last executing test programs:

4m18.878237346s ago: executing program 2 (id=151):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x8)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4802, 0x0, 0x7289, 0x1}, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, 0x0, 0x100)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x26, 0x803, 0x2)
r4 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r5, 0x6, 0x19, &(0x7f0000000040)=0xfffe, 0x4)
bind$inet(r5, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
sendto$inet(r5, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb)
shutdown(r5, 0x1)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x6, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
connect$unix(r2, &(0x7f00000001c0)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmsg$nl_generic(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[], 0x18}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000020027000000000008000a00a8"], 0x6c}}, 0x0)

4m16.403889191s ago: executing program 2 (id=153):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x3a}, 0x0, 0x0, 0x2, 0x6, 0xf7, 0x200}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil)
r5 = shmat(r4, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
shmdt(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000012c0)={@in={{0x2, 0x4e21, @local}}, 0x0, 0x0, 0x35, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
close(0x3)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

4m13.105235344s ago: executing program 2 (id=154):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x4, &(0x7f0000002140)=ANY=[])
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0)
r2 = open(&(0x7f0000000040)='./file2\x00', 0x1, 0x104)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x4}}, './file2\x00'})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700"], 0x48)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x27)
ioctl$BTRFS_IOC_DEFRAG(r2, 0x40081271, 0x3)
r6 = syz_pidfd_open(r0, 0x0)
setns(r6, 0x24020000)
syz_clone(0x948e1180, 0x0, 0x9, 0x0, 0x0, 0x0)

4m11.11921904s ago: executing program 2 (id=158):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
syz_open_dev$hiddev(0x0, 0x9, 0x24c000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000004)
connect(r1, &(0x7f0000000100)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x3}, 0x80)
r2 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="100016800c00038000000100", @ANYRES32, @ANYBLOB="0600150004"], 0x4c}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000003f0500010006000000050005000200000005000400000000000900020073797a310020000013000300686173683a6e65742c6966616365"], 0x4c}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}}, 0x40c0080)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0)
syz_open_dev$vim2m(&(0x7f00000001c0), 0xd179, 0x2)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, 0x0, &(0x7f0000000400), 0x6, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r8}})
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f37, 0xf, 0x3, 0x80008, 0x3, 0xb, 0x4, 0x7, 0xa, 0x5, 0x401, 0xfffffffb, 0x200001, 0x23, 0x10006, 0x101, 0xffffffff, 0x2, 0x1, 0x40000006, 0x89, 0xcaa7, 0x9, 0x92d1, 0x3ff, 0xe68, 0x3d, 0x9, 0x6, 0x0, 0xfffffff9]})

4m8.867526542s ago: executing program 2 (id=163):
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e0a03"], 0xd)

4m7.936440677s ago: executing program 2 (id=165):
syz_read_part_table(0x104d, &(0x7f0000000000)="$eJzsz8EJwkAQBdAf3SXx5sUeLMMSvNhPLoK12JhlrIS4pAIR4b3LLPP5CxN+apjzGJPUvpjXcc1lGaUNZV3U5FyTshVb2+eQ5NW7x57V7fs2JJlSUrK8MuV+yvhJd7fnd68DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP/wDgAA//911wms")

3m52.812948362s ago: executing program 32 (id=165):
syz_read_part_table(0x104d, &(0x7f0000000000)="$eJzsz8EJwkAQBdAf3SXx5sUeLMMSvNhPLoK12JhlrIS4pAIR4b3LLPP5CxN+apjzGJPUvpjXcc1lGaUNZV3U5FyTshVb2+eQ5NW7x57V7fs2JJlSUrK8MuV+yvhJd7fnd68DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP/wDgAA//911wms")

3m1.231900731s ago: executing program 0 (id=427):
r0 = eventfd(0x1ff)
io_setup(0x5, &(0x7f0000000a40)=<r1=>0x0)
ioprio_set$pid(0x2, 0x0, 0x6000)
io_submit(r1, 0x1, &(0x7f0000000a80)=[&(0x7f0000000100)={0x0, 0x0, 0x1000000, 0x7, 0x7, r0, 0x0, 0x0, 0x8, 0x0, 0x1, r0}])

3m0.935432879s ago: executing program 0 (id=431):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000002060300000034e40000000000000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c706f7274000000000c00078008000640"], 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe80000000000000000000007649ec6106000440000400000500070006"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

3m0.666192904s ago: executing program 0 (id=434):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e23, 0xfa8, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76df434e4ec536c04816b127eb525176f5737b934b37a9d109ea3aa64d0fb30013becb29f6a39d4cbdbc4e2540996ed75b90498301c99df853d4baac4654e6f1a06cf03a87aa2d2d74199bcafa0dc84a8ea112fba51687b8727bb905c7b42a0c9b26559b4ecc397c6a33731df0fca1aee35968435e8129f8e6d52a0754fcaa693706c4557af6be8821983e702fdd3dac90b6cbe00b1fe59f5bcd890dbb87c0d8d80ba8727e4ff6b89af3ecda43705a9dc113396c950947e85193eabe1364909509babcad37d21392d071480ff4f69dc5db442263d4608ff94e5157c65bb35c3f4a7af6bfb562a317cf13292abdbd5ac3f31d47da6fe5e8be324c78b37e2f351955bbf5f18f86a0cd98d68dca14aea59917ce05e0dc0e3a2033d22a506109db846c49f8c7d575c02349736311e40bc497c9a7da1fe4f94d8e601a5cff4cbd63ed730a01c7f07dd74d603b951557b93e551b0e028232412d568dadc29c2c9e01ca85b83d779cd3b918f9c73ba471ee9079fc42b511b45c3d4f80a46f8e9ad22a05ef5422348ff415b2131e2b2ae0ef5fab9f678bc5ef02d611655d6264e0755e176ade135a971851bd22666ae753ff5135bf14a005cea45a8b163706ea52af786f2b48362ec8619f8f728ab9fee21bcc9e000d1c470a51cec5a510f06de4dc52fc82e0be10fe0ac55f09e086cdb7f5d5f935033e4925a6ca1b1ea42f511dafd63a3cc32bcfe20aca26adb6eded22fc956b96cf2b70b5e78dbf4c2da06438c9be342f44f1dbc9bc4e453bad09f8e7d2b611e9f33f681c4342e31fee49d613b170d9ae6c93c7ece1bf0d8aaf00870b6896b8fee4ee9d705608a044ec3537ae6c46b5345e4c41576911757d4ed5bdee8e14f73df14b88af36b4c303346d88b424fea428c77cabc55198fafbcec9b027f9a9759638d733fe2dec7996ddba717fd7e0f0188f9213701c304a2b01186c72a8cfdcb87dd9c8711ec0c438eb7c229b8dfbec5c14bfeec20810b4be8944f7d6f44e5bb8839b84afe25a8654ac821efb9c850394d452873db8e9f05de381103b1278f3b34ec0b920d3aa111c82fe424588debe04dd75ac991c5f650f0b8e72c1783d975d663fc0d939f32bca98650141b381af26436c6352d98a6e30843d956ad68f998851b8c64c49a59ca6937355ac4412009cd0a2e4cacf5b02063908f7937e7563e6f63703adc5aff159f3628eb64071fc74e4e66e142113a176c2a649d653f55e833a3f184f91995547a79f46c7ca02813136c920fe6f69fe466656518478ccb84c02d751a502dff90558ce066d9be71c8fa800d7a1d56b5ca52be3122aae2cfbfe1b11d454ad72bdf7fd9d450a74734594f5e566ac2a37ca8b648fee012bf7f83f1126743b0f4791592e17dfca010a3dafeac81b88c5a47d948fc772fe4b48146b10aa319a13ca4f4dc05861859929d3c1d69967d18290cc87777a4231a6ce8dc2a4e34450e3a7659c05e5e12239d768ef8394f82278b975a68497571d1e5191ac329a66b5219f3f7f20f21261cdc3028a3662b6c10198bf7d3d513b5b823d4703cb29d89b84da69a6358a269769a8b23712c6291e77fc4da837e0857b4bbc08bba0659c55a1e06fdf1736df13948824a37515f8c49de6d502519077197debfc74709ed564315279ec804c7a0305526b14efcab44364105aa805efd97f0444d6016e35712dba75b038ea63917e6163614a3a6c694d7612e00cddab8bd31f6ba146d08e949d50ed3b0ef8fd3412ffd020bfabbcfbc5c3fa436022de3fd973869066871ec639653f3b4b5f01374adf3b60940d241a5dda6df550662ccb1a4575e2419baf1a76a246c9b7f39a05c03d832aa28293a54c619865fed0fdccd570859ffc7b1844ea8cff1e12389382e39211e665fec9d82faf11fd2300412d24dab176515aff938a6b12b5427b7fa6b42a3042248977b2f4eae9d96534a85b9ed500f62866d39f5301a3b6e60d392248fcfad25c2803c875e00010f40caca1a5932e00765c3b52427a2a8d6875a73ccb3b8e78dd27555994bf4358b2e577efe8886939515be37889e3656a5e0a949619f0f0b9cae7dc59a2415bec72df3439e563cfe69b7952abfad6cb6a979c146355e590ace810017d04075f23a1554a81bcdfb82c2396fd61fe95cd0f9c2e394bdbb0900648675ec09b94b1d4672e613be577cb398bb5d188b7c09865e2edbb273f8d9b0ae836f24b34ae6cd22e37e1ab31c835c23bd8f6deb49402f19406b0c7cddfbe357ab496910a8efa939dd9ab91de3ba67d07103063fbf9ee6fbd7b61c6b65ebe735cfab2c1162b379a3cbcbdb14d82b7f2e707ddd896ac5085ef5b15da85663df079bd5ef6180c775a4b7d645630aa9ea704f69ec8ea052f8f41e62f0e6f78a5a846e9130c53eb29a7bab9b102bf08729243f6ffe0ee6f28e98e4d0c1f49813aa04c2774f1f076310d923e900fe1c609bc5a308421fb82a12b03b9be47ce6d88635bb1722739d1abcdbc28133de131d2151d76f565be56813bb3edcf4d870f4acd0bfe5b30d60ef065158bf7b8401096a1647de88c7b0144eacecabfdf9d48d91573e82f2efecab095339e799e36ab3ee1eb66db9f9c21d96bcb2b7bf4ab01e8e56df8c4bca2bed7732472468a3b447024bc997adff639ba35e2af10f661199c4a8a2b2a8e3e59ff4ed5da468c1c2c41001efc0529636ce4ef9dd6b28deed0ad5a758abd2a3a3f024f56dd17fb4b1af62a6b91f24973071a9982df0047f85280f4a5decece67fc02428f830343e910fef6f3467c9d7776a06c133a50752cff4aa72bcbb9e4dbd8489e2e3698aae45a8753071fb6d803943d171adb60e8fcec9865e46df8fa120b939537a05b63daec7e0ecf9713c491646f04435364de697fbabf3c72d08a24f1bf34212bcdb7d5e038ac28ff76d5243b695e7faa1211a940da618930d79acdc6fdc7c9f2f4a5435d3f748ec68429f5ca2548315801cf73d74816f1ece3dfa6fb557ac105ad28d4532e1c8c6b5ab3526fbe73916dbe123acb4ac89c1b5a0664b81e216453db066e3c4318006ba3e25ed6cfe22c80f17619b7372947013749c7d04f13277f81f4461492d9237c5961be4d30965607a4d5db095070df02230cc87d9ab8633e60de83aedf8814e632bac8566bbfcdf159c9a2a7944be1a61792b8af10dd28d0ebadf7e4f231af099450813c5e27f934112e11124b01106615cee48aee88947f31a1839b83ad5c8326e30f318ae57b56becaec7094c4e7d2a377bfcb0c29ce046623e6ec120ea63c53cef94deb3d813d4b1749009084c3ade1675b55490b9d1faa03d7a2fd34921d62c31d7ef1f181883ac312dbb08b2600edce0ba197d1704485e2f155ec659de742a22628270968905324381f203a1ad7ac30b252d4c3ff9915fe32c16cbf4684a7c517b9a2ecec2433685f4741b6f02f8aa2bd0f6bf370962f38214899129012a0d36ba14c0a3e93742d063f09f0c1e838fc1095b065089c91d02a4b2e1d0a49d2294682a38d578424d1e81ff959b33f746114b795319a047d65f5e3b7a347e6cf8b0fad9eaea3db5eca7e953f77bc6c23de8f938bb505013f5c39173cb69312af98d5ff14715794c729f41490297c2b418eef11841a788eaaa7ebdb77880b64701aee50371f542e79831321833dda60213fa741ec197419d83f61c06397a47a75f50b986c53e6fdf8a6e07008e1a29b1774ceb11429a1ecec05bf80da802239c58f226ab5eb34d522ff62bc0528d87e716793e56c48352648291470bb592981acc06c2ba1547e11babf3f1d22f5e01e1f759c05816cdfe0c986c58ebbd08d8449807cd2579d5b7265930f696f8aff73e247cec12c0d1fdbcc4880245b866c2cab8b6bdf0951c2c6beccab7513ba28545036d164b407e1228a831e3b37f9c56721c347d499c1c29b8a972d2d1cfeb47f20975b4eb0b62e25dfa4ef116e62e415cde22bc039d1ccb9e70a5599881bb8b61f680670b787afc8734ac8c39ca50fbed619e54ac1421bc2584d4f7027593e12f738ba0f2d5fe03fcc7168056332477eb0b26c0579d54d8537f941acc183fdca495a7ffa10f0d3189f8c32742d5564c97e26b659969f7060a7c8864445c252c5b1755a3e8473ef9b0909eb74cabb553c3d6ab58f12ed75703d9139a4f57ef71af90815a5273e64282582623c41c51352d12ce48e0712f50ab3dc528619e1e16b52452204b3c7e1e16556e8fbdf0d623216186ff5ca84ad730ff457b06e766e085d5dee40a308fae8b4e19e18245a3ed02967f07441903c149ae9da5fe238194009ded2a3d80a67e1c3abdfb63fad0155529c48a748ef499252d5d3e912304b1d11ee77dc25427e5e9a115583a692558aef65faba0e1f0bc4aa6b6ac21d4fe4741feac17a7c6b5699384e30f7236f400d9df6d658add13b4f0a4b16a77d1f9e6b4d3045f7ba7ee68ce171008e635496ad631f59846b7895aa329390d2ad9980b6586d383a740f1e1b0883a3fddc4126c2d09fd5815dd892692e1c3b7eb2951b766bd4bca19896f75dbfaf51ad4ca9f97d00049082091e3c6cdf16026b1de4603ac7afde08a7a8ffd110636d3d063c2bb6fa84bfd7fff8ad04d0c812fe14a77bd3a9b9fdcc3e0fbaf5ac2475130987f81ac8c9898f95112aa597f40ec11e04684e45b56d81e11180f59b606886306fbc62c076a12a41238ccd74d3154f312f10f3ad215d64a468cb15eae30a3f7f7e5cf6a87dbd813df8093d2b3586693ddee6a5c1b0caaec1ef419657b89692bbd2a7064767cf5b4c3ef6d120557b4df5e7ee6094f935870edc070ae3e96c850a61356c5d79008fc98728dd87470a98aa1c1ab6056990110c0b3108e50b573d77ad4856c03da8098c8fd176685803db471a642dfb9a9ef2d14e186eea96219ea0fa03cc28d7ea2686e61c3f46f15c23213a6432d77ffea182ec26dbf9118a2fc082bdee517e0974982819a7a996b7a30f5901dd3c44b3344bdf93a61ecc4cddb969d3b94e6f4910a9b38ff886d5c96a820092f112ee6eb0ce094940280a2040862157497b3a3374a4d62c34d1fdf6826811db1ea7f28b64f22304e2246dcee44ca361370c0d1727f951dbdb1a329368a5dd76ba4486ce508a28d0ce2eb95daab36caf101dc2351c4efdf3ec70221888dad522b0d51a0b9765a410ca8cf00baaeb074d310cdd908e76586e59d0c7c27eb5557e474ac54525c237d5b2eedccab12b0f96fa2c00239e2017dfeb645fdd748d5c21684181b81464d32909b4995f274a9717f224c1e34cd41c8d12b9f13daeae3f65510c6ecf94956d630db0478fbf87c7d7c75221046a1a1886696f89e427b94139164b99b88d83b633122b5d9483f4261be27d01d6011cee48b1c24a3aff62c4d04f9dfb00e1a7a1013f97e87306147b7da305a36077cf0a7618563a754e34e65c2ee95932eb2da4b73ca83f3afcce93d8d59357ca7b5d9f37e5ba475be39bb8870af109d95527b44777ff8f55ace0adf84f73ce065371a4ce78b22d7a6bbf1bbae4c57b44262ddff39f4ce8b858f89737f33786445cbaf271959da24"}}}}, 0xfce)

3m0.04618685s ago: executing program 0 (id=439):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @d}})
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m59.440070146s ago: executing program 0 (id=442):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000380)="e8", 0xfffffffffffffe98, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c)
shutdown(r0, 0x1)

2m58.85653828s ago: executing program 0 (id=444):
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x88440)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
syz_usb_disconnect(r0)

2m58.255913335s ago: executing program 33 (id=444):
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x88440)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
syz_usb_disconnect(r0)

2m41.147572297s ago: executing program 5 (id=528):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@private=0xa010100, 0x0, 0x0, 0x4e21, 0x0, 0x2}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3}, {0xffffbffffffffffc, 0x0, 0x0, 0x1000000000}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x4d3, 0x3c}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xe8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)

2m40.905032721s ago: executing program 5 (id=531):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x2000)

2m40.647202086s ago: executing program 5 (id=533):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8fffffeb703000008080000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)

2m40.40840498s ago: executing program 5 (id=535):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x30006041)
close(r1)

2m40.113985657s ago: executing program 5 (id=537):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3214212, &(0x7f00000001c0)=ANY=[], 0x1, 0xf1e, &(0x7f0000006600)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcRXnvfXuiye7nqxnd72/n/T32zdvPP//eCNnZjz7JgBjq7H+9fDhpSKED754/4nXni1+d2XZva019q1/LWKvGUKYausX2fa+igsunX/12GZtEQ6uf0398OS51vfOhRDOhH3hy9AMn66sXvjkw8f3f/bW7O3vnn7+9W3a/ZZ8PwAAYCc6+5fVfzz4rz8/vHjx7N6jYaa1PB2fN2N/Lh73H4gHyul4uRE6+0VbtJvO1puI0cjWm8jWm8zyTJbkm8q2M1Wy3nSXfBNtyzbbTwAAABhF6by2GYrGcke/0Vhevnref8VXC9PF8osnV0+cGlChAAAAQGX/fWP9plshhBBCCCGEEH2M1j3KQ1CLEFdibWGw1x8AAACA8ZPPF3aNM/2dqau1tWZv+c891tj8+6EP6v73L/9o5f/4Tb9xAACobqceTab9SsfRaR6DfB7Biez7tnr838i2M7nFOsvmFRyV+QbL6sx/rsOqrP6tvo+DUlZ/Ph/msCqrP5+nc1iV1T9Tcx1VldU/W3MdVZXVv6vmOqoqq393zXVUVVb/XM11VFVW/3zNdVRVVv9NNddRVVn9e2quo6qy+kflttqy+ps111FVWf2LNddRVVn9N9dcR1Vl9d9Scx1VldV/a811DMo9sU0/h73ZePv5c35ONyrneAAAADDu/mf+PyGEGNto3esyBLUIIW40bhuCGoQQQgxzvDHYyw8AAADAEEifC0ifel+L0vhEl/HJLuNTXcanu4zPdBkHAAAAQvj92yfufK/Y+Jz/jc6Htz5vVGNj/qWtzmOUz0e41fw3Ou9Z2trV+i9sOf+ozFsGAADAeCm+/+Xlh5746OXFi2f3Hm07+74cz3fTPKCT8drA57Gf7guYz/pFOoc+2pmnUbJefn3gprLtPXWDOwoAAABjLJ2/N0OxfsrdaPUbjeXljfPxpTBVnDi5evxA7Kfns/xpYWpUHrUEAAAAY2vjfL9oLG9y/p+e47sUpovlF0+unjh1tT/fWj7VaL8usLCxfP16waOt7XUuP1iy/FDsp+d3/nBh1/ry5WM/Wn223zsPAAAAY+LUK6eff2Z19fiPN32RPs1+vXW28iJ9vmAr3xVCEfqT3QsvvOj1xQB/KQEAANvi66/fn/rJofk/XP38/8b8d+nz//tivxnn9vtrXCHdJ5A+B3DN5/Wf7syzULbeS53rNbP1JmLMZHXPtm0nhI35BtP3LZbla3ZuZ7ok31yWbz7Ll89TMJmtn/LtyZbn8xOm9Ray5fk8jJNZjiLLf18AAACAcisvv/DSyqlXTj9y8oVnnjv+3PEXDx088r0jRw48+t1HV9bv619pv7sfAAAAGEUbN/0OuhIAAAAAAAAAAAAAAAAAAAAYX3U8TmzQ+wgAAADj7j9vhBDOCCFK4uojMPu/3Y0nUQ5+H8XOjV1DUIMQQoh+x8XrjE0MQX1CiKGNtbX8SfMAAAAA2+vS+VePtbfXOFP0NV9ra/GvsZdj3tTOP/L3xSuRVjv3WOf1kt19rYZxV/e/f/lHK//Hb/Y3/2x60fPvv0bnBo5Wy/vAyq+W2vPfNdlj/nz/n6qWf3+W/4HQW/61j7L8T1fL/2CWf3eP+a/Z/5eq5X8o5l+K/f3395q/8/2fiW3aj13XS9r2X+d3sv1/NvSaP9v/Zo87nHk45geAcdQYdAHbJB0lpOPoudhP+xsPN0N+98NWj/8b2XYmb7jyzu2m46A7Yj8dL81neZOt1j+Xbe+minXmRuWukrL6+/U+brey+qdqrqOqsvqna66jqrL6Z2quo6qy+mdrrqOqsvqvex46RMrqH5XrymX1z9VcR1Vl9c/XXEdVZfVv9f/xQSmrf0/NdVRVVv9CzXVUVVZ/xctqtSurf7HmOqoqq//mmuuoqqz+W2quo6qy+m+tuY5BuTu2ZefD6fxzIY6lfjPrz2zys9yp1xYAAABg1Pzb/H9iVOLw/OBrEEKIvsWuIahBjHfEv/4MvA4hdkasrV1eu2LQdQhxvVhbG/QVCAZpez/NDMCw8vt/vHn/x5v3f7x5/7medA9/kfWTiS7jk13Gp7qMT2fj+b/XmS7jt2TbXYvS+K1dxm/rMr6ny/gdXcaXuozf2WX8ri7jd3cZBwAAYDzcHlvnhwAAALBzvfbrz9/57QNPn1+8eHbv0TB9zbzzB2J/Jv5t/e3Yz+e9T6bi3/x/Gvu/jO0fY/vPbH33nwAAAMD2S8+J8fd/AAAA2LnSc0qd/wMAAMDOtRhb5/8AAACwc90cW+f/AAAAsIMVs5svjm26LnBfbHud1w8AGH7fiO09sd0b23tj+83YpuOA+2P7rZrqAwD65xc/+NmR94qN+f4PZeOX4vLUXuPM1SsFRaNzJv9dsd0d22/3WE/+PIBe8yd7esyzXfkXbjA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBzNNa/Hj68VITwwRfvP/Hz6Xf+dmXZva019q1/LWKvGUKYan1fGt3o/yaueOn8q8fa28uxLcLBUISitTw8ea6VaS6EcCbsC1+GZvh0ZfXCJx8+vv+zt2Zvf/f0869v44+gY/8AAABgJ/p/AAAA//9D9Bis")
creat(&(0x7f0000000380)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
creat(&(0x7f0000000040)='./file1\x00', 0xd)

2m39.160865323s ago: executing program 5 (id=540):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e05800720"], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)

2m23.49595652s ago: executing program 34 (id=540):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e05800720"], 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)

2m7.826635827s ago: executing program 3 (id=659):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(0x0, &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x80}, 0x48, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
keyctl$unlink(0x9, r4, 0xfffffffffffffffe)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
shutdown(r5, 0x0)
shutdown(r0, 0x1)

2m5.676227123s ago: executing program 3 (id=665):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500090581030002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000180)='A')
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)

2m2.956368252s ago: executing program 3 (id=678):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$cgroup_pid(r1, &(0x7f0000000240), 0xfdef)
read$FUSE(r1, &(0x7f0000000740)={0x2020}, 0xfdef)

2m2.715559677s ago: executing program 3 (id=679):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @d}})
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m2.069965914s ago: executing program 3 (id=680):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x4, 0xfffff034}, {0x40, 0x40, 0x0, 0xfffffffe}, {0x6, 0x0, 0x40, 0x1}]}, 0x10)
r1 = socket$inet(0x2, 0x3, 0x6)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x2, 0x4e1e, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)

2m2.068262414s ago: executing program 4 (id=689):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b000000000"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x2000000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/182, 0xb6)

2m1.724489985s ago: executing program 4 (id=682):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fsmount(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2440, 0x0)

2m1.492078148s ago: executing program 3 (id=683):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(0x0, &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x80}, 0x48, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
keyctl$unlink(0x9, r4, 0xfffffffffffffffe)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
shutdown(r5, 0x0)
shutdown(r0, 0x1)

2m0.982691318s ago: executing program 4 (id=685):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x59, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x93254, 0x8}}, 0x20}, 0x1, 0x0, 0x0, 0x600}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}}], 0x1, 0x0)
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x8029, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x580, 0x0, 0x28, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfffe, 0x700}, @generic={0x0, 0x2, "d58838000391"}]}}}}}}, 0xfd6c)

2m0.616094809s ago: executing program 35 (id=683):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(0x0, &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0x80}, 0x48, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
keyctl$unlink(0x9, r4, 0xfffffffffffffffe)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
shutdown(r5, 0x0)
shutdown(r0, 0x1)

2m0.563709312s ago: executing program 4 (id=690):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @d}})
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

2m0.299189078s ago: executing program 4 (id=691):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x94, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x15, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff04, 0x2, 0xb, 0x3, 0x5, 0xa, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x45}}]}, 0x94}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

1m59.800385757s ago: executing program 4 (id=694):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0xa6, 0xfff1}, {0x0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000031}, 0x4041080)

1m59.456798967s ago: executing program 36 (id=694):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0xa6, 0xfff1}, {0x0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000031}, 0x4041080)

1m15.34055679s ago: executing program 8 (id=860):
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f00002db000/0x4000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000289000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000429000/0x1000)=nil)
mremap(&(0x7f00005a7000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f00004fe000/0x4000)=nil)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil)
mremap(&(0x7f0000b89000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00006e6000/0x3000)=nil)
mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00')
read$FUSE(r0, &(0x7f0000005200)={0x2020}, 0x2020)

1m14.840378978s ago: executing program 8 (id=862):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0xff)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010100}, {0x2, 0x0, @local}, {0x2, 0x4e24, @broadcast}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

1m14.496697179s ago: executing program 8 (id=863):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000011c0)={'sit0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x1, 0x80, 0x1002, 0x6, {{0x5, 0x4, 0x0, 0xe, 0x14, 0x67, 0x0, 0xd, 0x4, 0x0, @multicast2, @empty}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0x2, '\x00', 0x654})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1m13.896300364s ago: executing program 8 (id=864):
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x8004587d, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x0, &(0x7f0000005240), 0x1, 0x51b8, &(0x7f0000005280)="$eJzs3V+IVNcdB/Azu65uXepOoRQLQlcoLS0+LIVSi5RuS9X6sDJV+lBbdfuHQvFlFR8qfeiGBIPkIesKEvMQNwQiSUAXMcQQIasSDSGQByEo8cGEJWwwD0LyvISde8/szLnenXGjWaOfT9i9c+Z3zrlnhvsw343nTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAQwu3PawMz//vJSFl94vTFubnZ7T0TNw/1bT2//0YIlfrzlby+9/d/3PHvnXuHe+OAkT9lx2q1bMps6K2ssbLlyflxrT9/DyH0JBN058fNfU1jK+kJwoHihIvatmv3hd7J4Y2HD264NHn01FjxpTOvd7kXsFzy62pm4Voaqv/uSno02k2XXqXlEs3GpxfcN/IiAIB7MlirHxofR/OPuI32WFpP2kNJezxpx08I482NpcjmXVm2zoG0vkzrHMqiwqrSdSb1/P1vtGvp+KSdRI17WGdr1zzS9JatczSpL9c6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4me87N/Pf2u1dOltUnTl+cm5vd3jNx81Df1vP7b4RQrT9fycqV6yfXHfvVP7cMvHl8+GeD//rDju58XDyuaOocrscHv+4P4R9NlZk47WdrQqi1FurNcKJY+E/9wbZYAAAA4FHyw/rvrkY7i4M9Le1KPU1W6v9FeVjctftC7+TwxsMHN1yaPHpqbOnz1UrmG7rrfI12deGn0hSMY/xN51uox64HCvMsLp0xzfNXLm+8uOXqnqNl4wv5v7p4/o/vnPwPAADA1yH/p/Msrl3+f/XIE7MDT539adn4Qv4faDllIf/HFcf83xWWlv8BAADgYfag8/9QYZ7Ftcv/f91z4ncfbukdKhtfyP+DneX/Fc3Ljk++Hxe8rz+EwXZLBwAAAErE/+++8KeFmNeziJ/m9TMvH5u+9vFvNpXNV8j/Q53l/577/soAAACApfr57ls/ePHt786W1Qv5v9ZZ/l/1wFcOAAAAdGr9mc1vVV+oPFdWL+T/kc7y/+r8mO98yAZdif8K4Vh/CL3zD0azwtUw/ttGAQAAALhPYk7//7NX33m6+8/fKetXyP+ji9//P97pIO7/b7n/X2H/f1Mhu+vfJjcGAAAA4HFU3M8fb4+ffXNB2ffvd7r//5N1517/5bXp58vOX8j/Y53l/+7m4/38/j8AAABYgm/b9//9pTDP4trd///T77/23pdzP7pcNr6Q/8c7y//x2Nf88qbj+/Nkfwhr5x/kdxN8JZ5uX1KY6mkqZG98MmJnHJEXplY1FepGkxG/6A9h/fyDsaTwvVgYTwp31uSFyaTwQSzk10OjcDopTMcr7fiafLlp4Y1YyDdYTMUdFH2NLRHJiC/KRswX7jrio8bJAQAAHisxPOdZtqe1GdIoO1Vp12F1uw5d7Tp0t+uwIumQdix7Poy0FuLzf3vp7Ooj1Us/DiUK+X+ys/wf34qV2aFs/3+I+//zLyBs7P8fiYVqUpiKhVp6x4BaPEcWdp+J56jW8hF31jYKAAAA8EiLfxfoXuZ1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFfs3X+QXVV9APCzP96+7GazWcRBVAZWqGDqsNkkpojSMdgo1h+4KK1jHWtCsuCaxQQSOoShnQWs/cHYUkDaaa2Eto7CWJrBKZDWlkgbbAc6Bdo6QNTRIiN2qg5Di7UgdN7ee97ed+7evJdkN2Tp5/PHvvPe9/y878e+c+995wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8/HHfHvtoHf/Dw+6vi19/+leeff/Lc2vVf37n0nLsveTSE8ZnHu7Jw1yM3n3DDGZvePrLnpvesGNu8/n19ebk8HpY2/nTndz4Ra/3OshDu6gqhNw2cPpgFavn9wVjfCYMhHBNmA80SEwNZibThsK8/hF1hNtCsak9/CIOFwPkP33vPpxqJG/tDeG0IoZ628Y161kZ/Gji1LwsMpIGtvVngRy9kmoG7u7MAHLb4Zmi+6HePt2YYnrtcxeuvNm8de3Glw+uJieHqfN8/e4E7VdCXPjB+WE9bqToWROntsde7bRG820rb+TpPW/GLVP4N5YXZUD10b564cONlUzviI91hdLSnqqYFep4fferKTQeTXjSvw9iB4Xl5He578KH+49a+e89ta+9cv+f+xx463G4+UtikxfRCq4f8Nbdonsdonc+TRfD2K31LGvGlK4Rw12umT/mlC558Y1W8NP8fPvD8P76c4213S+5Y67ND2dw8PjIYEz8cyubmAAAAsGgshr2m+//w6eEPvPd3bq+qrzT/H+ns+H885J9P5rPR7g1h3UzimuUhHD/zeBa4NTZ3wfIQXjOTGm8NnJ0E9obwypnEimZVSYklscRIEvjuUB5YlwTui4HxJPC5GLguCXwiBnYngU0xsDcJvDUGwmTrOH56KB9Hx4H+GNiQbcTd8SyEp4dia8m22t+sCgAAYJ7ks8Na693CuQ6HmyFOL3f3t8sQz8CuzFBPakhnsM1pVWUNve1q6G5XQ3Pc0wcefqnmrnY1l07D6GrN0PPmdfse3/b460KF0vx/7MDz//ocHekqHf8P4byZvzF3dx6ZasY3jLdkAAAAAA7Dg3//2T//1zPfeUNVvDT/X9fZ+f9xn0hPIXN4IO6G2LI8hLHWQFbtm8uB7Kj30jwAAAAAi0HzeHzzWPhkfpudop3Op8v5xw8yfzzwv27O/J8597tf/tnPvuGcqv6W5v/jnZ3/P9B6m3XivtiLG5aHsKQQ+GrsZSMwYyQGvvWW1kA+/vviBrg2VpWfmNCs6tpYYkMMjCWBXVUlHmyWOL41kD9ZzcavaY5jMi9RCAAAAMARF3cHxOPy8fz/tZ/75avXPPLEB6vKleb/Gw7u/P+ZeXDp9P6ppSGs7A2hJ/1hwAMD2cKAMTDYlSf+ZiCrqyet6qqBEM5qDCyt6tv5+v+96RqDD/dnVcXA8Sd/4alTG4k/7Q9hZTHwtQ/dsraR2JEEmo3/Qn8IJzVGmzb+l0uyxmtp47+/JIQTC4FmVRcsCaHRWF9a1b31/DoGaVV/UQ/h2EKgWdXP1EPYGQBYpOK/0s3FB7fvvGLLxqmpiUsXMBH34feHCyenJkY3bZ3aXK/o0+akzy3LGF1VHlN3h2Pfny9R9NzbTh7uJN38neBYsS/5fvzSiYP5/fhdqDYzztW1lrtr0iG/7pRyE+mQ5hpypz9hPNQhDxQrmX0SK/vRF5aGJZdtn7h09PKNO3Zcuir722n21dnfeJgp21ar0m01MFffOnh5VK6WlTjUbXVasZKVOy7etnL7zitOn7x440UTF018fNWasbE3rl51xplrVzZGNZb9bTPU0+aqOhnqC7d0OK55HOqreguVHIlPDQkJicWWWHHnm37xi//x+ElVHz+l+f+2A8//46dO/OTP12eoOv4/HA/zZ4/PHubfEAO7Oj3+P1x1NL95YsBIEpiOgWmH+QEAAHhpiLsj497MuNf6ye9dcd2xt5z09apypfn/dGe//5+n9f+bS9e/s2qZ/xWxxFjV+v/pMv/N9f+nq9b/T5f5b67/v+tFWP//smYg2SRPW/8fAAB4KThy6/+3Xd4/vUBAKUPb5f3TCwSUMrRdxr/TCwQc9Pr/T/xg65LjX3brhlChNP+/rrP5v4X7AQAA4Ojx6Qc27zrtJz+pPCpcmv/v6mz+f+TX/wtV5/+PVAXGqxYGtP4fAAAAi1TV+n8fe/2WZZP/NnZBVbnS/H93Z/P/eNpFd0vuWOuzQ9madiFd0+6HQ82fDAAAAMDi0B1GR2sd5m1ZGfXsQ2/z0Xwp0AOli87a/Sc/33PldZUtlub/ezub/7f8LmPfgw/1H7f23XuevW3tnev33P/YQ7PH/wEAAICF0+l+CQAAAAAAAAAAAAAA4MW3/m8/+hsfvuezb6iKl37/H86bebzq9//xun/x9wUvb8kda22//l9+//x33b5zZsnCB4ZCOKUY2HL1lmNCfm3+04qBez684hWNxNVpiS9/861PNBIfSQPvOP1lzzQSZyWBDXGRxFemgXhVxWeWJYG4vOK/pIG4PXangb488FvLsnF0pdvqe4PZtupKt9VjgyEsLwSa2+quwayNrnSANyaB5gAvSQNxgOfmge60V7cvzXoVA4Ox6M1Ls14BAHDUit8Ca+HCyamJsfgVPt6+qrf1NmpZsuyqcrVdHTa/P1+a7Lm3nTzcSbon/S46e63xWqg3hrCq9HW1mKVrZpTzU0ubTffyiiG3W+2tu6Jc6mA3XV/1iPqzEY1u2jq1udZ24GvaZ1nd2zbLqtJkp5ile2aTdlBLB33pYEQdbpsOuhzvd4fR0Z4k15ticDi0aPeK6PT3+sV1/qpeBcU8oyf+6hXTE3c8WVVfaf4/3Nn8v14c1zP5xQCm45X1rlkeQuUlBwEAAIBDtP+vH1m99Y8++cX09jff9Sv/e9dPXflMVbnS/H+ks/l/3IOVHwrO9nbsjdf/b87/h7PArbG5C5aH8JqZ1HgskV1Q/52xxFgWuDXuMFkRS2wYb61qSQzsTgLfHcoDe5PAfTGQ76X4Qsh35fzeUAhrZ1LntZbYFksMJ4H3xsBIEhiNgbEksCwG1iWB/1yWB8aTwP0xECZbt9WXltm7AgAAHIJ8nlVrvRvSed7u3nYZutplGGiXobtdhnq7DFWjiPfviBlqyckrXYVMtbTW/qSWUoZ4MfyD7lcpQ3iwNWdasNR0PP+geb5BV2uGUz7/+g+EZb99c6hQmv+PdTb/H2i9zVq/L87/Z6//lwW+Grt3Qzx1fCQGvvWW1kC+Y+C+ONm9tlnVeF4in7RfG0usi4GRJLAtBtYlgQ3n5YFdr2gN5DPtZuPXNBufzEsUAgAAAHDExR0EcTdNnP9f/tzbl3/6i7/+31XlSvP/dZ3N/2N7S4uNfSLW+p1lIdzVNdubZuD0wSwQ92MMxp/HnzAYwjGFHRzNEhMDWYm+pOGwrz/7hXpfWtWe/myNgXj//IfvvedTjcSN/SG8trD3pdnGN+pZG/1p4NS+LDCQBrb2ZoG456cZuLs7C8Bha+4VjC+o/FSXpuG5y1W8/l4q1wRNh1faBzpHvrl+c7VQ6ukD+T7VpoN72krVsSBKb4+93m2L8d027N1W/CKVf0N5YTZUD92bJy7ceNnUjvhI8ZesJQv0PBd/pdpJeh5eh9OH3tv26mkHxpKPj7G5y839OuyK1e178KH+49a+e89ta+9cv+f+xx7quBsV4g+FX/2j24YfKWzehVYP+Wtu0X2ejPs8WYz/BkY8bSGEf1p/4eXPhr/rr4qX5v/jnc3/e5PbGT+OG3P78hBeV9i4D8TN/3PLs8/BQiD7lDy2HMgOuT8+VPnJCQAAAPOtubujub9gMr/NTghP58nl/OMHmT/ur1g3Z/5O+/2GPztz1VdO3P7HVfHS/H/Dgef/S5JuOv7v+D8LxPH/OR3tu6KXpA9MH9au6FJ1LAjH/+d0tL/bHP+fk+P/jv/PxfH/Nhz/n9PR/rSVviVt86WrMR/9nw9+8t/PHjylKl6a/2/rbP5v/b+5F+1rrv+3oWr9v21V6/9NW/8PAABYUBULzaXzvNLqfaUM6ep9pQxtFwhsu8Sg9f8Oev2/Nw/0vv93+29aESqU5v/Tnc3/48thabH1xbL+38h5FVVdFwPbLAwIAADA0ahqBwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvrpvuHdn3Dz/+0glV8etv/8rzzz95bu36r+9ces7dlzwawuTM411ZuOuRm0+44YxNbx/Zc9N7VoxtXv++el6ult++uiV3rPXZoRB2FR4ZjIkfDjXuzAbOf9ftO3sbiQeGQjilGNhy9ZZjGonPDYVwWjFwz4dXvKKRuDot8eVvvvWJRuIjaeAdp7/smUbirDzQlXb3M8uy7nal3f3UshCWFwLN7n5sWWtVzTbOyQPdaRufH8zaiIHBWPQPBrM2YmAqlphcEsLK3hB60qr+sZ5V1ZNW9Vf1rKqetKpfq4dwVgihN63qm31ZVb3pyP+5L6sqBo4/+QtPndpI7OoLYWUx8LUP3bK2kbgkCTQbf19fCCc1XjJp43fUssZraeM31kI4MYTQl5b4r96sRF9a4tu9IRxbCDQb/2hvCDsDLwnxw2dz8cHtO6/YsnFqauLSBUz05W31hwsnpyZGN22d2lxP+lSlq5B+4aoDxw9k/1NXbmrcPve2k4c7Sffm5WozXV5da7m7Zr56X1ug3sd+DRQrmX0+SvXH/H1haVhy2faJS0cv37hjx6Wrsr+dZl+d/e1pDq6xrVbN17bq1KFuq9OKlazccfG2ldt3XnH65MUbL5q4aOLjq9aMjb1x9aozzly7sjGqsezvfAz1liM/1Ff1Fio5Eh8AEhISiy3R3fLpNna0f5CXvujPdrQW6jMf0KVpRTFL18wo52PQZx/iiA/le0rbEa0qTRxKWVa3z7KmNJmYzdKfZZn5XleaHBZr6p7ZpPF+dxgd7anaDsOtd4ub9/uHsXkfzTddp2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2MHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WYfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//HB8mtQ==")
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
recvmsg(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x80044940, &(0x7f0000001b00)={<r2=>0x0, ""/256, 0x0, <r3=>0x0, 0x0, 0x0, ""/16, ""/16, ""/16, <r4=>0x0, <r5=>0x0})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000680)=ANY=[@ANYRES16=r4, @ANYRES64=r5, @ANYBLOB="12a4095a2aac12f0bfcb206d982e44066381388d27f14002d8d7431d3947f6399c7ff9f5193fc0398653e5a67bbb319f02bf4ac6f6ccd5acbfe1350cc3a6d2d48cf6c089ddf67171ffb3b15988e7b394c5daf3e12ca05e4dbdad7edd45f10cbc296a53a530d4c2d203ee650d5fff3a9b5aae78794fe84327e508172cdd72eeff5af4d6db9379bef20dde8e64b91d31a84ce8a7598bb78cc85108874811fc650f0520a5", @ANYRESOCT=r5, @ANYRESDEC=r2, @ANYRES16=r3, @ANYRESDEC=0x0, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRES8, @ANYRES16], 0x0, 0x0, &(0x7f0000000000))

1m10.36618783s ago: executing program 8 (id=882):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x4}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x4}, {0xffff, 0xffff}, {0xe, 0x1}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x7, 0x1}}}}, @TCA_RATE={0x6, 0x5, {0x0, 0xc1}}]}, 0x48}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)

1m7.897658845s ago: executing program 8 (id=887):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3010000}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0x51}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m7.234454584s ago: executing program 37 (id=887):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3010000}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0x51}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

19.310578249s ago: executing program 1 (id=991):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000001c0)='.\x00', 0x4000423)
r1 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x3, 0x1, 0x5, 0xa, 0x3, 0x1, {0x5, 0x17d, 0x8, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x20000000, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0xa}}}, 0xa0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendfile(r1, r1, &(0x7f0000000080)=0x2, 0x7f03)

17.602719409s ago: executing program 7 (id=996):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semget$private(0x0, 0x4000, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1022002, 0x0)
r3 = dup(r2)
r4 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
sendfile(r3, r4, 0x0, 0x8000fffffffe)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)

13.451526792s ago: executing program 1 (id=999):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x10000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r3, &(0x7f0000002400)=""/102400, 0x19000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000003200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

13.191622937s ago: executing program 1 (id=1000):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x4000, &(0x7f0000000040)={[{@test_dummy_encryption}, {@grpquota}]}, 0x2, 0xbbf, &(0x7f0000000440)="$eJzs3M9rHOUbAPBnJptt2ub73VRErBcjIi2I26SSYotgKxUvHgS9Cg3ppoRsf5BEatIcNvoPiHoWvAhqUTzYcy+KXr1oe1U8CEVioyCikdkfSdpk09TudmL7+cC7877z7u7zPDvszrywuwHctwazmzRib0ScSCJKzf1pRBTrvb6IWuN+S4vzY78vzo8lsbz8yi9JJBFxfXF+rPVcSXO7uznoi4hvn0/igbfWx52enZscrVYrU83xgZnT5w5Mz849NXF69FTlVOXM8KFnRg6OHBo6PNKxWv/44eil3x578afanx//dfHXdz9M4mj0N+fW1tEpgzG48pqsVYiI0U4Hy0lPs561dSaFWzwo7XJSAAC0la65hnsoStETqxdvpfjyu1yTAwAAADpiuSdiGQAAALjHJdb/AAAAcI9rfQ/g+uL8WKvl+42Eu+vasYgYaNS/1GyNmULU6tu+6I2IXdeTWPuz1qTxsDs2GBE/Xj38WdaiS79D3kxtISIe3uj4J/X6B+q/4l5ffxoRQx2IP3jT+L9U/9EOxM+7fgDuT5ePNU5k689/6cr1T2xw/itscO76N/I+/7Wu/5bWXf+t1t/T5vrv5S3GuPDR++fbzWX1P3vphU9bLYufbe+oqNtwbSHikcJG9Scr9Sdt6j+xxRilv89X2s3lXf/yBxH7YuP6W5LN/5/owPhEtTLUuN0wxsI3I5+0i593/dnx39Wm/tb/P7U7/ue2GOO148c/X7fz6mp38/rTn4vJq/VesbnnjdGZmanhiGLy0vr9BzfPpXWf1nNk9e9/fPP3/0b1Z58JtebrkK0FFprbbPzmTTGfu3jhi3b5tNZ/eR7/k22O/9r6vy6sP/5vbzHGE1+9s7/d3Nr1b9ay+K21MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0pBHRH0laXumnabkcsTsiHoxdafXs9MyT42dfP3Mym4sYiN50fKJaGYqIUmOcZOPhen91fPCm8dMRsSci3ivtrI/LY2erJ/MuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBW7I6I/krQcEWlELJXStFzOOysAAACg4wZuHBbzygMAAADonoG8EwAAAAC6zvofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALtvz6OUrSUTUjuyst0yxOdeba2ZAt6V5JwDkpifvBIDcFPJOAMjNba7xXS7APSi5xXxf25kdHc8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO1r397LV5KIqB3ZWW+ZYnOuN9fMgG5L804AyE3PZpOFu5cHcPd5i8P9yxofSG4x37d6n9qNMzu6lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA209/vSVpOSKKzX3lcsT/ImIgepPxiWplKCL+HxHfl3p3ZOPhlUf35ZY3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnTU9Ozc5Wq1WprJOGs3Oyh6d1U7SeMVq2yUfnTvsFGNbpLFNO3l/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkIfp2bnJ0Wq1MjWddyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3qZn5yZHq9XKVBc7edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+/gkAAP//FUoKgg==")
syz_mount_image$vfat(&(0x7f0000001040), &(0x7f0000001000)='./bus\x00', 0xd01ce0, 0x0, 0x82, 0x0, &(0x7f0000001040))
chdir(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000000002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r3, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0xa0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r3, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

12.551316805s ago: executing program 7 (id=1001):
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
r0 = getpgrp(0x0)
socket$netlink(0x10, 0x3, 0xf)
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = semget$private(0x0, 0x20000000102, 0x0)
semctl$GETPID(r4, 0x2, 0xb, 0x0)

11.61988721s ago: executing program 1 (id=1002):
socket$inet6(0xa, 0x1, 0x6)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)

9.172410763s ago: executing program 1 (id=1003):
syz_emit_ethernet(0x60, &(0x7f00000003c0)={@random="e33110495bfd", @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x2a, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4}]}}}}}}, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x10000000, 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)

9.172080143s ago: executing program 7 (id=1004):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x10, 0x0, 0x1, 0xb, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}, 0x14)
syz_usb_connect$uac1(0x4, 0x71, &(0x7f0000000600)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x3, 0x90, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf6e3, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x0, 0xf9, 0x1, {0x7, 0x25, 0x1, 0x102, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x5, 0xe, 0x9, {0x7, 0x25, 0x1, 0x2, 0xf, 0x1000}}}}}}}]}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x14, 0x35, 0x301, 0x70bd26, 0x25dfdbfe, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0xcc182, 0x0)

8.972467094s ago: executing program 6 (id=1006):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x40, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x0, 0x1, {0x73, 0x4, 0x3}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r4, {0xffff}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x81, '\x00', 0xfffff000, 0x31, 0x3, 0x581}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x4)

8.322535352s ago: executing program 6 (id=1007):
r0 = mq_open(&(0x7f000084dff0)='\xa1sxt\x1a\x00\x00\x00\x00\x00\x00\x00\x01\x88\xbdd', 0x6e93ebbbcc0884f2, 0x100, &(0x7f0000000300)={0xfffffffffffffffe, 0x6, 0x3})
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000011"], 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000140)=0x6, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x6721, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000140)=0x6, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
mq_timedreceive(r0, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)

8.008586021s ago: executing program 9 (id=1008):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$netlink(0x10, 0x3, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = socket$packet(0x11, 0x3, 0x300)
socket$pppl2tp(0x18, 0x1, 0x1)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='task\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r1, @ANYRES64=r0], 0x0)

7.722868387s ago: executing program 6 (id=1009):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x2, 0x0, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.616130862s ago: executing program 6 (id=1010):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGPTPEER(r4, 0x5441, 0xfffffffffffffff0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0x8, 0x4101, 0x4000000000000b, 0x0, 0x9, 0x400000400, 0x80000000000a, 0x6, 0x100, 0x7, 0x0, 0xffffffffffffffff, 0x81, 0x20000000000009f, 0x2, 0xfffffffffffffffc, 0x6, 0x6, 0x9, 0x8001, 0x3, 0x0, 0x3, 0x72a3, 0xe})

4.228574992s ago: executing program 6 (id=1011):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r0, 0xe, &(0x7f0000000100)={0x3a3, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
r2 = syz_clone(0x4c000, 0x0, 0xfffffffffffffea6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec777000)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

4.227852232s ago: executing program 1 (id=1012):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCSREPORT(r4, 0x81044804, &(0x7f0000000400)={0x1})
ioctl$HIDIOCGUSAGES(r3, 0xd01c4813, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4.227413312s ago: executing program 7 (id=1013):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000004080)=@base={0x8, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x4}, 0x50)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
clock_adjtime(0x0, &(0x7f0000000040)={0x10000d4f, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1, 0xfffffffe, 0x7, 0x2, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x3, 0x0, 0x2, 0x8, 0x3, 0xfffffffd, 0x0, 0x6, 0x3})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x3)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x3)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000400)=0x7)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000200)=0xa)

4.211889113s ago: executing program 9 (id=1014):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=@newtfilter={0x88c, 0x2c, 0xd3f, 0x70b524, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xfff3, 0xffe0}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x85c, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x18d0b}, @TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0x4, 0x9, 0x2, 0x2, 0x1ff, 0x4, 0x4, 0x2, 0xd, 0x11f4, 0xf, 0x100, 0x0, 0xfffffffe, 0x4, 0x7f, 0x9, 0x4, 0xa0000, 0x80, 0xc, 0x0, 0x6, 0xf290, 0x1, 0x6, 0x20a, 0x0, 0xfffffff3, 0x2b, 0x4, 0x4, 0x7, 0x6, 0xffff8001, 0x80, 0x479, 0x7, 0x1, 0x3, 0x4050732b, 0x1, 0xf5c8, 0x5e, 0x4, 0xf0, 0x7, 0x946, 0x5, 0x8001, 0xffff, 0xfffffff5, 0xbf2, 0x10001, 0x2, 0x8, 0xfffffffd, 0x8001, 0x6, 0x1, 0x7fffffff, 0xd05, 0x7a, 0x11dc294f, 0x9, 0x5, 0x0, 0x9, 0x1, 0x7, 0x1e8, 0x4, 0xc33, 0x8, 0x20000000, 0x80000000, 0x1, 0x9, 0x5, 0x5, 0x80000000, 0x3e64, 0x5, 0x8, 0x6, 0xfffffff6, 0x4, 0x10, 0x9, 0x8, 0xd, 0x2, 0x2, 0x2941, 0x1000, 0x8, 0xff, 0x4, 0x9, 0xf6e2, 0x5, 0x6, 0x4, 0x1, 0x3, 0x0, 0x2ee, 0x444, 0x2, 0x9, 0xb966, 0xb2000, 0x33, 0x9a6d, 0x9, 0x8, 0x200, 0x8, 0x3, 0x89, 0x8, 0x100e, 0x7, 0x4, 0x3, 0x8, 0x3, 0x0, 0x6, 0xbfe8, 0x5, 0x8, 0x3, 0x6, 0x4, 0x4e8d, 0x2, 0x8e, 0xffffff42, 0x5, 0xe, 0x1, 0x6, 0xe, 0x2, 0x4, 0x8, 0x6, 0x1, 0x5, 0x9, 0xffffffff, 0x7, 0x5, 0x160000, 0x9, 0x8, 0x1640, 0x6, 0x6, 0x0, 0xaa, 0x2, 0xedd5, 0xfff, 0x8, 0x7fffffff, 0x8, 0x1, 0x2, 0x3, 0x8, 0x3, 0x0, 0x3, 0x34, 0x9, 0x3, 0x2, 0xffffcd43, 0x7, 0x8, 0x486, 0x1, 0x2, 0x5ca0, 0x3, 0x1000, 0x4, 0x9, 0x8, 0x5, 0x7, 0xfffffffd, 0x7, 0x8, 0xffffffff, 0x22, 0x4, 0x2, 0x0, 0x3, 0x1e, 0x3, 0x8, 0xa1, 0x81, 0x5, 0x1, 0x2, 0x2, 0x7ff, 0xf43, 0x3, 0x8, 0x3, 0x3, 0x4, 0x100000, 0x9, 0x66c, 0x7fc, 0x3, 0x0, 0x10001, 0x5, 0x0, 0x81, 0x2, 0x9, 0x2823, 0x8, 0xffffffff, 0x0, 0xffffffff, 0x8001, 0x0, 0x9, 0x1, 0x1, 0x9, 0x5, 0x1ff, 0xc79, 0x80000001, 0x200, 0xede5, 0x3, 0x3, 0x0, 0x3, 0x7, 0x8, 0x8, 0x1]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x10000000, 0x7, 0x7, 0x7, {0x4, 0x2, 0xfe00, 0xfe42, 0x4, 0x7}, {0x7, 0x2, 0xcf, 0x1, 0x800, 0x2}, 0x7, 0xa6, 0x3}}, @TCA_POLICE_RATE={0x404, 0x2, [0x5, 0x4, 0x0, 0x7, 0xfffffff1, 0x796, 0x5, 0xd2c1, 0x7ff, 0x20, 0x9, 0x9, 0x101, 0x5, 0x2, 0x9, 0xc, 0x800, 0x695, 0x401, 0x2, 0x7, 0x1000, 0x343d41f0, 0x0, 0x3, 0x3, 0x3, 0xc94, 0xa0, 0x1, 0x5, 0x81a, 0x1666, 0x80c, 0x9, 0xce3a, 0x2, 0x81, 0x5f82, 0x5ff, 0x3, 0xed, 0x4, 0x81, 0x401, 0x1, 0x5fb2, 0x8, 0xfffffe01, 0xc, 0x6, 0x2, 0x0, 0x6, 0x0, 0xffffffff, 0xb1e5, 0x0, 0x8, 0x4, 0x1, 0x0, 0x3, 0x9, 0x3, 0x1, 0x4b, 0x2, 0x5, 0x1f, 0x7, 0x0, 0x4, 0x3, 0x2, 0x4d, 0xffffffff, 0x4, 0x3, 0x6, 0x40, 0x1, 0x3, 0x2, 0x5, 0x1ff, 0x101, 0x8, 0xf48, 0x9, 0xffffffff, 0x200, 0x5, 0x76, 0x6, 0x3, 0x8000, 0x6, 0x9, 0x80000000, 0x6, 0x8001, 0xbe39, 0x7b7, 0x5, 0x7ff, 0xb, 0x4, 0x1, 0x8, 0x9, 0xb, 0x6, 0xdfcf, 0x0, 0x442ff558, 0xb481, 0x6, 0x3, 0x4, 0xe, 0x10000, 0x0, 0x31fe, 0xfffff2c1, 0xb, 0x3, 0x6, 0x7b, 0x21d, 0x6, 0xc, 0x10, 0xf91, 0x0, 0x62e, 0x2, 0xfffffffc, 0x5d8, 0x4, 0x5, 0x7, 0x1, 0x3, 0x7, 0x9, 0x5, 0xfffffff7, 0x0, 0x2, 0x7fff, 0x400009, 0x5, 0x8, 0x3, 0x0, 0x200, 0xdfb, 0x7, 0x9, 0x223ec3e7, 0xdaa, 0x0, 0x101, 0x1000, 0x4, 0x8, 0x8, 0xf, 0xb, 0x4, 0xfffffffb, 0x491, 0xfffffffb, 0xfffffff9, 0x9c, 0x3, 0x1, 0x4005, 0x1, 0x8001, 0x6, 0x10001, 0x1, 0x3, 0x80000000, 0x4, 0x38, 0x401, 0x2, 0x10, 0x3, 0x3, 0xbd, 0x4, 0x4, 0x5, 0x5, 0x81, 0x3, 0x202, 0x5, 0x9, 0x81, 0x6, 0x8, 0x79, 0x6, 0x8, 0x1, 0xea58, 0x29dc6e7b, 0x53ad, 0x7, 0xd77, 0xff, 0x8, 0x5, 0x0, 0x0, 0x12, 0x0, 0xd, 0xbb4f, 0x8, 0xe4, 0xbcba, 0x80, 0x8, 0xc6, 0x9, 0x81, 0x10000, 0x70, 0x3, 0x4, 0x80, 0x3, 0x3ff, 0xffffffff, 0x5, 0x7, 0x6, 0x5, 0x8001, 0x73da, 0x401, 0x7, 0xd, 0x81, 0x7, 0x5, 0xf417, 0x6, 0x5]}]}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x88c}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

3.440150368s ago: executing program 9 (id=1015):
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50)
r3 = socket(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x5e20, 0x1ff, @loopback}, 0x1c)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r4, 0x0)

2.372651451s ago: executing program 9 (id=1016):
socket(0x10, 0x803, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x800)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r2, 0xfffffffc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1]}})
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)

2.372280521s ago: executing program 7 (id=1017):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x3000009, 0x32, 0xffffffffffffffff, 0x261c5000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x501})
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000300)={[0xfff]}, 0x8, 0x80800)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000780)={0x29e9c934, 0x3, 0x7f, 0x7fff}, 0x10)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000002080)="487d5b43619cfa3217e11f16f3305344affe4355b61d1ace1ab742c8050b60e914e16e22ad69b58747915158cf12de492771172ee3f95689fb03c80e9a832464baf041e8a832a29e", 0x0, 0x48)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
syz_genetlink_get_family_id$fou(&(0x7f00000022c0), 0xffffffffffffffff)
read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020)

1.773787216s ago: executing program 9 (id=1018):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)
process_vm_writev(0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f0000000400)=""/150, 0x96}], 0x3, 0x0, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x1562, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000)=0xa, 0x4)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x3d10, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3)
write$binfmt_misc(r3, &(0x7f0000000180)="cf", 0x1)
sendfile(r2, r3, &(0x7f0000000000), 0xff)
fcntl$addseals(r3, 0x409, 0x8)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)

1.204368339s ago: executing program 9 (id=1019):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98)
fcntl$setlease(r4, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

708.380918ms ago: executing program 7 (id=1020):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x5}, {0x2, 0xb}, {0xffe0, 0xa}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x34f}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4000800)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

0s ago: executing program 6 (id=1021):
socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

kernel console output (not intermixed with test programs):

9] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.440755][ T6870] loop3: detected capacity change from 0 to 32768
[  241.588548][   T51] Bluetooth: hci2: unexpected event for opcode 0x2007
[  241.620554][ T6870] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.246 (6870)
[  241.711767][ T6870] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  241.748426][ T6733] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.764413][ T6870] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  241.807892][   T59] tipc: Left network mode
[  241.815038][ T6870] BTRFS info (device loop3): using free space tree
[  242.641435][ T6870] BTRFS error (device loop3): open_ctree failed: -4
[  242.861764][ T6772] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (6772)
[  242.887917][ T6921] loop0: detected capacity change from 0 to 4096
[  242.939207][ T6921] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  243.351725][ T6921] ntfs3: loop0: failed to convert "076c" to cp949
[  243.690929][ T6938] loop0: detected capacity change from 0 to 512
[  243.881208][ T6938] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.935630][ T6938] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  244.068156][ T6938] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  244.121369][ T6938] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 64512
[  244.169095][ T6938] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.259: Failed to acquire dquot type 0
[  244.185000][ T6733] veth0_vlan: entered promiscuous mode
[  244.371598][ T6733] veth1_vlan: entered promiscuous mode
[  244.411468][ T5762] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.727048][ T6930] loop3: detected capacity change from 0 to 40427
[  244.785709][ T6733] veth0_macvtap: entered promiscuous mode
[  244.812445][ T6930] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  244.842976][ T6930] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  244.857689][ T6733] veth1_macvtap: entered promiscuous mode
[  244.946638][ T6930] F2FS-fs (loop3): Found nat_bits in checkpoint
[  244.957476][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.985305][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.006084][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.047262][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.081930][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.112921][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.152989][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.191226][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.207017][ T6930] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  245.220252][ T6930] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  245.240050][ T6733] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.491693][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.543320][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.581653][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.609704][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.630560][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.648735][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.659210][ T6733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.680074][ T6733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.698268][ T6733] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.746006][ T6733] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  245.784030][ T6733] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  245.819863][ T6733] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  245.845253][ T6733] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  245.912975][  T786] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  246.096749][  T786] usb 1-1: config 0 has an invalid interface number: 142 but max is 0
[  246.126349][  T786] usb 1-1: config 0 has no interface number 0
[  246.146816][  T786] usb 1-1: config 0 interface 142 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  246.218421][  T786] usb 1-1: config 0 interface 142 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  246.274548][  T786] usb 1-1: config 0 interface 142 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  246.295547][  T786] usb 1-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  246.323349][  T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.339192][   T59] hsr_slave_0: left promiscuous mode
[  246.364052][  T786] usb 1-1: config 0 descriptor??
[  246.406664][   T59] hsr_slave_1: left promiscuous mode
[  246.433980][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.441701][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.493576][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.516152][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.528278][   T59] bridge_slave_1: left allmulticast mode
[  246.534817][   T59] bridge_slave_1: left promiscuous mode
[  246.542695][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.560424][   T59] bridge_slave_0: left allmulticast mode
[  246.567163][   T59] bridge_slave_0: left promiscuous mode
[  246.573750][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.629557][   T59] veth1_macvtap: left promiscuous mode
[  246.636097][   T59] veth0_macvtap: left promiscuous mode
[  246.643517][   T59] veth1_vlan: left promiscuous mode
[  246.651700][   T59] veth0_vlan: left promiscuous mode
[  246.811245][  T786] hid-udraw 0003:20D6:CB17.0001: unknown main item tag 0x3
[  246.866409][  T786] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.142/0003:20D6:CB17.0001/input/input5
[  247.033132][  T786] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.142/0003:20D6:CB17.0001/input/input6
[  247.108893][   T59] pimreg (unregistering): left allmulticast mode
[  247.128385][  T786] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.142/0003:20D6:CB17.0001/input/input7
[  247.206431][  T786] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.142/0003:20D6:CB17.0001/input/input8
[  247.302372][  T786] hid-udraw 0003:20D6:CB17.0001: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.0-1/input142
[  247.336249][  T786] usb 1-1: USB disconnect, device number 3
[  247.539782][ T7005] fido_id[7005]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  247.940751][ T7012] loop0: detected capacity change from 0 to 256
[  247.986971][ T7012] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  248.103053][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  248.390143][   T59] team0 (unregistering): Port device team_slave_1 removed
[  248.448140][   T59] team0 (unregistering): Port device team_slave_0 removed
[  248.500607][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.555924][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.038545][   T59] bond0 (unregistering): Released all slaves
[  249.184178][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  249.207994][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  249.352240][ T3473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  249.381418][ T3473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  249.402690][ T7023] tipc: Failed to obtain node identity
[  249.427084][ T7023] tipc: Enabling of bearer <ib:caif0> rejected, failed to enable media
[  249.969619][ T5810] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  250.135366][ T7049] netlink: 80 bytes leftover after parsing attributes in process `syz.3.292'.
[  250.156728][ T7049] netlink: 80 bytes leftover after parsing attributes in process `syz.3.292'.
[  250.187873][ T5810] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  250.202189][ T7049] netlink: 80 bytes leftover after parsing attributes in process `syz.3.292'.
[  250.220263][ T5810] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.238859][ T5810] usb 1-1: Product: syz
[  250.248987][ T5810] usb 1-1: Manufacturer: syz
[  250.259122][ T5810] usb 1-1: SerialNumber: syz
[  250.282129][ T5810] usb 1-1: config 0 descriptor??
[  250.303902][ T5810] gspca_main: sunplus-2.14.0 probing 055f:c230
[  250.633522][  T966] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  250.793243][   T27] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  250.844417][  T966] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  250.869113][  T966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.889939][  T966] usb 4-1: config 0 descriptor??
[  250.921498][ T5810] gspca_sunplus: reg_r err -71
[  250.932070][ T5810] sunplus: probe of 1-1:0.0 failed with error -71
[  250.956764][ T5810] usb 1-1: USB disconnect, device number 4
[  250.993105][   T27] usb 5-1: Using ep0 maxpacket: 8
[  251.005482][   T27] usb 5-1: unable to get BOS descriptor or descriptor too short
[  251.032237][   T27] usb 5-1: config 4 interface 0 has no altsetting 0
[  251.050133][   T27] usb 5-1: string descriptor 0 read error: -22
[  251.059640][   T27] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  251.082965][   T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.110138][  T966] [drm] vendor descriptor length:6 data:06 5f 00 00 00 00 00 00 00 00 00
[  251.124760][   T27] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  251.136250][  T966] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  251.176984][   T27] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  251.195287][   T27] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  251.206663][   T51] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  251.213485][   T27] usb 5-1: media controller created
[  251.264828][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  251.355580][  T966] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2
[  251.369994][  T966] [drm] Initialized udl on minor 2
[  251.523208][  T966] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed
[  251.570233][  T966] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  251.740066][ T5817] usb 4-1: USB disconnect, device number 4
[  251.740314][    T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  251.766876][ T7096] loop6: detected capacity change from 0 to 524288000
[  251.778603][    T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  252.014753][ T7102] loop0: detected capacity change from 0 to 128
[  252.068447][ T7102] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  252.144099][ T7102] ext4 filesystem being mounted at /74/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  252.458219][ T7114] loop3: detected capacity change from 0 to 1024
[  252.465993][   T27] usb 5-1: USB disconnect, device number 2
[  252.621851][ T7114] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.175284][ T5762] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  253.205061][ T5761] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.348575][   T51] Bluetooth: hci2: Malformed LE Event: 0x0d
[  254.803086][    T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  254.918952][ T7145] netlink: 'syz.4.314': attribute type 7 has an invalid length.
[  254.936855][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.4.314'.
[  255.035444][    T8] usb 1-1: Using ep0 maxpacket: 32
[  255.055592][    T8] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  255.084522][    T8] usb 1-1: config 0 has no interface number 0
[  255.090693][    T8] usb 1-1: config 0 interface 12 has no altsetting 0
[  255.120277][    T8] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  255.141283][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.163374][    T8] usb 1-1: Product: syz
[  255.167603][    T8] usb 1-1: Manufacturer: syz
[  255.172832][    T8] usb 1-1: SerialNumber: syz
[  255.206236][    T8] usb 1-1: config 0 descriptor??
[  256.027355][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  256.042959][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  256.059555][    T8] f81534 1-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  256.068868][    T8] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  256.084089][    T8] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  256.092422][    T8] f81534: probe of 1-1:0.12 failed with error -71
[  256.120188][    T8] usb 1-1: USB disconnect, device number 5
[  257.083039][   T27] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  257.287263][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.308660][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.330594][   T27] usb 1-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00
[  257.350827][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.375372][   T27] usb 1-1: config 0 descriptor??
[  257.809675][ T7189] loop3: detected capacity change from 0 to 65536
[  257.824241][   T27] hid-generic 0003:A86D:C626.0002: unbalanced collection at end of report description
[  257.891650][   T27] hid-generic: probe of 0003:A86D:C626.0002 failed with error -22
[  257.903019][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  257.934688][ T7189] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  258.058239][ T7189] XFS (loop3): Ending clean mount
[  258.098819][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.106772][   T27] usb 1-1: USB disconnect, device number 6
[  258.131073][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  258.168992][ T5761] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  258.193829][    T9] usb 5-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00
[  258.223300][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.256709][    T9] usb 5-1: config 0 descriptor??
[  258.687354][    T9] pantherlord 0003:0F30:0111.0003: item fetching failed at offset 2/5
[  258.720710][    T9] pantherlord 0003:0F30:0111.0003: parse failed
[  258.760628][    T9] pantherlord: probe of 0003:0F30:0111.0003 failed with error -22
[  258.901726][    T9] usb 5-1: USB disconnect, device number 3
[  259.073014][   T27] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  259.266172][   T27] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f4, bcdDevice= 0.00
[  259.276741][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.290784][ T7259] loop3: detected capacity change from 0 to 32768
[  259.296898][   T27] usb 1-1: config 0 descriptor??
[  259.335079][ T7259] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  259.421021][ T7259] XFS (loop3): Ending clean mount
[  259.571415][    T8] XFS (loop3): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xd0, xfs_rmapbt block 0x14 
[  259.583656][ T7275] netlink: 8 bytes leftover after parsing attributes in process `syz.4.344'.
[  259.596722][    T8] XFS (loop3): Unmount and run xfs_repair
[  259.602664][    T8] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  259.608624][ T5761] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  259.623409][    T8] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  259.635126][    T8] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80  ................
[  259.658103][    T8] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  259.677570][    T8] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  259.696380][    T8] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  259.712130][    T8] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  259.723150][    T8] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  259.736206][   T27] itetech 0003:06CB:73F4.0004: collection stack underflow
[  259.739219][    T8] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  259.762960][   T27] itetech 0003:06CB:73F4.0004: item 0 0 0 12 parsing failed
[  259.772051][   T27] itetech: probe of 0003:06CB:73F4.0004 failed with error -22
[  259.773209][    T9] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x14 len 4 error 74
[  259.798032][    T9] XFS (loop3): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x183c/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598).  Shutting down filesystem.
[  259.821881][    T9] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  259.912387][ T7282] syz.1.347 uses obsolete (PF_INET,SOCK_PACKET)
[  259.922140][ T7282] warning: `syz.1.347' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  259.960058][ T5810] usb 1-1: USB disconnect, device number 7
[  260.553807][ T5810] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  260.874678][ T5810] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  260.935451][ T5810] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  260.968308][ T5810] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  260.978202][ T5810] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  261.082948][ T5810] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  261.092050][ T5810] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  261.482783][ T5810] usb 4-1: Manufacturer: syz
[  261.502563][ T5810] usb 4-1: config 0 descriptor??
[  262.152981][ T5810] rc_core: IR keymap rc-hauppauge not found
[  262.158960][ T5810] Registered IR keymap rc-empty
[  262.198045][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.254005][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.295552][ T5810] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  262.329548][ T5810] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9
[  262.377812][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.433015][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.485104][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.516603][ T7320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.355'.
[  262.533070][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.583054][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.633325][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.693116][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.733236][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.781073][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.823470][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.877167][ T5810] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  262.926903][ T5810] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  262.940648][ T5810] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  262.990607][ T5810] usb 4-1: USB disconnect, device number 5
[  263.309082][ T7342] loop0: detected capacity change from 0 to 512
[  263.359092][ T7342] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  263.435867][ T7342] EXT4-fs (loop0): 1 truncate cleaned up
[  263.501666][ T7342] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.651377][ T7329] loop4: detected capacity change from 0 to 32768
[  263.672380][ T7342] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.0.362: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  263.722115][ T7329] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  263.759960][ T7329] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  263.769263][ T7342] EXT4-fs error (device loop0) in ext4_delete_entry:2800: Corrupt filesystem
[  263.797325][ T7329] BTRFS info (device loop4): turning on async discard
[  263.852454][ T7329] BTRFS info (device loop4): use no compression
[  263.873069][ T7329] BTRFS info (device loop4): turning on sync discard
[  263.880023][ T7329] BTRFS info (device loop4): force clearing of disk cache
[  263.904889][ T7329] BTRFS info (device loop4): enabling auto defrag
[  263.911571][ T7329] BTRFS info (device loop4): disabling free space tree
[  263.943758][ T5762] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.161631][ T7329] BTRFS info (device loop4): enabling ssd optimizations
[  264.187556][ T7329] BTRFS info (device loop4): rebuilding free space tree
[  264.313243][ T7329] BTRFS info (device loop4): disabling free space tree
[  264.333322][ T7329] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  264.360117][ T7329] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  265.569368][ T6733] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  266.867070][ T7409] sctp: failed to load transform for md5: -2
[  267.833426][ T7441] netlink: 4 bytes leftover after parsing attributes in process `syz.1.373'.
[  268.102646][   T28] audit: type=1326 audit(1770745200.189:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7447 comm="syz.3.390" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbb2a19bf79 code=0x0
[  268.322635][ T7456] loop0: detected capacity change from 0 to 4096
[  270.422441][ T7478] input: syz1 as /devices/virtual/input/input10
[  271.713543][ T5810] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  271.913003][ T5810] usb 4-1: Using ep0 maxpacket: 16
[  271.920975][ T7530] loop0: detected capacity change from 0 to 8192
[  271.948284][ T5810] usb 4-1: config 0 interface 0 has no altsetting 0
[  271.951040][ T7530] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  271.961659][ T5810] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  272.014847][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.030418][   T28] audit: type=1800 audit(1770745204.119:8): pid=7530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.412" name="file2" dev="loop0" ino=1048608 res=0 errno=0
[  272.062679][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.094549][ T5810] usb 4-1: config 0 descriptor??
[  272.100543][ T7530] FAT-fs (loop0): Filesystem has been set read-only
[  272.161519][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.191385][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.229690][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.249151][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.260666][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.275472][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.287084][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.300057][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.330134][ T7530] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  272.531184][ T5810] hid (null): unknown global tag 0xe
[  272.560838][ T5810] hid (null): unknown global tag 0xd
[  272.573962][ T5810] hid (null): unknown global tag 0xd
[  272.602149][ T5810] hid (null): unknown global tag 0xc
[  272.621055][ T5810] hid (null): report_id 14868 is invalid
[  272.634641][ T5810] hid (null): unknown global tag 0xc
[  272.740475][ T5810] usb 4-1: USB disconnect, device number 6
[  273.019599][ T7560] loop0: detected capacity change from 0 to 128
[  273.072935][ T7560] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  273.153246][ T7560] ext4 filesystem being mounted at /95/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  273.200487][   T28] audit: type=1326 audit(1770745205.289:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7569 comm="syz.1.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41ae19bf79 code=0x7ffc0000
[  273.348636][   T28] audit: type=1326 audit(1770745205.329:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7569 comm="syz.1.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41ae19bf79 code=0x7ffc0000
[  273.463035][   T28] audit: type=1326 audit(1770745205.329:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7569 comm="syz.1.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41ae19bf79 code=0x7ffc0000
[  273.981665][   T28] audit: type=1326 audit(1770745205.329:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7569 comm="syz.1.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f41ae19bf79 code=0x7ffc0000
[  274.059829][   T28] audit: type=1326 audit(1770745205.329:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7569 comm="syz.1.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41ae19bf79 code=0x7ffc0000
[  274.095035][ T5762] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  274.705255][ T7601] loop3: detected capacity change from 0 to 512
[  274.781311][ T7568] loop4: detected capacity change from 0 to 4096
[  274.814060][ T7601] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  274.875460][ T7601] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[  274.924332][ T7601] System zones: 1-12
[  274.952047][ T7601] EXT4-fs error (device loop3): ext4_iget_extra_inode:4732: inode #15: comm syz.3.429: corrupted in-inode xattr: e_value size too large
[  275.034106][ T7601] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.429: couldn't read orphan inode 15 (err -117)
[  275.089322][ T7601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  275.240090][ T7618] syzkaller1: entered promiscuous mode
[  275.263055][ T7618] syzkaller1: entered allmulticast mode
[  275.298788][ T5761] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.488909][ T7622] netlink: 16 bytes leftover after parsing attributes in process `syz.4.435'.
[  275.735843][ T7633] loop0: detected capacity change from 0 to 512
[  275.783260][ T7633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  275.827394][ T7633] EXT4-fs (loop0): 1 truncate cleaned up
[  275.872114][ T7633] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  276.008929][ T7633] EXT4-fs (loop0): shut down requested (2)
[  276.041832][ T7633] overlayfs: failed to create directory ./bus/work (errno: 5); mounting read-only
[  276.085254][ T7635] loop4: detected capacity change from 0 to 4096
[  276.116053][ T7633] overlayfs: failed to get uuid (/file0, err=-5); falling back to uuid=null.
[  276.134134][ T7635] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  276.199577][ T7635] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  276.245131][ T7635] ntfs3: loop4: Failed to load $Extend (-22).
[  276.251288][ T7635] ntfs3: loop4: Failed to initialize $Extend.
[  276.670787][ T7297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.729652][ T7630] loop3: detected capacity change from 0 to 32768
[  276.767805][ T7630] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 12
[  276.843001][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  276.878525][ T1085] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.081589][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  277.095782][ T6777] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 12
[  277.111813][ T1085] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.113044][    T9] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  277.169700][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  277.225721][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice=20.41
[  277.243047][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  277.274388][    T9] usb 5-1: Product: syz
[  277.278614][    T9] usb 5-1: Manufacturer: syz
[  277.300795][    T9] usb 5-1: SerialNumber: syz
[  277.355944][ T1085] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.540848][ T1085] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.591419][    T9] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  277.806207][ T5830] usb 5-1: USB disconnect, device number 4
[  277.844536][ T5830] usblp0: removed
[  278.083275][ T1085] tipc: Left network mode
[  278.330960][ T5775] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  278.342631][ T5775] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  278.375271][ T5775] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  278.389579][ T5775] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  278.398386][ T5775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  278.409977][ T5775] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  279.113223][ T7712] netlink: 'syz.3.457': attribute type 5 has an invalid length.
[  279.177922][ T7712] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  279.187360][ T7712] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  279.198059][ T7712] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  279.207270][ T7712] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  279.273863][ T7712] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.283466][ T7712] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.293259][ T7712] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.302350][ T7712] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.470856][ T7714] netlink: 'syz.3.457': attribute type 5 has an invalid length.
[  279.513872][ T7714] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  279.522826][ T7714] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  279.532337][ T7714] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  279.541201][ T7714] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  279.563550][ T7714] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.572556][ T7714] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.581751][ T7714] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.590782][ T7714] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  279.856059][ T7734] sctp: [Deprecated]: syz.1.461 (pid 7734) Use of int in max_burst socket option deprecated.
[  279.856059][ T7734] Use struct sctp_assoc_value instead
[  281.103023][   T51] Bluetooth: hci1: command tx timeout
[  281.362238][ T7687] chnl_net:caif_netlink_parms(): no params data found
[  282.013297][ T7687] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.020530][ T7687] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.083481][ T7687] bridge_slave_0: entered allmulticast mode
[  282.090865][ T7687] bridge_slave_0: entered promiscuous mode
[  282.284509][ T7687] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.291693][ T7687] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.364876][ T7687] bridge_slave_1: entered allmulticast mode
[  282.372232][ T7687] bridge_slave_1: entered promiscuous mode
[  282.597534][ T1085] hsr_slave_0: left promiscuous mode
[  282.616291][ T1085] hsr_slave_1: left promiscuous mode
[  282.649997][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  282.671680][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0
[  282.720841][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  282.738500][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1
[  282.774683][ T1085] team0: left allmulticast mode
[  282.779779][ T1085] team_slave_0: left allmulticast mode
[  282.798606][ T1085] team_slave_1: left allmulticast mode
[  282.813361][ T1085] team0: left promiscuous mode
[  282.818389][ T1085] team_slave_0: left promiscuous mode
[  282.833239][ T1085] team_slave_1: left promiscuous mode
[  282.849062][ T1085] bridge1: left promiscuous mode
[  282.865082][ T1085] bridge0: port 3(team0) entered disabled state
[  282.880309][ T1085] bridge_slave_1: left allmulticast mode
[  282.886173][ T1085] bridge_slave_1: left promiscuous mode
[  282.892102][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.943778][ T1085] bridge_slave_0: left allmulticast mode
[  282.959851][ T1085] bridge_slave_0: left promiscuous mode
[  282.976315][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.067175][ T1085] veth1_macvtap: left promiscuous mode
[  283.072786][ T1085] veth0_macvtap: left promiscuous mode
[  283.087804][ T1085] veth1_vlan: left promiscuous mode
[  283.095416][ T1085] veth0_vlan: left promiscuous mode
[  283.143693][   T51] Bluetooth: hci1: command tx timeout
[  283.283042][ T5817] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  283.400692][ T1085] team0 (unregistering): Port device bridge1 removed
[  283.473352][ T5817] usb 5-1: Using ep0 maxpacket: 8
[  283.482751][ T5817] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  283.507263][ T5817] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  283.523131][ T5817] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  283.543503][ T5817] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  283.563150][ T5817] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  283.575685][ T5817] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.823757][ T5817] usb 5-1: GET_CAPABILITIES returned 0
[  283.832504][ T5817] usbtmc 5-1:16.0: can't read capabilities
[  284.067033][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  284.089129][ T5817] usb 5-1: USB disconnect, device number 5
[  284.343339][ T1085] team0 (unregistering): Port device team_slave_1 removed
[  284.396794][ T1085] team0 (unregistering): Port device team_slave_0 removed
[  284.457820][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  284.511497][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  284.996452][ T1085] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  285.006637][ T1085] bond0 (unregistering): Released all slaves
[  285.121161][ T7687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.223470][   T51] Bluetooth: hci1: command tx timeout
[  285.232332][ T7687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  285.330355][ T7687] team0: Port device team_slave_0 added
[  285.422569][ T7687] team0: Port device team_slave_1 added
[  285.522707][ T7687] batman_adv: batadv0: Adding interface: batadv_slave_0
[  285.551846][ T7687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.612732][ T7687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  285.625874][ T7687] batman_adv: batadv0: Adding interface: batadv_slave_1
[  285.632929][ T7687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.712598][ T7687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  285.847558][ T7687] hsr_slave_0: entered promiscuous mode
[  285.874491][ T7687] hsr_slave_1: entered promiscuous mode
[  286.145939][ T1085] IPVS: stop unused estimator thread 0...
[  286.647211][ T7687] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  286.685319][ T7687] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  286.711764][ T7687] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  286.733832][ T7687] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  286.910647][ T7687] 8021q: adding VLAN 0 to HW filter on device bond0
[  286.986862][ T7687] 8021q: adding VLAN 0 to HW filter on device team0
[  287.021307][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.028545][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.079791][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.087089][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.309407][   T51] Bluetooth: hci1: command tx timeout
[  287.710853][ T7878] loop4: detected capacity change from 0 to 4096
[  287.751850][ T7878] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  287.892164][ T7687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  287.902825][ T7878] ntfs3: loop4: Inode r=19 is not in use!
[  287.935355][ T7878] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  288.080578][ T7878] [syz.4.494/7878] FS: loop4 File: /file0/file1 would truncate fibmap result
[  289.453237][ T5817] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  289.564774][ T7916] Driver unsupported XDP return value 0 on prog  (id 29) dev N/A, expect packet loss!
[  289.591889][ T7687] veth0_vlan: entered promiscuous mode
[  289.656037][ T5817] usb 5-1: Using ep0 maxpacket: 8
[  289.656762][ T7687] veth1_vlan: entered promiscuous mode
[  289.668514][ T5817] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  289.687366][ T5817] usb 5-1: config 179 has no interface number 0
[  289.706472][ T5817] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  289.756525][ T5817] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  289.770700][ T7687] veth0_macvtap: entered promiscuous mode
[  289.799842][ T7687] veth1_macvtap: entered promiscuous mode
[  289.812668][ T5817] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  289.836016][ T5817] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  289.852080][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  289.874535][ T5817] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  289.897107][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  289.902981][ T5817] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  289.915515][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  289.932946][ T5817] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.948906][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  289.955445][ T7906] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  289.972760][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  289.991828][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.007117][ T7687] batman_adv: batadv0: Interface activated: batadv_slave_0
[  290.042333][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.065010][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.079572][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.110604][    T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  290.122905][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.146944][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.170728][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.231848][ T7687] batman_adv: batadv0: Interface activated: batadv_slave_1
[  290.257287][ T7687] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  290.276830][ T7687] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  290.303165][ T7687] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  290.310553][ T5817] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input11
[  290.324066][ T7687] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  290.333198][    T8] usb 4-1: Using ep0 maxpacket: 8
[  290.361825][    T8] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  290.383074][    T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  290.423688][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  290.484734][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  290.548711][ T5853] usb 5-1: USB disconnect, device number 6
[  290.548720][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  290.565933][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  290.566971][    T8] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  290.636509][    T8] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  290.680192][ T5853] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  290.699527][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.740753][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.798483][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.869501][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.884207][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.976684][    T8] usb 4-1: GET_CAPABILITIES returned 0
[  290.982262][    T8] usbtmc 4-1:16.0: can't read capabilities
[  291.204368][ T5817] usb 4-1: USB disconnect, device number 7
[  292.054837][ T7950] loop4: detected capacity change from 0 to 32768
[  292.245268][ T7950] JBD2: Ignoring recovery information on journal
[  292.383663][ T5853] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  292.450561][ T7950] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  292.623931][ T5853] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  292.643317][ T5853] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  292.671660][ T5853] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  292.735571][ T5853] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice=20.41
[  292.766651][ T5853] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  292.793836][ T5853] usb 6-1: Product: syz
[  292.798070][ T5853] usb 6-1: Manufacturer: syz
[  292.823368][ T5853] usb 6-1: SerialNumber: syz
[  292.856675][ T7988] syz.4.507 (7988) used greatest stack depth: 19824 bytes left
[  293.086030][ T5853] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  293.100147][ T6733] ocfs2: Unmounting device (7,4) on (node local)
[  293.341117][  T966] usb 6-1: USB disconnect, device number 2
[  293.373541][  T966] usblp0: removed
[  293.614805][ T8013] netlink: 'syz.1.522': attribute type 5 has an invalid length.
[  293.683224][ T8013] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  293.692100][ T8013] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  293.701068][ T8013] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  293.710085][ T8013] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  293.781691][ T8013] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  293.791175][ T8013] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  293.800342][ T8013] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  293.809560][ T8013] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  293.953255][ T8017] netlink: 'syz.1.522': attribute type 5 has an invalid length.
[  294.029585][ T8017] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  294.039025][ T8017] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  294.048246][ T8017] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  294.048707][ T8033] loop3: detected capacity change from 0 to 512
[  294.057467][ T8017] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  294.079881][ T5810] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  294.081916][ T8033] EXT4-fs: Ignoring removed nobh option
[  294.109321][ T8017] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  294.118416][ T8017] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  294.127494][ T8017] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  294.136430][ T8017] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  294.150669][ T8033] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  294.220413][ T8033] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  294.236635][ T8033] EXT4-fs (loop3): 1 truncate cleaned up
[  294.244946][ T8033] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.276462][ T8038] loop5: detected capacity change from 0 to 256
[  294.295690][ T5810] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.341799][ T5810] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=20.40
[  294.380902][ T5810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.404869][ T8033] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2969: inode #15: comm syz.3.526: corrupted xattr block 33: invalid header
[  294.405536][ T5810] usb 5-1: Product: syz
[  294.441242][ T8033] EXT4-fs (loop3): Remounting filesystem read-only
[  294.450708][ T5810] usb 5-1: Manufacturer: syz
[  294.455696][ T5810] usb 5-1: SerialNumber: syz
[  294.493053][ T8033] EXT4-fs warning (device loop3): ext4_evict_inode:272: xattr delete (err -117)
[  294.604684][ T5761] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.789796][   T51] Bluetooth: hci0: unexpected event for opcode 0x2007
[  295.109154][ T8056] loop3: detected capacity change from 0 to 512
[  295.153074][ T8056] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  295.251204][ T8056] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  295.277299][ T5810] cdc_ncm 5-1:1.0: failed to get mac address
[  295.332255][ T8056] ext4 filesystem being mounted at /129/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  295.680947][ T5810] cdc_ncm 5-1:1.0: bind() failure
[  295.707043][ T5810] cdc_ncm: probe of 5-1:1.1 failed with error -71
[  295.723953][ T5810] cdc_mbim: probe of 5-1:1.1 failed with error -71
[  295.740873][ T5810] usbtest: probe of 5-1:1.1 failed with error -71
[  295.755752][ T5810] usb 5-1: USB disconnect, device number 7
[  295.779391][ T8072] loop5: detected capacity change from 0 to 4096
[  295.852252][ T5761] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.949310][ T8076] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  296.123920][ T8081] loop5: detected capacity change from 4096 to 64
[  296.141493][ T8076] segctord: attempt to access beyond end of device
[  296.141493][ T8076] loop5: rw=2049, sector=384, nr_sectors = 32 limit=64
[  296.171741][ T8076] NILFS (loop5): I/O error writing log (start-blocknr=48, block-count=4) in segment 3
[  296.227903][ T8083] syz.5.537: attempt to access beyond end of device
[  296.227903][ T8083] loop5: rw=0, sector=288, nr_sectors = 8 limit=64
[  296.259798][ T8083] NILFS (loop5): I/O error reading meta-data file (ino=3, block-offset=226)
[  296.271217][ T8083] NILFS (loop5): error -5 truncating bmap (ino=15)
[  296.285419][ T8076] segctord: attempt to access beyond end of device
[  296.285419][ T8076] loop5: rw=2049, sector=312, nr_sectors = 72 limit=64
[  296.315735][ T8076] segctord: attempt to access beyond end of device
[  296.315735][ T8076] loop5: rw=2049, sector=384, nr_sectors = 32 limit=64
[  296.333025][    T8] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  296.386240][ T8076] NILFS (loop5): I/O error writing log (start-blocknr=39, block-count=9) in segment 2
[  296.398567][ T8076] NILFS (loop5): I/O error writing log (start-blocknr=48, block-count=4) in segment 3
[  296.419474][ T8089] netlink: 'syz.4.539': attribute type 5 has an invalid length.
[  296.435373][ T8090] overlayfs: failed to clone upperpath
[  296.459751][ T8089] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  296.469015][ T8089] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  296.477972][ T8089] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  296.486878][ T8089] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  296.526288][ T8089] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.535333][ T8089] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.544324][ T8089] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.553373][ T8089] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.563418][    T8] usb 4-1: Using ep0 maxpacket: 8
[  296.585172][    T8] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  296.596189][    T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  296.619516][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  296.630396][    T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 10982, setting to 1024
[  296.655152][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  296.665571][    T8] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  296.685885][    T8] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  296.695284][ T8091] netlink: 'syz.4.539': attribute type 5 has an invalid length.
[  296.701475][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.716813][ T8091] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  296.725715][ T8091] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  296.734633][ T8091] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  296.743570][ T8091] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  296.761079][ T8091] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.770321][ T8091] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.779707][ T8091] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.788894][ T8091] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  296.942375][    T8] usb 4-1: GET_CAPABILITIES returned 0
[  296.953328][    T8] usbtmc 4-1:16.0: can't read capabilities
[  297.154964][ T8101] loop4: detected capacity change from 0 to 2048
[  297.167834][   T59] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.191540][ T8101] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  297.232586][ T8101] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  297.354682][   T59] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.487401][   T59] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.658602][   T59] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.662405][    T8] usb 4-1: USB disconnect, device number 8
[  298.263765][    T8] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  298.446928][ T8114] loop4: detected capacity change from 0 to 32768
[  298.464788][    T8] usb 4-1: Using ep0 maxpacket: 32
[  298.504863][    T8] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  298.516948][    T8] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  298.563230][    T8] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  298.578319][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  298.601851][    T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  298.640891][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  298.684403][    T8] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  298.694729][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.720959][    T8] usb 4-1: config 0 descriptor??
[  298.727573][ T8114] UFO tlock:0xffffc9000286a0d8
[  298.789625][ T8114] non-latin1 character 0x637c found in JFS file name
[  298.797168][ T8114] mount with iocharset=utf8 to access
[  298.963973][    T8] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  299.726726][ T5817] usb 4-1: USB disconnect, device number 9
[  299.752281][ T5817] usblp0: removed
[  299.899339][ T8143] loop4: detected capacity change from 0 to 512
[  300.022095][ T8143] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.067263][ T8143] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  300.250498][   T59] hsr_slave_0: left promiscuous mode
[  300.257801][   T59] hsr_slave_1: left promiscuous mode
[  300.269676][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.279559][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.283256][ T6733] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.318546][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.328057][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.343968][   T59] bridge_slave_1: left allmulticast mode
[  300.355430][   T59] bridge_slave_1: left promiscuous mode
[  300.370436][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.398544][   T59] bridge_slave_0: left allmulticast mode
[  300.423649][   T59] bridge_slave_0: left promiscuous mode
[  300.443105][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.443617][ T8163] netlink: 80 bytes leftover after parsing attributes in process `syz.4.553'.
[  300.515611][   T59] veth1_macvtap: left promiscuous mode
[  300.521396][   T59] veth0_macvtap: left promiscuous mode
[  300.535011][   T59] veth1_vlan: left promiscuous mode
[  300.540514][   T59] veth0_vlan: left promiscuous mode
[  303.127219][   T59] team0 (unregistering): Port device team_slave_1 removed
[  303.197581][   T59] team0 (unregistering): Port device team_slave_0 removed
[  303.260587][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.303369][ T5810] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  303.337833][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  303.495367][ T5810] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.506620][ T5810] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  303.516311][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.528062][ T5810] usb 4-1: config 0 descriptor??
[  303.777654][ T5810] usbhid 4-1:0.0: can't add hid device: -71
[  303.805399][ T5810] usbhid: probe of 4-1:0.0 failed with error -71
[  303.814528][ T5810] usb 4-1: USB disconnect, device number 10
[  304.065890][   T59] bond0 (unregistering): Released all slaves
[  304.211687][ T8163] netlink: 80 bytes leftover after parsing attributes in process `syz.4.553'.
[  304.354574][ T5810] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  304.577091][ T5810] usb 4-1: Using ep0 maxpacket: 32
[  304.607201][ T5810] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.651711][ T5810] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  304.683039][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.717942][ T5810] usb 4-1: config 0 descriptor??
[  304.758136][ T5810] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  304.801952][ T5810] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  304.921379][ T8176] loop4: detected capacity change from 0 to 32768
[  304.983854][ T8176] (syz.4.559,8176,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  305.011151][    C0] ldusb 4-1:0.0: Ring buffer overflow, 8 bytes dropped
[  305.060240][ T8176] (syz.4.559,8176,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  305.142184][ T8176] JBD2: Ignoring recovery information on journal
[  305.280839][ T8176] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  305.353811][    C1] ldusb 4-1:0.0: Ring buffer overflow, 8 bytes dropped
[  305.609412][   T28] audit: type=1800 audit(1770745237.699:14): pid=8176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.559" name="file1" dev="loop4" ino=16979 res=0 errno=0
[  305.768607][ T8176] syz.4.559 (8176) used greatest stack depth: 19344 bytes left
[  305.898180][ T6733] ocfs2: Unmounting device (7,4) on (node local)
[  306.472726][ T5810] usb 4-1: USB disconnect, device number 11
[  306.514395][ T5810] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  307.259069][ T8224] loop4: detected capacity change from 0 to 32768
[  307.316030][ T8224] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  307.474920][ T8224] XFS (loop4): Ending clean mount
[  309.021293][ T6733] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  309.067661][ T8267] netlink: 'syz.1.580': attribute type 12 has an invalid length.
[  309.114674][ T8267] netlink: 'syz.1.580': attribute type 29 has an invalid length.
[  309.122481][ T8267] netlink: 148 bytes leftover after parsing attributes in process `syz.1.580'.
[  309.158665][ T8267] netlink: 'syz.1.580': attribute type 2 has an invalid length.
[  309.199280][ T8267] netlink: 'syz.1.580': attribute type 3 has an invalid length.
[  309.238503][ T8267] netlink: 11 bytes leftover after parsing attributes in process `syz.1.580'.
[  309.952826][ T8280] input: syz0 as /devices/virtual/input/input12
[  310.107946][   T51] Bluetooth: hci4: unexpected event 0x3c length: 10 > 7
[  310.603552][   T27] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  310.830407][   T27] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  310.856389][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.870372][   T27] usb 4-1: Product: syz
[  310.874764][   T27] usb 4-1: Manufacturer: syz
[  310.879968][   T27] usb 4-1: SerialNumber: syz
[  310.891028][   T27] usb 4-1: config 0 descriptor??
[  310.907263][   T27] gspca_main: sunplus-2.14.0 probing 055f:c230
[  311.549283][   T27] gspca_sunplus: reg_r err -71
[  311.564519][   T27] sunplus: probe of 4-1:0.0 failed with error -71
[  311.588873][   T27] usb 4-1: USB disconnect, device number 12
[  312.394360][ T8348] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  313.086617][ T8372] netlink: 40 bytes leftover after parsing attributes in process `syz.1.595'.
[  313.132629][ T8372] ip6gre1: entered promiscuous mode
[  313.140561][ T5775] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  313.153131][ T8372] ip6gre1: entered allmulticast mode
[  313.158987][ T5775] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  313.167990][ T5775] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  313.177174][ T5775] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  313.209655][ T5775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  313.224147][ T5775] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  313.426186][ T8382] loop3: detected capacity change from 0 to 2048
[  313.476399][ T8382] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  313.980471][ T8373] chnl_net:caif_netlink_parms(): no params data found
[  314.066364][ T8403] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  314.290397][ T8373] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.353105][ T8373] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.371058][ T8373] bridge_slave_0: entered allmulticast mode
[  314.404646][ T8373] bridge_slave_0: entered promiscuous mode
[  314.430778][ T8373] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.460855][ T8373] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.494070][ T8373] bridge_slave_1: entered allmulticast mode
[  314.531554][ T8373] bridge_slave_1: entered promiscuous mode
[  314.676276][ T8373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  314.708260][ T8373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  314.795753][ T8373] team0: Port device team_slave_0 added
[  314.812082][ T8373] team0: Port device team_slave_1 added
[  314.892592][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_0
[  314.912432][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  314.966421][ T8373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  314.992083][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_1
[  315.009932][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  315.074168][ T8373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  315.209133][ T8419] loop3: detected capacity change from 0 to 32768
[  315.228452][ T8373] hsr_slave_0: entered promiscuous mode
[  315.243111][ T8419] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.603 (8419)
[  315.265608][ T8373] hsr_slave_1: entered promiscuous mode
[  315.303985][ T5775] Bluetooth: hci1: command tx timeout
[  315.318005][ T8419] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  315.354718][ T8419] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  315.412244][ T8419] BTRFS info (device loop3): enabling auto defrag
[  315.443040][ T8419] BTRFS info (device loop3): use no compression
[  315.449413][ T8419] BTRFS info (device loop3): force clearing of disk cache
[  315.464532][ T8419] BTRFS info (device loop3): max_inline at 4096
[  315.473274][ T8419] BTRFS info (device loop3): disabling free space tree
[  315.597678][ T8419] BTRFS info (device loop3): enabling ssd optimizations
[  315.622144][ T8419] BTRFS info (device loop3): auto enabling async discard
[  315.676981][ T8419] BTRFS info (device loop3): rebuilding free space tree
[  315.766842][ T8373] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  315.780927][ T8419] BTRFS info (device loop3): disabling free space tree
[  315.805650][ T8419] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  315.819739][ T8373] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  315.838697][ T8419] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  315.861009][ T8373] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  315.888074][ T8373] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  316.045238][ T5761] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  316.213807][ T8462] netlink: 4 bytes leftover after parsing attributes in process `syz.1.613'.
[  316.247430][ T8373] 8021q: adding VLAN 0 to HW filter on device bond0
[  316.304293][ T8466] netlink: 40 bytes leftover after parsing attributes in process `syz.3.606'.
[  316.396053][ T8466] ip6gre1: entered promiscuous mode
[  316.438316][ T8466] ip6gre1: entered allmulticast mode
[  316.503607][ T5775] Bluetooth: hci3: command 0x1003 tx timeout
[  316.513834][   T51] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  316.518683][ T8462] nbd: socks must be embedded in a SOCK_ITEM attr
[  316.530105][ T8373] 8021q: adding VLAN 0 to HW filter on device team0
[  316.596057][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.603556][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.633994][ T5988] block nbd64: NBD_DISCONNECT
[  316.712324][ T6228] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.719578][ T6228] bridge0: port 2(bridge_slave_1) entered forwarding state
[  317.353566][    T8] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  318.204066][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  318.210449][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  318.217222][   T51] Bluetooth: hci1: command tx timeout
[  318.295624][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  318.313353][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  318.327035][    T8] usb 4-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00
[  318.336629][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.374679][    T8] usb 4-1: config 0 descriptor??
[  318.616506][ T8373] 8021q: adding VLAN 0 to HW filter on device batadv0
[  318.807271][    T8] pantherlord 0003:0F30:0111.0006: item fetching failed at offset 2/5
[  318.853948][    T8] pantherlord 0003:0F30:0111.0006: parse failed
[  318.863852][    T8] pantherlord: probe of 0003:0F30:0111.0006 failed with error -22
[  319.065504][    T8] usb 4-1: USB disconnect, device number 13
[  319.631731][ T8373] veth0_vlan: entered promiscuous mode
[  319.681781][ T8373] veth1_vlan: entered promiscuous mode
[  319.835732][ T8373] veth0_macvtap: entered promiscuous mode
[  319.887969][ T8373] veth1_macvtap: entered promiscuous mode
[  319.945810][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.003394][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.024068][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.047113][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.077711][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  320.098650][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  320.873089][   T51] Bluetooth: hci1: command tx timeout
[  320.989451][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_0
[  321.049333][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.072749][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.102255][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.148127][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.171920][ T8373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.202610][ T8373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.227468][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_1
[  321.259024][ T8373] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  321.290342][ T8373] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  321.306330][ T8373] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  321.318703][ T8373] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  321.375825][ T8558] loop4: detected capacity change from 0 to 256
[  321.642713][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  321.663615][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  321.793596][ T6228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  321.820269][ T6228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  321.988312][ T8572] netlink: 8 bytes leftover after parsing attributes in process `syz.6.586'.
[  322.180064][ T8577] netlink: 40 bytes leftover after parsing attributes in process `syz.6.627'.
[  322.904788][   T51] Bluetooth: hci1: command tx timeout
[  323.559936][ T8597] loop6: detected capacity change from 0 to 65536
[  323.657574][ T8597] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  323.762032][ T8597] XFS (loop6): Ending clean mount
[  323.815151][ T8597] XFS (loop6): Quotacheck needed: Please wait.
[  324.038424][ T8597] XFS (loop6): Quotacheck: Done.
[  324.193232][   T28] audit: type=1326 audit(1770745256.269:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8620 comm="syz.3.638" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbb2a19bf79 code=0x0
[  324.749913][ T8373] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  325.139454][ T8625] loop4: detected capacity change from 0 to 32768
[  325.261938][ T8625] JBD2: Ignoring recovery information on journal
[  325.453179][ T8625] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  325.459379][ T8648] geneve3: entered promiscuous mode
[  325.650490][ T8653] netlink: 24 bytes leftover after parsing attributes in process `syz.3.645'.
[  325.715893][ T8653] ip6gre2: entered promiscuous mode
[  325.721601][ T8653] ip6gre2: entered allmulticast mode
[  325.771689][   T28] audit: type=1800 audit(1770745257.859:16): pid=8625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.639" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  326.086836][ T6733] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #1056 has bad signature 
[  326.125076][ T6733] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  326.159960][ T6733] OCFS2: File system is now read-only.
[  326.177671][ T6733] (syz-executor,6733,1):_ocfs2_free_suballoc_bits:2489 ERROR: status = -30
[  326.214138][ T6733] (syz-executor,6733,1):_ocfs2_free_clusters:2583 ERROR: status = -30
[  326.246777][ T6733] (syz-executor,6733,0):ocfs2_sync_local_to_main:1001 ERROR: status = -30
[  326.281966][ T6733] (syz-executor,6733,0):ocfs2_sync_local_to_main:1013 ERROR: status = -30
[  326.330960][ T6733] (syz-executor,6733,0):ocfs2_shutdown_local_alloc:449 ERROR: status = -30
[  326.389309][ T6733] ocfs2: Unmounting device (7,4) on (node local)
[  326.614920][ T8685] loop3: detected capacity change from 0 to 256
[  326.662630][ T5765] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  327.080149][ T8697] loop4: detected capacity change from 0 to 512
[  327.231220][ T8692] loop3: detected capacity change from 0 to 40427
[  327.232743][ T8697] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  327.248821][ T8692] F2FS-fs (loop3): Image doesn't support compression
[  327.255965][ T8692] F2FS-fs (loop3): heap/no_heap options were deprecated
[  327.265036][ T8692] F2FS-fs (loop3): invalid crc value
[  327.298377][ T8692] F2FS-fs (loop3): Found nat_bits in checkpoint
[  327.359272][ T8692] F2FS-fs (loop3): Start checkpoint disabled!
[  327.381604][ T8692] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  327.440840][ T8692] syz.3.655: attempt to access beyond end of device
[  327.440840][ T8692] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  327.455939][ T8692] syz.3.655: attempt to access beyond end of device
[  327.455939][ T8692] loop3: rw=2049, sector=53288, nr_sectors = 32 limit=40427
[  327.470305][ T8692] syz.3.655: attempt to access beyond end of device
[  327.470305][ T8692] loop3: rw=2049, sector=53328, nr_sectors = 32 limit=40427
[  327.484512][ T8692] syz.3.655: attempt to access beyond end of device
[  327.484512][ T8692] loop3: rw=2049, sector=53384, nr_sectors = 8 limit=40427
[  327.501479][ T8709] syz.3.655: attempt to access beyond end of device
[  327.501479][ T8709] loop3: rw=2049, sector=53416, nr_sectors = 24 limit=40427
[  327.551965][ T8697] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  327.568464][ T8697] ext4 filesystem being mounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  327.585035][ T8692] syz.3.655: attempt to access beyond end of device
[  327.585035][ T8692] loop3: rw=2049, sector=53472, nr_sectors = 8 limit=40427
[  327.599051][ T8692] syz.3.655: attempt to access beyond end of device
[  327.599051][ T8692] loop3: rw=2049, sector=53504, nr_sectors = 8 limit=40427
[  327.613293][ T8692] syz.3.655: attempt to access beyond end of device
[  327.613293][ T8692] loop3: rw=2049, sector=53544, nr_sectors = 16 limit=40427
[  327.671951][ T8709] syz.3.655: attempt to access beyond end of device
[  327.671951][ T8709] loop3: rw=0, sector=53552, nr_sectors = 8 limit=40427
[  328.012207][ T6733] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.127101][   T11] kworker/u4:0: attempt to access beyond end of device
[  328.127101][   T11] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  328.236809][   T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  328.287554][   T11] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  329.051116][   T28] audit: type=1326 audit(1770745261.139:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8735 comm="syz.4.664" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f34d919bf79 code=0x0
[  330.363095][   T27] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  330.583547][   T27] usb 4-1: Using ep0 maxpacket: 16
[  330.596616][   T27] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  330.612304][ T8761] overlayfs: failed to resolve './file0': -2
[  330.631766][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[  330.670611][   T27] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  330.717286][   T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.750290][   T27] usb 4-1: config 0 descriptor??
[  331.253812][   T27] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  331.853130][ T5853] usb 4-1: USB disconnect, device number 14
[  332.217764][ T8782] fido_id[8782]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  333.110006][ T8811] loop3: detected capacity change from 0 to 512
[  333.144767][   T11] wlan1: Trigger new scan to find an IBSS to join
[  333.179598][ T8811] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  333.238399][ T8811] EXT4-fs (loop3): 1 truncate cleaned up
[  333.275146][ T8811] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.420993][ T8811] EXT4-fs (loop3): shut down requested (2)
[  333.437464][ T8811] overlayfs: failed to create directory ./bus/work (errno: 5); mounting read-only
[  333.456451][ T8811] overlayfs: failed to get uuid (/file0, err=-5); falling back to uuid=null.
[  334.017864][ T5761] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.752570][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.1.681'.
[  334.796044][ T8833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.681'.
[  335.181557][ T8842] loop4: detected capacity change from 0 to 512
[  335.231194][ T8842] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  335.263513][ T8842] EXT4-fs (loop4): 1 truncate cleaned up
[  335.270847][ T8842] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  335.302161][ T8842] EXT4-fs (loop4): shut down requested (2)
[  335.312324][ T8842] overlayfs: failed to create directory ./bus/work (errno: 5); mounting read-only
[  335.322139][ T8842] overlayfs: failed to get uuid (/file0, err=-5); falling back to uuid=null.
[  335.717296][ T7151] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.791452][ T3473] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.863171][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  335.880088][ T5775] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  335.891299][ T5775] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  335.901833][ T5775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  335.910757][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  335.920496][ T5775] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  336.097341][ T3473] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.181642][ T8856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.695'.
[  336.254044][ T3473] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.291503][ T8856] netlink: 12 bytes leftover after parsing attributes in process `syz.1.695'.
[  336.548291][ T3473] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.648587][ T8865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'.
[  336.663235][ T5853] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  336.710651][ T8865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.699'.
[  336.883637][ T5853] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  336.898422][ T5853] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  336.934385][ T5853] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.956300][ T5853] usb 7-1: config 0 descriptor??
[  336.964973][ T5853] pwc: Askey VC010 type 2 USB webcam detected.
[  336.991550][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  337.004999][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  337.023764][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  337.034940][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  337.048328][   T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  337.056070][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  337.224806][   T59] wlan1: Trigger new scan to find an IBSS to join
[  337.285643][ T8853] chnl_net:caif_netlink_parms(): no params data found
[  337.389378][ T5853] pwc: recv_control_msg error -32 req 02 val 2b00
[  337.420234][ T5853] pwc: recv_control_msg error -32 req 02 val 2700
[  337.427713][ T5853] pwc: recv_control_msg error -32 req 02 val 2c00
[  337.435488][ T5853] pwc: recv_control_msg error -32 req 04 val 1000
[  337.449976][ T5853] pwc: recv_control_msg error -32 req 04 val 1300
[  337.664137][ T5853] pwc: recv_control_msg error -71 req 02 val 2000
[  337.681766][ T5853] pwc: recv_control_msg error -71 req 02 val 2100
[  337.698913][ T5853] pwc: recv_control_msg error -71 req 04 val 1500
[  337.726986][ T5853] pwc: recv_control_msg error -71 req 02 val 2500
[  337.750025][ T5853] pwc: recv_control_msg error -71 req 02 val 2400
[  337.769451][ T5853] pwc: recv_control_msg error -71 req 02 val 2600
[  337.787099][ T5853] pwc: recv_control_msg error -71 req 02 val 2900
[  337.804339][ T5853] pwc: recv_control_msg error -71 req 02 val 2800
[  337.826809][ T5853] pwc: recv_control_msg error -71 req 04 val 1100
[  337.848886][ T5853] pwc: recv_control_msg error -71 req 04 val 1200
[  337.895832][ T5853] pwc: Registered as video103.
[  337.909353][ T5853] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input13
[  337.988816][ T5853] usb 7-1: USB disconnect, device number 2
[  338.023903][   T51] Bluetooth: hci0: command tx timeout
[  338.168763][ T8853] bridge0: port 1(bridge_slave_0) entered blocking state
[  338.193777][ T8853] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.210172][ T8853] bridge_slave_0: entered allmulticast mode
[  338.224976][ T8853] bridge_slave_0: entered promiscuous mode
[  338.246713][ T8853] bridge0: port 2(bridge_slave_1) entered blocking state
[  338.265936][ T1072] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  338.266038][ T8853] bridge0: port 2(bridge_slave_1) entered disabled state
[  338.319228][ T8853] bridge_slave_1: entered allmulticast mode
[  338.338149][ T8853] bridge_slave_1: entered promiscuous mode
[  338.437664][ T8869] chnl_net:caif_netlink_parms(): no params data found
[  338.815892][ T8853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  339.005678][ T8853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  339.154956][   T51] Bluetooth: hci3: command tx timeout
[  339.385478][ T8869] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.393337][ T8869] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.401474][ T8869] bridge_slave_0: entered allmulticast mode
[  339.409038][ T8869] bridge_slave_0: entered promiscuous mode
[  339.428758][ T8853] team0: Port device team_slave_0 added
[  339.452655][   T27] IPVS: starting estimator thread 0...
[  339.542042][ T8869] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.549752][ T8915] IPVS: using max 24 ests per chain, 57600 per kthread
[  339.573341][ T8869] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.603709][ T8869] bridge_slave_1: entered allmulticast mode
[  339.611442][ T8869] bridge_slave_1: entered promiscuous mode
[  339.688206][ T8853] team0: Port device team_slave_1 added
[  339.789958][ T8869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  339.856771][ T8853] batman_adv: batadv0: Adding interface: batadv_slave_0
[  339.873352][ T8853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  339.944257][ T8853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  339.970257][ T8869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  339.991950][ T8901] loop6: detected capacity change from 0 to 40427
[  340.013554][ T8853] batman_adv: batadv0: Adding interface: batadv_slave_1
[  340.050132][ T8901] F2FS-fs (loop6): build fault injection attr: rate: 771, type: 0x7ffff
[  340.059981][ T8853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  340.104865][   T51] Bluetooth: hci0: command tx timeout
[  340.108909][ T8901] F2FS-fs (loop6): invalid crc value
[  340.144032][ T8853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  340.161480][ T8901] F2FS-fs (loop6): Found nat_bits in checkpoint
[  340.227196][ T3473] hsr_slave_0: left promiscuous mode
[  340.264878][ T3473] hsr_slave_1: left promiscuous mode
[  340.281292][ T3473] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  340.299790][ T3473] batman_adv: batadv0: Removing interface: batadv_slave_0
[  340.339234][ T8901] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  340.339265][ T3473] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  340.406195][ T3473] batman_adv: batadv0: Removing interface: batadv_slave_1
[  340.448468][ T3473] bridge_slave_1: left allmulticast mode
[  340.479171][ T3473] bridge_slave_1: left promiscuous mode
[  340.504524][ T3473] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.531046][ T3473] bridge_slave_0: left allmulticast mode
[  340.538079][ T3473] bridge_slave_0: left promiscuous mode
[  340.565189][ T3473] bridge0: port 1(bridge_slave_0) entered disabled state
[  340.780922][ T3473] veth1_macvtap: left promiscuous mode
[  340.797002][ T3473] veth0_macvtap: left promiscuous mode
[  340.802721][ T3473] veth1_vlan: left promiscuous mode
[  340.828170][ T8373] bio_check_eod: 1 callbacks suppressed
[  340.828187][ T8373] syz-executor: attempt to access beyond end of device
[  340.828187][ T8373] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  340.861267][ T3473] veth0_vlan: left promiscuous mode
[  340.907570][ T8373] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  341.223118][   T51] Bluetooth: hci3: command tx timeout
[  341.904544][ T8951] loop6: detected capacity change from 0 to 1024
[  342.130687][ T8953] loop6: detected capacity change from 0 to 4096
[  342.184158][   T51] Bluetooth: hci0: command tx timeout
[  342.206178][ T8953] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.465358][ T8373] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.713221][ T3473] team0 (unregistering): Port device team_slave_1 removed
[  342.835414][ T3473] team0 (unregistering): Port device team_slave_0 removed
[  342.912605][ T8962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  342.936490][ T3473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  342.953878][ T8962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  343.016246][ T3473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  343.302971][   T51] Bluetooth: hci3: command tx timeout
[  343.854673][ T3473] bond0 (unregistering): Released all slaves
[  344.140580][ T8869] team0: Port device team_slave_0 added
[  344.169088][ T8869] team0: Port device team_slave_1 added
[  344.265693][   T51] Bluetooth: hci0: command tx timeout
[  344.284408][ T8853] hsr_slave_0: entered promiscuous mode
[  344.323389][ T8853] hsr_slave_1: entered promiscuous mode
[  344.340522][ T8853] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  344.352607][ T8853] Cannot create hsr debugfs directory
[  344.614748][ T8869] batman_adv: batadv0: Adding interface: batadv_slave_0
[  344.621751][ T8869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.676831][ T8869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  344.702661][ T8869] batman_adv: batadv0: Adding interface: batadv_slave_1
[  344.717976][ T8869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.746578][ T8869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  344.808149][ T8979] batman_adv: batadv0: Adding interface: dummy0
[  344.814720][ T8979] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.843568][ T8979] batman_adv: batadv0: Interface activated: dummy0
[  345.178844][ T8869] hsr_slave_0: entered promiscuous mode
[  345.207620][ T8869] hsr_slave_1: entered promiscuous mode
[  345.239455][ T8869] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  345.248816][ T8869] Cannot create hsr debugfs directory
[  345.383244][   T51] Bluetooth: hci3: command tx timeout
[  345.457909][ T8995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.720'.
[  345.523029][ T8997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.720'.
[  345.928473][ T8853] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  345.960623][ T8853] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  345.993391][ T8853] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  346.004789][ T8853] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  346.091822][ T9013] netlink: 'syz.1.724': attribute type 10 has an invalid length.
[  346.122315][ T9013] 8021q: adding VLAN 0 to HW filter on device team0
[  346.142557][ T9013] bond0: (slave team0): Enslaving as an active interface with an up link
[  346.170938][ T9016] netlink: 'syz.1.724': attribute type 10 has an invalid length.
[  346.211634][ T9016] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  346.333950][ T8869] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  346.370279][ T8869] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  346.397842][ T8869] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  346.399630][ T9013] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  346.432580][ T8869] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  346.458760][ T9013] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  346.623192][ T8853] 8021q: adding VLAN 0 to HW filter on device bond0
[  346.731714][ T8853] 8021q: adding VLAN 0 to HW filter on device team0
[  346.806364][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  346.813556][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  346.844806][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  346.851954][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  347.107434][ T8869] 8021q: adding VLAN 0 to HW filter on device bond0
[  347.224910][ T8869] 8021q: adding VLAN 0 to HW filter on device team0
[  347.286485][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.293793][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  347.372179][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.379398][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  347.754061][ T9058] netlink: 4 bytes leftover after parsing attributes in process `syz.6.729'.
[  347.909827][ T8853] 8021q: adding VLAN 0 to HW filter on device batadv0
[  348.137695][ T8869] 8021q: adding VLAN 0 to HW filter on device batadv0
[  349.182196][ T8853] veth0_vlan: entered promiscuous mode
[  349.236313][ T8853] veth1_vlan: entered promiscuous mode
[  349.414830][ T8853] veth0_macvtap: entered promiscuous mode
[  349.445660][ T8853] veth1_macvtap: entered promiscuous mode
[  349.603164][ T8853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  349.644507][ T8853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.674143][ T8853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  349.703382][ T8853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.723224][ T8853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  349.750415][ T8853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.769858][ T8853] batman_adv: batadv0: Interface activated: batadv_slave_0
[  349.810259][ T8869] veth0_vlan: entered promiscuous mode
[  349.831831][ T8853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  349.850149][ T8853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.868387][ T8853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  349.886810][ T8853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.909289][ T8853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  349.921692][ T8853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  349.940191][ T8853] batman_adv: batadv0: Interface activated: batadv_slave_1
[  349.959589][ T8853] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  349.983378][ T8853] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  349.995358][ T8853] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  350.004653][ T8853] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  350.068019][ T8869] veth1_vlan: entered promiscuous mode
[  350.175430][ T8869] veth0_macvtap: entered promiscuous mode
[  350.222088][ T8869] veth1_macvtap: entered promiscuous mode
[  350.253399][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.261582][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  350.333908][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.341820][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  350.355454][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  350.369149][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.382324][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  350.393695][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.403963][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  350.414896][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.427780][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  350.446631][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.489821][ T8869] batman_adv: batadv0: Interface activated: batadv_slave_0
[  350.529203][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  350.550507][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.561178][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  350.573145][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.586041][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  350.654673][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.673869][ T8869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  350.694675][ T8869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  350.712449][ T8869] batman_adv: batadv0: Interface activated: batadv_slave_1
[  350.758093][ T8869] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  350.780993][ T8869] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  350.793206][ T8869] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  350.802311][ T8869] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  351.025794][ T5775] Bluetooth: hci0: unexpected cc 0x0c2d length: 5 > 4
[  351.141267][ T6228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  351.172097][ T6228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.273761][ T1072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  351.290834][ T1072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.614847][ T9146] netlink: 12 bytes leftover after parsing attributes in process `syz.8.696'.
[  351.783300][ T5775] Bluetooth: hci4: command 0x1003 tx timeout
[  351.792683][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  352.858509][ T9162] netlink: 14 bytes leftover after parsing attributes in process `syz.7.744'.
[  353.264273][ T9162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  353.362610][ T9162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  353.419340][ T9162] bond0 (unregistering): Released all slaves
[  353.720439][ T9176] overlayfs: failed to clone upperpath
[  354.057460][ T9182] loop7: detected capacity change from 0 to 4096
[  354.204452][ T9182] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  354.787093][ T8853] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.072816][   T51] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  355.086524][   T51] Bluetooth: hci0: Injecting HCI hardware error event
[  355.098041][ T5775] Bluetooth: hci0: hardware error 0x00
[  356.119315][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.7.753'.
[  357.303156][ T5775] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  357.324062][ T9250] syz_tun: entered allmulticast mode
[  357.418593][ T9249] syz_tun: left allmulticast mode
[  357.700304][ T9262] netlink: 152 bytes leftover after parsing attributes in process `syz.6.764'.
[  357.734660][ T9259] loop8: detected capacity change from 0 to 4096
[  357.876606][ T9259] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  358.404984][ T8869] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.586989][ T9278] netlink: 'syz.7.768': attribute type 6 has an invalid length.
[  358.650950][ T9278] netlink: 52 bytes leftover after parsing attributes in process `syz.7.768'.
[  358.690584][ T9282] netlink: 4 bytes leftover after parsing attributes in process `syz.8.770'.
[  358.886093][ T9284] sch_tbf: burst 1885 is lower than device lo mtu (65550) !
[  358.941000][ T9287] netlink: 12 bytes leftover after parsing attributes in process `syz.6.771'.
[  359.006955][ T9297] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  359.504966][ T9313] loop7: detected capacity change from 0 to 128
[  360.669699][ T9346] loop6: detected capacity change from 0 to 512
[  360.723213][ T9346] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  360.759622][ T9346] EXT4-fs (loop6): invalid journal inode
[  360.793036][ T9346] EXT4-fs (loop6): can't get journal size
[  360.842223][ T9346] EXT4-fs (loop6): 1 truncate cleaned up
[  360.913622][ T9346] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.313565][ T5855] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  361.515139][ T5855] usb 7-1: Using ep0 maxpacket: 32
[  361.554690][ T5855] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 143, changing to 11
[  361.592974][ T5855] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51035, setting to 1024
[  361.655196][ T5855] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  361.675098][ T5855] usb 7-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  361.708009][ T5855] usb 7-1: Product: syz
[  361.726803][ T5855] usb 7-1: Manufacturer: syz
[  361.754624][ T9346] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  361.774625][ T5855] hub 7-1:4.0: USB hub found
[  361.983143][ T5855] hub 7-1:4.0: 2 ports detected
[  362.552329][ T9385] loop7: detected capacity change from 0 to 128
[  363.199004][ T9396] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.435629][ T5855] usb 7-1: reset high-speed USB device number 3 using dummy_hcd
[  363.449559][ T9396] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.716956][ T9396] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.004246][ T9396] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.032682][ T8373] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.792194][ T5855] hub 7-1:4.0: set hub depth failed
[  364.799212][ T5817] usb 7-1: USB disconnect, device number 3
[  365.008272][ T9396] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  365.066350][ T9396] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  365.136624][ T9396] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  365.200494][ T9396] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  366.213221][ T5817] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  366.435519][ T5817] usb 7-1: Using ep0 maxpacket: 16
[  366.483027][ T5817] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  366.517672][ T5817] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  366.558661][ T5817] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.585177][ T5817] usb 7-1: Product: syz
[  366.605113][ T5817] usb 7-1: Manufacturer: syz
[  366.609963][ T5817] usb 7-1: SerialNumber: syz
[  366.648845][ T5817] usb 7-1: config 0 descriptor??
[  366.685254][ T5817] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  366.725006][ T5817] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  366.911738][ T9478] netlink: 'syz.8.813': attribute type 1 has an invalid length.
[  366.975052][ T9478] vlan2: entered allmulticast mode
[  366.990595][ T9478] veth0_to_bond: entered allmulticast mode
[  367.278540][ T5817] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  367.728049][ T5817] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  367.773016][ T5817] em28xx 7-1:0.0: board has no eeprom
[  367.921123][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.821'.
[  368.329454][ T9514] ptrace attach of "./syz-executor exec"[9516] was attempted by "./syz-executor exec"[9514]
[  368.926869][ T9452] em28xx 7-1:0.0: reading from i2c device at 0x1a4 failed (error=-5)
[  368.973724][ T5817] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  368.986881][ T5817] em28xx 7-1:0.0: dvb set to bulk mode.
[  369.010570][ T5810] em28xx 7-1:0.0: Binding DVB extension
[  369.036955][ T5817] usb 7-1: USB disconnect, device number 4
[  369.076514][ T5817] em28xx 7-1:0.0: Disconnecting em28xx
[  369.302421][ T5810] em28xx 7-1:0.0: Registering input extension
[  369.319517][ T5817] em28xx 7-1:0.0: Closing input extension
[  369.675824][ T5817] em28xx 7-1:0.0: Freeing device
[  370.184509][ T1089] wlan1: Trigger new scan to find an IBSS to join
[  372.326625][ T9601] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  374.641348][ T1072] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  375.071411][ T9628] netlink: 14 bytes leftover after parsing attributes in process `syz.1.847'.
[  375.220376][   T28] audit: type=1326 audit(1770745307.299:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9624 comm="syz.7.848" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e7359bf79 code=0x0
[  375.253512][ T3473] wlan1: Trigger new scan to find an IBSS to join
[  375.377847][ T9633] fuse: root generation should be zero
[  375.428698][ T9628] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  375.623944][ T9628] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  375.761618][ T9628] bond0 (unregistering): (slave team0): Releasing backup interface
[  376.077769][ T9628] bond0 (unregistering): (slave syz_tun): Releasing backup interface
[  376.089371][ T9642] loop8: detected capacity change from 0 to 2048
[  376.408751][ T9642] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  376.609796][   T11] wlan1: Creating new IBSS network, BSSID 7e:ce:cf:d4:79:41
[  376.777336][ T9628] bond0 (unregistering): Released all slaves
[  378.592175][ T9670] netlink: 16 bytes leftover after parsing attributes in process `syz.1.855'.
[  378.909733][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  378.917193][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  381.051943][ T9696] Bluetooth: MGMT ver 1.22
[  382.478744][ T9717] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  383.015189][ T9711] loop8: detected capacity change from 0 to 32768
[  383.074692][ T9711] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop8 scanned by syz.8.864 (9711)
[  383.139636][ T9711] BTRFS info (device loop8): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  383.191880][ T9711] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm
[  383.264859][ T9711] BTRFS info (device loop8): using free space tree
[  383.961742][ T9711] BTRFS info (device loop8): enabling ssd optimizations
[  384.027235][ T9711] BTRFS info (device loop8): auto enabling async discard
[  384.291216][ T9711] loop8: detected capacity change from 32768 to 0
[  384.326274][ T1089] kworker/u4:7: attempt to access beyond end of device
[  384.326274][ T1089] loop8: rw=6145, sector=10440, nr_sectors = 8 limit=0
[  384.388874][ T1089] BTRFS error (device loop8): bdev /dev/loop8 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  384.436928][ T1089] kworker/u4:7: attempt to access beyond end of device
[  384.436928][ T1089] loop8: rw=6145, sector=13440, nr_sectors = 8 limit=0
[  384.508591][ T1089] BTRFS error (device loop8): bdev /dev/loop8 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  384.569292][ T1089] kworker/u4:7: attempt to access beyond end of device
[  384.569292][ T1089] loop8: rw=6145, sector=13448, nr_sectors = 8 limit=0
[  384.631009][ T1089] BTRFS error (device loop8): bdev /dev/loop8 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0
[  384.667254][ T9771] BTRFS error (device loop8: state A): Transaction aborted (error -5)
[  384.693166][ T9771] BTRFS: error (device loop8: state A) in __btrfs_run_delayed_items:1161: errno=-5 IO failure
[  384.824111][ T9771] BTRFS info (device loop8: state EA): forced readonly
[  384.843154][ T9771] BTRFS warning (device loop8: state EA): Skipping commit of aborted transaction.
[  384.896043][ T9771] BTRFS: error (device loop8: state EA) in cleanup_transaction:2005: errno=-5 IO failure
[  384.991653][ T9771] BTRFS error (device loop8: state EMA): Remounting read-write after error is not allowed
[  385.399876][ T8869] BTRFS info (device loop8: state EA): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  388.018390][ T1097] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.395641][ T1097] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.446575][ T1097] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.740538][ T1097] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.641184][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  391.663069][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  391.716041][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  391.733728][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  391.741783][   T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  391.753429][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  393.135882][ T9877] netlink: 'syz.1.899': attribute type 1 has an invalid length.
[  393.780789][ T9877] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.863213][ T5775] Bluetooth: hci3: command tx timeout
[  394.021323][ T9879] 8021q: adding VLAN 0 to HW filter on device bond0
[  394.043633][ T9879] bond0: (slave vti0): The slave device specified does not support setting the MAC address
[  394.066920][ T9879] bond0: (slave vti0): Error -95 calling set_mac_address
[  394.161085][ T9880] bond0: (slave gretap1): making interface the new active one
[  394.194014][ T9880] bond0: (slave gretap1): Enslaving as an active interface with an up link
[  395.943591][ T5775] Bluetooth: hci3: command tx timeout
[  396.016409][ T9857] chnl_net:caif_netlink_parms(): no params data found
[  396.668268][ T1097] hsr_slave_0: left promiscuous mode
[  396.688130][ T1097] hsr_slave_1: left promiscuous mode
[  396.708234][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  396.726377][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_0
[  396.758744][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  396.772202][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_1
[  396.790340][ T1097] bridge_slave_1: left allmulticast mode
[  396.808898][ T1097] bridge_slave_1: left promiscuous mode
[  396.829871][ T1097] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.849519][ T1097] bridge_slave_0: left allmulticast mode
[  396.869756][ T1097] bridge_slave_0: left promiscuous mode
[  396.889339][ T1097] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.961432][ T1097] veth1_macvtap: left promiscuous mode
[  396.970334][ T1097] veth0_macvtap: left promiscuous mode
[  396.995793][ T1097] veth1_vlan: left promiscuous mode
[  397.025078][ T1097] veth0_vlan: left promiscuous mode
[  398.035428][ T5775] Bluetooth: hci3: command tx timeout
[  399.971114][ T1097] team0 (unregistering): Port device team_slave_1 removed
[  400.143134][ T5775] Bluetooth: hci3: command tx timeout
[  400.228309][ T1097] team0 (unregistering): Port device team_slave_0 removed
[  400.577686][ T1097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  401.078840][ T1097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  402.113456][ T1097] bond0 (unregistering): Released all slaves
[  402.288279][ T9928] bridge5: entered allmulticast mode
[  402.298575][ T9857] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.308198][ T9857] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.316948][ T9857] bridge_slave_0: entered allmulticast mode
[  402.335775][ T9857] bridge_slave_0: entered promiscuous mode
[  402.345604][ T9857] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.353061][ T9857] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.360487][ T9857] bridge_slave_1: entered allmulticast mode
[  402.369064][ T9857] bridge_slave_1: entered promiscuous mode
[  402.383071][ T9946] netlink: 'syz.6.909': attribute type 4 has an invalid length.
[  402.600655][ T9857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.639807][ T9857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  403.732297][ T9857] team0: Port device team_slave_0 added
[  403.770041][ T9857] team0: Port device team_slave_1 added
[  403.833978][ T9857] batman_adv: batadv0: Adding interface: batadv_slave_0
[  403.851930][ T9857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.947866][ T9857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.995043][ T9857] batman_adv: batadv0: Adding interface: batadv_slave_1
[  404.004459][ T9857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.101594][ T9857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  404.308961][ T9857] hsr_slave_0: entered promiscuous mode
[  404.340349][ T9857] hsr_slave_1: entered promiscuous mode
[  404.368262][ T9857] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  404.405253][ T9857] Cannot create hsr debugfs directory
[  405.446185][ T9857] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  405.479753][ T9857] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  405.507101][ T9857] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  405.548066][ T9857] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  405.850375][ T9857] 8021q: adding VLAN 0 to HW filter on device bond0
[  405.970762][ T9857] 8021q: adding VLAN 0 to HW filter on device team0
[  406.009062][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  406.016591][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  406.107171][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  406.116257][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  406.429217][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  406.678462][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  407.033433][T10056] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.042735][T10056] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.753401][T10083] __vm_enough_memory: pid: 10083, comm: syz.1.933, not enough memory for the allocation
[  408.953863][T10056] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  409.036803][T10056] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  409.283885][T10087] xt_CT: You must specify a L4 protocol and not use inversions on it
[  410.490205][T10056] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.511061][T10056] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.522560][T10056] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  410.549107][T10056] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.411317][ T9857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.369756][T10154] netlink: 'syz.6.949': attribute type 3 has an invalid length.
[  414.969683][ T9857] veth0_vlan: entered promiscuous mode
[  415.067243][ T9857] veth1_vlan: entered promiscuous mode
[  415.165212][ T9857] veth0_macvtap: entered promiscuous mode
[  415.208434][ T9857] veth1_macvtap: entered promiscuous mode
[  416.120046][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  416.131169][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  416.143773][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  416.155286][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  416.166509][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  416.180748][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  416.199888][ T9857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  416.225626][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  416.256520][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  416.293401][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  416.333005][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  416.359526][ T9857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  416.386531][ T9857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  416.409365][ T9857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  416.459372][ T9857] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  416.485904][ T9857] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  416.513077][ T9857] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  416.522351][ T9857] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  417.519677][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  417.555950][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  417.676372][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  417.718760][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  420.310388][T10226] netlink: 4 bytes leftover after parsing attributes in process `syz.1.962'.
[  420.339645][T10226] netlink: 28 bytes leftover after parsing attributes in process `syz.1.962'.
[  421.001301][T10226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0
[  421.039595][T10226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  421.051287][T10226] dummy0: entered promiscuous mode
[  421.062290][T10226] team0: entered promiscuous mode
[  421.075904][T10226] team_slave_0: entered promiscuous mode
[  421.082146][T10226] team_slave_1: entered promiscuous mode
[  421.100389][T10226] hsr1: Slave B (team0) is not up; please bring it up to get a fully working HSR network
[  421.359665][T10240] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  426.188169][T10298] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  427.651925][T10310] loop9: detected capacity change from 0 to 7
[  427.681141][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  427.690873][    C1] buffer_io_error: 122 callbacks suppressed
[  427.690881][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.771422][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.780870][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.798534][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.808366][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.827511][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.837544][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.847451][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.857197][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.866942][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.877433][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.886389][T10310] ldm_validate_partition_table(): Disk read failed.
[  428.895340][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.905039][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.917229][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.926737][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.935637][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.945226][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.955276][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  428.964710][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  428.973238][T10310] Dev loop9: unable to read RDB block 0
[  428.984173][T10310]  loop9: unable to read partition table
[  428.990616][T10310] loop9: partition table beyond EOD, truncated
[  428.996908][T10310] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  428.996908][T10310] 
) failed (rc=-5)
[  439.005592][ T6228] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  440.643542][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  440.663008][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  440.684857][   T42] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  446.727769][T10459] loop9: detected capacity change from 0 to 128
[  446.794214][T10459] FAT-fs (loop9): Unrecognized mount option "18446744073709551615���" or missing value
[  448.163066][ T5830] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  449.104230][ T5830] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  449.167827][ T5830] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  450.893751][T10500] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  451.355771][ T5830] usb 10-1: string descriptor 0 read error: -71
[  451.367802][ T5830] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  451.416623][ T5830] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  451.499900][ T5830] usb 10-1: can't set config #1, error -71
[  451.540489][ T5830] usb 10-1: USB disconnect, device number 2
[  451.736514][T10511] syzkaller0: entered promiscuous mode
[  451.760153][T10511] syzkaller0: entered allmulticast mode
[  455.127613][T10553] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  455.703957][   T29] INFO: task syz-executor:7687 blocked for more than 143 seconds.
[  455.738977][   T29]       Not tainted syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  455.790734][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  455.864965][   T29] task:syz-executor    state:D stack:21704 pid:7687  ppid:1      flags:0x00004002
[  456.063653][   T29] Call Trace:
[  456.067143][   T29]  <TASK>
[  456.070175][   T29]  __schedule+0x1553/0x45a0
[  456.153102][   T29]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  457.693932][   T29]  ? lock_chain_count+0x20/0x20
[  457.698875][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  457.750990][   T29]  ? asan.module_dtor+0x20/0x20
[  457.763097][   T29]  ? _raw_spin_unlock+0x40/0x40
[  457.768823][   T29]  ? prepare_to_wait_event+0x3db/0x470
[  457.786512][ T5768] Bluetooth: hci1: command 0x0406 tx timeout
[  457.833796][   T29]  ? prepare_to_wait_event+0x434/0x470
[  457.839432][   T29]  schedule+0xbd/0x170
[  457.844517][   T29]  wb_wait_for_completion+0x173/0x2a0
[  457.849963][   T29]  ? __bpf_trace_writeback_inode_template+0x100/0x100
[  457.858387][   T29]  ? wake_bit_function+0x200/0x200
[  457.865804][   T29]  sync_inodes_sb+0x1c9/0xa10
[  457.870772][   T29]  ? filemap_fdatawrite_range+0x160/0x160
[  457.878251][   T29]  ? try_to_writeback_inodes_sb+0xc0/0xc0
[  457.884932][   T29]  ? nilfs_put_super+0x150/0x150
[  457.890163][   T29]  ? get_nr_dirty_inodes+0x1d4/0x220
[  457.896335][   T29]  sync_filesystem+0x171/0x220
[  457.901443][   T29]  generic_shutdown_super+0x6f/0x2b0
[  457.913043][   T29]  kill_block_super+0x44/0x90
[  457.917933][   T29]  deactivate_locked_super+0x97/0x100
[  457.928731][   T29]  cleanup_mnt+0x43b/0x4d0
[  457.949798][   T29]  task_work_run+0x1d4/0x260
[  457.963195][   T29]  ? task_work_cancel+0x220/0x220
[  457.968525][   T29]  ? do_exit+0x955/0x2460
[  457.974271][   T29]  ? kmem_cache_free+0xf8/0x270
[  457.980315][   T29]  do_exit+0x95a/0x2460
[  457.985529][   T29]  ? put_task_struct+0xc0/0xc0
[  457.990473][   T29]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  457.997746][   T29]  ? lock_chain_count+0x20/0x20
[  458.003853][   T29]  ? _raw_spin_lock_irq+0xbb/0xf0
[  458.009278][   T29]  ? _raw_spin_lock_irqsave+0x100/0x100
[  458.015538][   T29]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  458.022233][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  458.033351][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  458.040129][   T29]  do_group_exit+0x21b/0x2d0
[  458.045549][   T29]  __x64_sys_exit_group+0x3f/0x40
[  458.051581][   T29]  do_syscall_64+0x55/0xa0
[  458.057119][   T29]  ? clear_bhb_loop+0x40/0x90
[  458.062068][   T29]  ? clear_bhb_loop+0x40/0x90
[  458.067687][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  458.074210][   T29] RIP: 0033:0x7f0a19f9bf79
[  458.079653][   T29] RSP: 002b:00007ffc8b2cfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  458.103074][   T29] RAX: ffffffffffffffda RBX: 00007f0a1a031c9b RCX: 00007f0a19f9bf79
[  458.111119][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  458.132933][   T29] RBP: 000000000000000c R08: 0000000000000000 R09: 00007f0a1a031c3b
[  458.141064][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc8b2d0e40
[  458.167099][   T29] R13: 00007f0a1a031c3b R14: 0000555577b3c4e8 R15: 00007ffc8b2d1f10
[  458.176047][   T29]  </TASK>
[  458.179822][   T29] 
[  458.179822][   T29] Showing all locks held in the system:
[  458.333490][   T29] 3 locks held by kworker/0:1/9:
[  458.340601][   T29]  #0: ffff8880b8e3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa9/0x140
[  458.422444][   T29]  #1: ffff8880b8e289c0 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2176/0x45a0
[  458.493991][   T29]  #2: ffffffff8d2140e8 (vmap_purge_lock){+.+.}-{3:3}, at: drain_vmap_area_work+0x32/0xd0
[  458.560041][   T29] 2 locks held by kworker/u4:1/12:
[  458.583484][   T29] 1 lock held by khungtaskd/29:
[  458.588695][   T29]  #0: ffffffff8d131fe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[  458.640987][   T29] 3 locks held by kworker/u4:5/1072:
[  458.692959][   T29] 1 lock held by dhcpcd/5432:
[  458.714457][   T29]  #0: ffff8880b8e3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa9/0x140
[  458.753401][   T29] 2 locks held by getty/5526:
[  458.763287][   T29]  #0: ffff88802d8a70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  458.793266][   T29]  #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390
[  458.841477][   T29] 1 lock held by syz.1.433/7615:
[  458.855486][   T29] 2 locks held by syz-executor/7687:
[  458.874235][   T29]  #0: ffff88802ed600e0 (&type->s_umount_key#114){+.+.}-{3:3}, at: deactivate_super+0xa4/0xe0
[  458.926261][   T29]  #1: ffff888021c707d0 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x1ad/0xa10
[  458.947625][   T29] 1 lock held by syz-executor/8853:
[  458.983771][   T29]  #0: ffffffff8e3c0188 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0
[  459.001159][   T29] 1 lock held by syz-executor/9857:
[  459.023322][   T29] 5 locks held by syz.6.1021/10560:
[  459.028936][   T29]  #0: ffff88807ba34e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x212/0x500
[  459.073437][   T29]  #1: ffff88807ba340b8 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x4c9/0xfa0
[  459.093320][   T29]  #2: ffffffff8e52d728 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa1/0x220
[  459.111896][   T29]  #3: ffff88802f6ccb38 (&conn->lock#2){+.+.}-{3:3}, at: l2cap_conn_del+0x70/0x660
[  459.124178][   T29]  #4: ffffffff8d1379b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3da/0x880
[  459.141480][   T29] 2 locks held by dhcpcd/10573:
[  459.147625][   T29]  #0: ffff888079e04130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  459.160075][   T29]  #1: ffffffff8d1379b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880
[  459.176954][   T29] 
[  459.202241][   T29] =============================================
[  459.202241][   T29] 
[  459.264343][   T29] NMI backtrace for cpu 0
[  459.269462][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  459.277431][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  459.289355][   T29] Call Trace:
[  459.292677][   T29]  <TASK>
[  459.296168][   T29]  dump_stack_lvl+0x18c/0x250
[  459.301229][   T29]  ? show_regs_print_info+0x20/0x20
[  459.306640][   T29]  ? load_image+0x400/0x400
[  459.312078][   T29]  nmi_cpu_backtrace+0x3a6/0x3e0
[  459.317657][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[  459.324308][   T29]  ? _printk+0xde/0x130
[  459.328926][   T29]  ? load_image+0x400/0x400
[  459.333681][   T29]  ? load_image+0x400/0x400
[  459.338289][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  459.344474][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[  459.350577][   T29]  watchdog+0xf3d/0xf80
[  459.355198][   T29]  ? watchdog+0x1e1/0xf80
[  459.359728][   T29]  kthread+0x2fa/0x390
[  459.363794][   T29]  ? hungtask_pm_notify+0x90/0x90
[  459.369178][   T29]  ? kthread_blkcg+0xd0/0xd0
[  459.373853][   T29]  ret_from_fork+0x48/0x80
[  459.378267][   T29]  ? kthread_blkcg+0xd0/0xd0
[  459.382863][   T29]  ret_from_fork_asm+0x11/0x20
[  459.387658][   T29]  </TASK>
[  459.391785][   T29] Sending NMI from CPU 0 to CPUs 1:
[  459.397205][    C1] NMI backtrace for cpu 1
[  459.397216][    C1] CPU: 1 PID: 6228 Comm: kworker/u4:11 Not tainted syzkaller #0
[  459.397231][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  459.397239][    C1] Workqueue: bat_events batadv_nc_worker
[  459.397264][    C1] RIP: 0010:__rcu_read_unlock+0x62/0xd0
[  459.397288][    C1] Code: 75 1d 4c 8d b7 40 04 00 00 4c 89 f0 48 c1 e8 03 42 0f b6 04 38 84 c0 75 5f 41 83 3e 00 75 20 43 0f b6 04 3c 84 c0 75 3a 8b 03 <3d> 00 00 00 40 73 0a 5b 41 5c 41 5d 41 5e 41 5f c3 0f 0b eb f2 e8
[  459.397300][    C1] RSP: 0018:ffffc90004157b30 EFLAGS: 00000246
[  459.397312][    C1] RAX: 0000000000000000 RBX: ffff888023f7c03c RCX: ffff888023f7bc00
[  459.397322][    C1] RDX: 0000000000000000 RSI: ffffffff8b1c81c0 RDI: ffff888023f7bc00
[  459.397331][    C1] RBP: fffffffffffffe38 R08: dffffc0000000000 R09: 1ffffffff2237ea0
[  459.397342][    C1] R10: dffffc0000000000 R11: fffffbfff2237ea1 R12: 1ffff110047ef807
[  459.397352][    C1] R13: ffffffff8a4bcb32 R14: ffff888023f7c040 R15: dffffc0000000000
[  459.397363][    C1] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  459.397375][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  459.397384][    C1] CR2: 00007ffd6adf0d74 CR3: 00000000192d6000 CR4: 00000000003506e0
[  459.397397][    C1] Call Trace:
[  459.397402][    C1]  <TASK>
[  459.397409][    C1]  ? batadv_nc_worker+0xd2/0x610
[  459.397427][    C1]  batadv_nc_worker+0x282/0x610
[  459.397448][    C1]  ? process_scheduled_works+0x96f/0x15d0
[  459.397466][    C1]  process_scheduled_works+0xa5d/0x15d0
[  459.397495][    C1]  ? assign_work+0x430/0x430
[  459.397514][    C1]  ? assign_work+0x3d0/0x430
[  459.397532][    C1]  worker_thread+0xa55/0xfc0
[  459.397549][    C1]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  459.397565][    C1]  ? _raw_spin_unlock+0x40/0x40
[  459.397588][    C1]  kthread+0x2fa/0x390
[  459.397601][    C1]  ? pr_cont_work+0x560/0x560
[  459.397617][    C1]  ? kthread_blkcg+0xd0/0xd0
[  459.397630][    C1]  ret_from_fork+0x48/0x80
[  459.397647][    C1]  ? kthread_blkcg+0xd0/0xd0
[  459.397660][    C1]  ret_from_fork_asm+0x11/0x20
[  459.397684][    C1]  </TASK>
[  459.622648][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[  459.635813][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  459.643363][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  459.653924][   T29] Call Trace:
[  459.657219][   T29]  <TASK>
[  459.660245][   T29]  dump_stack_lvl+0x18c/0x250
[  459.665370][   T29]  ? show_regs_print_info+0x20/0x20
[  459.671711][   T29]  ? load_image+0x400/0x400
[  459.676447][   T29]  panic+0x2dc/0x730
[  459.680453][   T29]  ? schedule_preempt_disabled+0x20/0x20
[  459.686294][   T29]  ? bpf_jit_dump+0xd0/0xd0
[  459.691176][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[  459.696848][   T29]  ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0
[  459.703044][   T29]  watchdog+0xf7c/0xf80
[  459.707317][   T29]  ? watchdog+0x1e1/0xf80
[  459.711847][   T29]  kthread+0x2fa/0x390
[  459.715963][   T29]  ? hungtask_pm_notify+0x90/0x90
[  459.721097][   T29]  ? kthread_blkcg+0xd0/0xd0
[  459.725716][   T29]  ret_from_fork+0x48/0x80
[  459.730479][   T29]  ? kthread_blkcg+0xd0/0xd0
[  459.735108][   T29]  ret_from_fork_asm+0x11/0x20
[  459.739920][   T29]  </TASK>
[  459.743464][   T29] Kernel Offset: disabled
[  459.747780][   T29] Rebooting in 86400 seconds..