacity change from 0 to 32768
[  267.365306][ T6313] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop3 scanned by syz.3.613 (6313)
[  267.506206][ T6313] BTRFS info (device loop3): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  267.526889][ T6313] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  267.556114][ T6313] BTRFS info (device loop3): using free space tree
[  267.769769][ T6313] BTRFS info (device loop3): enabling ssd optimizations
[  267.813634][ T3643] Bluetooth: hci2: unexpected event for opcode 0x200f
[  267.871158][ T3639] BTRFS info (device loop3): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  268.499845][ T6333] loop4: detected capacity change from 0 to 32768
[  268.897905][ T6361] loop3: detected capacity change from 0 to 40427
[  268.932565][ T6361] F2FS-fs (loop3): invalid crc value
[  269.057175][ T6361] F2FS-fs (loop3): Found nat_bits in checkpoint
[  269.100450][ T6361] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  270.297183][ T3639] syz-executor: attempt to access beyond end of device
[  270.297183][ T3639] loop3: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[  270.337147][   T26] audit: type=1326 audit(1724253413.280:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.348704][ T3639] syz-executor: attempt to access beyond end of device
[  270.348704][ T3639] loop3: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[  270.374609][ T3639] F2FS-fs (loop3): Issue discard(4614, 4614, 1019) failed, ret: -5
[  270.374652][ T3639] F2FS-fs (loop3): Issue discard(5637, 5637, 10747) failed, ret: -5
[  270.406850][   T26] audit: type=1326 audit(1724253413.320:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.458841][   T26] audit: type=1326 audit(1724253413.320:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.481445][   T26] audit: type=1326 audit(1724253413.320:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.504255][   T26] audit: type=1326 audit(1724253413.320:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.530040][ T6385] loop1: detected capacity change from 0 to 256
[  270.607320][ T4340] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  270.635019][   T26] audit: type=1326 audit(1724253413.350:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.673247][   T26] audit: type=1326 audit(1724253413.380:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.696860][   T26] audit: type=1326 audit(1724253413.390:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  270.856332][ T4340] usb 3-1: Using ep0 maxpacket: 8
[  271.324079][   T26] audit: type=1326 audit(1724253413.390:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  271.398394][   T26] audit: type=1326 audit(1724253413.390:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6380 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c7d779e79 code=0x7ffc0000
[  271.850472][ T4340] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  271.861113][ T4340] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.876164][ T4340] usb 3-1: Product: syz
[  271.880372][ T4340] usb 3-1: Manufacturer: syz
[  271.884985][ T4340] usb 3-1: SerialNumber: syz
[  271.894609][ T4340] usb 3-1: config 0 descriptor??
[  272.350962][ T6404] netlink: 'syz.0.632': attribute type 4 has an invalid length.
[  272.481265][ T6399] netlink: 'syz.4.631': attribute type 7 has an invalid length.
[  272.639510][ T6399] netlink: 'syz.4.631': attribute type 39 has an invalid length.
[  272.641998][ T4340] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  272.683318][ T6406] bridge2: port 1(gretap1) entered blocking state
[  272.730854][ T6406] bridge2: port 1(gretap1) entered disabled state
[  272.738907][ T6406] device gretap1 entered promiscuous mode
[  272.753462][ T6399] netlink: 'syz.4.631': attribute type 7 has an invalid length.
[  272.916865][ T6399] netlink: 'syz.4.631': attribute type 39 has an invalid length.
[  275.100702][ T6434] bridge0: port 3(syz_tun) entered blocking state
[  275.107772][ T6434] bridge0: port 3(syz_tun) entered disabled state
[  275.115265][ T6434] device syz_tun entered promiscuous mode
[  275.121402][ T6434] bridge0: port 3(syz_tun) entered blocking state
[  275.127863][ T6434] bridge0: port 3(syz_tun) entered forwarding state
[  275.152645][ T6434] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  275.181582][ T6440] loop4: detected capacity change from 0 to 256
[  275.218677][ T5357] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  276.216251][ T4340] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71
[  276.253640][ T4340] usb 3-1: USB disconnect, device number 4
[  277.100909][ T6453] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.378459][ T6453] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.443953][ T6469] netlink: 'syz.2.647': attribute type 4 has an invalid length.
[  277.854886][ T6453] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.033602][ T6453] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  278.269323][ T6453] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.325150][ T6453] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.364489][ T6453] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  279.029554][ T6471] loop3: detected capacity change from 0 to 1764
[  279.104342][ T6453] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  279.319857][ T4845] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  279.657033][ T6471] loop3: detected capacity change from 0 to 512
[  280.367434][ T4845] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  283.712604][ T6512] loop2: detected capacity change from 0 to 512
[  284.848323][ T6512] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  284.898052][ T6512] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.658: iget: bad i_size value: -67835469387268086
[  284.916959][ T6512] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.658: couldn't read orphan inode 15 (err -117)
[  284.949338][ T6512] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  284.953530][ T6524] loop3: detected capacity change from 0 to 512
[  284.982051][ T6524] EXT4-fs: Ignoring removed orlov option
[  285.695481][ T6512] ext2 filesystem being mounted at /46/file0 supports timestamps until 2038 (0x7fffffff)
[  285.734364][ T6524] EXT4-fs: Ignoring removed i_version option
[  285.770784][ T6512] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.658: Directory hole found for htree leaf block 0
[  285.801597][ T6524] EXT4-fs (loop3): 1 truncate cleaned up
[  285.836464][ T6524] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  285.963383][ T5342] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  285.972695][ T5342] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  286.000032][ T5342] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  286.040866][ T5342] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  286.051094][ T5342] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  286.061020][ T5342] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  287.772175][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  287.988835][ T6545] loop4: detected capacity change from 0 to 32768
[  288.013880][ T6545] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop4 scanned by syz.4.666 (6545)
[  288.077655][ T6545] BTRFS info (device loop4): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  288.124387][ T6545] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[  288.146870][ T3643] Bluetooth: hci5: command tx timeout
[  288.167574][ T6545] BTRFS info (device loop4): using free space tree
[  288.327526][ T3638] bridge0: port 3(syz_tun) entered disabled state
[  288.480629][ T3638] device syz_tun left promiscuous mode
[  288.526050][ T3638] bridge0: port 3(syz_tun) entered disabled state
[  288.721701][ T6545] BTRFS info (device loop4): enabling ssd optimizations
[  288.954329][ T6549] loop3: detected capacity change from 0 to 40427
[  289.066440][ T4694] BTRFS info (device loop4): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  289.081998][ T3872] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.368553][ T3872] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.582911][ T3872] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.025094][ T3872] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.271856][ T3643] Bluetooth: hci5: command tx timeout
[  290.478533][ T6587] loop4: detected capacity change from 0 to 256
[  290.985206][ T6587] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  291.102872][ T6587] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x1911af20)
[  291.178239][ T6587] exFAT-fs (loop4): invalid boot region
[  291.219865][ T6587] exFAT-fs (loop4): failed to recognize exfat type
[  291.251975][ T6530] chnl_net:caif_netlink_parms(): no params data found
[  291.909657][ T6597] loop1: detected capacity change from 0 to 1024
[  291.966212][ T6597] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  292.084107][ T6597] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  292.206364][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.213488][ T6530] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.307315][ T3643] Bluetooth: hci5: command tx timeout
[  292.627891][ T6530] device bridge_slave_0 entered promiscuous mode
[  292.818539][ T6611] (syz.3.675,6611,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  292.827200][ T6611] (syz.3.675,6611,0):ocfs2_fill_super:1176 ERROR: status = -22
[  293.369725][ T5272] EXT4-fs (loop2): unmounting filesystem.
[  293.398647][ T6597] netlink: 36 bytes leftover after parsing attributes in process `syz.1.684'.
[  293.449305][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.458830][ T6530] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.494479][ T6530] device bridge_slave_1 entered promiscuous mode
[  293.538023][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  293.836585][ T6530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.870138][ T6530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  294.021366][ T6530] team0: Port device team_slave_0 added
[  294.166508][ T3649] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  294.178335][ T3649] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  294.187709][ T3649] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  294.197230][ T3649] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  294.205049][ T3649] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  294.212968][ T3649] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  294.308940][ T6530] team0: Port device team_slave_1 added
[  294.423590][ T3649] Bluetooth: hci5: command tx timeout
[  294.648651][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.673559][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.791097][ T6530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.047114][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.054166][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  295.081969][ T6530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  295.447001][ T6530] device hsr_slave_0 entered promiscuous mode
[  295.474152][ T6530] device hsr_slave_1 entered promiscuous mode
[  295.498765][ T6530] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  295.524035][ T6530] Cannot create hsr debugfs directory
[  295.566096][  T945] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  295.816135][  T945] usb 4-1: Using ep0 maxpacket: 16
[  295.936727][  T945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.973698][  T945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.016089][  T945] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  296.042682][  T945] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  296.053348][  T945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.097230][  T945] usb 4-1: config 0 descriptor??
[  296.107937][ T6663] loop4: detected capacity change from 0 to 512
[  296.164748][ T6663] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  296.226180][ T3649] Bluetooth: hci1: command tx timeout
[  296.247468][ T6663] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  296.269264][ T3872] device hsr_slave_0 left promiscuous mode
[  296.283679][ T3872] device hsr_slave_1 left promiscuous mode
[  296.294139][ T3872] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.306278][ T3872] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.325494][ T3872] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.344799][ T3872] batman_adv: batadv0: Removing interface: batadv_slave_1
[  296.367258][ T3872] device bridge_slave_1 left promiscuous mode
[  296.377262][ T3872] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.453657][ T3872] device bridge_slave_0 left promiscuous mode
[  296.475873][ T3872] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.541892][ T3872] device veth1_macvtap left promiscuous mode
[  296.567428][ T6663] loop4: detected capacity change from 0 to 1764
[  296.575027][ T3872] device veth0_macvtap left promiscuous mode
[  296.594851][ T3872] device veth1_vlan left promiscuous mode
[  296.634573][ T3872] device veth0_vlan left promiscuous mode
[  296.739670][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.753080][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.760610][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.767928][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.775315][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.782145][ T3872] infiniband syz2: set down
[  296.782645][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.793769][ T6671] xt_bpf: check failed: parse error
[  296.794640][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.807422][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.814727][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.823413][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.831267][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.839025][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.846940][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.878357][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.885630][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.898064][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.905338][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.913835][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.921469][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.935013][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.942904][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.950952][  T945] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  296.971362][  T945] microsoft 0003:045E:07DA.0005: No inputs registered, leaving
[  297.007418][ T4845] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  297.022430][  T945] microsoft 0003:045E:07DA.0005: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  297.034595][  T945] microsoft 0003:045E:07DA.0005: no inputs found
[  297.041766][  T945] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[  297.223693][ T3872] bond1 (unregistering): Released all slaves
[  297.712477][ T3872] team0 (unregistering): Port device team_slave_1 removed
[  297.755320][ T3872] team0 (unregistering): Port device team_slave_0 removed
[  297.755624][ T3730] smc: removing ib device syz2
[  297.803476][ T3872] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.844872][ T3872] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  298.239459][ T3872] bond0 (unregistering): Released all slaves
[  298.306163][ T3649] Bluetooth: hci1: command tx timeout
[  298.338918][ T6676] netlink: 12 bytes leftover after parsing attributes in process `syz.1.686'.
[  298.390899][ T6676] device vlan3 entered promiscuous mode
[  298.399413][ T6676] device wlan0 entered promiscuous mode
[  298.412279][ T6676] device wlan0 left promiscuous mode
[  298.580185][ T6674] bridge0: port 4(dummy0) entered blocking state
[  298.594193][ T6674] bridge0: port 4(dummy0) entered disabled state
[  298.635278][ T6674] device dummy0 entered promiscuous mode
[  298.694223][ T6674] bridge0: port 4(dummy0) entered blocking state
[  298.700738][ T6674] bridge0: port 4(dummy0) entered forwarding state
[  298.776698][ T6689] loop1: detected capacity change from 0 to 2048
[  298.806695][ T6627] chnl_net:caif_netlink_parms(): no params data found
[  298.856491][ T6689] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  298.970038][ T6268] usb 4-1: USB disconnect, device number 7
[  299.359182][ T3634] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /147/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0
[  299.611854][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  300.198124][ T6697] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  300.233318][ T6697] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  300.286873][ T6697] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  300.386276][ T3649] Bluetooth: hci1: command tx timeout
[  300.535251][ T6627] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.546224][ T6627] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.588324][ T6627] device bridge_slave_0 entered promiscuous mode
[  300.656434][ T6627] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.663650][ T6627] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.714692][ T6627] device bridge_slave_1 entered promiscuous mode
[  300.863427][ T6530] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  300.986939][ T6627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  301.013211][ T6530] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  301.038634][ T6530] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  301.070378][ T6627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  301.107329][ T6530] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  301.252956][ T6627] team0: Port device team_slave_0 added
[  301.300084][ T6733] loop4: detected capacity change from 0 to 32768
[  301.308697][ T6627] team0: Port device team_slave_1 added
[  301.416974][ T6627] batman_adv: batadv0: Adding interface: batadv_slave_0
[  301.427903][ T6627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.436062][ T6733] XFS (loop4): Mounting V5 Filesystem
[  301.457022][ T6627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  301.472432][ T6627] batman_adv: batadv0: Adding interface: batadv_slave_1
[  301.479983][ T6627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.509263][ T6627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  301.573509][ T6530] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.608009][ T6627] device hsr_slave_0 entered promiscuous mode
[  301.673260][ T6627] device hsr_slave_1 entered promiscuous mode
[  301.719169][ T6627] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  301.723519][ T6733] XFS (loop4): Ending clean mount
[  301.727059][ T6627] Cannot create hsr debugfs directory
[  301.779866][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  301.791160][ T6733] XFS (loop4): Quotacheck needed: Please wait.
[  301.806862][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  301.874162][ T6530] 8021q: adding VLAN 0 to HW filter on device team0
[  301.931151][ T6733] XFS (loop4): Quotacheck: Done.
[  301.944280][ T6747] loop1: detected capacity change from 0 to 1024
[  301.959481][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  301.977229][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  301.997326][ T3730] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.004460][ T3730] bridge0: port 1(bridge_slave_0) entered forwarding state
[  302.032593][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  302.063716][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  302.110548][ T3730] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.117815][ T3730] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.160527][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  302.240635][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  302.285050][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  302.315634][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  302.339327][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  302.352378][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  302.367264][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  302.430908][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  302.448434][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  302.466258][ T3649] Bluetooth: hci1: command tx timeout
[  302.479832][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  302.505418][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  302.517731][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  302.529162][ T6530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  302.666570][ T6627] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.869368][ T6627] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.020815][ T6627] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.159902][ T6627] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.228555][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  303.243398][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  303.286811][ T6530] 8021q: adding VLAN 0 to HW filter on device batadv0
[  303.424544][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  303.457418][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  303.538826][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  303.577972][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  303.666495][ T6530] device veth0_vlan entered promiscuous mode
[  303.687571][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  303.717844][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  303.766382][ T4694] XFS (loop4): Unmounting Filesystem
[  303.802162][ T6530] device veth1_vlan entered promiscuous mode
[  303.910372][ T6781] netlink: 'syz.3.701': attribute type 1 has an invalid length.
[  304.054000][ T6781] 8021q: adding VLAN 0 to HW filter on device bond1
[  304.110985][ T6627] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  304.154218][ T6788] loop1: detected capacity change from 0 to 1024
[  304.195230][ T6530] device veth0_macvtap entered promiscuous mode
[  304.248696][ T6784] device vlan2 entered promiscuous mode
[  304.270651][ T6784] bond1: (slave vlan2): making interface the new active one
[  304.305388][ T6784] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  304.334822][ T6788] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (490519854976 ns) > initial count (268435456 ns). Using initial count to start timer.
[  304.377518][ T6627] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  304.396972][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  304.413862][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  304.434169][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  304.462516][ T6530] device veth1_macvtap entered promiscuous mode
[  304.474753][ T6627] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  304.488228][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  304.506559][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  304.555016][ T6627] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  304.963183][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  304.974240][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.132801][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.327133][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.506246][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.521123][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.532645][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.543542][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.557582][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.584814][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  305.665458][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  305.698766][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.736129][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.776112][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.814820][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.844667][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.866052][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.875910][ T6530] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.905250][ T6530] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.933262][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.933770][ T6811] netlink: 16 bytes leftover after parsing attributes in process `syz.3.705'.
[  305.946494][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  305.947294][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  305.959602][ T6530] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  305.959637][ T6530] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.959662][ T6530] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  305.959686][ T6530] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.340996][ T6627] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.605702][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.671309][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.956407][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  307.233192][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  307.243980][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  307.302432][ T3871] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.325414][ T3871] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.362649][ T6627] 8021q: adding VLAN 0 to HW filter on device team0
[  307.488408][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  307.499386][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  307.526821][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  307.543087][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.550258][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.612297][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  307.674240][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  307.702684][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.709872][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.830696][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  308.020872][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  308.285115][ T6850] kernel read not supported for file / 
 (pid: 6850 comm: syz.3.710)
[  308.286171][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  308.354944][   T26] kauditd_printk_skb: 52 callbacks suppressed
[  308.354959][   T26] audit: type=1800 audit(1724253451.290:149): pid=6850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.710" name=2001 dev="mqueue" ino=50971 res=0 errno=0
[  308.355941][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  308.374975][ T6850] netlink: 4 bytes leftover after parsing attributes in process `syz.3.710'.
[  308.382929][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  308.466170][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  308.485060][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  308.513621][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  308.533034][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  308.586427][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  308.619945][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  308.653639][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  308.667202][ T6627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  311.398629][ T6868] loop1: detected capacity change from 0 to 512
[  311.567152][ T6868] ext4: Unknown parameter 'noacl'
[  311.651637][ T4845] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  312.470736][    C0] eth0: bad gso: type: 1, size: 1408
[  312.557709][    C0] eth0: bad gso: type: 1, size: 1408
[  313.737143][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  313.774942][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  313.811849][ T3872] device hsr_slave_0 left promiscuous mode
[  313.825404][ T3872] device hsr_slave_1 left promiscuous mode
[  313.832860][ T3872] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  313.840786][ T3872] batman_adv: batadv0: Removing interface: batadv_slave_0
[  313.849634][ T3872] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  313.857735][ T3872] batman_adv: batadv0: Removing interface: batadv_slave_1
[  313.865717][ T3872] device bridge_slave_1 left promiscuous mode
[  313.904120][ T3872] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.028214][ T3872] device bridge_slave_0 left promiscuous mode
[  314.090949][ T3872] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.374152][ T3872] device veth1_macvtap left promiscuous mode
[  314.439476][ T3872] device veth0_macvtap left promiscuous mode
[  314.494599][ T3872] device veth1_vlan left promiscuous mode
[  314.502825][ T4340] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  314.526101][ T3872] device veth0_vlan left promiscuous mode
[  314.563730][ T3872] infiniband syz0: set down
[  315.136901][ T4340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.336081][ T4340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.350989][ T4340] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  315.366409][ T4340] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  315.376347][ T4340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.494749][ T4340] usb 4-1: config 0 descriptor??
[  315.788064][    T9] smc: removing ib device syz0
[  316.058158][ T4340] logitech 0003:046D:C293.0006: item fetching failed at offset 5/7
[  316.076628][ T4340] logitech 0003:046D:C293.0006: parse failed
[  316.082681][ T4340] logitech: probe of 0003:046D:C293.0006 failed with error -22
[  316.231061][ T3872] team0 (unregistering): Port device team_slave_1 removed
[  316.381622][ T3872] team0 (unregistering): Port device team_slave_0 removed
[  316.424316][   T32] usb 4-1: USB disconnect, device number 8
[  316.525847][ T3872] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  316.619464][ T3872] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  317.037151][ T1262] ieee802154 phy0 wpan0: encryption failed: -22
[  317.046735][ T1262] ieee802154 phy1 wpan1: encryption failed: -22
[  317.141972][ T6928] loop3: detected capacity change from 0 to 512
[  317.204837][ T6928] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  317.223542][ T6928] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  317.552100][ T6931] loop3: detected capacity change from 0 to 1764
[  317.662887][ T4845] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  318.101656][ T6937] loop1: detected capacity change from 0 to 1024
[  318.181463][ T6937] EXT4-fs: Ignoring removed oldalloc option
[  318.217212][ T6937] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  318.227312][ T6937] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  318.238526][ T6937] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869)
[  318.269377][ T6937] journal_init_common: Cannot get buffer for journal superblock
[  318.319498][ T6937] EXT4-fs (loop1): Could not load journal inode
[  318.578207][ T3872] bond0 (unregistering): Released all slaves
[  318.704065][ T3677] infiniband syz0: ib_query_port failed (-19)
[  318.713708][ T6627] 8021q: adding VLAN 0 to HW filter on device batadv0
[  318.914336][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  318.936877][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  319.000078][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  319.028480][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  319.072508][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  319.102116][ T1114] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  319.156403][ T6627] device veth0_vlan entered promiscuous mode
[  319.216738][ T6627] device veth1_vlan entered promiscuous mode
[  319.259662][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  319.272777][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  319.351875][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  319.392702][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  319.443977][ T6627] device veth0_macvtap entered promiscuous mode
[  319.470262][ T6942] netlink: 36 bytes leftover after parsing attributes in process `syz.1.741'.
[  319.501873][ T6944] loop3: detected capacity change from 0 to 1024
[  319.541450][ T6627] device veth1_macvtap entered promiscuous mode
[  319.569368][ T4845] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  319.646588][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.736087][ T6947] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (490519854976 ns) > initial count (268435456 ns). Using initial count to start timer.
[  319.737052][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.794030][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.824424][ T6952] devpts: called with bogus options
[  319.844071][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.866939][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.883016][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.903450][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.942268][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.969560][ T6627] batman_adv: batadv0: Interface activated: batadv_slave_0
[  319.992825][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  320.011889][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  320.021646][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  320.035299][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  320.092808][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.120610][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.137531][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.160568][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.203849][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.229074][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.252378][ T6627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  320.263453][ T6627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.320484][ T6627] batman_adv: batadv0: Interface activated: batadv_slave_1
[  320.356807][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  320.370417][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  320.424178][ T6627] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  320.445399][ T6627] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  320.467141][ T6627] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  320.801129][ T6627] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  322.220449][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.305557][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.579679][ T5393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  322.636219][ T6267] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  322.647393][ T5393] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.663294][   T26] audit: type=1326 audit(1724253465.600:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  322.726132][ T5393] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.795777][   T26] audit: type=1326 audit(1724253465.650:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  322.890615][   T26] audit: type=1326 audit(1724253465.650:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  322.966191][   T26] audit: type=1326 audit(1724253465.650:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  323.042462][ T3871] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  323.056175][ T6267] usb 5-1: config 0 has no interfaces?
[  323.062172][ T6267] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[  323.071689][   T26] audit: type=1326 audit(1724253465.650:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  323.124386][ T6267] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.160982][ T6267] usb 5-1: config 0 descriptor??
[  323.167640][ T6991] netlink: 96 bytes leftover after parsing attributes in process `syz.1.743'.
[  323.176370][   T26] audit: type=1326 audit(1724253465.650:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  323.272389][   T26] audit: type=1326 audit(1724253465.650:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  323.760221][ T6982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  324.762137][   T26] audit: type=1326 audit(1724253465.650:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  324.779289][ T6982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  324.785329][   T26] audit: type=1326 audit(1724253465.650:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  324.912379][ T6982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  324.967362][   T26] audit: type=1326 audit(1724253465.650:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6988 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x7ffc0000
[  325.138144][ T6982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.064928][ T7004] loop2: detected capacity change from 0 to 256
[  326.109619][ T6266] usb 5-1: USB disconnect, device number 6
[  327.008797][ T7019] loop2: detected capacity change from 0 to 1024
[  327.119748][ T7006] loop3: detected capacity change from 0 to 8192
[  327.125469][ T7025] loop1: detected capacity change from 0 to 1024
[  327.280757][ T7006] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  328.653411][ T7025] hfsplus: xattr searching failed
[  328.684095][ T7025] hfsplus: b-tree write err: -5, ino 3
[  329.617561][ T7039] netlink: 'syz.1.756': attribute type 13 has an invalid length.
[  330.831590][ T7045] loop2: detected capacity change from 0 to 32768
[  330.871246][ T7045] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.757 (7045)
[  330.964410][ T7045] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  331.016160][ T7045] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  331.077105][ T7045] BTRFS info (device loop2): using free space tree
[  331.185804][ T7045] BTRFS info (device loop2): enabling ssd optimizations
[  331.721006][ T7078] loop4: detected capacity change from 0 to 256
[  331.827633][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.4.773'.
[  331.958660][ T6627] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  331.959451][ T7047] loop1: detected capacity change from 0 to 32768
[  332.101301][ T7047] XFS (loop1): Mounting V5 Filesystem
[  332.301766][ T7047] XFS (loop1): Ending clean mount
[  332.310036][ T7047] XFS (loop1): Quotacheck needed: Please wait.
[  332.361529][ T7047] XFS (loop1): Quotacheck: Done.
[  332.406214][  T945] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  332.656236][  T945] usb 5-1: Using ep0 maxpacket: 32
[  332.786278][  T945] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.798795][  T945] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  332.813015][  T945] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  332.817349][ T7102] loop2: detected capacity change from 0 to 512
[  332.822923][  T945] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.897581][  T945] usb 5-1: config 0 descriptor??
[  332.927850][ T4845] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  332.943960][ T7102] loop2: detected capacity change from 0 to 1024
[  332.952114][  T945] hub 5-1:0.0: USB hub found
[  332.961356][ T4845] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  332.980306][ T4845] Buffer I/O error on dev loop2, logical block 0, async page read
[  333.047474][   T26] kauditd_printk_skb: 51 callbacks suppressed
[  333.047489][   T26] audit: type=1800 audit(1724253475.990:211): pid=7102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.767" name="bus" dev="loop2" ino=26 res=0 errno=0
[  333.146503][  T945] hub 5-1:0.0: 1 port detected
[  333.399028][   T26] audit: type=1326 audit(1724253476.340:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7108 comm="syz.3.769" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x0
[  333.506154][ T3683] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  333.548092][ T3634] XFS (loop1): Unmounting Filesystem
[  333.786388][   T14] hub 5-1:0.0: activate --> -90
[  333.866294][ T3683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.879588][ T3683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.889507][ T3683] usb 3-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00
[  333.898813][ T3683] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.912419][ T3683] usb 3-1: config 0 descriptor??
[  334.172002][   T14] hub 5-1:0.0: hub_ext_port_status failed (err = 0)
[  334.404334][ T3683] wacom 0003:056A:00D0.0007: Unknown device_type for 'HID 056a:00d0'. Assuming pen.
[  334.879214][ T6273] usb 5-1: USB disconnect, device number 7
[  335.171965][ T3683] wacom 0003:056A:00D0.0007: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.2-1/input0
[  335.204731][ T3683] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00D0.0007/input/input13
[  336.212529][ T3683] usb 3-1: USB disconnect, device number 5
[  338.095533][   T26] audit: type=1326 audit(1724253481.030:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  338.594747][   T26] audit: type=1326 audit(1724253481.170:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  338.810630][   T26] audit: type=1326 audit(1724253481.180:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc486978810 code=0x7ffc0000
[  338.868343][   T26] audit: type=1326 audit(1724253481.190:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc48697b6a7 code=0x7ffc0000
[  338.936197][   T26] audit: type=1326 audit(1724253481.200:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  339.000141][ T7167] kvm [7163]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000
[  339.049399][ T7167] kvm [7163]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x250000f7ff
[  339.074587][   T26] audit: type=1326 audit(1724253481.210:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc48697b6a7 code=0x7ffc0000
[  339.082294][ T7175] netlink: 'syz.0.789': attribute type 2 has an invalid length.
[  339.205507][   T26] audit: type=1326 audit(1724253481.220:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc486978b0a code=0x7ffc0000
[  339.241519][ T7177] af_packet: tpacket_rcv: packet too big, clamped from 4096 to 3952. macoff=96
[  339.251539][ T7167] kvm [7163]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x250000ffff
[  339.269456][   T26] audit: type=1326 audit(1724253481.230:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  339.455969][   T26] audit: type=1326 audit(1724253481.290:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  339.478479][   T26] audit: type=1326 audit(1724253481.390:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7162 comm="syz.3.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fc486979e79 code=0x7ffc0000
[  341.178801][ T7199] loop2: detected capacity change from 0 to 512
[  341.243333][ T7199] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  341.306205][ T7199] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  342.083383][ T7197] loop2: detected capacity change from 0 to 1764
[  342.128625][ T7210] loop3: detected capacity change from 0 to 1024
[  342.378001][ T7210] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  342.410314][ T7210] ext4 filesystem being mounted at /178/file1 supports timestamps until 2038 (0x7fffffff)
[  342.439588][ T4845] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  342.570778][ T7210] xt_CT: No such helper "netbios-ns"
[  342.767796][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  343.696456][   T26] kauditd_printk_skb: 38 callbacks suppressed
[  343.696472][   T26] audit: type=1326 audit(1724253486.640:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.1.814" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9355579e79 code=0x0
[  345.420832][ T7257] mmap: syz.0.810 (7257) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  345.497160][ T7258] loop1: detected capacity change from 0 to 1024
[  346.218775][   T26] audit: type=1326 audit(1724253489.160:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3879179e79 code=0x7ffc0000
[  346.261101][   T26] audit: type=1326 audit(1724253489.160:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3879179e79 code=0x7ffc0000
[  346.310661][   T26] audit: type=1326 audit(1724253489.190:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3879178810 code=0x7ffc0000
[  346.347872][ T3871] hfsplus: b-tree write err: -5, ino 4
[  346.439626][   T26] audit: type=1326 audit(1724253489.190:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f387917b6a7 code=0x7ffc0000
[  346.462234][   T26] audit: type=1326 audit(1724253489.190:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3879179e79 code=0x7ffc0000
[  346.545425][   T26] audit: type=1326 audit(1724253489.190:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f387917b6a7 code=0x7ffc0000
[  346.587060][   T26] audit: type=1326 audit(1724253489.190:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3879178b0a code=0x7ffc0000
[  346.616643][   T26] audit: type=1326 audit(1724253489.190:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3879179e79 code=0x7ffc0000
[  346.717085][ T7288] loop2: detected capacity change from 0 to 1024
[  346.724417][   T26] audit: type=1326 audit(1724253489.190:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.0.815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3879179e79 code=0x7ffc0000
[  346.748211][ T7288] hfsplus: invalid attributes max_key_len 0
[  346.754543][ T7288] hfsplus: failed to load attributes file
[  347.622523][ T7292] loop1: detected capacity change from 0 to 2048
[  347.685839][ T7292] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  347.723750][ T7292] UDF-fs: Scanning with blocksize 512 failed
[  347.807264][ T7292] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  347.866568][ T7303] loop3: detected capacity change from 0 to 1024
[  347.901617][ T7303] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  348.040352][   T14] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  348.059198][ T7303] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  348.105332][ T7299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  348.608399][ T3639] EXT4-fs (loop3): unmounting filesystem.
[  348.808623][ T7309] loop1: detected capacity change from 0 to 8
[  349.013700][   T14] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8 is Bulk; changing to Interrupt
[  349.170881][  T945] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  349.477782][   T26] kauditd_printk_skb: 39 callbacks suppressed
[  349.477798][   T26] audit: type=1326 audit(1724253492.420:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8f8579e79 code=0x7ffc0000
[  349.496418][   T14] usb 5-1: string descriptor 0 read error: -22
[  349.519725][   T14] usb 5-1: New USB device found, idVendor=2019, idProduct=4901, bcdDevice=59.33
[  349.529576][   T14] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.550260][   T14] usb 5-1: config 0 descriptor??
[  349.555363][   T26] audit: type=1326 audit(1724253492.460:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe8f8578810 code=0x7ffc0000
[  349.593990][   T26] audit: type=1326 audit(1724253492.460:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe8f857b6a7 code=0x7ffc0000
[  349.620890][ T7301] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  349.623789][   T26] audit: type=1326 audit(1724253492.460:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe8f8579e79 code=0x7ffc0000
[  349.768389][   T14] r8712u: register rtl8712_netdev_ops to netdev_ops
[  349.786175][  T945] usb 2-1: not running at top speed; connect to a high speed hub
[  350.536159][   T14] usb 5-1: r8712u: USB_SPEED_LOW with 1 endpoints
[  350.676212][   T14] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed
[  350.696201][  T945] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  350.798388][   T14] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  350.818513][  T945] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  350.841069][   T14] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  351.573484][   T14] usb 5-1: USB disconnect, device number 8
[  351.605305][   T26] audit: type=1326 audit(1724253492.460:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe8f857b6a7 code=0x7ffc0000
[  351.664628][   T26] audit: type=1326 audit(1724253492.460:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe8f8578b0a code=0x7ffc0000
[  351.771107][  T945] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  351.796397][  T945] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.804443][  T945] usb 2-1: Product: చ
[  351.826171][  T945] usb 2-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s
[  351.857107][   T26] audit: type=1326 audit(1724253492.460:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8f8579e79 code=0x7ffc0000
[  351.976894][  T945] usb 2-1: SerialNumber: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎
[  352.299270][  T945] usb 2-1: can't set config #1, error -71
[  352.353423][  T945] usb 2-1: USB disconnect, device number 9
[  352.683113][   T26] audit: type=1326 audit(1724253492.460:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe8f8579e79 code=0x7ffc0000
[  352.741700][ T7344] loop4: detected capacity change from 0 to 2048
[  352.838339][   T26] audit: type=1326 audit(1724253492.460:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8f8579e79 code=0x7ffc0000
[  352.886574][ T7344] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  352.956588][   T26] audit: type=1326 audit(1724253492.460:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7317 comm="syz.2.828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fe8f8579e79 code=0x7ffc0000
[  353.108491][ T7354] loop1: detected capacity change from 0 to 1024
[  353.171062][ T4694] EXT4-fs (loop4): unmounting filesystem.
[  353.183849][ T7354] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  353.254472][ T7354] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  353.494466][ T3634] EXT4-fs (loop1): unmounting filesystem.
[  354.396110][ T6266] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  354.645125][ T6266] usb 5-1: Using ep0 maxpacket: 8
[  355.161257][ T6266] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.372757][ T6266] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  356.232357][ T6266] usb 5-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00
[  356.262319][ T6266] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.273903][ T7383] loop2: detected capacity change from 0 to 2048
[  356.278441][ T6266] usb 5-1: config 0 descriptor??
[  356.773686][ T7383] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  356.916166][ T6266] usb 5-1: can't set config #0, error -71
[  356.943164][ T6266] usb 5-1: USB disconnect, device number 9
[  358.066547][ T6627] ==================================================================
[  358.074656][ T6627] BUG: KASAN: slab-out-of-bounds in udf_readdir+0xc5f/0x2240
[  358.082047][ T6627] Write of size 73 at addr ffff88802310cab6 by task syz-executor/6627
[  358.090206][ T6627] 
[  358.092532][ T6627] CPU: 0 PID: 6627 Comm: syz-executor Not tainted 6.1.106-syzkaller #0
[  358.100768][ T6627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  358.110820][ T6627] Call Trace:
[  358.114097][ T6627]  <TASK>
[  358.117030][ T6627]  dump_stack_lvl+0x1e3/0x2cb
[  358.121729][ T6627]  ? nf_tcp_handle_invalid+0x642/0x642
[  358.127206][ T6627]  ? panic+0x764/0x764
[  358.131281][ T6627]  ? _printk+0xd1/0x111
[  358.135445][ T6627]  ? __virt_addr_valid+0x17f/0x530
[  358.140567][ T6627]  ? __virt_addr_valid+0x17f/0x530
[  358.145690][ T6627]  print_report+0x15f/0x4f0
[  358.150202][ T6627]  ? __virt_addr_valid+0x17f/0x530
[  358.155417][ T6627]  ? __virt_addr_valid+0x17f/0x530
[  358.160537][ T6627]  ? __virt_addr_valid+0x45b/0x530
[  358.165661][ T6627]  ? __phys_addr+0xb6/0x170
[  358.170172][ T6627]  ? udf_readdir+0xc5f/0x2240
[  358.174860][ T6627]  kasan_report+0x136/0x160
[  358.179370][ T6627]  ? udf_readdir+0xc5f/0x2240
[  358.184074][ T6627]  kasan_check_range+0x27f/0x290
[  358.189018][ T6627]  ? udf_readdir+0xc5f/0x2240
[  358.193704][ T6627]  memcpy+0x3c/0x60
[  358.197520][ T6627]  udf_readdir+0xc5f/0x2240
[  358.202042][ T6627]  ? load_block_bitmap+0x520/0x520
[  358.207159][ T6627]  ? __might_sleep+0xb0/0xb0
[  358.211763][ T6627]  ? aa_file_perm+0x3e3/0xf60
[  358.216449][ T6627]  ? trace_raw_output_contention_end+0xd0/0xd0
[  358.222613][ T6627]  ? load_block_bitmap+0x520/0x520
[  358.227815][ T6627]  ? __fdget_pos+0x2ba/0x360
[  358.232429][ T6627]  ? end_current_label_crit_section+0x147/0x170
[  358.238682][ T6627]  ? common_file_perm+0x17d/0x1d0
[  358.244069][ T6627]  ? fsnotify_perm+0x439/0x590
[  358.248845][ T6627]  iterate_dir+0x224/0x560
[  358.253266][ T6627]  ? load_block_bitmap+0x520/0x520
[  358.258391][ T6627]  __se_sys_getdents64+0x209/0x4f0
[  358.263518][ T6627]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  358.269508][ T6627]  ? __x64_sys_getdents64+0x80/0x80
[  358.274711][ T6627]  ? filldir+0x6f0/0x6f0
[  358.278962][ T6627]  ? syscall_enter_from_user_mode+0x2e/0x230
[  358.284949][ T6627]  ? lockdep_hardirqs_on+0x94/0x130
[  358.290156][ T6627]  ? syscall_enter_from_user_mode+0x2e/0x230
[  358.296145][ T6627]  do_syscall_64+0x3b/0xb0
[  358.300574][ T6627]  ? clear_bhb_loop+0x45/0xa0
[  358.305436][ T6627]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  358.311342][ T6627] RIP: 0033:0x7fe8f85ac013
[  358.315762][ T6627] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  358.335462][ T6627] RSP: 002b:00007ffe33d3e8d8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  358.343900][ T6627] RAX: ffffffffffffffda RBX: 0000555556711600 RCX: 00007fe8f85ac013
[  358.351890][ T6627] RDX: 0000000000008000 RSI: 0000555556711600 RDI: 0000000000000005
[  358.354110][ T7395] loop3: detected capacity change from 0 to 32768
[  358.359855][ T6627] RBP: 00005555567115d4 R08: 0000000000000000 R09: 0000000000000000
[  358.359870][ T6627] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  358.359882][ T6627] R13: 0000000000000010 R14: 00005555567115d0 R15: 00007ffe33d40b80
[  358.359899][ T6627]  </TASK>
[  358.359905][ T6627] 
[  358.359909][ T6627] Allocated by task 6627:
[  358.359916][ T6627]  kasan_set_track+0x4b/0x70
[  358.388085][ T7395] (syz.3.851,7395,1):ocfs2_parse_options:1458 ERROR: Invalid heartbeat mount options
[  358.390188][ T6627]  __kasan_kmalloc+0x97/0xb0
[  358.390209][ T6627]  udf_readdir+0xb78/0x2240
[  358.390228][ T6627]  iterate_dir+0x224/0x560
[  358.390240][ T6627]  __se_sys_getdents64+0x209/0x4f0
[  358.390252][ T6627]  do_syscall_64+0x3b/0xb0
[  358.390271][ T6627]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  358.390290][ T6627] 
[  358.390294][ T6627] Last potentially related work creation:
[  358.390299][ T6627]  kasan_save_stack+0x3b/0x60
[  358.390318][ T6627]  __kasan_record_aux_stack+0xb0/0xc0
[  358.390334][ T6627]  kvfree_call_rcu+0x116/0x8c0
[  358.390349][ T6627]  drop_sysctl_table+0x317/0x460
[  358.390363][ T6627]  drop_sysctl_table+0x329/0x460
[  358.390377][ T6627]  unregister_sysctl_table+0x86/0x130
[  358.390398][ T6627]  inetdev_event+0xddc/0x1490
[  358.390416][ T6627]  raw_notifier_call_chain+0xd0/0x170
[  358.390433][ T6627]  dev_change_name+0x70b/0x9a0
[  358.390454][ T6627]  do_setlink+0xa72/0x3de0
[  358.390475][ T6627]  rtnl_newlink+0x172c/0x2050
[  358.390492][ T6627]  rtnetlink_rcv_msg+0x818/0xff0
[  358.390511][ T6627]  netlink_rcv_skb+0x1cd/0x410
[  358.399649][ T7395] (syz.3.851,7395,1):ocfs2_fill_super:1176 ERROR: status = -22
[  358.400131][ T6627]  netlink_unicast+0x7d8/0x970
[  358.400157][ T6627]  netlink_sendmsg+0xa26/0xd60
[  358.531645][ T6627]  __sys_sendto+0x480/0x600
[  358.536146][ T6627]  __x64_sys_sendto+0xda/0xf0
[  358.540813][ T6627]  do_syscall_64+0x3b/0xb0
[  358.545214][ T6627]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  358.551091][ T6627] 
[  358.553412][ T6627] Second to last potentially related work creation:
[  358.559986][ T6627]  kasan_save_stack+0x3b/0x60
[  358.564662][ T6627]  __kasan_record_aux_stack+0xb0/0xc0
[  358.570023][ T6627]  kvfree_call_rcu+0x116/0x8c0
[  358.574777][ T6627]  drop_sysctl_table+0x317/0x460
[  358.579700][ T6627]  drop_sysctl_table+0x329/0x460
[  358.584623][ T6627]  unregister_sysctl_table+0x86/0x130
[  358.589977][ T6627]  addrconf_ifdown+0x1810/0x1b90
[  358.594906][ T6627]  addrconf_notify+0x3ec/0xf60
[  358.599654][ T6627]  raw_notifier_call_chain+0xd0/0x170
[  358.605014][ T6627]  unregister_netdevice_many+0xec1/0x17a0
[  358.610718][ T6627]  default_device_exit_batch+0x956/0x9d0
[  358.616338][ T6627]  cleanup_net+0x763/0xb60
[  358.620743][ T6627]  process_one_work+0x8a9/0x11d0
[  358.625756][ T6627]  worker_thread+0xa47/0x1200
[  358.630422][ T6627]  kthread+0x28d/0x320
[  358.634474][ T6627]  ret_from_fork+0x1f/0x30
[  358.638875][ T6627] 
[  358.641181][ T6627] The buggy address belongs to the object at ffff88802310ca00
[  358.641181][ T6627]  which belongs to the cache kmalloc-256 of size 256
[  358.655215][ T6627] The buggy address is located 182 bytes inside of
[  358.655215][ T6627]  256-byte region [ffff88802310ca00, ffff88802310cb00)
[  358.668470][ T6627] 
[  358.670778][ T6627] The buggy address belongs to the physical page:
[  358.677179][ T6627] page:ffffea00008c4300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2310c
[  358.687313][ T6627] head:ffffea00008c4300 order:1 compound_mapcount:0 compound_pincount:0
[  358.695617][ T6627] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  358.703589][ T6627] raw: 00fff00000010200 ffffea00008a5000 dead000000000002 ffff888012841b40
[  358.712153][ T6627] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  358.720713][ T6627] page dumped because: kasan: bad access detected
[  358.727109][ T6627] page_owner tracks the page as allocated
[  358.732801][ T6627] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3639, tgid 3639 (syz-executor), ts 56098010032, free_ts 55940589163
[  358.754139][ T6627]  post_alloc_hook+0x18d/0x1b0
[  358.758893][ T6627]  get_page_from_freelist+0x322e/0x33b0
[  358.764426][ T6627]  __alloc_pages+0x28d/0x770
[  358.768997][ T6627]  alloc_slab_page+0x6a/0x150
[  358.773711][ T6627]  new_slab+0x84/0x2d0
[  358.777771][ T6627]  ___slab_alloc+0xc20/0x1270
[  358.782437][ T6627]  __kmem_cache_alloc_node+0x19f/0x260
[  358.787881][ T6627]  __kmalloc+0xa1/0x230
[  358.792017][ T6627]  __register_sysctl_table+0x9f1/0x11e0
[  358.797545][ T6627]  __addrconf_sysctl_register+0x28f/0x3e0
[  358.803247][ T6627]  addrconf_sysctl_register+0x128/0x180
[  358.808775][ T6627]  ipv6_add_dev+0xb8e/0x1180
[  358.813356][ T6627]  addrconf_notify+0x7a6/0xf60
[  358.818110][ T6627]  raw_notifier_call_chain+0xd0/0x170
[  358.823493][ T6627]  call_netdevice_notifiers+0x145/0x1b0
[  358.829046][ T6627]  register_netdevice+0x12f2/0x1720
[  358.834242][ T6627] page last free stack trace:
[  358.838898][ T6627]  free_unref_page_prepare+0xf63/0x1120
[  358.844433][ T6627]  free_unref_page+0x33/0x3e0
[  358.849099][ T6627]  qlist_free_all+0x76/0xe0
[  358.853587][ T6627]  kasan_quarantine_reduce+0x156/0x170
[  358.859030][ T6627]  __kasan_slab_alloc+0x1f/0x70
[  358.863859][ T6627]  slab_post_alloc_hook+0x52/0x3a0
[  358.868956][ T6627]  __kmem_cache_alloc_node+0x137/0x260
[  358.874400][ T6627]  kmalloc_trace+0x26/0xe0
[  358.878798][ T6627]  kset_create_and_add+0x57/0x160
[  358.883807][ T6627]  netdev_register_kobject+0x1a0/0x310
[  358.889252][ T6627]  register_netdevice+0x108a/0x1720
[  358.894436][ T6627]  register_vlan_dev+0x384/0x800
[  358.899361][ T6627]  vlan_newlink+0x453/0x5a0
[  358.903864][ T6627]  rtnl_newlink+0x14e3/0x2050
[  358.908528][ T6627]  rtnetlink_rcv_msg+0x818/0xff0
[  358.913450][ T6627]  netlink_rcv_skb+0x1cd/0x410
[  358.918203][ T6627] 
[  358.920510][ T6627] Memory state around the buggy address:
[  358.926123][ T6627]  ffff88802310c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  358.934172][ T6627]  ffff88802310ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  358.942213][ T6627] >ffff88802310ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06
[  358.950268][ T6627]                                                                 ^
[  358.958268][ T6627]  ffff88802310cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  358.966310][ T6627]  ffff88802310cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  358.974353][ T6627] ==================================================================
[  358.986519][ T6627] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  358.993737][ T6627] CPU: 1 PID: 6627 Comm: syz-executor Not tainted 6.1.106-syzkaller #0
[  359.001990][ T6627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  359.012142][ T6627] Call Trace:
[  359.015432][ T6627]  <TASK>
[  359.018372][ T6627]  dump_stack_lvl+0x1e3/0x2cb
[  359.023064][ T6627]  ? nf_tcp_handle_invalid+0x642/0x642
[  359.028540][ T6627]  ? panic+0x764/0x764
[  359.032608][ T6627]  ? preempt_schedule_common+0xa6/0xd0
[  359.038064][ T6627]  ? vscnprintf+0x59/0x80
[  359.042418][ T6627]  panic+0x318/0x764
[  359.046318][ T6627]  ? check_panic_on_warn+0x1d/0xa0
[  359.051452][ T6627]  ? memcpy_page_flushcache+0xfc/0xfc
[  359.055547][ T7405] loop4: detected capacity change from 0 to 1024
[  359.063145][ T6627]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  359.069133][ T6627]  ? _raw_spin_unlock+0x40/0x40
[  359.074000][ T6627]  check_panic_on_warn+0x7e/0xa0
[  359.078953][ T6627]  ? udf_readdir+0xc5f/0x2240
[  359.083645][ T6627]  end_report+0x66/0x110
[  359.087896][ T6627]  kasan_report+0x143/0x160
[  359.092408][ T6627]  ? udf_readdir+0xc5f/0x2240
[  359.097099][ T6627]  kasan_check_range+0x27f/0x290
[  359.102039][ T6627]  ? udf_readdir+0xc5f/0x2240
[  359.106725][ T6627]  memcpy+0x3c/0x60
[  359.110540][ T6627]  udf_readdir+0xc5f/0x2240
[  359.115055][ T6627]  ? load_block_bitmap+0x520/0x520
[  359.120168][ T6627]  ? __might_sleep+0xb0/0xb0
[  359.124851][ T6627]  ? aa_file_perm+0x3e3/0xf60
[  359.129538][ T6627]  ? trace_raw_output_contention_end+0xd0/0xd0
[  359.135789][ T6627]  ? load_block_bitmap+0x520/0x520
[  359.140923][ T6627]  ? __fdget_pos+0x2ba/0x360
[  359.145531][ T6627]  ? end_current_label_crit_section+0x147/0x170
[  359.151784][ T6627]  ? common_file_perm+0x17d/0x1d0
[  359.156815][ T6627]  ? fsnotify_perm+0x439/0x590
[  359.161604][ T6627]  iterate_dir+0x224/0x560
[  359.166026][ T6627]  ? load_block_bitmap+0x520/0x520
[  359.171142][ T6627]  __se_sys_getdents64+0x209/0x4f0
[  359.176259][ T6627]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  359.182248][ T6627]  ? __x64_sys_getdents64+0x80/0x80
[  359.187445][ T6627]  ? filldir+0x6f0/0x6f0
[  359.191778][ T6627]  ? syscall_enter_from_user_mode+0x2e/0x230
[  359.197764][ T6627]  ? lockdep_hardirqs_on+0x94/0x130
[  359.202967][ T6627]  ? syscall_enter_from_user_mode+0x2e/0x230
[  359.208955][ T6627]  do_syscall_64+0x3b/0xb0
[  359.213383][ T6627]  ? clear_bhb_loop+0x45/0xa0
[  359.218085][ T6627]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  359.223979][ T6627] RIP: 0033:0x7fe8f85ac013
[  359.228382][ T6627] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  359.247976][ T6627] RSP: 002b:00007ffe33d3e8d8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  359.256377][ T6627] RAX: ffffffffffffffda RBX: 0000555556711600 RCX: 00007fe8f85ac013
[  359.264335][ T6627] RDX: 0000000000008000 RSI: 0000555556711600 RDI: 0000000000000005
[  359.272289][ T6627] RBP: 00005555567115d4 R08: 0000000000000000 R09: 0000000000000000
[  359.280248][ T6627] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  359.288204][ T6627] R13: 0000000000000010 R14: 00005555567115d0 R15: 00007ffe33d40b80
[  359.296349][ T6627]  </TASK>
[  359.299466][ T6627] Kernel Offset: disabled
[  359.303777][ T6627] Rebooting in 86400 seconds..