last executing test programs:

19.310868703s ago: executing program 3 (id=2421):
r0 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3000000010001eff000000000000e75e498df361", @ANYRES32=0x0, @ANYBLOB="000000000000000079c2cacca2c68a1c0012800929433054f705a208267efd04000000000000006e64000000000c00038008000f00ff070000a7965e80bc2db7b7051f1c604fd211a243e331867bcca82b2e0070d4379f3b1b1bbca682efe5a200000000ea33bed9113689585d082a46db10314913b98930688b18ffe626"], 0x3c}}, 0x0)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000380)='./file0\x00', 0x18008, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="41fe52a9a8d145ae093b88e3d2218cc0d21d78f00c6f3bea2a4d667ff235a8fc1e"], 0xfe, 0x4bf, &(0x7f0000000d80)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUQWKo7FyxdunXhyrg1JC6NC4MxLEyQjZtZqTvMuW9zZyidGWlnKPP9EDj3nnnucM555s45ZzIjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHXn1cP+AtboVAACgmU6eHusfYv4HAKCtnGH/DwAA0E5Mnn6Tac+Fkp3wzwPZ49Nzly6PHxtd+rJOkyklz493f7MDg0P7Xxo+cDAql79+pW3TqdNnDvceLcxenM8Xi/nJ3vG56XOFyXzdz/Co11fb5Q9A7+yFS5NTU8Xewb1DFQ9f7r63bn1P98jwe0czUez4sdHR04mYdMd//t8f8LAVfkaeXpDp4+++sZOSUnr0sajx2lltnX4ndvmdGD826ndkZnpibsE9aKkwKlU5JplojJqQi0eSkly7LLMye7YOefpepiP7SnZKkheNw27/g+G62tMKabd1ldSnNZCzx9g6efpAplv7uvVGOK5+/jPS1VY3DqsuHd7/BSvZm/77gbuf3Nvm8bd6X5+bKiRiLRXeUWt9fmimx/y9KStPp/w7vmRj2tnq5qDJOuVpVqbMl5/46wr569KnRg7s2HkoucLYUuN5XOze8OaqZ07uCJcOlnJ/Vr5fqE/WPP0h09+/Zv3zvmgOkG7cX+7C35vSPKw28zQj0z/XSmZV+1Ivsb+PrfW5f3Xb35k9Wri4OD99/qOFJR/PZQ9/WFyYnzi39MPB3tVL1tTax1ZLNbYly1mw4/vs01J8XbgH+F9wVm7N14kNQV9VGUm+fuo5rnsX28A6yrXJzNNdmabe3xrMM8o1PDbtwOV/VKZi6SeLMh3mPx2cJfL/cnn8slZZxvzc/j/4XCtaS2w7u/lh9auRf9cml/93ZDry19bwM40g/15VrIvrkendm9vDuFTGxaWj7gTPODU9k+93sfdl2vhjFCs/NhfGbirHDrjYokyf36qMXR/Gbi7HDrrY2zLd+WXp2KfLsUMudtHl605vFJtzsTvC2J5y7N5zhZnJWsPq8j8o09vXX7Oozw/N/9XyXHCjqow9kPPlj1cq/92JuhthXs+G+U/XyP8XMi3+uT3qtz/20ctqg/9vOf9urfztzcrYaEO5sRw7UG+3Ws3lf4NM9165Hfc57Ft4Ws5QMv/PpCvLeFxblP8NibrusF2ZBseiHRUXr1yYmJnJz7fhget/VLNOUqvbwwEHj89Bq9+Z0Axu/h9zs/qwZ9E6Jpz/u4KzYGaP5umoHKkqYy2a/zcm6kbCdnakpezC7MWOLVK2uHhlz/TsxPn8+fzc0P7h/sFD+/uHDnZkosVd+ajusXsSuPzvlunaDz/H+5jK9d/S6/9cVRlrUf43JftUsa6peyjakst/l0zDd2/H+83l1v/R/r/v2coyvv9alP/NibrusF1dDY4FAAAAAAAAAAAAAAAAAKwlOfP0nEyXx1606DdE9Xz/b7KqjK3897+CHybX+P5XT6JusvHfNSglNfw16YYGGgAAAAAAAAAAoElS8vSVTM+rZNddRZd0IlniifZvAAAA//+HoUFt")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x840, 0x0)
r2 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000002000), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=<r4=>0x0, &(0x7f00000003c0))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0})
io_uring_enter(r2, 0x48e9, 0x0, 0x0, 0x0, 0x0)
ftruncate(r1, 0x1)
timer_create(0x0, 0x0, &(0x7f00000000c0))
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1}, 0xc)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f00000008c0)={0x73, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x35}}}, 0x0, 0x8, [{{0x2, 0x4e21, @rand_addr=0x64010101}}, {{0x2, 0x4e24, @local}}, {{0x2, 0x4e24, @rand_addr=0x64010101}}, {{0x2, 0x4e24, @empty}}, {{0x2, 0x4e24, @broadcast}}, {{0x2, 0x4e21, @private=0xa010102}}, {{0x2, 0x4e23, @remote}}, {{0x2, 0x4e23, @private=0xa010100}}]}, 0x490)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xd}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffca8}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r7, <r9=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r8}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r7, &(0x7f0000000780)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x9, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000001000000000000000000000085000000a000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$inet_buf(r5, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])

18.266182002s ago: executing program 3 (id=2422):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x4810, &(0x7f0000000140)=ANY=[], 0x11, 0x693, &(0x7f0000000880)="$eJzs3c1vHGcdB/DvrNcvm0qO26ZpQJUwjVQQEYkdK4VwSUAIBalCVThwthqnseKkwXFR2gNxAYkrB/6AcggXOIEQEhJSpHKGW8XN4lQJiUtPaQ8MmtlZe+3u2ptXO/TziWaf55ln5pnf/OZlXyJrAnxuXTiR9t10cuHEa7eq9sadhZWNOwvXevUkk0laSbtbpLieFB8k59Od8oVqZjNcMWw7v14+e/HDjzc+6rba2RqveukMD7A9yl6sN1Nmk4w15UPYNt4bDzbe5Fa12MxMlbDjvcTBfhtPUm7z46NbPYOUY32Nodc78PQouu+bfbrX/0xyKMlU7w1tvdvZevIR7um+7kXrjy8OAAAAODAO37ud3Mr0fscBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT5Pm+f9FM7V69dkUvef/T/Q9Y39in8MdbvfIpnqVu60nEQwAAAAAAAAAPF5fupffXSzL6V67LOr/83+5bhypX5/J27mZpazmZG5lMWtZy2rmk8z0DTRxa3FtbXW+t+anZVkOWfP0wDVPjxhw51HsNQAAAAAAAAD83zjXlD/LhUzvcywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBNkYx1i3o60qvPpNVOMpVkolpuPflHr/40u7vfAQAAAMATcPhe7uVWpnvtsqi/8x+tv/dP5e1cz1qWs5aVLOVS/VtA91t/a+POwsrGnYVr1fTZcb/9n636H6f3DKMeMd3fHgZv+Vi9RCeXs1zPOZk38lZWcimtes3KsV48g+N6r4qpONdVlqMl6FJTVnv+q6Y8GGbqjIxvZmSuia3KxrO7Z6L/6DzAlubT2vzl58h95Pzcrlsp/ts7Jod6c5Jnvr93zsfva2ceys5MnO47+47unonkK3/6/Y+urFy/eqVYP3FwTqP7MPmvratmZyYW+jLx4siZuHzz6czETq28sFm/kO/lhzmR2bye1SznJ1nMWpYym+/WtcXmfK5eZ3bP1Pltrdf3imKiOS5jO2L68uFuuVtML9frTmc5P8hbuZSlvFr/O535fCNnciZn+47wCyNc9a0BV/2fhwd//KtNpZPkl015MFR5fbYvr/333Jm6r39OK+Vkd73nHtm9cVP7i02lOhI/b8qDYTMTU9l8l+hF93wvA+MDM/Gb+rZyc+X61dUrizd2jFusD97eK9m++wfnRlKdL89VB6tubT87qr7nB/bN131HNvtaO/t+29ns2+tKnWg+w312pNN134sD+xbqvmN9fVuftz4ty7L7eQuAA+/Q1w5NdP7d+Xvn/c4vOlc6r019Z/Kbky9NZPxv499qz4290nqp+EPez0+z9zd0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgTzffeffq4srK0uqOSlmWt4d0PZZK2sm2OX/9S98ySeqHAY0+YLX0+VZSz2mnqdxfYLcfbHfee9Ak/LM5Jk8k4Y+kMjX0/NlZ+aQsy4MR8yiVsnFQ4tmPyr7eloAn4NTatRunbr7z7teXry2+ufTm0vWzZ86cnTt75tWFU5eXV5bmuq/7HSXwOPR9AgcAAAAAAAAAAACeEqP9cU7xcH/bAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAQLpxI+26KzM+dnKvaG3cWVqqpV99a8pMkrSTFbFJ8kJxPd8pM33DFsO2sJxc//Hjjo26r3Uz18q3d1hvNejNlNslYUw4wNWhmeXvYeEU9zo3h442o2NzDKmHHe4mD/fa/AAAA///tbhq7")
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x1800)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='personality\x00')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)={0x44, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_SSID={0x4}, @key_params=[@NL80211_ATTR_KEY_DEFAULT_TYPES={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}], @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x44}}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x2c, 0x0, &(0x7f0000000840)=[@acquire, @acquire_done, @request_death], 0x0, 0x0, 0x0})
r9 = syz_open_dev$midi(&(0x7f0000000000), 0x1f, 0x200000)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000040)={0x800, r9}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae535af2f0a70ddeb37f"}, @TCA_CT_ZONE={0x6, 0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x62, 0x3d, 0xb0, 0x8, 0xcf2, 0x6250, 0x56a0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x43, 0x37, 0xf8}}]}}]}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
lsetxattr$security_evm(&(0x7f0000000000)='./bus\x00', &(0x7f0000000100), &(0x7f0000000200)=@v2={0x3}, 0x9, 0x0)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8)
mlock2(&(0x7f00007e5000/0x4000)=nil, 0x4000, 0xaf8c77145fe603b8)
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)

15.119006318s ago: executing program 3 (id=2425):
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2e003300d0000000ffffffffffff080211000000505050"], 0x4c}}, 0x0)

14.913785404s ago: executing program 3 (id=2428):
syz_open_dev$dri(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x400c840)
open(0x0, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80000000003, 0x101301)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffefff}]})
unshare(0x8000000)
semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
ioperm(0x0, 0x7f, 0x8)
msgctl$IPC_SET(0xffffffffffffffff, 0x1, 0x0)
unshare(0x20040000)
syz_mount_image$iso9660(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x201c44a, &(0x7f0000000040)=ANY=[@ANYRESHEX=r2, @ANYRESDEC=0x0, @ANYBLOB='2\x00'], 0x1, 0xaa3, &(0x7f0000000240)="$eJzs3c1vHHfdAPDvrF9iu1WbtnnaPlHbTFKldds8ztp+mijqgSb22nHxC7IdqZFATdU4KIpFUQtSGyHFFYgTFRVCSICEUI+cKpUDvaDc4MiJAxJU/AOo4pQiYNDM7tq79q43cTZ2Uj4faz1v39/bzOz8vOvd+QX3sizLiscOl8/9ajcry93nzOSnH370fv54by36oydeTH4TMRARaUTvv4pzpW9icnFhrkNGVyIuRMT1iCQi9kV12sZg09KFSH4Y928sX4/k5/F4i2QDt9g4Osr4r7bX5x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANyVJibL5dEkZmfmz72atlcMAb7N9np2nxSjfiefdCo2iUjyRwwM1If6fvzAxuZH819H4onq0hPVkb8H4up9j+5/6ZHeUj39NhXaFW+/e/XK66urK2/VlvelaV/HRPvueLVuXf/Okk1X5meWFmbmTk9X0pmlhfTUiRPl42enltKpmagsnV9arsylE4uV08sLi+nwxHPp6KlT42ll5PzCufnpyZHZSn3lyf8bK5dPpK+MfKVyenFpYf74KyNLE2dnZmdn5qeLmHxzHnMyPxG/PLOcLldOz6XppcurK+OdKpkHjbbckjQHjXXKaaw8NjY6OjYYJ1489eLJcrm3tmJstL6ivElsidj7k5Zu+8VNR/6669dvuA2lWv8fszET83EuXo205c9ETMZiLMRci23JRn71/v/o8cq25Tb2//Ve/vGNzQej6P+fqi491a7/b1PXzj9ZVs15p+nXW772blyNK/F6rMZqrMRbt5tj1hObavb55ph/Zlm2g5zTPM9DjfvgtlufxnRUYj5mYikWYibm4nRMx3f/Wm3BQqRxKk7EiSjHa3E2pmIp0piKmZiNSizF+ViK5agUZ9RELEYljViOhViMNIZjIp6LNEbjVAzGeKRRiZE4HwtxLuZjOibjdJHLpbhc7Pfxbeq4HjR6M0Fj2wRt6cxvr//P7sa/BNmxzn/6F7p16YbbltX6//62AVl9bnhi12oFAAAAdNP//j4eOPDw7/4c0RdPFu/LT83MVsp7XS0AAACgi4qP6z2RT/qyiHgykhav/0t7VDkAAACgK5LiO3ZJRAzFoepc9ZtQPeFDAAAAAPAFUfz//6l8MpTPHYpk/U4oF1pEAgAAAPegjvfYr73sX9smYiBq97RML1anF2sRtfv8Dk3NzFZGJhZmXxqNZ4q7DBTfNNiSW09E0ld8/eD5OFyNOjxUnQ415ziQR42OvDQaz8eRWkOGn84nTw+3iByrRj5bjXx2m8jxPPImrN3+ngeAvXNka3/8edZ0j/3OfyE8H8eqEccO9vZHRO/BFj1reaNn7d2LhgIA6zqPsdMcca2WrrH////89X9zp97U/z8cl/6dr1yJkXgj3ozVuBjHim8bFJ84aCr3qx/U3jNY/xhCOY51eDegHvuHk6U41uH9gKGGgV6OdXhHoBobX4sYv4NHAAB235E2/XC7/r+IiPrHAav9/7GG1/+x9fX/+tBCK75SCAB3hfUR7Ls6k/U0rtnrNgIAzfTSAAAAAAAAAAAAAAAAAAAAAAAAAAAA0H1dve3/wA6T/6U2rl91Tdb98QhazwzW9kF9zbVb2hvvvf3u1R9FROOmUt6IO1PnoqbdzbnUhXyyiNit47V7M7E/Ysd7NVpt6o+IO175wW4U8XltpvrcKG138Ti37VYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuAUlET6v1pYh9EVGOiOO7X6s7Z22vK7D7vtS4kNyIG/FOPLB31QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GKq3f+/FNXpfdVV0VuKOBoRFyIi2+s6dtONva5AlwzuMF3D/f/zYx5ZEr3Vwx5J38Tk4sJcfviLsR9Kn3740fuPNSffd7PlFIGlTYNL1ErYHPvL++tzDxWphiZX3r7yrTe/mU6eiVL0x5nlqdnJuenFlzeSPJp8HJFG9VGX1zd/fOfobz9o0fKP85a2trncqWLnTG4t97FWqduVW2pX3LrLqytjedRy5dXlb3/j8jsNmx6OwxFPD0cMN5f09fzRuoVxOPq2rOvfmE0+S76fPBA/iQvF8c/3RpIl+SF6sKju4KXLqysjb7y5erFNnfbHoYi4GDEQtfRt67S+qw8V15OWirOu1JeXWi6C8l8HOrSxtfUxLi7Wcxxt04aHilNmqNaG/qY2lNqUmbZvQ7HDG/b7+jFPGpJUazReq1F/NNfokXimxZHO9kW03wvPtDjSHSWfJX9KzsYf43sN43+U8uN/NGv/7GzO4mg0nyltI0vVyKLlY40bXtsc+bef3lTtWw5Tw636QfXEryk1XP9rx2pn16OBzeVkSevrUU1DieNtSmz9vNh0ddh8VrS/5hY90oFNKWpXn7aJqvU8UI1qU8//iRcieg9G045trueW3vqF9leU5vQvb1qfXSsmO33+/ywZjr/HmvF/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu18S0dNqfSniaETsry+nEdktZLuv3YbSUHKrVeyqtfVf97gDxe9S07r3OidLbsSN7NqdqhQAAAAAAAAAu+3M5KcffvR+/ij+H99zI8tq/99PI3ojYn/y48GYXFyY65BRX8SFiLiezw+0C/pHVtW8Nk8X928sX4/IHtx5kwCADv4TAAD//9qNdKM=")
openat$cgroup(0xffffffffffffffff, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0)
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000000), 0x7, 0x4c6, &(0x7f0000000100)="$eJzs3EFsFFUfAPD/bFtaoHzsx8eHgqiLaGw0tlBQOJgYjCYeNDHiQY9NWwhSqKE1EUJkSQweDYl349GrB6/qzXgy8YpHE0NCDBfA05jZnW23292l3W670v5+ybLvzbzZN2/fvDdv3mMbwJZVyv5JIoYj4lZE7I6IQmOCUvXt/t2rkw/uXp2Mcpqe/ivJDot7WTyX5O8788hIIaLwebK4o87c5SvnJ2Zmpi/l8bH5Cx+PzV2+8tK5CxNnp89OXxw/efL4saMnXhl/efWFapJfVq57Bz6bPbj/rQ9vvjPZX9s+lL/Xl6NbSlFqdioVz3U7sx7bVRdO+tulfG39T4YVy67/rLoGKu1/d/RF28oDNpE0TdPB1rvLaaPry7YAj6wken0GQG/UbvTZ82/t1WwgsG19hh89d+dU9QEoK/f9/BXxdGVjbR5koOH5tptKEfFB+e+vs1es0zwEAEC9H0/VRoIN479ixL66dP/J11CKEfHfiNgTEf+LiL0R8f+opn0sIh5v+Py+iEjb5F9qiC8f/xRur62E7WXjv1fzta3F8V/Ur4IV+/LYrojagHn6SP6djMTA4JlzM9NH2+Tx0xu/fdlqX/34L3tl+dfGgvl53O5vmKCbmpif6LjADe5cjzjQ31j+pD8iWVgJSCJif0QcWMXnFuvC51749uBCZGBpuoeXvyJtuo7WhaWK9JuI56v1X44l9b+YY9J+fXJsKGamj4xlV8GRpnn88uuNd1vl/9Dyf/9H4yFvnvjhdN6y1i6r/x1113/U1m8Xy19MIpKF9dq51edx4/cvWj7TdHr9b0ver4Rrz6WfTszPXzoasS15e/n28cVja/HsPcrV8o8cbt7+9+THZN/EExGRXcRPRsRTUX1CLEV67VBEPBMRh9uU/+fXn/2o8/Kvr6z8U037vyX1v7he3yqQlKupm+zqO3/o1oMWncfK6v94JTSSb2ne/yVLuog2Z7oksNbvDwAAAB4FhYgYrptLGo5CYXS0Oge0N3YUZmbn5l88M/vJxanqbwSKMVCozXRV54MHktr8Z7EuPt4QP5bPG3/Vt70SH52cnZnqacmBnZU2nxRGF/qCavvP/NmdKWbg38xPfmDrelj733dzg04E2HDu/7B11bX/coskZf9TBjanldz/zQXC5tSs/V/r4Bjg0ZJqy7Clrab96ytgc+mP9xbChZ6eCbDR3NNhS1rRj+Q7DqSDzXcNxfLEMdT+A/uis9PY3iSvngSykVVPct/eyVG1v6bQMk0UVveBg9GdOj2z9q/l7L6uX/xpvj7W7Rr8bkPaabNA+35jfHj9+iQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBu+icAAP//KPXcbw==")
ioctl$USBDEVFS_FREE_STREAMS(r1, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="0200a006002a17006000000002000020d3"])
ioctl$USBDEVFS_REAPURBNDELAY(r1, 0x4008550c, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0xb, [@datasec={0x8, 0x1, 0x0, 0xf, 0x2, [{0x2, 0xfffffffb}], 'Iw'}, @datasec={0x0, 0x0, 0x0, 0xf, 0x2, [], "1760"}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000600)=""/4, 0x4b, 0x4, 0x1}, 0x20)

13.359592617s ago: executing program 3 (id=2436):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
read$dsp(r0, &(0x7f00000002c0)=""/185, 0xb9)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = dup2(r2, r1)
close_range(r3, 0xffffffffffffffff, 0x0)

12.762607167s ago: executing program 3 (id=2439):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
pipe2(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x432a00, 0x0)
ioctl$TIOCPKT(r4, 0x5420, &(0x7f00000000c0)=0x3ff)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x25, 0x0, @void}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x25, r3}, 0x90)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc4583328eae0cae1f5eba229e6f216"})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x1f, 0x16, &(0x7f0000000280)=ANY=[], 0x0, 0x200000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xe, r2}, 0x90)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {}, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x2404080d}, 0x20000000)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(r2, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r5, &(0x7f00000000c0), 0x2c8, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(0xffffffffffffffff)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @empty, 0xa36}, 0x1c)
listen(r7, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, 0x0, 0x0)

10.695832091s ago: executing program 1 (id=2447):
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2e003300d0000000ffffffffffff08021100000050505050"], 0x4c}}, 0x0)

10.486759189s ago: executing program 1 (id=2449):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000055c0)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x2}}, {@nossd}, {@compress_force}, {@nossd_spread}, {@compress_algo={'compress', 0x3d, 'zlib'}}, {@flushoncommit}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x36, 0x37, 0x74, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000380)=""/66, 0x42)

7.815115661s ago: executing program 2 (id=2459):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
sync()
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x0, 0x6, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c0000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x8f)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000000012000000", &(0x7f0000000300)=""/8, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000004000ed0000000008100d00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x7c}, {}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2})
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)

7.322950057s ago: executing program 1 (id=2462):
r0 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(r0, 0x0)
sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
umount2(0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000040)='./file2\x00', 0x800090, &(0x7f0000000d80)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c726f6469722c636865636b3d7374726963742c726f6469722c757466383d302c696f636861727365743d63703836332c636f6465706167653d3836362c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c7379735f696d6d757461626c652c646d61736b3d30303030303030303030303030303030303030303030362c756e695f786c6174653d302c696f636861727365743d6d616363656c7469632c756e695f786c6174653d312c726f6469722c73686f72746e616d653d77696e39352c726f6469722c73686f72746e616d653d6d1f39e3d42c757466383d312c73686f72744c616d653d77696e39352c757466383d302c7365636c6162656c2c00"], 0x6, 0x2d1, &(0x7f00000021c0)="$eJzs3T9rJGUcB/DfbGb/qMVuYSWCA1pYHZdrbTbIHYipPLY4LTR4dyDZRUgg4h9cU4mdjaWvQBB8ITZ2loKtYGeEwMjMzmR3k3GzkWxE8/kUyZOZ5zvP73lmkkyTJ++9ONl/nMXT489+iV4vidawG3GSxCBaUfsilgy/DgDgv+wkz+P3fKbh9M9frcj2NlgXALA5l/z+r6Tlx0dFjx9urjYAYDMePnr7zZ3d3ftvZVkvHky+PBolEVF8np3feRofxDiexN3ox2lE+aLQjvJtoWg+yPN8mmaFQbwymR6NiuTk3R+r6+/8FlHmt6Mfg/LQ2dtGmX9j9/52NrOQnxZ1PFuNPyzy96Ifz5+Fl/L3GvIx6sSrLy/Ufyf68dP78WGM43FZxDz/+XaWvZ5/88en7xTlFflkejTqlv3m8q168OkN3yMAAAAAAAAAAAAAAAAAAAAAAP5/7lR753Sj3L+nOFTtv7N1WnzRjqw2WN6fZ5ZP6gvN9weKVp7n0zy+rffXuZtlWV51nOfTeCGtNhYEAAAAAAAAAAAAAAAAAACAW+7w40/298bjJwfX0qh3A0gj4s+HEf/0OsOFIy/F6s7dasy98bhVNZf7pItHYqvuk0SsLKOYxDUty2WNZy7UXDW++74xVczoMI2mU73LB203j3XFxkft2To29qmfrv29pHkNu2fF94obF+dvXCeaR2/HuSOdv6uwfhTXm06n8VT/ysvSea5sTFf0iWTV98Vrv87KXpjFUp9OuaqN8XbVWIifezbWep6jN4tf/FmR2K0DAAAAAAAAAAAAAAAAAAA2av7Xvw0nj1dGW3l3Y2UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI2a////dRrpcniNVCcODv+tuQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB7/BUAAP//vaZV2Q==")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

7.20768025s ago: executing program 2 (id=2463):
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="64697363617264000700000089bd47000000000000000000000000000000c0d7aecf05950ab7d689bb41012918d521428edf23582764292a5b70f182e5da325cc6a1e7be51ebcd00000000000000ef8a09f93326a37c6203a569725bb3f8902936d727b377c38328a16800639c2da42fb5a373d31b0e189df7a5b8963b40b15df6afce99b212e36055b1e7ae4e3f31a13f423dd3c5dda59616e2e5967e29ef9d303852c5dce92983e47ebdf0912e954f7a6653c738238b9adced9d82bd3c76b7142615e9de"], 0x1, 0xee2, &(0x7f0000001e80)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiPhjekBUQhQJcao4UHGhVEqRigSqVKGe2p5a9dYT6oVKVSoF9dBGSlzFeW+9O97XXY/tWXv395M+v33zZuf7xruYmcns2wCMrMbaz+PHF4oQ3v3snUdffqr45Nqyu1prHFr7WcReM4Qw0dYvStv7Ii64cumlU93aIhxd+5n64bGLrefOhBBWwqHweWiGj5aWv/rwvUcOf/z69C1vnX/mlR3a/ZbyfgAAwDC68Kflv933jz8+MH/5wsGTYaq1PB2fN2N/Jh73H4kHyul4uRE6+0VbtJssrTcWo1Fab6y03ngpz3gm30RpOxOZ9SZ75BtrW9ZtPwEAAGAvSue1zVA0Fjv6jcbi4vXz/mu+mJssFp87u3zm3IAKBQAAACr796trN90KIYQQQgghhBBiiGN1btBXIAAAAIBRU54vbIOV7Z2pq7W1Zn/5Lz7c6P582AZ1v//l31v5P3jNXxwAAKob1qPJtF/pODrNY1CeR3Cs9LzNHv83StsZ32SduXkF98p8g7k6y7/X3SpX/2Zfx0HJ1V+eD3O3ytVfnqdzt8rVP1VzHVXl6p+uuY6qcvXvq7mOqnL176+5jqpy9c/UXEdVufpna66jqlz9N9RcR1W5+g/UXEdVufr3ym21ufqbNddRVa7++ZrrqCpX/40111FVrv6baq6jqlz9N9dcx6DcGdv0eziYWW+myzndXjnHAwAAgFH3X/P/CSGEEEIIIYQQQx+vDvoCBAAAADBw6XMB6VPvq1EaH+sxPt4+Pr2+Qhqf6PH8yR7jUz3GAQAAgBB++8aZ294u1ue72+p8eGneqH3hk6uhwjxG5fkIN5t/q/OebTX/Xpm3DAAAgNFSfO/zq/c/+v4L85cvHDzZdvZ7NZ7vpnlAx+O1gU9jP90XMFvqF+kc+mRnnkZmvfL1gRty23t8izsKAAAAIyydvzdD0VhsO+9uhkZjcXH9fHwhTBRnzi6fPhL76ftZ/jA3MXVt+UM11w0AAAD0b/18v/v5f/oe34UwWSw+d3b5zLnr/dnW8olG+3WBufXlRft1gWZp+dHM8mOxn76/8wdz+9aWL5764fJT273zAAAAMCLOvXj+mSeXl0//yAMPPPCg9WDQf5kAAIDt9uWX70z8+Njs765//n99/rv0+f9Dsd+Mc/v9Oa6Q7hNInwPY8Hn9JzrzzOXWe75zvWZpvbEYU6W6p9u2E9bmG+x83nwuX7NzO5OZfDOlfLOlfOV5CsZL6xdd5hIMXeYnTOvNlZaX52EcL+UoSvnv7pILAAAAkqUXnn1+6dyL5x88++yTT59++vRzx46e+O6JE0ce+s5DS2v39S+1390PAAAA7EXrN/0OuhIAAAAAAAAAAAAAAAAAAAAYXXV8ndig9xEAAABG3b9eDSGsCJGJ9AWDg65D7OZYnRp8DcMdwX+HQgghhBBi67G6Wv6meQAAAICddeXSS6fa2w1Wim3N19pa83pzNeZN7eyDf52/Fmm1iw93Xi/Zv63VMOrqfv/Lv1vzT3Ud/+C17c0/nR70/fev0bmBkx29ff3mvXfplwvt+W8f7zN/ef8f7zdjp8Ol/PeG/vKvvl/K/0RHr9Fv/vtK+ff3mX/D/j/fb8ZO98f8C7F/+J5+83fuYnqXpv3o9w3w7dL+PxX6zV/a/2afCUseiPkBYBT1fcCyx6SjhHQ8PRP7aX/j4WYo3/2w2eP/Rmk741uuvHO76Tjo1thvHa+vdOZNNlt/+r3MxvaGinWW7ZW7SnL1b9fruNNy9U/UXEdVufona66jqlz93c/ed59c/dM111FVrv6+L0QMWK7+vXJdOVf/TM11VJWrf7bmOqrK1b/Z/48PSq7+AzXXUVWu/rma66gqV3/Fy2q1y9U/X3MdVeXqv7HmOqrK1X9TzXVUlav/5prrGJQ7Yps7H07nn3NxLPWbpf5Ul9/lsF5bAAAAgL3mn+b/E0IIIYQQYuTjP6vXDboOIcTOxerqoK9AMEg7+2lmAHYrf/9Hm9d/tHn9R5vXn/8n3cNflPrJWI/x8R7jEz3GJ0vj5ffrVI/xm0rbXU3XNaObe4x/Le5BbvxAj+ff2mN8ocf4bT3Gb+8xfkePcQAAAEbDLbF1fggAAADD6+Vfffrmb+594tL85QsHT4bJDfPOH4n9qfhv62/Efnne+2Qi/pv/T2L/F7H9fWz/Xlrf/ScAAACw89L3xPj3fwAAABhe6XtKnf8DAADA8JqPrfN/AAAAGF43xtb5PwAAAAyxYrr74tim6wJ3x7bfef0AgN3v67G9M7YHY3tXbL8R23QccE9sv1lTfQDA9vn593964u1ifb7/Y6XxK3F5ajdYuX6loGh0zuS/L7b7Y/utPuspfx9Av/mTA33m2an8c1vMDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMj8baz+PHF4oQ3v3snUd/NvnmX64tu6u1xqG1n0XsNUMIE63npdH1/q/jilcuvXSqvb0a2yIcDUUoWsvDYxdbmWZCCCvhUPg8NMNHS8tfffjeI4c/fn36lrfOP/PKDv4KOvYPAAAAhtH/AgAA//8EMCKu")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
ftruncate(r3, 0x2088002)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x4002011, r2, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
read(r1, &(0x7f0000000000), 0x2000)

5.746999023s ago: executing program 2 (id=2467):
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$MAP_LOOKUP_ELEM(0x3, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8)

4.177525857s ago: executing program 2 (id=2472):
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2e003300d0000000ffffffffffff08021100000050505050"], 0x4c}}, 0x0)

3.930960611s ago: executing program 4 (id=2474):
ioctl$BLKROSET(0xffffffffffffffff, 0x80041285, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$can_bcm(0x1d, 0x2, 0x2)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x800000, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b696733552eca3e954943a18709f72fbd259a936c67ebe806ab21823f4a0c47bff45323c2b30982dfc67b46cc9a5a0", 0x33}], 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000000017010000030000000100000000000079240809000000ac87448793609bd8299d6dfc465829b711ce28eb8f568438917ebd0699be96bd"], 0x60}], 0x1, 0x8001)
sendto$inet(0xffffffffffffffff, &(0x7f0000000440)="be1847462502500a", 0x8, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000300)=""/92, 0x5c}], 0x1}}], 0x1, 0x0, 0x0)

2.746051716s ago: executing program 4 (id=2475):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_MARK={0x8}]}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x70}}, 0x0)

1.9541434s ago: executing program 2 (id=2476):
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="64697363617264000700000089bd47000000000000000000000000000000c0d7aecf05950ab7d689bb41012918d521428edf23582764292a5b70f182e5da325cc6a1e7be51ebcd00000000000000ef8a09f93326a37c6203a569725bb3f8902936d727b377c38328a16800639c2da42fb5a373d31b0e189df7a5b8963b40b15df6afce99b212e36055b1e7ae4e3f31a13f423dd3c5dda59616e2e5967e29ef9d303852c5dce92983e47ebdf0912e954f7a6653c738238b9adced9d82bd3c76b7142615e9de"], 0x1, 0xee2, &(0x7f0000001e80)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiPhjekBUQhQJcao4UHGhVEqRigSqVKGe2p5a9dYT6oVKVSoF9dBGSlzFeW+9O97XXY/tWXv395M+v33zZuf7xruYmcns2wCMrMbaz+PHF4oQ3v3snUdffqr45Nqyu1prHFr7WcReM4Qw0dYvStv7Ii64cumlU93aIhxd+5n64bGLrefOhBBWwqHweWiGj5aWv/rwvUcOf/z69C1vnX/mlR3a/ZbyfgAAwDC68Kflv933jz8+MH/5wsGTYaq1PB2fN2N/Jh73H4kHyul4uRE6+0VbtJssrTcWo1Fab6y03ngpz3gm30RpOxOZ9SZ75BtrW9ZtPwEAAGAvSue1zVA0Fjv6jcbi4vXz/mu+mJssFp87u3zm3IAKBQAAACr796trN90KIYQQQgghhBBiiGN1btBXIAAAAIBRU54vbIOV7Z2pq7W1Zn/5Lz7c6P582AZ1v//l31v5P3jNXxwAAKob1qPJtF/pODrNY1CeR3Cs9LzNHv83StsZ32SduXkF98p8g7k6y7/X3SpX/2Zfx0HJ1V+eD3O3ytVfnqdzt8rVP1VzHVXl6p+uuY6qcvXvq7mOqnL176+5jqpy9c/UXEdVufpna66jqlz9N9RcR1W5+g/UXEdVufr3ym21ufqbNddRVa7++ZrrqCpX/40111FVrv6baq6jqlz9N9dcx6DcGdv0eziYWW+myzndXjnHAwAAgFH3X/P/CSGEEEIIIYQQQx+vDvoCBAAAADBw6XMB6VPvq1EaH+sxPt4+Pr2+Qhqf6PH8yR7jUz3GAQAAgBB++8aZ294u1ue72+p8eGneqH3hk6uhwjxG5fkIN5t/q/OebTX/Xpm3DAAAgNFSfO/zq/c/+v4L85cvHDzZdvZ7NZ7vpnlAx+O1gU9jP90XMFvqF+kc+mRnnkZmvfL1gRty23t8izsKAAAAIyydvzdD0VhsO+9uhkZjcXH9fHwhTBRnzi6fPhL76ftZ/jA3MXVt+UM11w0AAAD0b/18v/v5f/oe34UwWSw+d3b5zLnr/dnW8olG+3WBufXlRft1gWZp+dHM8mOxn76/8wdz+9aWL5764fJT273zAAAAMCLOvXj+mSeXl0//yAMPPPCg9WDQf5kAAIDt9uWX70z8+Njs765//n99/rv0+f9Dsd+Mc/v9Oa6Q7hNInwPY8Hn9JzrzzOXWe75zvWZpvbEYU6W6p9u2E9bmG+x83nwuX7NzO5OZfDOlfLOlfOV5CsZL6xdd5hIMXeYnTOvNlZaX52EcL+UoSvnv7pILAAAAkqUXnn1+6dyL5x88++yTT59++vRzx46e+O6JE0ce+s5DS2v39S+1390PAAAA7EXrN/0OuhIAAAAAAAAAAAAAAAAAAAAYXXV8ndig9xEAAABG3b9eDSGsCJGJ9AWDg65D7OZYnRp8DcMdwX+HQgghhBBi67G6Wv6meQAAAICddeXSS6fa2w1Wim3N19pa83pzNeZN7eyDf52/Fmm1iw93Xi/Zv63VMOrqfv/Lv1vzT3Ud/+C17c0/nR70/fev0bmBkx29ff3mvXfplwvt+W8f7zN/ef8f7zdjp8Ol/PeG/vKvvl/K/0RHr9Fv/vtK+ff3mX/D/j/fb8ZO98f8C7F/+J5+83fuYnqXpv3o9w3w7dL+PxX6zV/a/2afCUseiPkBYBT1fcCyx6SjhHQ8PRP7aX/j4WYo3/2w2eP/Rmk741uuvHO76Tjo1thvHa+vdOZNNlt/+r3MxvaGinWW7ZW7SnL1b9fruNNy9U/UXEdVufona66jqlz93c/ed59c/dM111FVrv6+L0QMWK7+vXJdOVf/TM11VJWrf7bmOqrK1b/Z/48PSq7+AzXXUVWu/rma66gqV3/Fy2q1y9U/X3MdVeXqv7HmOqrK1X9TzXVUlav/5prrGJQ7Yps7H07nn3NxLPWbpf5Ul9/lsF5bAAAAgL3mn+b/E0IIIYQQYuTjP6vXDboOIcTOxerqoK9AMEg7+2lmAHYrf/9Hm9d/tHn9R5vXn/8n3cNflPrJWI/x8R7jEz3GJ0vj5ffrVI/xm0rbXU3XNaObe4x/Le5BbvxAj+ff2mN8ocf4bT3Gb+8xfkePcQAAAEbDLbF1fggAAADD6+Vfffrmb+594tL85QsHT4bJDfPOH4n9qfhv62/Efnne+2Qi/pv/T2L/F7H9fWz/Xlrf/ScAAACw89L3xPj3fwAAABhe6XtKnf8DAADA8JqPrfN/AAAAGF43xtb5PwAAAAyxYrr74tim6wJ3x7bfef0AgN3v67G9M7YHY3tXbL8R23QccE9sv1lTfQDA9vn593964u1ifb7/Y6XxK3F5ajdYuX6loGh0zuS/L7b7Y/utPuspfx9Av/mTA33m2an8c1vMDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMj8baz+PHF4oQ3v3snUd/NvnmX64tu6u1xqG1n0XsNUMIE63npdH1/q/jilcuvXSqvb0a2yIcDUUoWsvDYxdbmWZCCCvhUPg8NMNHS8tfffjeI4c/fn36lrfOP/PKDv4KOvYPAAAAhtH/AgAA//8EMCKu")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
r2 = open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
ftruncate(r3, 0x2088002)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x4002011, r2, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
read(r1, &(0x7f0000000000), 0x2000)

1.779922088s ago: executing program 0 (id=2478):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@jmp={0x6, 0x0, 0x7}]}, &(0x7f0000000540)='GPL\x00'}, 0x90)

1.486860594s ago: executing program 0 (id=2479):
r0 = socket(0x28, 0x5, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r0, 0x28, 0x8, 0x0, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1b, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x304}, '\x00', "376a31a11e8e279cec092f071cc80f218d360356a936a7e3971a8c35c47e5804", '\x00', "fffffffffffffffd"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
writev(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)

1.486568798s ago: executing program 1 (id=2480):
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
listen(r0, 0x400000001ffffffd)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r2 = accept4(r0, 0x0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
shutdown(r2, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x64}}, 0x0)

1.471956976s ago: executing program 4 (id=2481):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
unshare(0x400)
close(r2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004c}, 0x90)

1.327847928s ago: executing program 0 (id=2482):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x2c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth1_to_bond\x00', <r0=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={0xffffffffffffffff, r0, 0x25, 0x0, @val=@perf_event}, 0x40)
socket$netlink(0x10, 0x3, 0x4)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000140), &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x98, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x62, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, [{0x1, 0xa, "a78ce54006598080a8030037004023493b87c1faffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1f02"}]}}}}}}, 0x0)
setxattr$incfs_id(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0), 0x0, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1, 0x40000}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x0, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040)=ANY=[], 0xffc1)
setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4)

1.230784949s ago: executing program 4 (id=2483):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d00000007000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
open(&(0x7f0000000180)='./bus\x00', 0x14957e, 0x0)
mount(&(0x7f0000000100)=@filename='\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='tran,=rdma,')

1.065674976s ago: executing program 4 (id=2484):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x5, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x8}, @jmp={0x6, 0x0, 0x7}]}, &(0x7f0000000540)='GPL\x00', 0x9}, 0x90)

921.361836ms ago: executing program 4 (id=2485):
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2e003300d0000000ffffffffffff080211000000505050505050"], 0x4c}}, 0x0)

545.662805ms ago: executing program 2 (id=2486):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e00000085000000d000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth1_vlan\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
socket$caif_stream(0x25, 0x1, 0x5)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000005140)={'vcan0\x00'})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x54, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_BROADCAST={0xa, 0x2, @link_local}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x54}}, 0x0)
r8 = syz_genetlink_get_family_id$team(&(0x7f0000000240), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r10=>0x0})
sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)={0x124, r8, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r4}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x40}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffe}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r7}}}]}}]}, 0x124}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05040500d3fc09000000478803", 0xd, 0x0, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r12=>0x0})
r13 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r13, 0x8933, &(0x7f00000005c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r12, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20000004}, 0x4)
r14 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f00000001c0)={'gretap0\x00', <r15=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003, 0x50128}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r15}, @IFLA_MASTER={0x8, 0xa, r15}]}, 0x44}}, 0x0)

316.20936ms ago: executing program 0 (id=2487):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

226.983625ms ago: executing program 1 (id=2488):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x48}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_DELRULE={0x2c, 0x8, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)

223.066511ms ago: executing program 0 (id=2489):
syz_emit_ethernet(0x227, &(0x7f0000000100)=ANY=[@ANYBLOB="614bd4eaa01baaaaaaaaaabb8100000386dd6c8e9e19018000000000060000000000000000cf33eb28d5fbf500000000aaff2094e1f0fc9e85ae1c001502000101"], 0x0)

113.776174ms ago: executing program 0 (id=2490):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_DELRULE={0x2c, 0x8, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0)

0s ago: executing program 1 (id=2491):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r0 = socket$kcm(0x10, 0x3, 0x10)
readv(r0, &(0x7f0000000400)=[{&(0x7f00000005c0)=""/53, 0x35}], 0x2)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000028000bff7f000000000000000024fc60", 0x14}], 0x1}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
syz_emit_ethernet(0x4a, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0xfffffffb, @empty, 0x2}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000001c0)=0xffffff81, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0xb4}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000840)=ANY=[], 0xc8}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1165.511247][T14663] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1165.535332][ T1112] bond0 (unregistering): Released all slaves
[ 1165.542687][T14663] EXT4-fs error (device loop3): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1165.562354][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1165.569713][T14663] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1165.592494][T14663] EXT4-fs error (device loop3): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1165.612103][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1165.637778][T14663] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1165.661634][T14663] EXT4-fs error (device loop3): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1165.697152][T14663] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1165.720312][T14663] EXT4-fs error (device loop3): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1165.847767][T14999] veth1_vlan: entered promiscuous mode
[ 1165.917072][T15053] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1166.273594][T14999] veth0_macvtap: entered promiscuous mode
[ 1166.351328][T15105] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1166.388762][ T1112] hsr_slave_0: left promiscuous mode
[ 1166.395550][ T1112] hsr_slave_1: left promiscuous mode
[ 1166.402095][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1166.409611][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1166.425532][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1166.434230][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1166.463786][ T1112] veth1_macvtap: left promiscuous mode
[ 1166.471287][ T1112] veth0_macvtap: left promiscuous mode
[ 1166.477645][ T1112] veth1_vlan: left promiscuous mode
[ 1166.483397][ T1112] veth0_vlan: left promiscuous mode
[ 1166.510379][T14663] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1167.024667][ T9882] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1167.057180][ T9882] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1167.082937][ T9882] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1167.091255][ T9882] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1167.106243][ T9882] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1167.116243][ T9882] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1167.503835][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 1167.581002][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 1168.359030][T14999] veth1_macvtap: entered promiscuous mode
[ 1168.513195][T15105] 8021q: adding VLAN 0 to HW filter on device team0
[ 1168.534679][T15053] veth0_vlan: entered promiscuous mode
[ 1168.628572][ T8838] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1168.635983][ T8838] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1168.689653][T15053] veth1_vlan: entered promiscuous mode
[ 1168.698424][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1168.709253][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1168.720294][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1168.732492][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1168.744561][T14999] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1168.757487][ T5149] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1168.764733][ T5149] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1168.877443][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1168.888745][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1168.898978][T14999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1168.909560][T14999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1168.923287][T14999] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1168.952557][T15150] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1168.969126][T15150] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1168.991233][T15150] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1169.005736][T15150] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1169.030430][T14999] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.039416][T14999] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.048520][T14999] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.058218][T14999] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.173363][T13637] Bluetooth: hci3: command tx timeout
[ 1169.189034][T15053] veth0_macvtap: entered promiscuous mode
[ 1169.206333][T15105] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1169.274278][ T1112] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.336000][T15053] veth1_macvtap: entered promiscuous mode
[ 1169.471199][ T1112] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.515786][T15191] chnl_net:caif_netlink_parms(): no params data found
[ 1169.599481][ T1112] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.637163][T15053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1169.648731][T15053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1169.659926][T15053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1169.673273][T15053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1169.683270][T15053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1169.693941][T15053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1169.705385][T15053] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1169.728176][T15053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1169.740916][T15053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1169.752407][T15053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1169.762931][T15053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1169.772989][T15053] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1169.784753][T15053] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1169.796495][T15053] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1169.851994][ T1112] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.876719][T15053] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.884119][T11423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1169.892729][T15053] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.895939][T11423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1169.911523][T15053] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.920274][T15053] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1170.034572][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1170.048191][T15191] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1170.058339][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1170.070187][T15191] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1170.077764][T15191] bridge_slave_0: entered allmulticast mode
[ 1170.085648][T15191] bridge_slave_0: entered promiscuous mode
[ 1170.095215][T15191] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1170.102779][T15191] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1170.110041][T15191] bridge_slave_1: entered allmulticast mode
[ 1170.118857][T15191] bridge_slave_1: entered promiscuous mode
[ 1170.166338][T15191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1170.205843][T15191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1170.298417][T15204] FAULT_INJECTION: forcing a failure.
[ 1170.298417][T15204] name failslab, interval 1, probability 0, space 0, times 0
[ 1170.311367][T15204] CPU: 0 UID: 0 PID: 15204 Comm: syz.4.2307 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1170.321711][T15204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1170.331902][T15204] Call Trace:
[ 1170.335211][T15204]  <TASK>
[ 1170.338176][T15204]  dump_stack_lvl+0x241/0x360
[ 1170.342986][T15204]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1170.348219][T15204]  ? __pfx__printk+0x10/0x10
[ 1170.352862][T15204]  should_fail_ex+0x3b0/0x4e0
[ 1170.357591][T15204]  ? rtnl_newlink+0xe9/0x2070
[ 1170.362309][T15204]  should_failslab+0x9/0x20
[ 1170.366855][T15204]  __kmalloc_cache_noprof+0x6c/0x2c0
[ 1170.372184][T15204]  rtnl_newlink+0xe9/0x2070
[ 1170.376746][T15204]  ? __pfx_lock_acquire+0x10/0x10
[ 1170.381827][T15204]  ? __mutex_lock+0x99b/0xd70
[ 1170.386526][T15204]  ? __pfx_lock_release+0x10/0x10
[ 1170.391573][T15204]  ? do_raw_spin_lock+0x14f/0x370
[ 1170.396623][T15204]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1170.401755][T15204]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1170.406996][T15204]  ? __mutex_lock+0x9a5/0xd70
[ 1170.411704][T15204]  ? __mutex_lock+0x527/0xd70
[ 1170.416399][T15204]  ? rtnetlink_rcv_msg+0x847/0x1180
[ 1170.421647][T15204]  ? __pfx___mutex_lock+0x10/0x10
[ 1170.426700][T15204]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1170.431762][T15204]  rtnetlink_rcv_msg+0x8a0/0x1180
[ 1170.436821][T15204]  ? rtnetlink_rcv_msg+0x208/0x1180
[ 1170.442049][T15204]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1170.447561][T15204]  ? __local_bh_enable_ip+0x168/0x200
[ 1170.452948][T15204]  ? lockdep_hardirqs_on+0x99/0x150
[ 1170.458166][T15204]  ? __local_bh_enable_ip+0x168/0x200
[ 1170.463562][T15204]  ? dev_hard_start_xmit+0x773/0x7e0
[ 1170.468868][T15204]  ? __dev_queue_xmit+0x2da/0x3e90
[ 1170.473996][T15204]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1170.479734][T15204]  ? __dev_queue_xmit+0x2da/0x3e90
[ 1170.484863][T15204]  ? __dev_queue_xmit+0x1763/0x3e90
[ 1170.490078][T15204]  ? kasan_save_track+0x51/0x80
[ 1170.494948][T15204]  ? do_syscall_64+0xf3/0x230
[ 1170.499637][T15204]  ? __dev_queue_xmit+0x2da/0x3e90
[ 1170.507202][T15204]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1170.512608][T15204]  ? ref_tracker_free+0x643/0x7e0
[ 1170.517652][T15204]  netlink_rcv_skb+0x1e3/0x430
[ 1170.522444][T15204]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1170.527925][T15204]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1170.533271][T15204]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1170.538507][T15204]  netlink_unicast+0x7f0/0x990
[ 1170.543358][T15204]  ? __pfx_netlink_unicast+0x10/0x10
[ 1170.548668][T15204]  ? __virt_addr_valid+0x183/0x530
[ 1170.553829][T15204]  ? __check_object_size+0x49c/0x900
[ 1170.559142][T15204]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1170.564400][T15204]  netlink_sendmsg+0x8e4/0xcb0
[ 1170.569300][T15204]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1170.574623][T15204]  ? __import_iovec+0x536/0x820
[ 1170.579507][T15204]  ? aa_sock_msg_perm+0x91/0x160
[ 1170.584487][T15204]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1170.589798][T15204]  ? security_socket_sendmsg+0x87/0xb0
[ 1170.595284][T15204]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1170.600580][T15204]  __sock_sendmsg+0x221/0x270
[ 1170.605285][T15204]  ____sys_sendmsg+0x525/0x7d0
[ 1170.610254][T15204]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1170.615571][T15204]  __sys_sendmsg+0x2b0/0x3a0
[ 1170.620194][T15204]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1170.625338][T15204]  ? vfs_write+0x7c4/0xc90
[ 1170.629804][T15204]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1170.636239][T15204]  ? do_syscall_64+0x100/0x230
[ 1170.641028][T15204]  ? do_syscall_64+0xb6/0x230
[ 1170.645731][T15204]  do_syscall_64+0xf3/0x230
[ 1170.650247][T15204]  ? clear_bhb_loop+0x35/0x90
[ 1170.654944][T15204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.660951][T15204] RIP: 0033:0x7f5974975bd9
[ 1170.665382][T15204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1170.685388][T15204] RSP: 002b:00007f59756ae048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1170.693836][T15204] RAX: ffffffffffffffda RBX: 00007f5974b03f60 RCX: 00007f5974975bd9
[ 1170.701845][T15204] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[ 1170.709834][T15204] RBP: 00007f59756ae0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1170.717820][T15204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1170.725915][T15204] R13: 000000000000000b R14: 00007f5974b03f60 R15: 00007ffd00e6b608
[ 1170.734005][T15204]  </TASK>
[ 1170.763847][T15105] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1170.811965][T15191] team0: Port device team_slave_0 added
[ 1170.884172][T15191] team0: Port device team_slave_1 added
[ 1170.958469][ T1112] bridge_slave_1: left allmulticast mode
[ 1170.966788][ T1112] bridge_slave_1: left promiscuous mode
[ 1170.974518][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1170.985306][ T1112] bridge_slave_0: left allmulticast mode
[ 1170.991037][ T1112] bridge_slave_0: left promiscuous mode
[ 1170.997632][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1171.251887][T13637] Bluetooth: hci3: command tx timeout
[ 1171.601573][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1171.618440][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1171.629904][ T1112] bond0 (unregistering): Released all slaves
[ 1171.671385][T15150] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1171.700603][T15191] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1171.728505][T15191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1171.769126][T15191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1171.815274][T15191] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1171.822498][T15191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1171.861789][T15191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1171.972004][T15191] hsr_slave_0: entered promiscuous mode
[ 1171.987165][T15191] hsr_slave_1: entered promiscuous mode
[ 1171.994607][T15191] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1172.012713][T15191] Cannot create hsr debugfs directory
[ 1172.035876][T15213] loop4: detected capacity change from 0 to 512
[ 1172.067833][T15213] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1172.094618][T15213] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[ 1172.103322][T15213] System zones: 1-12
[ 1172.110802][T15213] EXT4-fs (loop4): 1 truncate cleaned up
[ 1172.118015][T15213] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1172.124881][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1172.160311][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1172.171154][T15150] 8021q: adding VLAN 0 to HW filter on device team0
[ 1172.339220][T15105] veth0_vlan: entered promiscuous mode
[ 1172.350225][ T5195] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1172.357429][ T5195] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1172.441264][ T5195] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1172.448529][ T5195] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1172.496914][T15105] veth1_vlan: entered promiscuous mode
[ 1172.553827][T11418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1172.566874][T11418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1172.840247][ T1112] hsr_slave_0: left promiscuous mode
[ 1173.073762][ T1112] hsr_slave_1: left promiscuous mode
[ 1173.085473][T14999] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /4/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1173.126951][T14999] EXT4-fs error (device loop4): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1173.186856][T14999] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /4/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1173.218995][T14999] EXT4-fs error (device loop4): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1173.252971][T14999] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /4/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1173.287201][T14999] EXT4-fs error (device loop4): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1173.307476][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1173.321407][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1173.334168][T13637] Bluetooth: hci3: command tx timeout
[ 1173.349533][T14999] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /4/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1173.377454][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1173.389648][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1173.410740][T14999] EXT4-fs error (device loop4): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1173.476339][T14999] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /4/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1173.514570][ T1112] veth1_macvtap: left promiscuous mode
[ 1173.518664][T14999] EXT4-fs error (device loop4): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1173.534563][ T1112] veth0_macvtap: left promiscuous mode
[ 1173.548470][ T1112] veth1_vlan: left promiscuous mode
[ 1173.554457][ T1112] veth0_vlan: left promiscuous mode
[ 1173.860711][T15222] loop0: detected capacity change from 0 to 64
[ 1173.995973][T15222] hfs: request for non-existent node 131072 in B*Tree
[ 1174.007157][T15222] hfs: request for non-existent node 131072 in B*Tree
[ 1174.312049][ T5147] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1174.537696][ T5147] usb 1-1: Using ep0 maxpacket: 8
[ 1174.579935][ T5147] usb 1-1: New USB device found, idVendor=050d, idProduct=0109, bcdDevice=a6.da
[ 1174.606246][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.621011][ T5147] usb 1-1: config 0 descriptor??
[ 1174.628936][ T5147] mct_u232 1-1:0.0: MCT U232 converter detected
[ 1174.642631][ T5147] mct_u232 ttyUSB0: expected endpoint missing
[ 1174.679079][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 1174.757901][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 1174.840091][ T5147] usb 1-1: USB disconnect, device number 61
[ 1174.855351][ T5147] mct_u232 1-1:0.0: device disconnected
[ 1175.411647][T13637] Bluetooth: hci3: command tx timeout
[ 1175.659064][T15225] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.2354'.
[ 1175.914379][T14999] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1176.084709][T15105] veth0_macvtap: entered promiscuous mode
[ 1176.125876][ T5147] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1176.143534][T15105] veth1_macvtap: entered promiscuous mode
[ 1176.345550][T15105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1176.363143][T15105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1176.374818][ T5147] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 5
[ 1176.384050][ T5147] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1176.399986][T15105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1176.410747][T15105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1176.420923][T15105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1176.432349][T15105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1176.443638][ T5147] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1176.454807][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1176.465508][T15105] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1176.477801][ T5147] usb 1-1: SerialNumber: syz
[ 1176.517283][T15105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1176.528864][T15105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1176.543968][T15105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1176.554560][T15105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1176.565064][T15105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1176.584061][T15105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1176.610072][T15105] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1176.654353][T15150] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1176.686362][T15105] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1176.703618][T15105] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1176.720303][T15105] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1176.739994][T15105] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1176.774597][ T5147] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 1176.858614][ T9882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1176.870875][ T9882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1176.879942][ T9882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1176.890120][ T9882] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1176.899505][ T9882] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1176.913235][ T9882] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1176.976027][ T1112] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.042254][T15191] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1177.108631][T15191] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1177.138362][T15191] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1177.178739][ T1112] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.219558][T15191] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1177.260409][T11423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1177.268501][T11423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1177.306016][ T1112] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.379226][T15150] veth0_vlan: entered promiscuous mode
[ 1177.450633][ T1112] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.509039][T15150] veth1_vlan: entered promiscuous mode
[ 1177.550570][ T2892] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1177.550600][ T2892] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1177.828204][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.828273][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.894924][T15150] veth0_macvtap: entered promiscuous mode
[ 1177.959665][T15150] veth1_macvtap: entered promiscuous mode
[ 1178.147082][ T1112] bridge_slave_1: left allmulticast mode
[ 1178.147120][ T1112] bridge_slave_1: left promiscuous mode
[ 1178.147347][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1178.155199][ T1112] bridge_slave_0: left allmulticast mode
[ 1178.155224][ T1112] bridge_slave_0: left promiscuous mode
[ 1178.155394][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1178.168992][    T9] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1178.342121][    T9] usb 3-1: device descriptor read/64, error -71
[ 1178.643875][    T9] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1178.706110][ T5195] usb 1-1: USB disconnect, device number 62
[ 1178.810619][    T9] usb 3-1: device descriptor read/64, error -71
[ 1178.941553][ T9882] Bluetooth: hci1: command tx timeout
[ 1178.949040][    T9] usb usb3-port1: attempt power cycle
[ 1179.175616][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1179.193676][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1179.212247][ T1112] bond0 (unregistering): Released all slaves
[ 1179.281923][T15233] chnl_net:caif_netlink_parms(): no params data found
[ 1179.431590][    T9] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1179.483074][    T9] usb 3-1: device descriptor read/8, error -71
[ 1179.525185][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1179.541855][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.556734][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1179.568462][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.580390][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1179.591246][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.601409][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1179.629886][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.642679][T15150] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1179.753451][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1179.781545][    T9] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1179.792160][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.808229][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1179.818994][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.834434][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1179.847234][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.847424][    T9] usb 3-1: device descriptor read/8, error -71
[ 1179.869762][T15150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1179.882272][T15150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.903182][T15150] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1180.005821][T15150] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1180.015830][    T9] usb usb3-port1: unable to enumerate USB device
[ 1180.025313][T15150] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1180.036331][T15150] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1180.045310][T15150] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1180.202139][ T1112] hsr_slave_0: left promiscuous mode
[ 1180.217847][ T1112] hsr_slave_1: left promiscuous mode
[ 1180.229048][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1180.237296][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1180.246052][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1180.254176][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1180.298664][ T1112] veth1_macvtap: left promiscuous mode
[ 1180.305770][ T1112] veth0_macvtap: left promiscuous mode
[ 1180.317776][ T1112] veth1_vlan: left promiscuous mode
[ 1180.323746][ T1112] veth0_vlan: left promiscuous mode
[ 1180.981873][T15249] loop2: detected capacity change from 0 to 512
[ 1180.990981][T15249] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[ 1181.020515][ T9882] Bluetooth: hci1: command tx timeout
[ 1181.042425][T15249] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[ 1181.050672][T15249] System zones: 1-12
[ 1181.092966][T15249] EXT4-fs (loop2): 1 truncate cleaned up
[ 1181.100474][T15249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1181.888327][T15105] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /1/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1181.917487][T15105] EXT4-fs error (device loop2): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1181.939373][T15105] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /1/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1181.982179][T15105] EXT4-fs error (device loop2): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1182.042343][T15105] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /1/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1182.074720][T15105] EXT4-fs error (device loop2): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1182.112192][T15105] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /1/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1182.137907][T15105] EXT4-fs error (device loop2): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1182.159248][T15105] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /1/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1182.180666][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1182.208638][T15105] EXT4-fs error (device loop2): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1182.344247][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 1182.456845][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 1182.969758][ T5149] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1183.104355][T13637] Bluetooth: hci1: command tx timeout
[ 1183.171783][ T5149] usb 1-1: Using ep0 maxpacket: 32
[ 1183.209060][ T5149] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[ 1183.220719][ T5149] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1183.230552][ T5149] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[ 1183.247224][ T5149] usb 1-1: string descriptor 0 read error: -22
[ 1183.253680][ T5149] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1183.265826][ T5149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.479306][T15233] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1183.488910][T15233] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1183.501898][T15233] bridge_slave_0: entered allmulticast mode
[ 1183.509274][T15233] bridge_slave_0: entered promiscuous mode
[ 1183.519793][T15233] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1183.541693][T15233] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1183.549122][T15233] bridge_slave_1: entered allmulticast mode
[ 1183.564021][T15233] bridge_slave_1: entered promiscuous mode
[ 1183.720471][T15191] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1183.736531][T15233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1183.750663][T15233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1183.754554][ T5149] cdc_ncm 1-1:1.0: bind() failure
[ 1183.800009][ T5149] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1183.819590][ T5149] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1183.833570][ T5149] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[ 1183.847372][ T5149] usb 1-1: USB disconnect, device number 63
[ 1183.854415][T15233] team0: Port device team_slave_0 added
[ 1183.877197][T15105] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1183.887782][T15191] 8021q: adding VLAN 0 to HW filter on device team0
[ 1183.970921][T15233] team0: Port device team_slave_1 added
[ 1184.052932][ T5201] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1184.060124][ T5201] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1184.070250][ T5201] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1184.077528][ T5201] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1184.235048][T15233] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1184.249957][T15233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1184.288143][T15233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1184.373342][T15233] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1184.394700][T15233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1184.428532][T15233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1184.479540][ T9882] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1184.497784][ T9882] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1184.509812][ T9882] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1184.518422][ T9882] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1184.529963][ T9882] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1184.538414][ T9882] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1184.563005][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1184.570889][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1184.648336][T15233] hsr_slave_0: entered promiscuous mode
[ 1184.660085][T15233] hsr_slave_1: entered promiscuous mode
[ 1184.666914][T15233] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1184.674910][ T5201] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1184.681572][T15233] Cannot create hsr debugfs directory
[ 1184.748422][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1184.770803][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1184.831631][ T5201] usb 1-1: device descriptor read/64, error -71
[ 1184.995218][T15281] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2339'.
[ 1185.041123][ T1112] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1185.101587][ T5201] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1185.173168][ T9882] Bluetooth: hci1: command tx timeout
[ 1185.258401][T15287] loop1: detected capacity change from 0 to 512
[ 1185.280941][T15287] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1185.281826][ T5201] usb 1-1: device descriptor read/64, error -71
[ 1185.324879][ T1112] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1185.338946][T15287] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[ 1185.347947][T15287] System zones: 1-12
[ 1185.386918][T15287] EXT4-fs (loop1): 1 truncate cleaned up
[ 1185.395742][T15287] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1185.444108][ T5201] usb usb1-port1: attempt power cycle
[ 1185.490088][ T1112] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1185.513912][T15191] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1185.620313][ T1112] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1185.852345][ T5201] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1185.887324][T15191] veth0_vlan: entered promiscuous mode
[ 1185.935167][T15191] veth1_vlan: entered promiscuous mode
[ 1185.953955][ T5201] usb 1-1: device descriptor read/8, error -71
[ 1186.064511][T15276] chnl_net:caif_netlink_parms(): no params data found
[ 1186.175246][T15150] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /2/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1186.197842][ T1112] bridge_slave_1: left allmulticast mode
[ 1186.203732][ T1112] bridge_slave_1: left promiscuous mode
[ 1186.209680][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1186.218360][T15150] EXT4-fs error (device loop1): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1186.240315][T15150] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /2/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1186.242264][ T1112] bridge_slave_0: left allmulticast mode
[ 1186.268469][ T5201] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1186.277172][T15150] EXT4-fs error (device loop1): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1186.285186][ T1112] bridge_slave_0: left promiscuous mode
[ 1186.304015][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1186.306468][T15150] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /2/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1186.313358][ T5201] usb 1-1: device descriptor read/8, error -71
[ 1186.348075][T15150] EXT4-fs error (device loop1): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1186.369072][T15150] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /2/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1186.394686][T15150] EXT4-fs error (device loop1): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1186.438465][T15150] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /2/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1186.462217][ T5201] usb usb1-port1: unable to enumerate USB device
[ 1186.474123][T15150] EXT4-fs error (device loop1): ext4_empty_dir:3082: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1186.630675][ T9882] Bluetooth: hci0: command tx timeout
[ 1187.142099][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1187.164023][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1187.177267][ T1112] bond0 (unregistering): Released all slaves
[ 1187.370689][T15233] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1187.385722][T15233] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1187.409332][T15191] veth0_macvtap: entered promiscuous mode
[ 1187.419743][T15233] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1187.487311][T15150] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1187.503229][T15191] veth1_macvtap: entered promiscuous mode
[ 1187.520543][T15233] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1187.734332][T15276] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1187.751294][T15276] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1187.780650][T15276] bridge_slave_0: entered allmulticast mode
[ 1187.790075][T15276] bridge_slave_0: entered promiscuous mode
[ 1187.855635][T15276] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1187.875301][T15276] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1187.886847][T15276] bridge_slave_1: entered allmulticast mode
[ 1187.898461][T15276] bridge_slave_1: entered promiscuous mode
[ 1187.960122][T15304] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2374'.
[ 1187.980920][T15276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1188.007599][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.018556][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.032637][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.043281][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.064479][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.076559][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.088111][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1188.105132][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1188.117910][T13637] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1188.118775][T15191] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1188.134965][T13637] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1188.146841][T13637] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1188.166537][ T1112] hsr_slave_0: left promiscuous mode
[ 1188.173632][ T1112] hsr_slave_1: left promiscuous mode
[ 1188.174709][T13637] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1188.186810][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1188.195193][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1188.202755][T13637] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1188.203779][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1188.222216][T13637] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1188.226892][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1188.275495][ T1112] veth1_macvtap: left promiscuous mode
[ 1188.282714][ T1112] veth0_macvtap: left promiscuous mode
[ 1188.288771][ T1112] veth1_vlan: left promiscuous mode
[ 1188.294599][ T1112] veth0_vlan: left promiscuous mode
[ 1188.698881][T13637] Bluetooth: hci0: command tx timeout
[ 1189.110379][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 1189.187618][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 1190.076061][T15276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1190.103480][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1190.124799][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1190.141223][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1190.152825][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1190.163828][T15191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1190.174592][T15308] raw_sendmsg: syz.0.2375 forgot to set AF_INET. Fix it!
[ 1190.177870][T15191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1190.194215][T15191] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1190.273797][T15191] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.283507][T15191] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.292604][T15191] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.301509][T15191] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.301881][T13637] Bluetooth: hci2: command tx timeout
[ 1190.330336][T15310] loop0: detected capacity change from 0 to 1024
[ 1190.337995][T15310] hfsplus: unable to parse mount options
[ 1190.402098][T15276] team0: Port device team_slave_0 added
[ 1190.479706][T15276] team0: Port device team_slave_1 added
[ 1190.511346][T15311] loop0: detected capacity change from 0 to 256
[ 1190.575417][T15311] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1190.631371][T15311] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d)
[ 1190.704414][T15276] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1190.712317][T15276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1190.769247][T15276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1190.780227][T13637] Bluetooth: hci0: command tx timeout
[ 1190.795156][T15276] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1190.803215][T15276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1190.829209][T15276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1191.047083][T15276] hsr_slave_0: entered promiscuous mode
[ 1191.054170][T15276] hsr_slave_1: entered promiscuous mode
[ 1191.060592][T15276] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1191.068692][T15276] Cannot create hsr debugfs directory
[ 1191.268888][T15260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1191.278369][T15260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1191.375776][T15233] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1191.400704][T11418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1191.415449][T15305] chnl_net:caif_netlink_parms(): no params data found
[ 1191.423125][T11418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1191.481969][ T5147] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1191.607463][ T1112] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1191.685593][ T5147] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[ 1191.709726][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1191.726033][ T5147] usb 1-1: config 0 descriptor??
[ 1191.734897][ T5147] gspca_main: spca561-2.14.0 probing abcd:cdee
[ 1191.798321][ T1112] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.026275][T15233] 8021q: adding VLAN 0 to HW filter on device team0
[ 1192.035947][ T5147] spca561 1-1:0.0: probe with driver spca561 failed with error -22
[ 1192.046088][ T5147] usb 1-1: MIDIStreaming interface descriptor not found
[ 1192.061852][ T5201] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1192.137967][ T5147] usb 1-1: USB disconnect, device number 68
[ 1192.178877][ T1112] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.244911][ T5201] usb 4-1: device descriptor read/64, error -71
[ 1192.371673][T13637] Bluetooth: hci2: command tx timeout
[ 1192.416935][ T1112] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1192.437463][ T5101] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1192.444708][ T5101] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1192.527503][ T5101] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1192.534714][ T5101] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1192.543827][ T5201] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1192.563709][T15305] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1192.572415][T15305] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1192.582646][T15305] bridge_slave_0: entered allmulticast mode
[ 1192.593251][T15305] bridge_slave_0: entered promiscuous mode
[ 1192.645308][T15305] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1192.654493][T15305] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1192.678556][T15305] bridge_slave_1: entered allmulticast mode
[ 1192.702381][ T5201] usb 4-1: device descriptor read/64, error -71
[ 1192.721664][T15305] bridge_slave_1: entered promiscuous mode
[ 1192.822151][ T5201] usb usb4-port1: attempt power cycle
[ 1192.872197][T13637] Bluetooth: hci0: command tx timeout
[ 1193.147891][T15305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1193.238129][T15305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1193.252030][ T5201] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1193.297693][ T5201] usb 4-1: device descriptor read/8, error -71
[ 1193.372033][T15333] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1193.572954][ T5201] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1193.585707][T15305] team0: Port device team_slave_0 added
[ 1193.625683][ T5201] usb 4-1: device descriptor read/8, error -71
[ 1193.637137][T15337] loop0: detected capacity change from 0 to 512
[ 1193.662480][T15337] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[ 1193.676857][T15305] team0: Port device team_slave_1 added
[ 1193.715603][T15337] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[ 1193.716023][T15337] EXT4-fs: failed to create workqueue
[ 1193.777820][ T5201] usb usb4-port1: unable to enumerate USB device
[ 1193.791012][T15337] EXT4-fs (loop0): mount failed
[ 1194.019332][T15305] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1194.036581][T15305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1194.067574][T15305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1194.162173][T15305] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1194.169373][T15305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1194.204159][T15305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1194.283827][ T1112] bridge_slave_1: left allmulticast mode
[ 1194.310885][ T1112] bridge_slave_1: left promiscuous mode
[ 1194.331468][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1194.354256][ T1112] bridge_slave_0: left allmulticast mode
[ 1194.359962][ T1112] bridge_slave_0: left promiscuous mode
[ 1194.371779][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1194.451967][T13637] Bluetooth: hci2: command tx timeout
[ 1194.561816][   T58] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1194.771676][   T58] usb 1-1: Using ep0 maxpacket: 8
[ 1194.793755][   T58] usb 1-1: config 3 has an invalid interface number: 209 but max is 1
[ 1194.802963][   T58] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1194.821675][   T58] usb 1-1: config 3 has 1 interface, different from the descriptor's value: 2
[ 1194.841009][   T58] usb 1-1: config 3 has no interface number 0
[ 1194.847346][   T58] usb 1-1: config 3 interface 209 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[ 1194.876248][   T58] usb 1-1: config 3 interface 209 has no altsetting 0
[ 1194.886354][   T58] usb 1-1: New USB device found, idVendor=2040, idProduct=7070, bcdDevice=19.44
[ 1194.895890][   T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.912177][   T58] usb 1-1: Product: ᜡ౲Ꝛற⬮濤椽씤윷壥䴠쟂퇵姙篈ꍷٖퟔꭂꔈ䚤樓䖁慝骂얾柃璘ず깜䠖⫢垻醒솑悼ﶀ´贔驾屫জ䐱ꅮ欚背砀ὅ龜哢屖ꑟ帏醠랝쒇磈ᑘ泀棕ꞓ戦〧쯰ᬗ埶褴绖⮩뒍ཏ䌢⃽㪹㧅ꅺ䫵擠䦾銓뇰踉髫詓鵢쀥㞋绪잁왯놂
[ 1194.946120][   T58] usb 1-1: Manufacturer: Џ
[ 1194.950696][   T58] usb 1-1: SerialNumber: Ћ
[ 1195.602795][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1195.668407][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1195.699359][ T1112] bond0 (unregistering): Released all slaves
[ 1195.900065][T15276] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1195.916106][T15355] loop0: detected capacity change from 0 to 1024
[ 1195.957675][T15276] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1195.970605][T15355] hfsplus: invalid btree extent records (0 size)
[ 1195.995073][T15355] hfsplus: failed to load extents file
[ 1196.028949][T15233] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1196.241996][T15276] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1196.261612][T15276] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1196.319904][T15305] hsr_slave_0: entered promiscuous mode
[ 1196.336719][T15305] hsr_slave_1: entered promiscuous mode
[ 1196.360289][T15305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1196.370486][T15305] Cannot create hsr debugfs directory
[ 1196.532244][T13637] Bluetooth: hci2: command tx timeout
[ 1196.545137][T15361] loop3: detected capacity change from 0 to 256
[ 1196.750724][ T1112] hsr_slave_0: left promiscuous mode
[ 1196.762791][ T1112] hsr_slave_1: left promiscuous mode
[ 1196.795960][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1196.831084][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1196.873475][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1196.890969][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1196.970060][ T1112] veth1_macvtap: left promiscuous mode
[ 1196.986657][ T1112] veth0_macvtap: left promiscuous mode
[ 1197.000145][ T1112] veth1_vlan: left promiscuous mode
[ 1197.010522][ T1112] veth0_vlan: left promiscuous mode
[ 1197.756227][T15355] delete_channel: no stack
[ 1197.778123][   T58] dvb-usb: found a 'Hauppauge Nova-T Stick' in cold state, will try to load a firmware
[ 1198.629791][T15375] netlink: 'syz.0.2388': attribute type 1 has an invalid length.
[ 1198.641976][T15375] netlink: 'syz.0.2388': attribute type 2 has an invalid length.
[ 1198.647531][   T58] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1198.650339][T15375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2388'.
[ 1198.659942][   T58] dib0700: firmware download failed at 7 with -22
[ 1198.703402][   T58] usb 1-1: USB disconnect, device number 69
[ 1198.839661][T15375] loop0: detected capacity change from 0 to 512
[ 1198.864119][T15375] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1198.969277][T15375] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2388: bg 0: block 64: padding at end of block bitmap is not set
[ 1198.999132][T15375] Quota error (device loop0): write_blk: dquota write failed
[ 1199.008164][T15375] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[ 1199.021336][T15375] EXT4-fs error (device loop0): ext4_acquire_dquot:6862: comm syz.0.2388: Failed to acquire dquot type 0
[ 1199.065862][T15375] EXT4-fs (loop0): 1 truncate cleaned up
[ 1199.083775][T15375] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1199.472872][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 1199.549714][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 1200.511374][T15053] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1200.971606][   T58] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1201.027097][T15233] veth0_vlan: entered promiscuous mode
[ 1201.158299][   T58] usb 4-1: device descriptor read/64, error -71
[ 1201.167523][T15233] veth1_vlan: entered promiscuous mode
[ 1201.196552][T15276] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1201.326968][T15276] 8021q: adding VLAN 0 to HW filter on device team0
[ 1201.382444][T10449] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1201.389713][T10449] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1201.445061][T15332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1201.452321][T15332] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1201.462144][   T58] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1201.555799][T15233] veth0_macvtap: entered promiscuous mode
[ 1201.642073][   T58] usb 4-1: device descriptor read/64, error -71
[ 1201.658197][T15233] veth1_macvtap: entered promiscuous mode
[ 1201.761918][   T58] usb usb4-port1: attempt power cycle
[ 1201.815667][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1201.831574][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.852001][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1201.870986][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.891762][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1201.918788][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.940158][T15233] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1202.076616][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1202.084877][T15387] loop0: detected capacity change from 0 to 40427
[ 1202.145905][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1202.146176][T15387] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1202.180277][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1202.191068][   T58] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1202.209031][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1202.225640][T15233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1202.237634][T15233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1202.253125][   T58] usb 4-1: device descriptor read/8, error -71
[ 1202.267834][T15387] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 1202.268382][T15233] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1202.293509][T15305] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1202.345115][T15233] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.370962][T15233] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.411567][T15233] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.439199][T15233] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.479539][T15305] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1202.499550][T15305] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1202.518426][T15053] syz-executor: attempt to access beyond end of device
[ 1202.518426][T15053] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[ 1202.521601][   T58] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1202.555953][T15053] syz-executor: attempt to access beyond end of device
[ 1202.555953][T15053] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[ 1202.617130][   T58] usb 4-1: device descriptor read/8, error -71
[ 1202.637432][T15305] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1202.642446][T15053] syz-executor: attempt to access beyond end of device
[ 1202.642446][T15053] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1202.658422][T15053] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[ 1202.759257][T15276] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1202.778484][   T58] usb usb4-port1: unable to enumerate USB device
[ 1203.068501][T15276] veth0_vlan: entered promiscuous mode
[ 1203.097420][T15260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.128137][T15260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.290086][T15276] veth1_vlan: entered promiscuous mode
[ 1203.335048][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.372115][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.398451][T15305] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1203.606461][ T1112] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1203.800336][ T1112] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1203.851946][T15400] loop4: detected capacity change from 0 to 512
[ 1203.860718][T15276] veth0_macvtap: entered promiscuous mode
[ 1203.899755][T15400] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1203.917318][T15400] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1203.959364][ T1112] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1203.962864][   T58] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 1203.984116][T15305] 8021q: adding VLAN 0 to HW filter on device team0
[ 1203.993496][T15276] veth1_macvtap: entered promiscuous mode
[ 1204.064339][T15233] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1204.100172][ T9882] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1204.124727][ T9882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1204.135751][ T9882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1204.159649][ T9882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1204.168021][ T9882] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1204.178481][ T9882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1204.210149][ T1112] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1204.210176][T15408] FAULT_INJECTION: forcing a failure.
[ 1204.210176][T15408] name failslab, interval 1, probability 0, space 0, times 0
[ 1204.210208][T15408] CPU: 0 UID: 0 PID: 15408 Comm: syz.4.2396 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1204.229982][   T58] usb 4-1: Using ep0 maxpacket: 8
[ 1204.233016][T15408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1204.233037][T15408] Call Trace:
[ 1204.233048][T15408]  <TASK>
[ 1204.233059][T15408]  dump_stack_lvl+0x241/0x360
[ 1204.233103][T15408]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1204.233137][T15408]  ? __pfx__printk+0x10/0x10
[ 1204.233183][T15408]  should_fail_ex+0x3b0/0x4e0
[ 1204.260050][   T58] usb 4-1: config 3 has an invalid interface number: 209 but max is 1
[ 1204.262335][T15408]  ? do_sys_poll+0x2ae/0x1300
[ 1204.262372][T15408]  should_failslab+0x9/0x20
[ 1204.262404][T15408]  __kmalloc_noprof+0xd8/0x400
[ 1204.262444][T15408]  do_sys_poll+0x2ae/0x1300
[ 1204.262487][T15408]  ? _parse_integer_limit+0x1b5/0x200
[ 1204.262526][T15408]  ? mark_lock+0x9a/0x360
[ 1204.262564][T15408]  ? __pfx_do_sys_poll+0x10/0x10
[ 1204.262654][T15408]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1204.271810][   T58] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1204.275554][T15408]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1204.290928][   T58] usb 4-1: config 3 has 1 interface, different from the descriptor's value: 2
[ 1204.293179][T15408]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1204.293233][T15408]  __se_sys_poll+0x1c5/0x400
[ 1204.293262][T15408]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1204.293295][T15408]  ? __pfx___se_sys_poll+0x10/0x10
[ 1204.297984][   T58] usb 4-1: config 3 has no interface number 0
[ 1204.302480][T15408]  ? do_syscall_64+0x100/0x230
[ 1204.302510][T15408]  ? do_syscall_64+0xb6/0x230
[ 1204.302535][T15408]  do_syscall_64+0xf3/0x230
[ 1204.302559][T15408]  ? clear_bhb_loop+0x35/0x90
[ 1204.302590][T15408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1204.302617][T15408] RIP: 0033:0x7f24bf975bd9
[ 1204.302641][T15408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1204.302662][T15408] RSP: 002b:00007f24c0683048 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[ 1204.302690][T15408] RAX: ffffffffffffffda RBX: 00007f24bfb03f60 RCX: 00007f24bf975bd9
[ 1204.302716][T15408] RDX: 0000000000000000 RSI: 200000000000006e RDI: 0000000020000140
[ 1204.302733][T15408] RBP: 00007f24c06830a0 R08: 0000000000000000 R09: 0000000000000000
[ 1204.302750][T15408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1204.302765][T15408] R13: 000000000000000b R14: 00007f24bfb03f60 R15: 00007ffeeec05678
[ 1204.307636][   T58] usb 4-1: config 3 interface 209 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[ 1204.312020][T15408]  </TASK>
[ 1204.514440][   T58] usb 4-1: config 3 interface 209 has no altsetting 0
[ 1204.514464][ T8848] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1204.514598][ T8848] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1204.540173][   T58] usb 4-1: New USB device found, idVendor=2040, idProduct=7070, bcdDevice=19.44
[ 1204.558723][   T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1204.585115][   T58] usb 4-1: Product: ᜡ౲Ꝛற⬮濤椽씤윷壥䴠쟂퇵姙篈ꍷٖퟔꭂꔈ䚤樓䖁慝骂얾柃璘ず깜䠖⫢垻醒솑悼ﶀ´贔驾屫জ䐱ꅮ欚背砀ὅ龜哢屖ꑟ帏醠랝쒇磈ᑘ泀棕ꞓ戦〧쯰ᬗ埶褴绖⮩뒍ཏ䌢⃽㪹㧅ꅺ䫵擠䦾銓뇰踉髫詓鵢쀥㞋绪잁왯놂
[ 1204.592999][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.639315][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.652021][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.663166][   T58] usb 4-1: Manufacturer: Џ
[ 1204.663197][   T58] usb 4-1: SerialNumber: Ћ
[ 1204.676747][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.686791][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.699722][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.709914][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1204.722262][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.735407][T15276] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1204.749954][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.760798][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.772167][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.792720][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.802883][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.813400][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.823384][T15276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1204.834021][T15276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1204.847198][T15276] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1204.868626][T15332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1204.875952][T15332] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1204.950856][T15276] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1204.978564][T15276] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1205.024305][T15276] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1205.051640][T15276] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1205.238710][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2400'.
[ 1206.429230][ T9882] Bluetooth: hci4: command tx timeout
[ 1206.756582][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1206.780475][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1206.860390][ T1112] bridge_slave_1: left allmulticast mode
[ 1206.895393][T15416] loop3: detected capacity change from 0 to 1024
[ 1206.902534][ T1112] bridge_slave_1: left promiscuous mode
[ 1206.908403][ T1112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1206.947152][T15416] hfsplus: invalid btree extent records (0 size)
[ 1206.958760][T15416] hfsplus: failed to load extents file
[ 1206.984091][ T1112] bridge_slave_0: left allmulticast mode
[ 1207.001722][T15326] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1207.023737][ T1112] bridge_slave_0: left promiscuous mode
[ 1207.029825][ T1112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.217733][T15326] usb 5-1: device descriptor read/64, error -71
[ 1207.521619][T15326] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1207.681867][T15326] usb 5-1: device descriptor read/64, error -71
[ 1207.818387][T15326] usb usb5-port1: attempt power cycle
[ 1208.103375][ T1112] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1208.122328][ T1112] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1208.138834][ T1112] bond0 (unregistering): Released all slaves
[ 1208.216680][T11418] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1208.240419][T11418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1208.251612][T15326] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1208.354731][T15326] usb 5-1: device descriptor read/8, error -71
[ 1208.456785][ T9882] Bluetooth: hci4: command tx timeout
[ 1208.525101][T15416] delete_channel: no stack
[ 1208.543715][   T58] dvb-usb: found a 'Hauppauge Nova-T Stick' in cold state, will try to load a firmware
[ 1208.563671][   T58] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1208.572056][   T58] dib0700: firmware download failed at 7 with -22
[ 1208.609270][   T58] usb 4-1: USB disconnect, device number 78
[ 1208.671742][T15326] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1208.722370][T15326] usb 5-1: device descriptor read/8, error -71
[ 1208.852891][T15326] usb usb5-port1: unable to enumerate USB device
[ 1208.979359][T15305] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1209.243827][T15405] chnl_net:caif_netlink_parms(): no params data found
[ 1209.291856][T15332] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1209.494144][T15332] usb 4-1: device descriptor read/64, error -71
[ 1209.523494][ T1112] hsr_slave_0: left promiscuous mode
[ 1209.543861][ T1112] hsr_slave_1: left promiscuous mode
[ 1209.628304][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1209.636145][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1209.672047][ T1112] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1209.693527][ T1112] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1209.875351][T15332] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1210.261671][T15332] usb 4-1: device descriptor read/64, error -71
[ 1210.383113][T15332] usb usb4-port1: attempt power cycle
[ 1210.537241][ T9882] Bluetooth: hci4: command tx timeout
[ 1210.786728][ T1112] veth1_macvtap: left promiscuous mode
[ 1210.803658][T15454] loop4: detected capacity change from 0 to 2048
[ 1210.820953][T15454] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 1210.821574][ T1112] veth0_macvtap: left promiscuous mode
[ 1210.847396][T15454] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1210.852699][ T1112] veth1_vlan: left promiscuous mode
[ 1210.866586][ T1112] veth0_vlan: left promiscuous mode
[ 1210.884265][T15454] FAULT_INJECTION: forcing a failure.
[ 1210.884265][T15454] name failslab, interval 1, probability 0, space 0, times 0
[ 1210.919566][T15456] loop2: detected capacity change from 0 to 2048
[ 1210.927970][T15454] CPU: 1 UID: 0 PID: 15454 Comm: syz.4.2408 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1210.938293][T15454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1210.948400][T15454] Call Trace:
[ 1210.951725][T15454]  <TASK>
[ 1210.954692][T15454]  dump_stack_lvl+0x241/0x360
[ 1210.959439][T15454]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1210.964700][T15454]  ? __pfx__printk+0x10/0x10
[ 1210.969421][T15454]  ? __pfx___might_resched+0x10/0x10
[ 1210.974775][T15454]  should_fail_ex+0x3b0/0x4e0
[ 1210.979528][T15454]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1210.985305][T15454]  should_failslab+0x9/0x20
[ 1210.989838][T15454]  __kmalloc_noprof+0xd8/0x400
[ 1210.994636][T15454]  ? kfree+0x4e/0x360
[ 1210.998645][T15454]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1211.004220][T15454]  tomoyo_path_number_perm+0x23a/0x880
[ 1211.009695][T15454]  ? mark_lock+0x9a/0x360
[ 1211.014052][T15454]  ? tomoyo_path_number_perm+0x208/0x880
[ 1211.019810][T15454]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1211.025822][T15454]  ? __pfx_lock_release+0x10/0x10
[ 1211.031090][T15454]  ? hook_path_mknod+0x16f/0x540
[ 1211.036077][T15454]  tomoyo_path_mknod+0x176/0x1b0
[ 1211.041054][T15454]  ? __pfx_hook_path_mknod+0x10/0x10
[ 1211.046935][T15454]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[ 1211.052452][T15454]  security_path_mknod+0xf8/0x150
[ 1211.057607][T15454]  path_openat+0xca2/0x3470
[ 1211.062162][T15454]  ? __pfx_path_openat+0x10/0x10
[ 1211.067145][T15454]  do_filp_open+0x235/0x490
[ 1211.071676][T15454]  ? __pfx_do_filp_open+0x10/0x10
[ 1211.076775][T15454]  ? _raw_spin_unlock+0x28/0x50
[ 1211.081643][T15454]  ? alloc_fd+0x5a1/0x640
[ 1211.085998][T15454]  do_sys_openat2+0x13e/0x1d0
[ 1211.090702][T15454]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1211.095937][T15454]  __x64_sys_creat+0x123/0x170
[ 1211.100722][T15454]  ? __pfx___x64_sys_creat+0x10/0x10
[ 1211.106028][T15454]  ? do_syscall_64+0x100/0x230
[ 1211.110808][T15454]  ? do_syscall_64+0xb6/0x230
[ 1211.115503][T15454]  do_syscall_64+0xf3/0x230
[ 1211.120107][T15454]  ? clear_bhb_loop+0x35/0x90
[ 1211.124808][T15454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1211.130723][T15454] RIP: 0033:0x7f24bf975bd9
[ 1211.135172][T15454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1211.154819][T15454] RSP: 002b:00007f24c0683048 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 1211.163258][T15454] RAX: ffffffffffffffda RBX: 00007f24bfb03f60 RCX: 00007f24bf975bd9
[ 1211.171332][T15454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200002c0
[ 1211.179313][T15454] RBP: 00007f24c06830a0 R08: 0000000000000000 R09: 0000000000000000
[ 1211.187480][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1211.195469][T15454] R13: 000000000000000b R14: 00007f24bfb03f60 R15: 00007ffeeec05678
[ 1211.203556][T15454]  </TASK>
[ 1211.206834][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1211.225759][T15456] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1211.266115][T15454] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1211.274114][T15459] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1211.277639][T15456] syz.2.2409: attempt to access beyond end of device
[ 1211.277639][T15456] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[ 1211.299290][T15332] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1211.336540][T15332] usb 4-1: device descriptor read/8, error -71
[ 1211.582682][T15461] loop4: detected capacity change from 0 to 1024
[ 1211.621621][T15332] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1211.663330][T15332] usb 4-1: device descriptor read/8, error -71
[ 1211.802076][T15332] usb usb4-port1: unable to enumerate USB device
[ 1211.815464][ T8848] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1212.011750][ T8848] usb 3-1: Using ep0 maxpacket: 8
[ 1212.028896][ T8848] usb 3-1: config 3 has an invalid interface number: 209 but max is 1
[ 1212.048697][ T8848] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1212.084321][ T8848] usb 3-1: config 3 has 1 interface, different from the descriptor's value: 2
[ 1212.094016][ T8848] usb 3-1: config 3 has no interface number 0
[ 1212.100333][ T8848] usb 3-1: config 3 interface 209 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[ 1212.117203][ T8848] usb 3-1: config 3 interface 209 has no altsetting 0
[ 1212.127217][ T8848] usb 3-1: New USB device found, idVendor=2040, idProduct=7070, bcdDevice=19.44
[ 1212.137608][ T8848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.145847][ T8848] usb 3-1: Product: ᜡ౲Ꝛற⬮濤椽씤윷壥䴠쟂퇵姙篈ꍷٖퟔꭂꔈ䚤樓䖁慝骂얾柃璘ず깜䠖⫢垻醒솑悼ﶀ´贔驾屫জ䐱ꅮ欚背砀ὅ龜哢屖ꑟ帏醠랝쒇磈ᑘ泀棕ꞓ戦〧쯰ᬗ埶褴绖⮩뒍ཏ䌢⃽㪹㧅ꅺ䫵擠䦾銓뇰踉髫詓鵢쀥㞋绪잁왯놂
[ 1212.180398][ T8848] usb 3-1: Manufacturer: Џ
[ 1212.188594][ T8848] usb 3-1: SerialNumber: Ћ
[ 1212.409250][T15466] loop3: detected capacity change from 0 to 32768
[ 1212.422409][T15466] btrfs: Unknown parameter 'fragment'
[ 1212.611781][ T9882] Bluetooth: hci4: command tx timeout
[ 1212.902227][T15467] loop2: detected capacity change from 0 to 1024
[ 1212.911363][T15467] hfsplus: invalid btree extent records (0 size)
[ 1212.918297][T15467] hfsplus: failed to load extents file
[ 1213.315951][ T1112] team0 (unregistering): Port device team_slave_1 removed
[ 1213.753117][ T1112] team0 (unregistering): Port device team_slave_0 removed
[ 1214.691486][    C1] DEBUG: holding rtnl_mutex for 520 jiffies.
[ 1214.697608][    C1] task:kworker/u8:8    state:D stack:19760 pid:1112  tgid:1112  ppid:2      flags:0x00004000
[ 1214.707978][    C1] Workqueue: netns cleanup_net
[ 1214.712988][    C1] Call Trace:
[ 1214.716313][    C1]  <TASK>
[ 1214.719291][    C1]  __schedule+0x1800/0x4a60
[ 1214.723982][    C1]  ? __pfx___schedule+0x10/0x10
[ 1214.729136][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1214.734270][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1214.740359][    C1]  ? kthread_data+0x52/0xd0
[ 1214.745104][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1214.750291][    C1]  ? schedule+0x90/0x320
[ 1214.754610][    C1]  schedule+0x14b/0x320
[ 1214.758829][    C1]  synchronize_rcu_expedited+0x684/0x830
[ 1214.764602][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 1214.770835][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1214.776232][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1214.781578][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1214.787610][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1214.793797][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1214.800205][    C1]  synchronize_rcu+0x11b/0x360
[ 1214.805075][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1214.810425][    C1]  lockdep_unregister_key+0x556/0x610
[ 1214.815907][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[ 1214.821991][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1214.826805][    C1]  ? qdisc_reset+0x3bf/0x5b0
[ 1214.831473][    C1]  __qdisc_destroy+0x165/0x410
[ 1214.836295][    C1]  dev_shutdown+0x357/0x440
[ 1214.840877][    C1]  unregister_netdevice_many_notify+0x9c7/0x1d20
[ 1214.847315][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1214.854251][    C1]  ? unregister_netdevice_queue+0x26b/0x370
[ 1214.860183][    C1]  ? batadv_softif_destroy_netlink+0x1e0/0x270
[ 1214.866432][    C1]  default_device_exit_batch+0xa0f/0xa90
[ 1214.872146][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1214.877565][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[ 1214.883810][    C1]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[ 1214.889308][    C1]  ? cfg802154_pernet_exit+0xc3/0xe0
[ 1214.894662][    C1]  ? __pfx_default_device_exit_batch+0x10/0x10
[ 1214.900864][    C1]  cleanup_net+0x89d/0xcc0
[ 1214.905375][    C1]  ? __pfx_cleanup_net+0x10/0x10
[ 1214.910362][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1214.916159][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1214.921893][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1214.927926][    C1]  ? assign_work+0x364/0x3d0
[ 1214.932729][    C1]  worker_thread+0x86d/0xd40
[ 1214.937376][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1214.942494][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1214.947664][    C1]  kthread+0x2f0/0x390
[ 1214.951853][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1214.956988][    C1]  ? __pfx_kthread+0x10/0x10
[ 1214.961671][    C1]  ret_from_fork+0x4b/0x80
[ 1214.966150][    C1]  ? __pfx_kthread+0x10/0x10
[ 1214.970786][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1214.975646][    C1]  </TASK>
[ 1214.978701][    C1] DEBUG: waiting rtnl_mutex for 548 jiffies.
[ 1214.984738][    C1] task:kworker/u8:10   state:D stack:21008 pid:11423 tgid:11423 ppid:2      flags:0x00004000
[ 1214.995064][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 1215.001086][    C1] Call Trace:
[ 1215.004412][    C1]  <TASK>
[ 1215.007388][    C1]  __schedule+0x1800/0x4a60
[ 1215.012061][    C1]  ? __pfx___schedule+0x10/0x10
[ 1215.016954][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1215.022080][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1215.028219][    C1]  ? kthread_data+0x52/0xd0
[ 1215.032946][    C1]  ? schedule+0x90/0x320
[ 1215.037255][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1215.042588][    C1]  ? schedule+0x90/0x320
[ 1215.046886][    C1]  schedule+0x14b/0x320
[ 1215.051117][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1215.056657][    C1]  __mutex_lock+0x6a4/0xd70
[ 1215.061216][    C1]  ? mark_lock+0x9a/0x360
[ 1215.065643][    C1]  ? __mutex_lock+0x527/0xd70
[ 1215.070463][    C1]  ? addrconf_dad_work+0xd0/0x16f0
[ 1215.075663][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1215.080742][    C1]  ? get_rtnl_holder+0x144/0x190
[ 1215.085775][    C1]  addrconf_dad_work+0xd0/0x16f0
[ 1215.090768][    C1]  ? __pfx_addrconf_dad_work+0x10/0x10
[ 1215.096387][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1215.103090][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1215.108987][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1215.114668][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1215.120687][    C1]  ? assign_work+0x364/0x3d0
[ 1215.125343][    C1]  worker_thread+0x86d/0xd40
[ 1215.130072][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1215.136045][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1215.141105][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1215.146282][    C1]  kthread+0x2f0/0x390
[ 1215.150391][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1215.155578][    C1]  ? __pfx_kthread+0x10/0x10
[ 1215.160206][    C1]  ret_from_fork+0x4b/0x80
[ 1215.164761][    C1]  ? __pfx_kthread+0x10/0x10
[ 1215.169486][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1215.174373][    C1]  </TASK>
[ 1215.177432][    C1] DEBUG: waiting rtnl_mutex for 568 jiffies.
[ 1215.183498][    C1] task:syz-executor    state:D stack:21024 pid:15405 tgid:15405 ppid:15396  flags:0x00004000
[ 1215.193896][    C1] Call Trace:
[ 1215.197286][    C1]  <TASK>
[ 1215.200269][    C1]  __schedule+0x1800/0x4a60
[ 1215.204873][    C1]  ? __pfx___schedule+0x10/0x10
[ 1215.209878][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1215.214989][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1215.220522][    C1]  ? schedule+0x90/0x320
[ 1215.224919][    C1]  schedule+0x14b/0x320
[ 1215.229152][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1215.235092][    C1]  __mutex_lock+0x6a4/0xd70
[ 1215.239719][    C1]  ? __mutex_lock+0x527/0xd70
[ 1215.244497][    C1]  ? rtnetlink_rcv_msg+0x847/0x1180
[ 1215.249770][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1215.254969][    C1]  ? get_rtnl_holder+0x144/0x190
[ 1215.259964][    C1]  rtnetlink_rcv_msg+0x847/0x1180
[ 1215.265101][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[ 1215.270357][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1215.275919][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1215.281265][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1215.286570][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1215.292053][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1215.297051][    C1]  ? mark_lock+0x9a/0x360
[ 1215.301465][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1215.306717][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1215.312205][    C1]  ? mark_lock+0x9a/0x360
[ 1215.316691][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1215.321827][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1215.326657][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1215.332221][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1215.337620][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1215.342884][    C1]  netlink_unicast+0x7f0/0x990
[ 1215.347716][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1215.353066][    C1]  ? __virt_addr_valid+0x183/0x530
[ 1215.358226][    C1]  ? __check_object_size+0x49c/0x900
[ 1215.363587][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1215.368752][    C1]  netlink_sendmsg+0x8e4/0xcb0
[ 1215.373589][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1215.378899][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1215.384991][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1215.389993][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1215.395367][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1215.400873][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1215.406237][    C1]  __sock_sendmsg+0x221/0x270
[ 1215.410973][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1215.415563][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1215.420650][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1215.425935][    C1]  ? blkcg_maybe_throttle_current+0x1ab/0xb80
[ 1215.432089][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1215.438202][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1215.444597][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1215.450991][    C1]  __x64_sys_sendto+0xde/0x100
[ 1215.455833][    C1]  do_syscall_64+0xf3/0x230
[ 1215.460427][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1215.465320][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1215.471371][    C1] RIP: 0033:0x7f707ef7796c
[ 1215.475883][    C1] RSP: 002b:00007ffeee8ea050 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1215.484588][    C1] RAX: ffffffffffffffda RBX: 00007f707fc34620 RCX: 00007f707ef7796c
[ 1215.492781][    C1] RDX: 000000000000003c RSI: 00007f707fc34670 RDI: 0000000000000003
[ 1215.500812][    C1] RBP: 0000000000000000 R08: 00007ffeee8ea0a4 R09: 000000000000000c
[ 1215.508885][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1215.516983][    C1] R13: 0000000000000000 R14: 00007f707fc34670 R15: 0000000000000000
[ 1215.525067][    C1]  </TASK>
[ 1215.528173][    C1] DEBUG: waiting rtnl_mutex for 602 jiffies.
[ 1215.534354][    C1] task:syz-executor    state:D stack:19728 pid:15305 tgid:15305 ppid:15300  flags:0x00004002
[ 1215.544703][    C1] Call Trace:
[ 1215.548093][    C1]  <TASK>
[ 1215.551063][    C1]  __schedule+0x1800/0x4a60
[ 1215.555695][    C1]  ? __pfx___schedule+0x10/0x10
[ 1215.560698][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1215.565833][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1215.571366][    C1]  ? schedule+0x90/0x320
[ 1215.575699][    C1]  schedule+0x14b/0x320
[ 1215.579906][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1215.585473][    C1]  __mutex_lock+0x6a4/0xd70
[ 1215.590023][    C1]  ? __mutex_lock+0x527/0xd70
[ 1215.594769][    C1]  ? rtnetlink_rcv_msg+0x847/0x1180
[ 1215.600004][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1215.605115][    C1]  ? get_rtnl_holder+0x144/0x190
[ 1215.610093][    C1]  rtnetlink_rcv_msg+0x847/0x1180
[ 1215.615171][    C1]  ? rtnetlink_rcv_msg+0x208/0x1180
[ 1215.620448][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1215.626009][    C1]  ? __local_bh_enable_ip+0x168/0x200
[ 1215.631447][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1215.636777][    C1]  ? __local_bh_enable_ip+0x168/0x200
[ 1215.642215][    C1]  ? dev_hard_start_xmit+0x773/0x7e0
[ 1215.647630][    C1]  ? __dev_queue_xmit+0x2da/0x3e90
[ 1215.652794][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1215.658550][    C1]  ? __dev_queue_xmit+0x2da/0x3e90
[ 1215.663847][    C1]  ? __dev_queue_xmit+0x1763/0x3e90
[ 1215.669088][    C1]  ? kasan_save_track+0x51/0x80
[ 1215.674022][    C1]  ? do_syscall_64+0xf3/0x230
[ 1215.678740][    C1]  ? __dev_queue_xmit+0x2da/0x3e90
[ 1215.683914][    C1]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1215.689346][    C1]  ? ref_tracker_free+0x643/0x7e0
[ 1215.694426][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1215.699240][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1215.704797][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1215.710184][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1215.715474][    C1]  netlink_unicast+0x7f0/0x990
[ 1215.720291][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1215.725688][    C1]  ? __virt_addr_valid+0x183/0x530
[ 1215.730876][    C1]  ? __check_object_size+0x49c/0x900
[ 1215.736340][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1215.741609][    C1]  netlink_sendmsg+0x8e4/0xcb0
[ 1215.746685][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1215.752052][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1215.758072][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1215.763092][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1215.768414][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1215.773953][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1215.779307][    C1]  __sock_sendmsg+0x221/0x270
[ 1215.784102][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1215.788680][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1215.793885][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1215.799930][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1215.806388][    C1]  __x64_sys_sendto+0xde/0x100
[ 1215.811375][    C1]  do_syscall_64+0xf3/0x230
[ 1215.816055][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1215.820793][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1215.826912][    C1] RIP: 0033:0x7f7ca037796c
[ 1215.831377][    C1] RSP: 002b:00007ffc9c476a60 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1215.839864][    C1] RAX: ffffffffffffffda RBX: 00007f7ca1034620 RCX: 00007f7ca037796c
[ 1215.847933][    C1] RDX: 0000000000000028 RSI: 00007f7ca1034670 RDI: 0000000000000003
[ 1215.856012][    C1] RBP: 0000000000000000 R08: 00007ffc9c476ab4 R09: 000000000000000c
[ 1215.864077][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1215.872150][    C1] R13: 0000000000000000 R14: 00007f7ca1034670 R15: 0000000000000000
[ 1215.880268][    C1]  </TASK>
[ 1215.883360][    C1] DEBUG: waiting rtnl_mutex for 559 jiffies.
[ 1215.889373][    C1] task:kworker/1:2     state:D stack:12464 pid:58    tgid:58    ppid:2      flags:0x00004000
[ 1215.899636][    C1] Workqueue: events linkwatch_event
[ 1215.905006][    C1] Call Trace:
[ 1215.908339][    C1]  <TASK>
[ 1215.911306][    C1]  __schedule+0x1800/0x4a60
[ 1215.916109][    C1]  ? __pfx___schedule+0x10/0x10
[ 1215.921037][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1215.927136][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1215.932253][    C1]  ? kick_pool+0x1bd/0x620
[ 1215.936732][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1215.942029][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1215.947294][    C1]  ? schedule+0x90/0x320
[ 1215.951630][    C1]  schedule+0x14b/0x320
[ 1215.955826][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1215.961331][    C1]  __mutex_lock+0x6a4/0xd70
[ 1215.965929][    C1]  ? __mutex_lock+0x527/0xd70
[ 1215.970653][    C1]  ? linkwatch_event+0xe/0x60
[ 1215.975533][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1215.980627][    C1]  ? get_rtnl_holder+0x144/0x190
[ 1215.985652][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1215.991636][    C1]  linkwatch_event+0xe/0x60
[ 1215.996280][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1216.001936][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1216.007965][    C1]  ? assign_work+0x364/0x3d0
[ 1216.012634][    C1]  worker_thread+0x86d/0xd40
[ 1216.017282][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1216.022390][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1216.027546][    C1]  kthread+0x2f0/0x390
[ 1216.031807][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1216.037215][    C1]  ? __pfx_kthread+0x10/0x10
[ 1216.042021][    C1]  ret_from_fork+0x4b/0x80
[ 1216.046490][    C1]  ? __pfx_kthread+0x10/0x10
[ 1216.051126][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1216.056026][    C1]  </TASK>
[ 1216.059172][    C1] 
[ 1216.059172][    C1] Showing all locks held in the system:
[ 1216.066996][    C1] 3 locks held by kworker/1:2/58:
[ 1216.072084][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1216.083203][    C1]  #1: ffffc9000123fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1216.094356][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 1216.103464][    C1] 5 locks held by kworker/u8:8/1112:
[ 1216.108873][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1216.119906][    C1]  #1: ffffc900041d7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1216.130643][    C1]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1216.140230][    C1]  #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[ 1216.150439][    C1]  #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[ 1216.161566][    C1] 2 locks held by getty/4850:
[ 1216.166271][    C1]  #0: ffff88802b03b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1216.176130][    C1]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1216.186427][    C1] 5 locks held by kworker/0:5/8848:
[ 1216.191701][    C1]  #0: ffff888018a9ed48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1216.203152][    C1]  #1: ffffc90008f2fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1216.215113][    C1]  #2: ffff888023135190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[ 1216.224267][    C1]  #3: ffff88806ee2d190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[ 1216.233641][    C1]  #4: ffff88801b6cd278 (&(&priv->bus_notifier)->rwsem){++++}-{3:3}, at: blocking_notifier_call_chain+0x53/0x90
[ 1216.245624][    C1] 3 locks held by kworker/u8:10/11423:
[ 1216.251119][    C1]  #0: ffff88802a69c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1216.262991][    C1]  #1: ffffc9000bf9fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1216.276077][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[ 1216.285607][    C1] 1 lock held by syz-executor/15305:
[ 1216.290909][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[ 1216.300524][    C1] 1 lock held by syz-executor/15405:
[ 1216.305868][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[ 1216.315450][    C1] 2 locks held by syz.4.2410/15461:
[ 1216.320847][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1216.329141][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[ 1216.338585][    C1] 1 lock held by syz.2.2411/15463:
[ 1216.343760][    C1] 2 locks held by syz.3.2412/15466:
[ 1216.349068][    C1]  #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1216.357341][    C1]  #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[ 1216.366777][    C1] 
[ 1216.369151][    C1] =============================================
[ 1216.369151][    C1] 
[ 1216.492580][T15463] delete_channel: no stack
[ 1216.503062][ T8848] dvb-usb: found a 'Hauppauge Nova-T Stick' in cold state, will try to load a firmware
[ 1216.544904][ T8848] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1216.553199][ T8848] dib0700: firmware download failed at 7 with -22
[ 1216.563688][ T8848] usb 3-1: USB disconnect, device number 61
[ 1216.899071][T15305] veth0_vlan: entered promiscuous mode
[ 1217.076286][T15305] veth1_vlan: entered promiscuous mode
[ 1217.194503][T15405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1217.205673][T15405] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1217.236903][T15405] bridge_slave_0: entered allmulticast mode
[ 1217.282922][T15405] bridge_slave_0: entered promiscuous mode
[ 1217.290090][T15483] loop2: detected capacity change from 0 to 1764
[ 1217.300657][T15483] iso9660: Unknown parameter '0x0000000000000000000000000000000000002'
[ 1217.305367][T15405] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1217.356570][T15405] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1217.379344][T15405] bridge_slave_1: entered allmulticast mode
[ 1217.403337][T15405] bridge_slave_1: entered promiscuous mode
[ 1217.450795][T15483] loop2: detected capacity change from 0 to 512
[ 1217.576899][T15405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1217.601823][T15483] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.2417: bg 0: block 5: invalid block bitmap
[ 1217.621950][T15483] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem
[ 1217.658911][T15305] veth0_macvtap: entered promiscuous mode
[ 1217.669778][T15483] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.2417: invalid indirect mapped block 3 (level 2)
[ 1217.704921][T15483] EXT4-fs (loop2): 1 orphan inode deleted
[ 1217.709322][T15405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1217.711604][T15332] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1217.735547][T15483] EXT4-fs (loop2): 1 truncate cleaned up
[ 1217.747450][T15483] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1217.852885][T15483] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1217.929787][T15305] veth1_macvtap: entered promiscuous mode
[ 1217.951765][T15332] usb 5-1: device descriptor read/64, error -71
[ 1218.066112][T15276] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1218.095190][T15405] team0: Port device team_slave_0 added
[ 1218.209141][T15500] team_slave_0: entered promiscuous mode
[ 1218.215755][T15500] team_slave_1: entered promiscuous mode
[ 1218.231598][T15332] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1218.260479][T15500] macvtap1: entered promiscuous mode
[ 1218.275308][T15500] team0: entered promiscuous mode
[ 1218.285187][T15500] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1218.299828][T15405] team0: Port device team_slave_1 added
[ 1218.391663][T15332] usb 5-1: device descriptor read/64, error -71
[ 1218.463903][T15405] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1218.500197][T15405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1218.511499][T15507] loop3: detected capacity change from 0 to 128
[ 1218.552325][T15332] usb usb5-port1: attempt power cycle
[ 1218.577489][T15507] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1218.598832][T15405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1218.651621][T15405] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1218.662048][T15405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1218.733723][T15405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1218.751553][ T5201] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1218.781783][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1218.804228][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1218.845667][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1218.859580][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1218.874763][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1218.890864][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1218.904369][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1218.917433][ T5201] usb 3-1: device descriptor read/64, error -71
[ 1218.934692][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1218.959732][T15509] 9pnet_fd: Insufficient options for proto=fd
[ 1218.968165][T15305] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1218.988227][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1219.013134][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1219.023451][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1219.034219][T15332] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1219.054547][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1219.068116][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1219.081617][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1219.103481][T15332] usb 5-1: device descriptor read/8, error -71
[ 1219.115326][T15305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1219.128581][T15305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1219.147007][T15305] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1219.171294][T15305] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.184961][T15305] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.197537][T15305] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.211611][ T5201] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1219.230965][T15305] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1219.372674][ T5201] usb 3-1: device descriptor read/64, error -71
[ 1219.401574][T15332] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1219.448304][T15405] hsr_slave_0: entered promiscuous mode
[ 1219.463637][T15332] usb 5-1: device descriptor read/8, error -71
[ 1219.489624][T15405] hsr_slave_1: entered promiscuous mode
[ 1219.517736][ T5201] usb usb3-port1: attempt power cycle
[ 1219.622376][T15332] usb usb5-port1: unable to enumerate USB device
[ 1219.652145][T15511] loop3: detected capacity change from 0 to 1024
[ 1219.933341][ T5201] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1219.958731][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1219.997600][ T5201] usb 3-1: device descriptor read/8, error -71
[ 1219.999635][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1220.112206][T15332] usb 4-1: new full-speed USB device number 83 using dummy_hcd
[ 1220.179269][T15260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1220.188292][T15260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1220.311683][ T5201] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1220.347953][T15332] usb 4-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=56.a0
[ 1220.381260][ T5201] usb 3-1: device descriptor read/8, error -71
[ 1220.395040][T15332] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1220.437971][T15332] usb 4-1: Product: syz
[ 1220.450241][T15332] usb 4-1: Manufacturer: syz
[ 1220.456176][T15332] usb 4-1: SerialNumber: syz
[ 1220.463681][T15332] usb 4-1: config 0 descriptor??
[ 1220.471283][T15332] ums_eneub6250 4-1:0.0: USB Mass Storage device detected
[ 1220.532769][ T5201] usb usb3-port1: unable to enumerate USB device
[ 1220.691229][T15511] overlay: filesystem on ./bus not supported
[ 1220.727183][   T58] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1220.769012][T15520] syz.4.2423[15520] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1220.769728][T15520] syz.4.2423[15520] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1221.810537][   T58] usb 2-1: config 1 has an invalid descriptor of length 38, skipping remainder of the config
[ 1221.832566][   T58] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1221.844970][   T58] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1221.848514][ T8848] usb 4-1: USB disconnect, device number 83
[ 1221.867975][   T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1221.876563][   T58] usb 2-1: SerialNumber: syz
[ 1222.083252][T15405] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1222.115684][T15405] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1222.125068][   T58] usb 2-1: 0:2 : does not exist
[ 1222.130092][   T58] usb 2-1: unit 5 not found!
[ 1222.142317][T15405] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1222.156596][   T58] usb 2-1: USB disconnect, device number 55
[ 1222.165914][T15405] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1222.368477][T15405] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1222.402416][T15405] 8021q: adding VLAN 0 to HW filter on device team0
[ 1222.427785][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1222.435026][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1222.488134][ T8848] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1222.495371][ T8848] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1222.586531][T15260] hfsplus: b-tree write err: -5, ino 8
[ 1222.825356][T15535] FAULT_INJECTION: forcing a failure.
[ 1222.825356][T15535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1222.897704][T15535] CPU: 0 UID: 0 PID: 15535 Comm: syz.1.2427 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1222.908110][T15535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1222.918182][T15535] Call Trace:
[ 1222.921480][T15535]  <TASK>
[ 1222.924428][T15535]  dump_stack_lvl+0x241/0x360
[ 1222.929169][T15535]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1222.934398][T15535]  ? __pfx__printk+0x10/0x10
[ 1222.939011][T15535]  ? __pfx_lock_release+0x10/0x10
[ 1222.944148][T15535]  should_fail_ex+0x3b0/0x4e0
[ 1222.948853][T15535]  _copy_to_user+0x2f/0xb0
[ 1222.953286][T15535]  bpf_verifier_vlog+0x31e/0x860
[ 1222.958251][T15535]  __btf_verifier_log+0xd5/0x120
[ 1222.963203][T15535]  ? btf_parse_hdr+0x219/0x710
[ 1222.967983][T15535]  ? __pfx___btf_verifier_log+0x10/0x10
[ 1222.973553][T15535]  ? btf_parse_hdr+0x1e3/0x710
[ 1222.978338][T15535]  btf_parse_hdr+0x2a3/0x710
[ 1222.982951][T15535]  btf_new_fd+0x391/0xd30
[ 1222.987327][T15535]  ? __pfx_btf_new_fd+0x10/0x10
[ 1222.992724][T15535]  ? bpf_btf_load+0xcf/0x1a0
[ 1222.997336][T15535]  __sys_bpf+0x6ef/0x810
[ 1223.001606][T15535]  ? __pfx___sys_bpf+0x10/0x10
[ 1223.006415][T15535]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1223.012420][T15535]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1223.018772][T15535]  ? do_syscall_64+0x100/0x230
[ 1223.023551][T15535]  __x64_sys_bpf+0x7c/0x90
[ 1223.027985][T15535]  do_syscall_64+0xf3/0x230
[ 1223.032499][T15535]  ? clear_bhb_loop+0x35/0x90
[ 1223.037198][T15535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1223.043627][T15535] RIP: 0033:0x7f7ca0375bd9
[ 1223.048062][T15535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1223.067694][T15535] RSP: 002b:00007f7ca1179048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1223.076123][T15535] RAX: ffffffffffffffda RBX: 00007f7ca0503f60 RCX: 00007f7ca0375bd9
[ 1223.084108][T15535] RDX: 0000000000000020 RSI: 0000000020000300 RDI: 0000000000000012
[ 1223.092089][T15535] RBP: 00007f7ca11790a0 R08: 0000000000000000 R09: 0000000000000000
[ 1223.100078][T15535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1223.108063][T15535] R13: 000000000000000b R14: 00007f7ca0503f60 R15: 00007ffc9c476e58
[ 1223.116071][T15535]  </TASK>
[ 1223.229275][T15542] loop1: detected capacity change from 0 to 128
[ 1223.246113][T15542] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[ 1223.415193][T15405] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1223.467675][T15545] 9pnet_fd: Insufficient options for proto=fd
[ 1223.544915][T15405] veth0_vlan: entered promiscuous mode
[ 1223.578244][T15544] loop3: detected capacity change from 0 to 1764
[ 1223.587297][T15544] iso9660: Unknown parameter '0x0000000000000000000000000000000000002'
[ 1223.603705][T15405] veth1_vlan: entered promiscuous mode
[ 1223.742784][T15558] loop2: detected capacity change from 0 to 128
[ 1223.760902][T15405] veth0_macvtap: entered promiscuous mode
[ 1223.806234][T15544] loop3: detected capacity change from 0 to 512
[ 1223.813732][T15405] veth1_macvtap: entered promiscuous mode
[ 1223.857512][T15544] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.2428: bg 0: block 5: invalid block bitmap
[ 1223.890714][T15544] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem
[ 1223.929773][T15544] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.2428: invalid indirect mapped block 3 (level 2)
[ 1223.981577][ T5183] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[ 1224.023834][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1224.061776][T15544] EXT4-fs (loop3): 1 orphan inode deleted
[ 1224.076420][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.078189][T15544] EXT4-fs (loop3): 1 truncate cleaned up
[ 1224.090167][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1224.093634][T15544] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1224.146001][ T5183] usb 5-1: device descriptor read/64, error -71
[ 1224.152715][T15544] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1224.160245][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.185357][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1224.199975][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.230129][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1224.255267][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.273343][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1224.294425][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.313870][T15405] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1224.354609][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1224.381675][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.421675][ T5183] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1224.434231][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1224.470080][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.488711][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1224.500808][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.528902][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1224.570091][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.590252][T15405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1224.610781][T15405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1224.620983][ T5183] usb 5-1: device descriptor read/64, error -71
[ 1224.637672][T15191] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1224.650476][T15405] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1224.710708][T15405] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1224.743067][T15405] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1224.772367][ T5183] usb usb5-port1: attempt power cycle
[ 1224.777870][T15405] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1224.805731][T15405] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1225.203491][ T5183] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1225.275100][ T5183] usb 5-1: device descriptor read/8, error -71
[ 1225.285131][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1225.354425][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1225.410516][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1225.441275][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1225.761194][ T5183] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1225.803575][ T5183] usb 5-1: device descriptor read/8, error -71
[ 1226.247253][ T5183] usb usb5-port1: unable to enumerate USB device
[ 1228.530136][T13637] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1228.555141][T13637] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1228.565308][T13637] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1228.576134][T13637] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1228.586057][T13637] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1228.600611][T13637] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1229.944739][T15647] loop0: detected capacity change from 0 to 1024
[ 1229.956604][T15614] loop1: detected capacity change from 0 to 32768
[ 1229.983283][T15614] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2449 (15614)
[ 1230.063330][T15614] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1230.076643][T15470] hfsplus: b-tree write err: -5, ino 8
[ 1230.089065][T11418] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1230.108157][T15614] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[ 1230.139646][T15614] BTRFS info (device loop1): using free-space-tree
[ 1230.381885][T15305] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1230.412854][T15669] loop4: detected capacity change from 0 to 1024
[ 1230.477959][T15669] hfsplus: extend alloc file! (8192,65536,366)
[ 1230.549642][T11418] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1230.624913][T15678] loop2: detected capacity change from 0 to 4096
[ 1230.706898][T15652] loop4: detected capacity change from 0 to 256
[ 1230.778023][T15679] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1230.852453][T13637] Bluetooth: hci3: command tx timeout
[ 1230.907903][T11418] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1231.009251][   T29] audit: type=1800 audit(1720071212.960:181): pid=15678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2463" name="bus" dev="loop2" ino=18 res=0 errno=0
[ 1231.746114][T15688] syz.2.2463 (15688) used greatest stack depth: 16208 bytes left
[ 1231.989126][T11418] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1232.209010][T15690] loop1: detected capacity change from 0 to 256
[ 1232.365017][T15698] loop0: detected capacity change from 0 to 256
[ 1232.980560][T13637] Bluetooth: hci3: command tx timeout
[ 1233.158638][T15701] syz.4.2469[15701] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1233.158813][T15701] syz.4.2469[15701] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1233.184077][T11418] bridge_slave_1: left allmulticast mode
[ 1233.236609][T11418] bridge_slave_1: left promiscuous mode
[ 1233.256369][T11418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1233.277463][T11418] bridge_slave_0: left allmulticast mode
[ 1233.290189][T11418] bridge_slave_0: left promiscuous mode
[ 1233.307835][T11418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1235.011719][T13637] Bluetooth: hci3: command tx timeout
[ 1235.595021][T11418] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1235.618647][T11418] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1235.639467][T11418] bond0 (unregistering): Released all slaves
[ 1235.711252][T15624] chnl_net:caif_netlink_parms(): no params data found
[ 1236.113479][T15729] loop2: detected capacity change from 0 to 4096
[ 1236.205845][T15733] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1236.305454][   T29] audit: type=1800 audit(1720071218.270:182): pid=15729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2476" name="bus" dev="loop2" ino=18 res=0 errno=0
[ 1236.452142][T15624] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1236.460465][T15624] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1236.470440][T15624] bridge_slave_0: entered allmulticast mode
[ 1236.490604][T15624] bridge_slave_0: entered promiscuous mode
[ 1236.580523][T15745] 9pnet_virtio: no channels available for device 
[ 1236.631651][T11418] hsr_slave_0: left promiscuous mode
[ 1236.663314][T11418] hsr_slave_1: left promiscuous mode
[ 1236.686409][T15747] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=18)
[ 1236.742740][T11418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1236.770823][T11418] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1236.886154][T11418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1236.905485][T11418] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1236.929784][T15747] Remounting filesystem read-only
[ 1237.036457][T11418] team0: left promiscuous mode
[ 1237.053006][T11418] team_slave_0: left promiscuous mode
[ 1237.059342][T11418] team_slave_1: left promiscuous mode
[ 1237.079346][T15736] dccp_close: ABORT with 36 bytes unread
[ 1237.079878][T11418] veth1_macvtap: left promiscuous mode
[ 1237.091941][T13637] Bluetooth: hci3: command tx timeout
[ 1237.101323][T11418] veth0_macvtap: left promiscuous mode
[ 1237.144634][T11418] veth1_vlan: left promiscuous mode
[ 1237.166988][T11418] veth0_vlan: left promiscuous mode
[ 1237.195933][T15276] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer
[ 1237.220911][T15276] NILFS (loop2): discard dirty page: offset=0, ino=18
[ 1237.249303][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.273943][T15276] NILFS (loop2): discard dirty page: offset=4096, ino=18
[ 1237.298764][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.319981][T15276] NILFS (loop2): discard dirty page: offset=1069056, ino=18
[ 1237.350427][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.387432][T15276] NILFS (loop2): discard dirty page: offset=1073152, ino=18
[ 1237.415979][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.437252][T15276] NILFS (loop2): discard dirty page: offset=1077248, ino=18
[ 1237.463440][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.470752][T15276] NILFS (loop2): discard dirty page: offset=1081344, ino=18
[ 1237.509167][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.534484][T15276] NILFS (loop2): discard dirty page: offset=1085440, ino=18
[ 1237.561592][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.569905][T15276] NILFS (loop2): discard dirty page: offset=1089536, ino=18
[ 1237.587431][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.605931][T15276] NILFS (loop2): discard dirty page: offset=1093632, ino=18
[ 1237.624263][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.643284][T15276] NILFS (loop2): discard dirty page: offset=1097728, ino=18
[ 1237.650747][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.677272][T15276] NILFS (loop2): discard dirty page: offset=1101824, ino=18
[ 1237.705094][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.717578][T15276] NILFS (loop2): discard dirty page: offset=1105920, ino=18
[ 1237.742595][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.750054][T15276] NILFS (loop2): discard dirty page: offset=1110016, ino=18
[ 1237.769962][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.782281][T15276] NILFS (loop2): discard dirty page: offset=1114112, ino=18
[ 1237.782502][ T5201] ==================================================================
[ 1237.789837][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.797676][ T5201] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x152b/0x1750
[ 1237.797718][ T5201] Read of size 2 at addr ffff8880266605c4 by task kworker/1:7/5201
[ 1237.797738][ T5201] 
[ 1237.797748][ T5201] CPU: 1 UID: 0 PID: 5201 Comm: kworker/1:7 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1237.797773][ T5201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1237.797788][ T5201] Workqueue: events nf_tables_trans_destroy_work
[ 1237.797823][ T5201] Call Trace:
[ 1237.797834][ T5201]  <TASK>
[ 1237.797845][ T5201]  dump_stack_lvl+0x241/0x360
[ 1237.797884][ T5201]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1237.797918][ T5201]  ? __pfx__printk+0x10/0x10
[ 1237.797951][ T5201]  ? _printk+0xd5/0x120
[ 1237.797982][ T5201]  ? __virt_addr_valid+0x183/0x530
[ 1237.798015][ T5201]  ? __virt_addr_valid+0x183/0x530
[ 1237.798050][ T5201]  print_report+0x169/0x550
[ 1237.798079][ T5201]  ? __virt_addr_valid+0x183/0x530
[ 1237.798112][ T5201]  ? __virt_addr_valid+0x183/0x530
[ 1237.812746][T15276] NILFS (loop2): discard dirty page: offset=1118208, ino=18
[ 1237.814326][ T5201]  ? __virt_addr_valid+0x45f/0x530
[ 1237.822378][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.824536][ T5201]  ? __phys_addr+0xba/0x170
[ 1237.834903][T15276] NILFS (loop2): discard dirty page: offset=1122304, ino=18
[ 1237.844806][ T5201]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[ 1237.844846][ T5201]  kasan_report+0x143/0x180
[ 1237.844882][ T5201]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[ 1237.844919][ T5201]  nf_tables_trans_destroy_work+0x152b/0x1750
[ 1237.844959][ T5201]  ? __pfx_nf_tables_trans_destroy_work+0x10/0x10
[ 1237.844991][ T5201]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1237.845024][ T5201]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1237.845062][ T5201]  ? process_scheduled_works+0x945/0x1830
[ 1237.845091][ T5201]  process_scheduled_works+0xa2c/0x1830
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[ 1237.845149][ T5201]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1237.845184][ T5201]  ? assign_work+0x364/0x3d0
[ 1237.845214][ T5201]  worker_thread+0x86d/0xd40
[ 1237.845249][ T5201]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1237.845285][ T5201]  ? __kthread_parkme+0x169/0x1d0
[ 1237.845316][ T5201]  ? __pfx_worker_thread+0x10/0x10
[ 1237.845343][ T5201]  kthread+0x2f0/0x390
[ 1237.845374][ T5201]  ? __pfx_worker_thread+0x10/0x10
[ 1237.845402][ T5201]  ? __pfx_kthread+0x10/0x10
[ 1237.845434][ T5201]  ret_from_fork+0x4b/0x80
[ 1237.845464][ T5201]  ? __pfx_kthread+0x10/0x10
[ 1237.845497][ T5201]  ret_from_fork_asm+0x1a/0x30
[ 1237.845537][ T5201]  </TASK>
[ 1237.845547][ T5201] 
[ 1237.845554][ T5201] Allocated by task 15761:
[ 1237.845567][ T5201]  kasan_save_track+0x3f/0x80
[ 1237.845591][ T5201]  __kasan_kmalloc+0x98/0xb0
[ 1237.845614][ T5201]  __kmalloc_cache_noprof+0x19c/0x2c0
[ 1237.845646][ T5201]  nf_tables_newtable+0x52e/0x1dc0
[ 1237.845676][ T5201]  nfnetlink_rcv+0x1427/0x2a90
[ 1237.845697][ T5201]  netlink_unicast+0x7f0/0x990
[ 1237.845726][ T5201]  netlink_sendmsg+0x8e4/0xcb0
[ 1237.845747][ T5201]  __sock_sendmsg+0x221/0x270
[ 1237.845778][ T5201]  ____sys_sendmsg+0x525/0x7d0
[ 1237.845804][ T5201]  __sys_sendmsg+0x2b0/0x3a0
[ 1237.845829][ T5201]  do_syscall_64+0xf3/0x230
[ 1237.845849][ T5201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1237.845874][ T5201] 
[ 1237.845881][ T5201] Freed by task 15760:
[ 1237.845892][ T5201]  kasan_save_track+0x3f/0x80
[ 1237.845914][ T5201]  kasan_save_free_info+0x40/0x50
[ 1237.845946][ T5201]  poison_slab_object+0xe0/0x150
[ 1237.845970][ T5201]  __kasan_slab_free+0x37/0x60
[ 1237.845992][ T5201]  kfree+0x149/0x360
[ 1237.846019][ T5201]  __nft_release_table+0xe80/0xf40
[ 1237.846048][ T5201]  nft_rcv_nl_event+0x55f/0x6d0
[ 1237.846076][ T5201]  notifier_call_chain+0x19f/0x3e0
[ 1237.846102][ T5201]  blocking_notifier_call_chain+0x69/0x90
[ 1237.846131][ T5201]  netlink_release+0x11a6/0x1b10
[ 1237.846151][ T5201]  sock_close+0xbc/0x240
[ 1237.846180][ T5201]  __fput+0x24a/0x8a0
[ 1237.846206][ T5201]  task_work_run+0x24f/0x310
[ 1237.874229][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.877382][ T5201]  syscall_exit_to_user_mode+0x168/0x370
[ 1237.882570][T15276] NILFS (loop2): discard dirty page: offset=1126400, ino=18
[ 1237.887588][ T5201]  do_syscall_64+0x100/0x230
[ 1237.904690][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.909559][ T5201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1237.914737][T15276] NILFS (loop2): discard dirty page: offset=1130496, ino=18
[ 1237.921841][ T5201] 
[ 1237.921850][ T5201] Last potentially related work creation:
[ 1237.921860][ T5201]  kasan_save_stack+0x3f/0x60
[ 1237.921885][ T5201]  __kasan_record_aux_stack+0xac/0xc0
[ 1237.926366][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.933627][ T5201]  insert_work+0x3e/0x330
[ 1237.933654][ T5201]  __queue_work+0xc16/0xee0
[ 1237.939931][T15276] NILFS (loop2): discard dirty page: offset=1134592, ino=18
[ 1237.944407][ T5201]  queue_work_on+0x1c2/0x380
[ 1237.944436][ T5201]  rhltable_remove+0x1097/0x1160
[ 1237.944461][ T5201]  __nft_release_table+0xc57/0xf40
[ 1237.944487][ T5201]  nft_rcv_nl_event+0x55f/0x6d0
[ 1237.944513][ T5201]  notifier_call_chain+0x19f/0x3e0
[ 1237.944537][ T5201]  blocking_notifier_call_chain+0x69/0x90
[ 1237.944564][ T5201]  netlink_release+0x11a6/0x1b10
[ 1237.944585][ T5201]  sock_close+0xbc/0x240
[ 1237.944616][ T5201]  __fput+0x24a/0x8a0
[ 1237.944644][ T5201]  task_work_run+0x24f/0x310
[ 1237.944663][ T5201]  syscall_exit_to_user_mode+0x168/0x370
[ 1237.944695][ T5201]  do_syscall_64+0x100/0x230
[ 1237.944714][ T5201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1237.944741][ T5201] 
[ 1237.944747][ T5201] The buggy address belongs to the object at ffff888026660400
[ 1237.944747][ T5201]  which belongs to the cache kmalloc-cg-512 of size 512
[ 1237.944767][ T5201] The buggy address is located 452 bytes inside of
[ 1237.944767][ T5201]  freed 512-byte region [ffff888026660400, ffff888026660600)
[ 1237.944791][ T5201] 
[ 1237.944798][ T5201] The buggy address belongs to the physical page:
[ 1237.944821][ T5201] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26660
[ 1237.944843][ T5201] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1237.944865][ T5201] memcg:ffff8880252bcc01
[ 1237.944877][ T5201] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1237.944903][ T5201] page_type: 0xfdffffff(slab)
[ 1237.944925][ T5201] raw: 00fff00000000040 ffff88801504f140 dead000000000100 dead000000000122
[ 1237.944947][ T5201] raw: 0000000000000000 0000000080100010 00000001fdffffff ffff8880252bcc01
[ 1237.944967][ T5201] head: 00fff00000000040 ffff88801504f140 dead000000000100 dead000000000122
[ 1237.944988][ T5201] head: 0000000000000000 0000000080100010 00000001fdffffff ffff8880252bcc01
[ 1237.945010][ T5201] head: 00fff00000000002 ffffea0000999801 ffffffffffffffff 0000000000000000
[ 1237.945030][ T5201] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 1237.945042][ T5201] page dumped because: kasan: bad access detected
[ 1237.945064][ T5201] page_owner tracks the page as allocated
[ 1237.945074][ T5201] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4553, tgid 4553 (udevd), ts 43948662819, free_ts 43932239343
[ 1237.945128][ T5201]  post_alloc_hook+0x1f3/0x230
[ 1237.945157][ T5201]  get_page_from_freelist+0x2ccb/0x2d80
[ 1237.945189][ T5201]  __alloc_pages_noprof+0x256/0x6c0
[ 1237.945220][ T5201]  alloc_slab_page+0x5f/0x120
[ 1237.945244][ T5201]  allocate_slab+0x5a/0x2f0
[ 1237.945274][ T5201]  ___slab_alloc+0xcd1/0x14b0
[ 1237.945294][ T5201]  __slab_alloc+0x58/0xa0
[ 1237.945314][ T5201]  __kmalloc_node_track_caller_noprof+0x281/0x440
[ 1237.945348][ T5201]  kmalloc_reserve+0x111/0x2a0
[ 1237.945371][ T5201]  __alloc_skb+0x1f3/0x440
[ 1237.945393][ T5201]  alloc_skb_with_frags+0xc3/0x770
[ 1237.945419][ T5201]  sock_alloc_send_pskb+0x91a/0xa60
[ 1237.945448][ T5201]  unix_dgram_sendmsg+0x6d3/0x1f80
[ 1237.945481][ T5201]  __sock_sendmsg+0x221/0x270
[ 1237.945512][ T5201]  sock_write_iter+0x2dd/0x400
[ 1237.945541][ T5201]  vfs_write+0xa72/0xc90
[ 1237.945560][ T5201] page last free pid 4559 tgid 4559 stack trace:
[ 1237.945574][ T5201]  free_unref_page+0xd22/0xea0
[ 1237.945602][ T5201]  rcu_core+0xaaa/0x17a0
[ 1237.945630][ T5201]  handle_softirqs+0x2c4/0x970
[ 1237.945654][ T5201]  __irq_exit_rcu+0xf4/0x1c0
[ 1237.961494][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.964451][ T5201]  irq_exit_rcu+0x9/0x30
[ 1237.970446][T15276] NILFS (loop2): discard dirty page: offset=1138688, ino=18
[ 1237.976740][ T5201]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1237.976774][ T5201]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1237.983053][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1237.988119][ T5201] 
[ 1237.988128][ T5201] Memory state around the buggy address:
[ 1238.078463][T15276] NILFS (loop2): discard dirty page: offset=1142784, ino=18
[ 1238.081726][ T5201]  ffff888026660480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1238.081744][ T5201]  ffff888026660500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1238.081761][ T5201] >ffff888026660580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1238.081773][ T5201]                                            ^
[ 1238.122798][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1238.126819][ T5201]  ffff888026660600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1238.205562][T15276] NILFS (loop2): discard dirty page: offset=1146880, ino=18
[ 1238.208900][ T5201]  ffff888026660680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1238.242258][T15276] NILFS (loop2): discard dirty block: blocknr=0, size=4096
[ 1238.247557][ T5201] ==================================================================
[ 1238.281523][T15276] NILFS (loop2): discard dirty page: offset=1150976, ino=18
[ 1238.320359][ T5201] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1238.320382][ T5201] CPU: 1 UID: 0 PID: 5201 Comm: kworker/1:7 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1238.320412][ T5201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1238.320429][ T5201] Workqueue: events nf_tables_trans_destroy_work
[ 1238.320474][ T5201] Call Trace:
[ 1238.320483][ T5201]  <TASK>
[ 1238.320495][ T5201]  dump_stack_lvl+0x241/0x360
[ 1238.320538][ T5201]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1238.320574][ T5201]  ? __pfx__printk+0x10/0x10
[ 1238.320609][ T5201]  ? preempt_schedule+0xe1/0xf0
[ 1238.320640][ T5201]  ? vscnprintf+0x5d/0x90
[ 1238.320668][ T5201]  panic+0x349/0x870
[ 1238.320703][ T5201]  ? check_panic_on_warn+0x21/0xb0
[ 1238.320739][ T5201]  ? __pfx_panic+0x10/0x10
[ 1238.320776][ T5201]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 1238.320805][ T5201]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1238.320833][ T5201]  ? print_report+0x502/0x550
[ 1238.320865][ T5201]  check_panic_on_warn+0x86/0xb0
[ 1238.320901][ T5201]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[ 1238.320935][ T5201]  end_report+0x77/0x160
[ 1238.320963][ T5201]  kasan_report+0x154/0x180
[ 1238.320993][ T5201]  ? nf_tables_trans_destroy_work+0x152b/0x1750
[ 1238.321032][ T5201]  nf_tables_trans_destroy_work+0x152b/0x1750
[ 1238.321076][ T5201]  ? __pfx_nf_tables_trans_destroy_work+0x10/0x10
[ 1238.321109][ T5201]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1238.321141][ T5201]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1238.321180][ T5201]  ? process_scheduled_works+0x945/0x1830
[ 1238.321208][ T5201]  process_scheduled_works+0xa2c/0x1830
[ 1238.321263][ T5201]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1238.321297][ T5201]  ? assign_work+0x364/0x3d0
[ 1238.321329][ T5201]  worker_thread+0x86d/0xd40
[ 1238.321364][ T5201]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1238.321395][ T5201]  ? __kthread_parkme+0x169/0x1d0
[ 1238.321433][ T5201]  ? __pfx_worker_thread+0x10/0x10
[ 1238.321463][ T5201]  kthread+0x2f0/0x390
[ 1238.321496][ T5201]  ? __pfx_worker_thread+0x10/0x10
[ 1238.321526][ T5201]  ? __pfx_kthread+0x10/0x10
[ 1238.321558][ T5201]  ret_from_fork+0x4b/0x80
[ 1238.321591][ T5201]  ? __pfx_kthread+0x10/0x10
[ 1238.321624][ T5201]  ret_from_fork_asm+0x1a/0x30
[ 1238.321667][ T5201]  </TASK>
[ 1238.325803][ T5201] Kernel Offset: disabled