last executing test programs:

32.608867741s ago: executing program 1 (id=727):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
chdir(&(0x7f0000000000)='./file0\x00')
r3 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0)

32.512582919s ago: executing program 1 (id=729):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, 0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000140)={'ipvlan1\x00', {0x2, 0x0, @empty}})
ioctl$sock_netdev_private(r1, 0x89ff, &(0x7f0000000000)="31f3b7b331d09327d7e4d1ab71db7399b87d419f04db65daa4c7f768e18376a2994141c0b3ef1aecfba27eef6d1f6171459132a43fd5aa86d415b429f7a6ef8db025c5ee11f5e54c3e341d9a71e8349e219d98ef895e1f28a1c9b3efc7951ca9dce856f737d9e8a31f8938374480b3c7f4944b6e723ae229124cf68470eb637b456a99b8f0050847f257450672b63c1be934c2be5425e2a94228bed9ef3abc69c208e5a91f1058ccf3b4f10926eb4b25de0c4e712da78cc60de3c83b836b704f68efcfbc6713e01a40f9ed61e2cd4e28209ada5eff1f9a8bd286f9a96097ec266bac64cc21b392378e")

32.226482523s ago: executing program 1 (id=731):
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = syz_open_dev$sg(&(0x7f0000000080), 0x2009, 0x408000)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}, "040022ebffffffff"}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x103}, 0x20000c0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = memfd_create(&(0x7f0000000680)='#}\x04\xe4\xfc\x1e\xff~\xb1\xe0\xa5\x9d\xc8\xca3\'\x12xY!\xa4\x9c\x97\xf1\xfc\xb0\xe8~\x91\xd5\x04i}\x03\x00@\x0e\xe6\x995b\x00\x00\x00\x00\x00\x00\x00\x8e\x96\xb7=\xb9OmILO\x8d\x00\x00\x00\x00\x00\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000000)=0x3, 0x4)
ftruncate(r4, 0x40001)
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x8000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x597, &(0x7f0000000c00)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwmJelIOwzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhWnck7P/Uw0qTc3ySW/H7Q599znvOc9hzbwvJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89dWr4xfSXtcCAAAAGKSvX399fKIn/x/bq8oAAAAAA3FD/z8AAAAAAAAADLsUWXw/Ujw4tp6OFp+fqF5bWn7rwdz0zOaXjaXiykNFfP6nemHi4qWXJi9/ofnzf1+/087Ea9dvXK2/snL33uri2triQn1ueenWysLitkvo9/peLxYvoH73zbcWbt9eq0+cv9j19YPaXw4/c6o29cVXT15rxs5Nz8xc74gZqfzfd9/ACA8AAICDbTSyuBQpbpz9aToWEVn0nwtv0XYwaGNRy/Pv4iHmpmeKB2kszS/fz7+cbSbCte6ceLSZI+9CLt6XWsTxvK6jMnoAAAC2rxJZfCpSnPloPT0bEYeaefDnioUBty6gtguV3MRIRJyIiHMxBDk7AAAA7LHDkcXrkeJXjVo8V+bVRf7/lYipva4cAAAAsCNGIovLkeKDqfVUK8YDRMSLc9Mz9Ws3619bvr3SETubyh71YZ8fsJuMTQAAAGAfqEYWx4oe//X0/FNf/Y/Hjx8PpFoAAADADhqLLP4ZKT778reLdeWiWJf+uakvHb0y07nC3Oktysljz0fE2W3Oya+Uaw3OptmUsg2lPdqRhwMAAAAK1ZTFnyPFh3+sFp/Plbl5GtnrmgEAAAA7JmXxvUjx5dn1lHr2pT/Usb9/y7DP/R9s/ceqr6zce7i6dOeN+5t+f6R69Vtr91fnb23+9ZO9C7uGQ2y1jyEAAABsQyVl8fdI8dvGe628s9wDoBwB0E40373Szk2rqefbot3g2aLdoDWH4JmJic7jTVPWp1gfr1be91D/jw0AAAAHSkpZjEaKz/zm4+Xe/0diQx90Gfe7SHFl5YUyLhvN45rTBGrF39XbS43F8Tx2OlL8vNGMjSL2cBl7oh17IY/9dV7ufHdstYw9WYRGHjuRx34UKd5Y3Tz2Y+1yL+axq5HiJz+qN2OP5LFHy9hT7djzt1YaC4N7wwAAALD3KimLX0SKH/6r3pry393/3+5tf/eddn//hgX6/kuff7/9/7WOc4/KdojDZXvFyBbtFa9FijPPv9B8nqKtoDms4MleB+32ir9FitVvdMeOlrHH27EXtv1iAQAAYB9pjv///c1ftobclzlw+XHz/P8TvesDDij/79yTML/n2sO335xvNBZXh+nguxHRdSbtk4o5eKqD/B/hPqjGzhyU/6ke7Zf69HvQ169BAAA4EPL8/2akePDB+63+7jL/L4fKt/P/D7/Tzv+negsaUP5/vOPcVLneQGUkonr/7r3K6Yjq2sO3P790d/7O4p3F5YuTL02OT05evjRRGW127reP+n5XAAAAMKzy/H88Uvz1Bz9uzc/fTv//kd6CBpT/n+g4l9+z3emXn/lTv48PAAAAB0Ke//8sUvzh7HutdfS68/+O9f/fac+zP/fpJ6MFWq0DA8r/T3acqxX3jRjboWcHAAAAAAAAAAAAAAAAAACA/aKSsvh3pHi/OpLKBf+3tf7fQm9BA5r/f6rj3ELszv5/fb9UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGFJZZLEUKT55ej29nJ/4ZsTRzp8AAADA0PtPAAAA//81ax1R")
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
sendfile(r3, r4, 0x0, 0xffe4)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000240)={@val={0x0, 0x800}, @val={0x0, 0x3, 0x75, 0x1, 0x9, 0xfffa}, @mpls={[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x0, 0x75, 0x0, 0x0, 0x0, 0x84, 0x0, @dev, @broadcast}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x8}}}, {0x8, 0x6558, 0x0, "20e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269"}}}}}, 0x83)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}, @IFLA_BOND_ACTIVE_SLAVE={0x8}]}}}]}, 0x44}}, 0x0)
ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000001c0))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x1c080, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000300)={'veth1_vlan\x00', 0x2})

31.334203508s ago: executing program 1 (id=733):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000400e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000004000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"], 0xfc}}, 0x0)

31.207686199s ago: executing program 1 (id=734):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
add_key$fscrypt_provisioning(&(0x7f0000000280), 0x0, 0x0, 0x18, 0xffffffffffffffff)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044090}, 0x40000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a30000000000500040000000000050101000600000016000300686173683aead54d725709fed720b28f6e65744d706f72742c6e65740000000500050002000000086e35dd98e7e42c7a76f574e04e0a6df9f6dec312888ac0e8abc3aa4864d45ee265ec9d71"], 0x50}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
execve(&(0x7f0000000c40)='./bus\x00', &(0x7f0000000e40)={[&(0x7f0000000c80)='GPL\x00', &(0x7f00000010c0)='W$)hs\x00\x8f\tG\xb3\xd4\xc4\xa5E%\x8ck\xc9#$\x85g\xab\x1f\x89\xd8\xda\x87\x1a0\xb9E\x83.k\\\x98M\xa7g\xc0\x84\xcb\xec\x14Dz\xca\x19\xb9\x15\xd3\xb7\xde\xcc\x06\x94\x18\xdb\xab\x13%\xb4\x99\xcf\xb6k\xb0\x93\xdf-\x05\x8bBIv\x85~\x91\xbc\xefe3\xe7x\x8f\x89\xdf\xf6k\xad\xbf\x9d\xc5y=\xdb\xba-\xfeh\xed\xdb\xc2\x1f\xdd\xe3\xf1\x0e\x87\x8d\f\xee\xb2E\xbci-\x17\x03\x012\xa7\n\xc5vu\xfc\xc5\xb5\x9f\xf0\x94\xf2\x99\x9b\xaf8\xed\xfd\xd7\xb0\xc1|\xf3\xbc\x91\xc4\xd9\xcb\x84\\\xe9B\xdfhU\xe26.\xe5B~\x17\xc7\xac\x1b\xbf\xbf\xbag8r+\nLm\xe6R_\xdcf5\xf7\'S\x98\xcc\b\xd1a\xdc\xe72\xda\x88;\xbe$\x80\x9e\x11\xae\xc5\x1fP\xc5\xccP4\x01\"\xc8\x01\x9d\xe64\x87t\xe8\xcb\x88\x17\xa6\xcd\xdc\x8d\\\xd9\x97sNN\xa7T\xfc\x10td\x9f L\xfb\x00\xa3\x02\x02*&\xff\xb1\xfeB', &(0x7f0000000d00)='*#\x00', &(0x7f0000000d40)='nilfs2\x00', &(0x7f0000000d80)=',-\x00', &(0x7f0000000dc0)='\x00', &(0x7f0000000e00)='*\x00']}, &(0x7f0000001040)={[&(0x7f0000000e80)='/\x00', &(0x7f0000000ec0)='\\\x00', &(0x7f0000000f00)='GPL\x00', &(0x7f0000000f40)='\x00', &(0x7f0000000f80)='autofs\x00', &(0x7f0000000fc0)='nilfs2\x00', &(0x7f0000001000)='\')!!\\\x00']})
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000cc0)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x40049366, &(0x7f0000000180))
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200400, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3, 0xa83, &(0x7f0000000180)="$eJzs3U2MG1cBAOBn73qTTVLilIQuSWgTftry091ms4SfCJqquRA1FbdKFZco3ZaIbUCkErSqRJITN1pV4QpFnMqhAoTUXlDUE5dKNBKXngoHDkRBVOIAhcRo7fe84xeb8f5kba+/T3r7/OaN572ZHY/HM/PeC8DYqjb/LizMVEK48tarJ/92/1+nl6c80p6j3vw7WUjVQgiVmJ7Mlvf+RCu++cFLZ7vFlTDf/JvS4Ykb7ffuDCFcDIfC1VAP+69ce+Wd+cdPXzp1+fC7rx+/fmfWHgAAxss3rx5f2PfnPx7Y8+Eb954I29rT0/l5PaZ3xfP+E/HEP53/V0NnulIIRVPZfJMxVLP5JrrMVyynls032aP8qWy5tXb+gY75tpWUP1GY1m29YZSl/bgeKtXZjnS1Ojvb+k0emr/rpyqz588tPXNhQBUFNtw/7wshHBJWGxqNxo+aG3AI6iIIaw2N3YM+AgG05PcLb3Mxv7KwPu2lTfZX/o1Hq93fDxtgs/d/5Y9W+b+85IjDxtmqe1Nar/Q52hXT+X2E/Pml1X7+0/Ly+xG1PuvZ6z7CqNxf6FXPiU2ux1r1qn++X2xVX4tx2g5fz/KLn5/8fzoq/2Ogu39t1vX/16YHfq1zORzqf97WF/0Q1HmkQm0I6iD0HRqDPgABQ2vlubmWRpTy8+f68vxtJfnbS/KnS/J3lOTvLMmHcfbb538SXq6s/M7Pf9Ov9npYus52V4w/ssr65NcjV1t+/tzvaq23/Px5Yhhmb555cvHLTz91rfX8f6W9/9+K+/uhmK7Hz9bVOEO6XphfV28/+1/vLKfaY767s/rcddv8jVaJezvnq+xdWU4oHGc6lr+8sJnO9+3uVd+DnfPVs/mmY9ie1Tc/P9mRvS+df6Tjatpek9n61rL1mMrqkY4re2Kc1wPWIu2PvZ7/T/vnTKhVnjm3tPhwTKf99A8TtW3L048UF/qrzak7sD79tv+ZCZ3tf3a1p9eqxePC7pXpleJxoZ5Nn28l27fJ0/SjMZ2+5749Md2cPnv2u0tPb/TKw5i78MKL3zmztLT4fS/Si2mbxQsvyo4cW/XJQRgfc88/9725Cy+8+NC55848u/js4vmjx44dnZ8/9pWjC3PN8/q54tk9sJWsfOkPuiYAAAAAAAAAAABAv35w6uS1P739pfda7f9X2v+l9v/pyd/U/v/HWfv/vJ18ahWQ2gHu6ZLfHHfvzc56TGXz1WL4aFbfvVk5+7L3fSzG7XH8Yvv/1N4+79c11eeebHref2+aL+tO4Lb+UqayPkja4wXGBvufjOnLMf5FgAGqTHefHOOy/q3Tvp76p9AvxWhK/7e0N6R+TFL77179OqXj/55NqCMbbzOaEw56HYHu/j70438WzsQHXpf/GxqNwddh/WFN27k2+HoLawqNhlE8gOEw6PE/03XPFJ///Te2L4c0241HO4+Xxf5L/7GhNWMcDfv4k8rfWuN/tse/6+v416V39Y5+nvsfXeHfP7v+XqHYsL/f42++/qkf6L3lZRZ9GMtP6/9A6K/8xmtZ+fkNoT79Jyt/R5/l37b+B9dW/n9j+WmzPfipfstv1bhS7axHft043f/LrxsnN7P1T317rnr91zhQ461YPoyz3uPM9juC7XAalfF/e8mfw/hiTKcDYXrOIf9GLq9/ZzI9X5G+B/Zly6+UfL+NyjjFvYz7+L9fjXHZ5yGN/5v2x3qXdLWQrnXZtqO+r8BW8/7Q3/8bsXBxCOogDGkYjjGwi6HRaAy0I2+9iA/WoLf/oO8+D7r8QW//Mvn4v/k5fD7+bzX7AZGP/5u/Px//N8/Px9fL8/Pxf/PtmY//m+ffky03v4I9U5L/8ZL8/SX5B1byp7vlHyx5/ydK8g+X5N9bkn9fSf7dJfkTJfmfLsn/TEn+/SX5D5bkf7Ykf6trtkcpfKjGbf1hnOXt83z+YXyk+z+9Pv97S/KB0fXTN4489tRvvlVvtf+fav9eS/fxTsR0Lf52/mFM5/e9QyG9nPd2TP8lyx/26x0wTvL+M/Lv9wdK8oHRlZ7z8vmGMVTp3mNPfr+tV79Vvc7zGS2fi/HnY/yFGD8U49kYz8X4SIznN6l+3BmP/fp3x1+urPze353l9/s8fN4eKO8n6mif9cmvD6z2efy8H7/VWm/5a2wOBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDDV5t+FhZlKCFfeevXkk6fPzS1PeaQ9R735d7KQqrXfF8LDMZ6I8c/ji5sfvHS2GN+KcSXMh0qotKeHJ260S9oZQrgYDoWroR72X7n2yjvzj5++dOry4XdfP379zm0BAAAA2Pr+FwAA///8rRvq")

30.308250345s ago: executing program 1 (id=738):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180))
chdir(&(0x7f0000000000)='./file0\x00')
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0)

11.871270379s ago: executing program 4 (id=803):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000018000000f1048340"])

11.870603349s ago: executing program 2 (id=804):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000700)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x2e0, 0x218, 0x0, 0x180, 0x2e0, 0x448, 0x448, 0x448, 0x448, 0x448, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @dev, 0x0, 0x0, 'syzkaller0\x00', 'macvlan1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@cgroup=r6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

11.727989901s ago: executing program 4 (id=805):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f00000003c0)='.\x00', 0x0, 0x0)
renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2)

10.748612854s ago: executing program 2 (id=806):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000540)={{}, {0xce}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
socket(0x10, 0x803, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[], 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
r5 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io(r5, &(0x7f0000000080)={0x2c, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x88, &(0x7f0000000240)=ANY=[@ANYBLOB="0466917de0f4d5a1d49b7a347fe2b84536a0e61b43d0e89c09fd5e51524fa3c5d890d0f2c0a3db833cb7994c15d429df553e653fcfb242cec4abd563e61bc66a400d472162832448d91904029330e9ea233915286e6e55a8670cc0195b8ffa98b9a4df353f47472c2ba6279449a5220c9f", @ANYRES64=r4])

10.632380934s ago: executing program 0 (id=807):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
add_key$fscrypt_provisioning(&(0x7f0000000280), 0x0, 0x0, 0x18, 0xffffffffffffffff)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044090}, 0x40000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a30000000000500040000000000050101000600000016000300686173683aead54d725709fed720b28f6e65744d706f72742c6e65740000000500050002000000086e35dd98e7e42c7a76f574e04e0a6df9f6dec312888ac0e8abc3aa4864d45ee265ec9d71"], 0x50}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
execve(&(0x7f0000000c40)='./bus\x00', &(0x7f0000000e40)={[&(0x7f0000000c80)='GPL\x00', &(0x7f00000010c0)='W$)hs\x00\x8f\tG\xb3\xd4\xc4\xa5E%\x8ck\xc9#$\x85g\xab\x1f\x89\xd8\xda\x87\x1a0\xb9E\x83.k\\\x98M\xa7g\xc0\x84\xcb\xec\x14Dz\xca\x19\xb9\x15\xd3\xb7\xde\xcc\x06\x94\x18\xdb\xab\x13%\xb4\x99\xcf\xb6k\xb0\x93\xdf-\x05\x8bBIv\x85~\x91\xbc\xefe3\xe7x\x8f\x89\xdf\xf6k\xad\xbf\x9d\xc5y=\xdb\xba-\xfeh\xed\xdb\xc2\x1f\xdd\xe3\xf1\x0e\x87\x8d\f\xee\xb2E\xbci-\x17\x03\x012\xa7\n\xc5vu\xfc\xc5\xb5\x9f\xf0\x94\xf2\x99\x9b\xaf8\xed\xfd\xd7\xb0\xc1|\xf3\xbc\x91\xc4\xd9\xcb\x84\\\xe9B\xdfhU\xe26.\xe5B~\x17\xc7\xac\x1b\xbf\xbf\xbag8r+\nLm\xe6R_\xdcf5\xf7\'S\x98\xcc\b\xd1a\xdc\xe72\xda\x88;\xbe$\x80\x9e\x11\xae\xc5\x1fP\xc5\xccP4\x01\"\xc8\x01\x9d\xe64\x87t\xe8\xcb\x88\x17\xa6\xcd\xdc\x8d\\\xd9\x97sNN\xa7T\xfc\x10td\x9f L\xfb\x00\xa3\x02\x02*&\xff\xb1\xfeB', &(0x7f0000000d00)='*#\x00', &(0x7f0000000d40)='nilfs2\x00', &(0x7f0000000d80)=',-\x00', &(0x7f0000000dc0)='\x00', &(0x7f0000000e00)='*\x00']}, &(0x7f0000001040)={[&(0x7f0000000e80)='/\x00', &(0x7f0000000ec0)='\\\x00', &(0x7f0000000f00)='GPL\x00', &(0x7f0000000f40)='\x00', &(0x7f0000000f80)='autofs\x00', &(0x7f0000000fc0)='nilfs2\x00', &(0x7f0000001000)='\')!!\\\x00']})

10.220607998s ago: executing program 4 (id=808):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0186129b23a7fd1e22ff6514000008000300", @ANYRES32=r4], 0x2c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="020000000100000000000000040000000000001010000000003ef23500"], 0x24, 0x0)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000380)=0x12)
getdents64(r9, &(0x7f0000002f40)=""/4098, 0x1002)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x1fd, 0x0, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000011000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

9.316927065s ago: executing program 0 (id=809):
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x400, 0x1)
recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/31, 0x1f}, {&(0x7f0000000440)=""/239, 0xef}, {&(0x7f0000000200)=""/32, 0x20}], 0x3, &(0x7f0000000380)=""/35, 0x23}, 0x8000}], 0x1, 0x1, &(0x7f0000000580))
getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x400, 0x181000)
fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f00000000c0)=0x2)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x21081e, &(0x7f0000000840), 0x1, 0x4e6, &(0x7f0000001400)="$eJzs3U1vW0sZAODXzpeTm3uTe+kCENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYXSOT1I3tZvQfDiKn0c6OmdmHL8zdc9M/brxBNC3LkXEVkQMR8TDiJjI6nPZEXdbR/K4V9tP53e2n87notm8/89c2p7URdvPJD7KnrMQET/6XsRPc+/GrW9sLs9VKuW1rDzVqK5O1Tc2ry9V5xbLi+WVUml2Znb69o1bpWMb68XqcHb15Zd/2PrWz5NujWc17eM4Tq2hD+3FSQxGxA9OIlgPDGTjGe51R/gg+Yj4LCIup/f/RAykryYAcJ41mxPRnGgvAwDnXT7NgeXyxSwXMB75fLHYyuFdiLF8pVZvXHtUW19ZaOXKJmMo/2ipUp7OcoWTMZRLyjPp9ZtyaV/5RkR8GhG/GBlNy8X5WmWhl//wAYA+9tG+9f8/I631HwA45wq97gAAcOqs/wDQf6z/ANB/rP8A0H+s/wDQf6z/ANB/rP8A0Fd+eO9ecjR3su+/Xni8sb5ce3x9oVxfLlbX54vztbXV4mKttph+Z0/1oOer1GqrMzdj/cnkt1frjan6xuaDam19pfEg/V7vB+WhUxkVAPA+n1588edcRGzdGU2PaNvLwVoN51u+1x0Aemag1x0AesZuX9C/jvAeX3oAzokOW/S+pRARo/srm81m8+S6BJywq1+Q/4d+1Zb/97+Aoc/I/0P/kv+H/tVs5g67538c9oEAwNkmxw90+fz/s+z82+zDgZ8s7H/E85PsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxtu/v/FrO9wMcjny8WIz6OiMkYyj1aqpSnI+KTiPjTyNBIUp7pcZ8BgKPK/y2X7f91deLK+P7W4dzrkfQcET/71f1fPplrNNb+mNT/a6++8TyrL/Wi/wDAQXbX6fTc9kb+1fbT+d3jNPvz9+9GRKEVf2d7OHb24g/GYHouxFBEjP07l5Vbcm25i6PYehYRn+80/lyMpzmQ1s6n++MnsT8+1fj5t+Ln07bWOfmz+Nwx9AX6zYtk/rnb6f7Lx6X03Pn+L6Qz1NFl81/yVPM76Rz4Jv7u/DfQZf67dNgYN3///dbV6LttzyK+OBixG3unbf7ZjZ/rEv/KIeP/5UtfudytrfnriKvROX57rKlGdXWqvrF5fak6t1heLK+USrMzs9O3b9wqTaU56qnuq8E/7lz7pFtbMv6xLvELB4z/64cc/2/++/DHX31P/G9+rVP8fFx4T/xkTfzGIePPjf2u0K0tib/QZfwHvf7XDhn/5V8339k2HADonfrG5vJcpVJec+Hi7F8kf2XPQDc6XnzntGINx//1U83mB8XqNmMcR9YNOAv2bvqIeN3rzgAAAAAAAAAAAAAAAB2dxm8s9XqMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA///77dI4")
r3 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r3, 0xc0185879, &(0x7f0000000680)={0x0, 0x1000, 0x2000, 0x0, 0x0, 0x0, 0x2401})
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f00000004c0)=r1)

8.972408464s ago: executing program 0 (id=810):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180))
chdir(&(0x7f0000000000)='./file0\x00')
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0)

8.934299927s ago: executing program 3 (id=811):
setregid(0x0, 0xee01)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x3, 0xfff, {}, {<r1=>0xee01}, 0x9, 0x7fffffffffffffff})
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f00000020c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r1}}, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
chdir(&(0x7f0000000000)='./file0\x00')
r5 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r5, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0)

8.630409953s ago: executing program 0 (id=812):
bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000000400"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
sendto$packet(0xffffffffffffffff, &(0x7f00000014c0)="ea20a6e2ea142eb745e2083f5df3f4c8e7ca819f97359251d4c99d01b421a8873655a75d5c2c9dce8defe8b5f6411ec6fde85d8bbcd9dc488f20b5a409706a20f8ce15d1d02edc0a4d3684480b327b17d4d8c6184e50cb97da0d3a2bae3cecc664834431f86d0b4ebaeedbc518b41216eddd4b6c5b6ad5d2438c8dc458db8b3636a4b621007cd722699ab4b699649ab8c5143058b6a0d782f3724ee15d9e8814f14c407471de4800827b762d5d934567004b18e6e8d50e29bb316d84c1f92e0c7f83f22024e9444aa970b431d4e34a3e7343dbf57c7b581d9774488b4e8ad589f155117cdb08f725a55abf3a616d171d7aa9f369d41df17050a9f1bea86b616f10af32e74c7407e6a02999c6423f779dffc69c1e64634b0dfc5e72ddc877948fe16fc7407ee7b5ff50cd1ca08a16d70e44b355d4232652885140859a195a8d705b8128a2e7cbb7018fb0d7aa51ce78ef3e86342aad30d8679c5bcdcef6886f17f4661ff9668e2d52e92a9c7ed0cd6acfd0a946995c335e0a023d1be8a1c3321548a7ee61b871c5c58f1022cd9ddf79b15cdc19cfc54321626feab021d238553118f95a2ea67ea36f2fef29a19273e249aedba4dd9327f3baccfb79d28a578724f71106a6e144c0733c915f65b044aa99724ff457f6b037a511155a513af1b161b7ad4cc6262e5f5fe1b79443e1d301484cdc1fc676f063868ebed317ec3488c9ea14967ff68a5016bac23807b137dfc06c28db26eac0797905c9b315e46f3cdebf3cb11f4ca4903eaad1086dc66eafc9ca5d1cc257367e217ee0a43356b8502cbf6a13f11883afbe2a711913ee2f4ce3fa32374eac4901441824ced3ab08016210e5681f3edbe71e4aa59a2ac1eb5157e27505b72ff9e0021c872c51a07854a0257706a2c6fa02ebf9eaf3122abf8930fda533ab3a94b955e544b52b3d07ff727f72aee9fda14e6e98f432bc544d4f2909df11a87e72167e7c691bd7dd7e3a47ccf30c9d4a9e76aea9a7c092879c6e7401427e6210b71603ffc956b7413c7ae13e2870f5d3ced3a040c5ccf4b6d5aa7776e8060267feb152d23098f2e26ae8f3948d5090a5bef1e60104eb31aa319b881403fa7f5405b40c482746f900e0445f445f48ff0f2e0b22e9bafb88f92faeaf219b312e9ba4c127b3f35d57f89cf8a11edbd9f8cb4e5b237c3e1b05a16dd6cad5b2d4e70e0af4ff681b2fc17e4f9e5d922c1a84c2b330a26db1ea111223a60129ad04cc8289e9e47cbc8363a2567a33c7aab5849ee4f831cf3827b767778799547b4b29c81882532c7e850c6cb730e4b225481a76f1964905bcef06fab5f73ef8b39c5b19d609ebca66c22845c465449029d87837acc5ffa918e8eba5484d0af0138d68d0a8a879ebc5906255bab2b61cf0a337d3d67ca5142197f396bbedd7be57f83538f530438af1e79e2c0c06c370d016ac810b6de042fcd12a66c5b397ce396ae3b89879bee17bd775893255939a1ba9dcc31579f09da78df73dab7ab6ae39b63fb046d41c38430b367aaa91655d6d61585cfb04a3de47373e2bfae4457d3da24fe92fd5e9e14f5507392936c0df6c32cb715f21aec2a023e1f95e100b856d5204453c2c356b20c7cf804f01663ddacc507113c794b5852a49d1511f4490e36d0dba1d057712746c7d6fb8a44704686c64ad77d6acc54592743cb99b2a17ea74f4647836ae6dd3909a0ffb18072461d3da3601f5539065918414961b48ba96e0077118aee186d56a8864fae97381f7b55362d394a164dfd7ba22dfebaf5c4f9bdecc8d2b62e9c94dd5fb952d6c496c41f6d78764c937bcad3beb7c360fa28279951e9789e94a5dd3aea9a00c808adad6b5822e472365a20d5e12f7a756d5187dba94da1979baf45ecf33b88db8de1f2e8a0d84e614e20437c10b2521074d636fc8570e4ed6d3773a1aa813ed79d2cece470edb15d6eecd81ff38d5b24bc3d9eb87d1256b69d6089a23c13dbe556ace6d6133505e16ef67a9c0fe2fff22016f0867f4323b7b8713dd23e5c9f23e1f69db385b164081b52d7a0eeb46837afad84f7b6ea2773fc8f50611c4da162d57316e37a8941aa36058e4a2bdb6fd42b4282e566420e5721014c833da8ec9e2f2701a7eeb6a497e19ae8cd100ec933eefcd217e6be527c020eaeb437153c49dd5a46a12d062d6301fd9d0488af2d42620e5c75acce1722e2ffae5f3ff51c0c6397bfab141e4973202334979f7f7abfd931743a75e2aa832e8f6056319c4adc347794f519011802d9b51e7f58b20904b10d754677f3ec77105caa264ce11e892d86410f1d4c5ee90d2a4a2a0df5cabbbb23db286e08899f652c6430a328e684c666db6af9c4a15091164ffd8cf3cf36d8e200d1ea8076d975afb9d236b90945d8f63c86562f8d519c3bf52081eca0f707bc1b9c567300022d10a35b438210662e62ca4c1da8f5039e0ebd6006fd4e69c9baa36b373d4ca86c4272765f2be1c3b1d81789f692cb49bf73b5d9984fad25ac65f7dd59bf1e15bf2862bfc8aa43397a65b31cff54291ec06b35e27fd0d7edb884a98cf8a06104404af73df44a3faf888f4c0fe5cc1350293c07ef98a1b997a5c19836cc9efc51e076dbbad73e16a2df5486aa67bf2cc0c11bfb0284204740913e3571cdebc736af7e926e38bb88dd9b851cd2ceee407ff2eb3058ee004218b1452f92f885dae39eea6534b41ecdc359689f334b527abff995f255501d9e53e65e4274a89b5c4cffd6f3432915cf4d28cbdab1ba28e1c4f9b92bda9488c98e2c0ff2b1f74b0cea991fdd9fb1c0b43e13f4a09c7a07c07eef052096e8aea6dca3bd1b475e746f927427a0f983d2e29506a090b6904d2ebb9ed6de82694f1e11daa26e86cd2a4a73caed45f43637738f2c4a297d9ebdc7396896c9416420d1e2e70f5d79f716d815ae10dc42202133ad50df7824063a5a9719ce952319541e6af20b64a241f413346175cf4598854fe8beb77976ed6136ddfcc943ebc99061f59fa17c7d68ba2b3edf6fd03227b06a24aad7ef5277eb5ec9243c731b1d65fdfaebf80ac990d601337f914a705dfa1ca5a060e033a13208fb16c371f4b42ecea704dd931515f5d5993f59fc23e1aae9d2cb7b535b85b09e35f21e565bf5321a805a9e1242b59690022193ef78bba311e7046d1f1ffe46341a14d339eb857c7c7f61ff1d0e950397359b5335c3bfcf236d338f28150c0fc4f0a8c4253ded4319bb8717727b371716a45b48b9153b6294e7180738c4b65a7be6afb00dd7d0d72e7b4b47d67ff09ebff44a0be20cc38496f045b14b7b22fc2a76146b80d34f7e9afd68043aaf5152d2b6e98c34e44efb27c03309956b350d3dd2b8174f578545baec4eb684d3360b76f6065f891c960cd9ec5b52ce6bc181d8eb9a05525002ffae22a94464d802d8ff9f141b6a77555d15867a27f7f085b4263a7f7780d3121791c27748a7acd2ad83e971e28e5922cad19e0b9b880ac442c6a6b53a6c705438eb8b00f0ed11374ce73da4847c8f078e0fb6056770d130f60682ed61fccd78fdcbc33c240007a5d939c3047a17fdfa534fd5d7f12268510fb380cb9da895d15e2319cb85f3c0b0684cc4c7ac075e43ac90427751c92ca428ec105d87134dae04e0b0f70ac9300fc34514f67d4fbfa89505426febd45077b11daef97aa2caab7a614abd60f8a9ef828e9e9dc55514b62213a1ae08badafc801e719db81e9e336d1cf272a19062858f70f8b00e1b759ef8c4d72668341390fd34df8ccfa0fd3d67ffb0ebb8ccb572a9a7870c7657827146ad0ef211687b125d70096da93e73db63b80781eeca39e4a8f887a03ebd196861f05079f0bf950e198b80a2c5de47f994b0714f7808e0b4ef819616857c9430ce5d8662e05364fc96161b6a279f99f4f578fbae102111b74239762427d25ac795936c341c67a149aed45086767ecc2cb90a44a37b06486e36a8f2eab7b19a40cb20ee851ed189814eae4ee32df7fc806e2ceae089a48eb3442b0db44cffcee0bffbf52e162ac78633ed59e83058d53c250467418cea79540ee6b9023f3e6289dee7a4c9d58604a9b4833752c2f33257dfddaab91073f1f2132479ba46dd5a00c8442509bb6656bd016610b8cde5fc4ccd74102f0cd824b250f18eeb6edc7481d46845623723ffb19d1fcbe29d49a6f11c3415033cc0c9cde5145995a29d8d7ef333fb11274a0f37127bb0aeff96426f135e3f070ed3f590850f81e03bd27454c3810bc40dd3da729ddb2bab68e57f93dee106dad7b8564dec352a26d49ef4e70a7bf3139600b6c5ed8ca8fda50af46269581aa4dbc94a5edd88464304cfa186fe5705e02b75ca9b24dd5e2d473815c32c4621ef722018c6688c42c36fbd0f8a90143252516ae574c9d7186fa11a78bcac7328292e2dc090cff6e1d4003e43287bfadc6873e54b79078fb246aad51fb0bce8a32acda6367cf6895ad36a1146eef81254fc824d282ade2381f0dd847b5ef1894b3fc2eb662a02166c9df88d8e81521fd40c035d4fd5d00ffaf98e2987eee31f15b66ad11372403bbd8137a20fc914bde21dce17cd59ec66a211a440c0ea8bf5b69ca189df8eb81b2bceca75254b23fa84a73b2264e2c5548c5181291fdc44846cc490c356741a14d791f2fb56b640edd3184342cab3cde592c365587a68af120de1eddff55fce753ce7bace635662b9d20b6460d753da5e3b0c215cc936376f967de91c3aba1cbae3e3a9eb68d420b2b91232e71caedc73f67a62f9a1f5038bb25283631227ae3ffb30320be20e5018b74490cf676f65108d5842cc5b0c22c0ae576ebc5372120a7a7a084515eae19b7db20c4727751b356c78db56a1a50bd2f2eea101006c55ebd7cee0ac652b5ae6a7515a9a61aa075c0eacf6ddb9a395c95150e67ca15ecc89022a37f0b356c687d8fb3c6f7ac7f5779e708479f9dfa6bf66f291c009d08e5620e8fefe41993ea0ff61f30846d0f4c8c3f9a4b6c1f2bf4419818f6fd4b5e4444ffb3df5aae43489f693f88074f393d60764db99ec72fa55e11fe90d10bfd8277b4560e2c77d9c9a23352bed0707cb8f242c7dfd2d76b4a1c0d0df59f15c536c4e66ee95a18cb743339451b38ed88538565cc9197f47b5279d80da992508e3f6aacb1967d0ac7106af58533a390fb4573da04b367e4b667acd830ddb2e44f7bb638227e443595338a0c9dd3957785f7037b1a22e183231138affd2150d90016e08cc25dae131c94e3554498685ca336e4b88e9596911ae730fc58f1b3b2190e9300eeb49f635ae7221d54631e5b8ee8edfbcff47a1604f69b2a69162dc6141405af891cb58f1e20bbbf94fb9fae8040046fe7d6a5d331279e0c24d692248f76166cc772348140293401ceecf45a4b5df4dde24b5d49e035a3051750c02b53f41674f16db630120dc73af27a666fd268a392f8621cd53634326d4bf0b7bbf22f74dee91a33851613958fbf3444cc6b0efcdcf9ffe71e6112417c457b83798fd6cca59482fdfc025984fd0c3a55ce2ee86ca102383c07fbe8ee89d28489a0774e13ee86eae9ce0f5387631e3e53ef8a322c784eef12a8ab8f9a699e607e364334363d19d1af248f4ea25cdd6fec3ea1407d87bb5c7dfe4cd8b90b8b76bbe340a2eae8d94cb67b93a55b79094e68aa0421e4182cb364628f64cc9809199a407b358f8d7f20522830bcd1bbeedb8e7f796bdc9265f337064d4e4ea5d0a401640c3ebdf379ad295a829c9db3b5cbf0329a4f61e5d9a20d6dddd63f43699802e0", 0xff4, 0x4000004, &(0x7f0000000000)={0x11, 0xc, 0x0, 0x1, 0x5}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7ffd, [], [0x17c1]}, 0xf0ffffff}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0)

8.296944311s ago: executing program 4 (id=813):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x694, &(0x7f0000000d00)="$eJzs3c1vXFfdB/DvHY8dO0+Vx2mTNkJFRIlUkCISv8gFsyEghLyoUFUWrK3EaaxMnMp2kVshcAHBColF/4CC5B0rJPZBYV123XpZCYlNxCJiY3Tv3LHHnnFsJ36Fzye6Pufec+65v/ndt3nJaAL8z5q5kebjFJm58c5KOb++NtlaX5s8Vze3kpT1RtJsFykWkuJJcrtsL7qmdJU9Pp2ffu+Lp+tftuea9VT1bzxvvT769F2tp1xNMlCXvQb3u4lt491J8kpPl6H9jrWtY5m063UJJ26jx+pBVj/IeQucMp27U9G+b/YYTc4nGa6fB6S+OjSOL8KjcaCrHAAAAJxRnz866QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7Kl//7+op0Zd5mqKzu//D3WW1fUz7fFJBwAAAAAAAAAAh+Brz/IsK7nQmd8oqs/8r1Uzl/LvjeT/8mGWMpfF3MxKZrOc5SxmPMlo10BDK7PLy4vjm2uW+q850XfNieN6xAAAAAAAAADwX+mXmdn6/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6DIhloF9V0qVMfTaOZdttQ2W81+XunfkYU/RY+Pv44AAAA4KUMv8A6//8sz7KSC535jaJ6zf969Xp5OB9mIcuZz3Jamcvd+jV0+aq/sb422Vpfm3xYTr3jfu+fBwqjGrF+f6H/lq9UPUZyL/PVkpu5UwVzN41qzdKVTjz94/qkjKn4bm2fkTXrtJYb+/1u7yIcioO+FTFaBpdsZmSsjq3MxsV2BorqjZpkZyb23DvNnVtKI4ObWxpPY/Odn0tHkPPzdVk+nt8cac4PajMTjVSZmOg6+l5/fiaSr//lTz+531p4cP/e0o3T85D2MLDL8p3HxGRXJt4405loHrD/WJWJy5vzM/lhfpwbuZp3s5j5/DSzWc5cNur22fp4Lv+OPj9Tt7fNvbtXJEP1fmnvs/3EdDU/qGqzuVateyHzKfIodzOXt6t/ExnPtzKVqUx37eHLu8ZdPbbqrG/sPOs7e/qvfYO//o26MpLkt3XZk4Mddjs6D0v72l/m9WJXXttH/dPNXhe7zoOxriy92snOYN/BX+Ta2PxKXSm38au6PB1G60yUJ1DnLtGJ7rV2JprVvaj3OP9DdW4stRYeLN6f/WCX8Vd3zL9Vl+VhtfbV/UbZf1ccrvJ4eTXD9ZVk+9FRtr22eZW5uO2uOlR/4tJua/S0Xa7aiqJzpv5o1zN1qH4O1zvSRNX2Rt+2yartSlfbtudbeZRW7h5D/gB4SaM5PzTyj5HPRz4b+fXI/ZF3hr9/7tvn3hzK4N8Gv9McG3ir8Wbx53yWn2+9/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7c0kcfP5htteYW+1cauzftUdlr5B2Vov5Bnxfa1imsDCfZtmSwXHDsYYzsDKOnsvGL5Njz0/kRwf59fldWmtnPgLf36vPJiR8Jp70ykP4HwAlfmIAjd2v54Qe3lj76+JvzD2ffn3t/bmFwamp6bHrq7clb9+Zbc2PtvycdJXAUtm76Jx0JAAAAAAAAAAAAsF/9vhhw7ZW9vjSyr+94+J+FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKGYuZHm4xQZH7s5Vs6vr022yqlT3+rZTNJoJMXPkuJJcjvtKaNdwxX545Ns9NnOp/PT733xdP3LrbGa7f5Joy5fwmo95WqSgbo8rPHuvPR4xb86j7BM2PVO4uCk/ScAAP//kSr0rQ==")
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$minix(&(0x7f0000000540), &(0x7f00000002c0)='./file1\x00', 0x8040, &(0x7f0000000c00)=ANY=[@ANYRES16=0x0], 0xfd, 0x1d0, &(0x7f0000000300)="$eJzs3O9uk1AYx/EftIXNP/H/G99qom8cdiYSXxi3O3Hp2Fxkaqxv2jSxxivxRrwVb6BN7A2IAVoKqBVRoK3fT7LsPPQczvM0oZzThArAf+uqJEOGOpKCIHj/4m5wpemcANQj0LegqKeLMQC2ROvrH3U3pHFluQCo0/SwZUY39bH0ZTbqTeZ/ndw6YTcTtZPW9DAefiBpkhpvFVx/TD8Y0f/b7ex4W9JOkfXLp3j8vcX8YWqzUS+Tb76Y/Pze5zhIzX+hcP5x/ffvZPO/KOmSpMthIfay/zVJ139S/3H2/bNvFZwf+BuG9vJx5oCpkzPfe5jEHZ1Y8rpJbEWv7+fiR0lsR/Fe77V/XFUJAEoyf7j+n5vpuKVwwb+8/tvR9dytL0EAlekPhi+PfN97W6ZhjIt1NspPQaOehrUeaZRohJu7NUgj1/ho/oPz7NSac7hzTh3JfVAU3dAD2BjOu/M3Tn8wfHB2fnTqnXqv9t0nrit1H7tOtPN3svv/2Iov1ABsjMXdf7fpRAAAAAAAAAAAAAAAQGk3JN1chgdN5gIAAACgWr97MEjzn/tZ+fDQs/nJftGn4RIBAAAAAAAAAAAAAAAAAACArfE9AAD//zpGOPg=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000540)=""/239, 0xef)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r8, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90)

7.819217671s ago: executing program 3 (id=814):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2def, 0x4000, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x1, 0x84)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="020f00001500000000000000000000000800120000000100000000100000000006000000000000000000000000000000e00000020000000000000000000000002001000000000000000000000000000205000600000000000a00000000000000fe8000000000000000000000000000bb0000000000000000010018000000000005000500000000000a00000000000000ff02000000000000000000000000000100000000000000"], 0xa8}}, 0x0)
bind$inet6(r2, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback=0x7f000002}}}}}}, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8)
sendto$inet6(r2, &(0x7f0000000100)="bc", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
close(r2)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

6.466900655s ago: executing program 4 (id=815):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffa84, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmmsg$unix(r3, &(0x7f00000011c0)=[{{&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000380)="1ef1d1b1cd576eedaa345578c65ea822bb0e32c2785e46d1a0f3b6b8f2589afb739c7c54f723d63adc09401b0065b740e01de10d75325e6f484addd5078d695ad3687e83dbcd3bb26869c7a223e8d8836f16c571a1babae56b", 0x59}, {&(0x7f0000000540)="4f01f283c7eb7fa43ff95d5001461cd7e6eb5201002152abb45615066b4291ff568b9fbf49b7d1e174b5537896cb17ede62c433e0a614c7bae65b4ff7980e9a798deb65e30752bb931444e48c9fc659edd1d6539e9074232c1f4a43289894036f45605dcd963eb6dc9251da98d86883b57673ad89412dc3307", 0x79}, {&(0x7f0000000280)="1c978056f255e04be574503b02", 0xd}, {&(0x7f00000005c0)="bf84d69efd23b31cfc569356c4d9530b200f77f0105dba9fdccd1e5990", 0x1d}], 0x4, &(0x7f0000001080)=[@cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r6]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x18, 0x1, 0x1, [r3, r0]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3, r5, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r0]}}], 0x118, 0x884}}], 0x1, 0x4080)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x84, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x30, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}]}, 0x84}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0), 0x2, 0x0)
sendmmsg$inet6(r8, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x4f23, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000240)=[@pktinfo={{0x24, 0x29, 0x2, {@mcast2={0xff, 0x5}}}}], 0x28, 0x7ffffff7}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc", @ANYBLOB="6b7b6baa70df8119f6670b70b0933e8fd341928cb23be3a6806035d257bb83b850ef665250c3e5af73e147da37c140b609c97d9b10a3a464d02933ecf3cab07ab0c30529ca79388340ec19073b2f83419a1544a42839438aa8953bdcbdf21cae321c87bfaf77bd4b12da93c32269c5d466d437da7a3b22b20c8455ff963a2fbec35da4f37090691225809dfa4df45c6a85dafe4ce3cf31b6e26dcc64853409383833aadba1417cc741fa1f89d81875cfe69e16548a4e55a062ca8489841b124704b8d46fda1c2b01"], 0x40}}, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r10 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000600)={'team0\x00', <r11=>0x0})
r12 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2)
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xa4}}, 0x0)

6.208215417s ago: executing program 3 (id=816):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x414, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8e}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r0 = creat(&(0x7f0000000040)='./file1\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086607, &(0x7f0000000180))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x414, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8e}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async)
creat(&(0x7f0000000040)='./file1\x00', 0x0) (async)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086607, &(0x7f0000000180)) (async)

6.084712557s ago: executing program 0 (id=817):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f00000003c0)='.\x00', 0x0, 0x0)
renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2)

5.849702827s ago: executing program 3 (id=818):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
add_key$fscrypt_provisioning(&(0x7f0000000280), 0x0, 0x0, 0x18, 0xffffffffffffffff)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044090}, 0x40000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a30000000000500040000000000050101000600000016000300686173683aead54d725709fed720b28f6e65744d706f72742c6e65740000000500050002000000086e35dd98e7e42c7a76f574e04e0a6df9f6dec312888ac0e8abc3aa4864d45ee265ec9d71"], 0x50}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
execve(&(0x7f0000000c40)='./bus\x00', &(0x7f0000000e40)={[&(0x7f0000000c80)='GPL\x00', &(0x7f00000010c0)='W$)hs\x00\x8f\tG\xb3\xd4\xc4\xa5E%\x8ck\xc9#$\x85g\xab\x1f\x89\xd8\xda\x87\x1a0\xb9E\x83.k\\\x98M\xa7g\xc0\x84\xcb\xec\x14Dz\xca\x19\xb9\x15\xd3\xb7\xde\xcc\x06\x94\x18\xdb\xab\x13%\xb4\x99\xcf\xb6k\xb0\x93\xdf-\x05\x8bBIv\x85~\x91\xbc\xefe3\xe7x\x8f\x89\xdf\xf6k\xad\xbf\x9d\xc5y=\xdb\xba-\xfeh\xed\xdb\xc2\x1f\xdd\xe3\xf1\x0e\x87\x8d\f\xee\xb2E\xbci-\x17\x03\x012\xa7\n\xc5vu\xfc\xc5\xb5\x9f\xf0\x94\xf2\x99\x9b\xaf8\xed\xfd\xd7\xb0\xc1|\xf3\xbc\x91\xc4\xd9\xcb\x84\\\xe9B\xdfhU\xe26.\xe5B~\x17\xc7\xac\x1b\xbf\xbf\xbag8r+\nLm\xe6R_\xdcf5\xf7\'S\x98\xcc\b\xd1a\xdc\xe72\xda\x88;\xbe$\x80\x9e\x11\xae\xc5\x1fP\xc5\xccP4\x01\"\xc8\x01\x9d\xe64\x87t\xe8\xcb\x88\x17\xa6\xcd\xdc\x8d\\\xd9\x97sNN\xa7T\xfc\x10td\x9f L\xfb\x00\xa3\x02\x02*&\xff\xb1\xfeB', &(0x7f0000000d00)='*#\x00', &(0x7f0000000d40)='nilfs2\x00', &(0x7f0000000d80)=',-\x00', &(0x7f0000000dc0)='\x00', &(0x7f0000000e00)='*\x00']}, &(0x7f0000001040)={[&(0x7f0000000e80)='/\x00', &(0x7f0000000ec0)='\\\x00', &(0x7f0000000f00)='GPL\x00', &(0x7f0000000f40)='\x00', &(0x7f0000000f80)='autofs\x00', &(0x7f0000000fc0)='nilfs2\x00', &(0x7f0000001000)='\')!!\\\x00']})

5.837627378s ago: executing program 2 (id=819):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
connect$can_j1939(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
write$P9_RSTATu(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="320200007d00000005f1000081ff00"/28, @ANYRES32=0x0], 0x232)
close_range(r0, 0xffffffffffffffff, 0x0)

4.846992862s ago: executing program 2 (id=820):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x2402, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x4) (async)
pselect6(0x40, &(0x7f00000045c0)={0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000004640)={0xf8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0x0) (async)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) (async)
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000b, 0x8012, r0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x3c, r2, 0x5, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6}]}, 0x3c}}, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SET_SECCOMP(0x37, 0x1, 0x0) (async)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xa00000, &(0x7f00000000c0)=ANY=[], 0x0, 0x627a, &(0x7f0000008200)="$eJzs3c1vHGcdB/DfvvqlNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDT28yTjzW7s1PHO2s/nIzkzv3lm1s/ku7Mv3pl9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI73/vByudiLj687RgKeIz0YvoRizU9XJELCwv5fX7EfF87DTHcxExmIuot9/555mI1yLi41MRW9vrq/XiCwfsx3f/+Pff/fCpt//2h8G5//7pdu/1SevdufOr//z57uH2GQAAAEpTVVXVSW/zT6f39922OwUATEV+/q+SvPzE17/+59t/maX+qNVqtVo9hbqpGu9us4iIjeY29WsGH8cDwDGzEZ+03QVaJP+i9SPiqbY7Acy0Ttsd4Ehsba+vdlK+nebzwfJuez4XZE/+G53713dMmu5n9ByTad2/NqMXz07oz8KU+jBLcv7d0fyv7rYP03pHnf+0TMp/uHvpU3Fy/r3R/EecnPy7Y/MvVc6//1j59+QPAAAAAAAzLP/9f6nlz3/nDr8rB/Koz3+Xp9QHAAAAAAAAAHjSDjv+333G/wMAAICZVb9Xr/3m1INlk76LrV5+pRPx9Mj6QGHSxTKLbfcDAAAAAAAAAAAAAErS3z2H90onYhARTy8uVlVV/zSN1o/rsNsfd6XvP5Ss7Qd5AADY9fGpkWv5OxHzEXElujvf9TdYXFysqvmFxWqxWpjLr2eHc/PVQuN9bZ7Wy+aGB3hB3B9W9Y3NN7Zr2u/98n7to7dX/65h1TtAx56QQfrfnNDcUtgAkOw+G215RjphquqZSS8+YA/H/wm0FEtt36+YfW3fTQEAAICjV1VV1Ulf5306je/XbbtTAMBU5Of/0c8FDlV3J7RHPJnbV6vVarVa/anqpmq8u80iIjaa29SvGQzHDwDHzEZ80nYXaJH8i9aPiOfb7gQw0zptd4AjsbW9vtpJ+XaazwdpfPd8Lsie/Dc6O9vl7cdN9zN6jsm07l+b0YtnJ/TnuSn1YZbk/Luj+V/dbR+m9Y46/2mZlP9w55K58uT8e6P5jzg5+XfH5l+qnH//sfLvyR8AAAAAAGZY/vv/ks9/8y4DAAAAAAAAwLGztb2+mq97zZ//f27Meq7/PJly/p3HzX8hzcv/WMv5d0fy//LIer3G/L23Hhz//95eX/397X99Nk8Pmv9cnumke1Yn3SM66Td1+ml6mL1ryHe4QW9Yzw463V4/nfNTDd6N63Ej1uL8Q5v097Sv7GmvezrY035hT3v/ofaLe9oH6XsHqoXcfjZW4ydxI97Zaa/b5vbZ//l92qt92nP+PY//Rcr59xs/df6Lqb0zMq3d+6j70HHfnI77PW9e//wvzx/97uxrM3r3962p3r8zLfRn5//kqWH87NbazbN3rt2+fXMl0mTP0guRJk9Yzn+w8zP34PH/xd32/LjfPF7vfTR87PxnxWb0J+b/YmO+3t+Xp9y3NuT8h+kn5/9Oah9//B/n/Ccf/6+00B8AAAAAAAAAAAAAAAB4lKqqdi4RfTMiLqXrf9q6NhMAmK78/F8leblarVar1eqTVzdV473RLCLir81t6tcMvxh3YwDALPtfRPyj7U7QGvkXLH/fXz19qe3OAFN164MPf3Ttxo21m7fa7gkAAAAAAAAA8Gnl8T+XG+M/vxQRSyPr7Rn/9a1YPuz4n/08c3+A0Sc10PejbXaHvW5juPEXYmd87rOTxv8+Ew+P/53HxO0192OCwT7tw33a5/Zpnx+79EFaYy/0aMj5v9AY77zO//TI8OsljP86OuZ9CXL+Zxr35zr/L42s18y/+u3M5b9x0BU3o7sn/3O33//puVsffPjq9fevvbf23tqPL66snL946dLly5fPvXv9xtr53X+PptczIOefx752HmhZcv45c/mXJef/hVTLvyw5/y+mWv5lyfnn13vyL0vOP7/3kX9Zcv4vp1r+Zcn5fyXV8i/L1vb6XJ3/K6mWf1ny8f/VVMu/LDn/V1Mt/7Lk/M+mWv5lyfmfS/UB8vf18CdIzj9/wuX4L0vOfyXV8i9Lzv9CquVflpz/xVTLvyw5/9dSLf+y5Py/lmr5lyXnfynV8i9Lzv/rqZZ/WXL+l1Mt/7Lk/L+RavmXJef/zVTLvyw5/9dTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5v5Fq+Zflwff/mzFjxkyeafuRCQAAAAAAAAAAAAAYNY3TidveRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzdXYxcZ30/8DP75rVDiIEQnPwNbBITQrJk13biF/5NMYEADVAKJBT6guN612bBsY3XLoEi2TS8RMKoqKJqetEWUNRGqiqsigtaUZqLqi9Xpb2gNxVVJaRGlUEBFamtaLaac57n2ZnZ2ZlZ73h99pzPR7J/uzPnzHnmzHPO7m93v3MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWt365vnPN7Isa/7L/9ueZS9qfrx1ant+2xuu9QgBAACA9frf/P/nb0g3HBpgpZZl/vZV//CNpaWlpewDo78z/uWlpXTHVJaNb8my/L7o0r99sNG6TPBENtkYafl8pM/mR/vcP9bn/vE+90/0uX9Ln/sn+9y/YgessLX4eUz+YLvyD7cXuzS7MRvP79vVZa0nGltGRuLPcnKNfJ2l8WPZQnYim89m25Yvlm3ky3/r1ua23p7FbY20bGtnc4b86FNH4xgaYR/vatvW8mNGP3hTNvXjH33q6B+dvXxzt9p3N7Q9XjHOO29rjvMz4ZZirI1sS9oncZwjLePc2eU1GW0bZyNfr/lx5zifH3Cco8vD3FCdr/lkNpJ//J18P421/lgv7aed4bb/uj3LsgvLw+5cZsW2spFsW9stI8uvz2QxI5uP0ZxKL83G1jRPbx1gnjbr3K72edp5TMTX/9aw3tgqY2h9mX7w6YkVr/ta52nUfNarHSudc3DYx0pZ5mCcF9/Jn/STXefgrvD8P3XH6nOw69zpMgfT826Zg7f1m4MjE6P5mNOL0MjXWZ6Du9uWH8231Mjrc3f0noMzZx87PbP4iU++fuGxI8fnj8+f3Lt79+zeffsOHDgwc2zhxPxs8f8V7u3y25aNpGPgtrDv4jHw2o5lW6fq0leHdxxO9jgOt3csO+zjcKzzyTU25oBcOaeLY+Ph5k6fvDiSrXKM5a/PXes/DtPzbjkOx1qOw65fU7och2MDHIfNZU7fNdj3LGMt/7qN4Wp9LdjeMgc7vx/pnIPD/n6kLHNwMsyLf7lr9a8FO8N4n5xe6/cjoyvmYHq64dzTvCV9vz95IC/d5uUtzTuum8jOLc6fuefxI2fPntmdhbIhXtYyVzrn67aW55StmK8ja56vhxZe9eQtXW7fHvbV5Oub/02u+lo1l7n3nt6vVf7Vrfv+bLt1TxbKkG30/uz21by5P1Mv2WN/Npf5zMz6vxdPfWnL+Xd8lfNv7PtfKLaXHuqJ0fGx4vgdTXtnvO183P5SjeXnrka+7ednBjsfj4d/G30+vrHH+XhHx7LDPh+Pdz65eD5u9Ptpx/p0vp6TYZ6cmO19Pm4us2PPWufkWM/z8e2hNsL+f13oFFJf1DJ3Vpu3aVtjY+PheY3FLbTP071ty4+H3qy5rWf2XNk8vfP24rFG07NbtlHzdKpj2WHP03S+Wm2eNvr99O3KdL6ek2Fe3Li39zxtLvPsves/d26NH7acOyf6zcHx0YnmmMfTJCzO90tb4xy8JzuancpOZHP5vRP5fGrk25q+b7A5OBH+bfS5ckePOXhnx7LDnoPp69hqc68xtvLJD0Hn6zkZ5sVT9/Weg81l3rJ/uN+73hluScu0fO/a+fO11X7mdUvHbrqaP/NqjvOv9/f+2WxzmRMH1tpn9t5Pd4dbruuynzqP39WOqblsY/bTjjDOywdW30/N8TSX+fLBAefToSzLzn/sgfznveH3K3927rvfaPu9S7ff6Zz/2AM/vP7Y36xl/ABsfi8UZVvxta7lN1OD/P4fAAAA2BRi3z8SaqL/BwAAgMqIfX/8q/BE/w8AAACVEfv+sVCTmvT/O95yeeGF81lK5i8F8f60Gx4qlosZ19nw+dTSsubtDzw9/5O/OD/YtkeyLPvpQ7/RdfkdD8VxFabCOC892H77yhXPD7T9Rx9ZXq41v/6V8Pjx+Qw6DbpFcGezLPvWDV/MtzP1wYt5ffahR/P63gtPPtFc5vmDxedx/edeViz/+yH8e+jYkbb1nwv74fuhzr6j+/6I63394ut27n//8vbieo3bXpw/7ac+VDxufJ+cLz1RLB/382rj/8svPPP15vKPv6b7+M+PdB//M+Fxn37w8kJzxv33K4vlW1+D5udxvc+G8cftPR3Wv+dr3+46/kufL5Y//dZiuUdDjdu/M3y+662XF1r31+ONI23PK3tbsVzc/ux3fyu/Pz5efPzO8U8evti2Pzrnx7P/VDzOTMfy8fa4nejPO7bffJzW+Rm3/8znHm3bz/22f+m9z72y+bid27+7Y7nRjvU737HpDz77xa7bi+M59Ken257PofeE4zhs/6kPhfkY7v+fS19s22706Hvazz9x+a9sP9/2fKK3/7jY/qU3Hs/rv0/95Peue9H1L77w6ua+y7LvvK94vH7bP/6Hp9rG/9Wb7spfj3h/zOh3bn81cftnPj598tTiuYW5lr2av3fOO4vxbJncuq053hvCubXz88Onzn54/szU7NRslk1V9y30rtjXQv1hUS6sdf27Hgmv5y2/+61td/zjF+Lt//xwcfvFdxRft14blvtSuH178fotNda5/aduvSk/vhvPFp+35diHYOeu/zgw0ILh+Xd+XxDn++mXfzjfD8378q8b8bhe5/i/N1c8zjfDfl0K78x8203L22tdPr43wsX3Fcf7uvdfOM3F1/WPw+v9ru8Xjx/HFZ/v98L3Md/e0X6+i/Pjm+dHOh8/fxePC+F8kl0o7o9Lxf198fmbug4vvg9JduHm/PPfTo9z85qe5moWP7E4c2Lh5LnHZ87OL56dWfzEJw8/durcybOH8/fyPPyRfusvn5+25eenufl992azW7MsO5XNbsAJ6+qMv/nRYOM//cjRuf2zd8zNHzty7tjZR07Pnzl+dHHx6Pzc4h1Hjh2b/3i/9Rfm7t+95+De/Xumjy/M3X/g4MG9B6cXTp5qDqMYVB/7Zj86ffLM4XyVxfvvPbj7vvvunZ1+7NTc/P37Z2enz/VbP//aNN1c+9enz8yfOHJ24bH56cWFT87fv/vgvn17+r4b4GOnjy1OzZw5d3Lm3OL8mZniuUydzW9ufu3rtz7VtPivxfeznRrFG/Fl7757X3p/1qanP73qQxWLdLyB6OXwXjR//5LTBwb5PPb946EmNen/AQAAoA5i3z8RaqL/BwAAgMqIff+WUBP9PwAAAFRG7PsnQ01q0v/L/8v/D5b/L+4fZv6/W34+k/8vVf7/9MeKXOlmz//H/Lz8fz1c4/z/urcv/y//X738/+D5+c0+fvl/+X9WKlv+P/b9W7Oslv0/AAAA1EHs+7eFmuj/AQAAoDJi339dqIn+HwAAACoj9v0vCjWpSf8v/z9Q/n9Pv8BV9fP/w7/+v/z/Nc3/T2R1yf/HF0f+vzbWnL9//8Ntn1Yj/995FC2T/+9D/l/+X/5f/p8hGl/1nmuV/499//WhJjXp/wEAAKAOYt//4lAT/T8AAABURuz7bwg1Gbz/X/2PGgAAAIBSiH3/9lCTmvz+X/7f9f/l/2uZ/3f9/0Hz/y2Dkf/fHFz/vzf5/z6uOP8/Kf+/GfP/48Mdf7nz/32HL//PVVG26//Hvv8loSY16f8BAACgDmLf/9JQE/0/AAAAVEbs+18WaqL/BwAAgMqIff+NoSY16f/l/+X/5f/l/+X/u2+///X/i4/k/8tF/r83+f8+XP+/Xvn/IY+/3Pn/YV//f/zBzvXl/+mmbPn/2Pe/PNSkJv0/AAAA1EHs+28KNdH/AwAAQGXEvv8VoSb6fwAAAKiM2PfvCDWpSf8v/y//L/+/sfn/z2Xy/9XJ/xfk/8tF/r83+f8+5P/l/+X/B8v/d/nmV/6fbsqW/499/82hJjXp/wEAAKAOYt9/S6iJ/h8AAAAqI/b9/y/URP8PAAAAlRH7/p2hJjXp/+X/5f/l/+t1/f+7J+T/5f+rTf6/N/n/PuT/5f/l/we8/v9Ka8n/b+n3YFRG2fL/se9/ZahJTfp/AAAAqIPY978q1ET/DwAAAJUR+/5Xh5ro/wEAAKAyYt8/FWpSk/5f/r9a+f8/+aunXp3J/8v/99l+RfP/cRrI/9ec/H9v8v99yP/L/8v/b0j+n/ooW/4/9v23hprUpP8HAACAOoh9/22hJvp/AAAAqIzY998earJK/7/mP+QDAAAArrnY9+8KNanJ7//l/6uV/4/k/+X/e22/ovn/RP6/3uT/u2g5SOX/+5D/l//f1Pn/Rrb+/H/87lf+n+EoW/4/9v2vCTWpSf8PAAAAdRD7/jtCTfT/AAAAUBmx739tqIn+HwAAACoj9v13hprUpP+X/5f/l/+X/5f/7759+f/NSf6/t7Xm/yfk/+X/5f83Uf7f9f8pn7Ll/2Pf/7pQk5r0/wAAAFAHse+/K9RE/w8AAACVEf9+s/i7V/0/AAAAVFHs+6dDTWrS/8v/y//XKf/fkP+X/5f/rzz5/95c/78P+X/5f/l/+X+Gqmz5/9j3vz7UpCb9PwAAANRB7PvvCTXR/wMAAEBlxL5/JtRE/w8AAACVEfv+2VCTmvT/8v/y/3XK/7v+v/y//H/1yf/3Jv/fh/y//P/mzP/nTUzX/H+Wyf9zTZUt/x/7/t2hJjXp/wEAAKAOYt+/J9RE/w8AAACVEfv+vaEm+n8AAACojNj33xtqUpP+v6T5/7FM/j8n/y//L/8v/y//vzby/73J//ch/y//vznz/znX/6eMypb/j33/faEmNen/AQAAoA5i378v1ET/DwAAAJUR+/79oSah/+/2d90AAADA5hL7/gOhJjX5/X9J8/+u/7/W/P9v/l3btuX/5f97bX84+f+t8v+hyv+XS0Xz/52HxRWT/+9D/v+q5eezkaEM8ZqNX/5f/p8rU7b8f+z7D4aa1KT/BwAAgDqIff8bQk30/wAAAFAZse///6Em+n8AAACojNj3/0yoSU36f/n/iuT/O8j/y//32r7r/8v/V1lF8/9DU6n8/4j8/2bK/7v+v/x/v/Wppquf/48fDZb/j33//aEmNen/AQAAoA5i3/+zoSb6fwAAAKiM2Pe/MdRE/w8AAACVEfv+Q6EmNen/5f/l/+X/5f+vTv7/jVmnMub/m5NH/r9aSpz/Hx9k+/L/rv8v/78h4+/8UjOU8cv/y/+zUtmu/x/7/jeFmtSk/wcAAIA6iH3/A6Em+n8AAACojNj3vznURP8PAAAAlRH7/reEmtSk/5f/l/+X/5f/d/3/7tuX/9+cSpz/H4j8v/y//P/mHb/8v/w/K5Ut/x/7/gdDTWrS/wMAAEAdxL7/raEm+n8AAACojNj3vy3URP8PAAAAlRH7/reHmtSk/5f/l/+X/5f/l//vvn35/81J/r83+f8+apD/39rjvmudn1+vaz1++X/5f1YqW/4/9v0/F2pSk/4fAAAA6iD2/Q+Fmuj/AQAAoDJi3/+OUBP9PwAAAFRG7PvfGWpSk/5f/l/+X/5f/l/+v/v25f83J/n/3uT/+yh7/n8ifOD6/6Ucv/y//D8rlS3/H/v+d4Wa1KT/BwAAgDqIff/Ph5ro/wEAAKAyYt//7lAT/T8AAABURuz7fyHUpCb9v/y//H+58v9L51vXk/+X/8+Glf9vriT/Xwvy/73J//fRJf+/pUz5/yFc/7+Xa52fL9P4H5b/l/9nKMqW/499/3tCTWrS/wMAAEAdxL7/vaEm+n8AAACojNj3vy/URP8PAAAAlRH7/odDTWrS/8v/1zL/n55y+fL/rv8v/+/6//L/6yP/35v8fx9lv/6//H+pxy//L//PSmXL/8e+/5FQk5r0/wAAAFAHse9/f6iJ/h8AAAAqI/b9vxhqov8HAACAyoh9/wdCTWrS/8v/1zL/X+Lr/1ct/z/WNj/qlP+fbHk907yU/5f/3wDy/73J//ch/y//X+b8f5jNW1dZX/6fMipb/j/2/R8MNalJ/w8AAAB1EPv+Xwo10f8DAABAZcS+/5dDTfT/AAAAUBmx7/+VUJOa9P8VzP9fyOT/5f9Lk/9vnx91yv+7/v9K8v8bQ/6/N/n/PuT/5f/LnP/vQ/6fMipb/j/2/b8aarJq4/fD/xzgaQIAAAAlEvv+D4Wa1OT3/wAAAFAHse8/HGqi/wcAAIDKiH3/o6EmNen/K5j/X+f1/+MVVeX/5f+Hnf8fkf+X/5f/3wDDy/+/4vosk/+X/5f/l/+X/5f/Zz3Klv+Pff+RUJOa9P8AAABQB7Hv/7VQE/0/AAAAVEbs+4+Gmuj/AQAAoDJi3z8XalKT/v8a5v/Hy5n/d/3/K83//1T+3/X/A/n/7uT/N4br//cm/9+H/L/8v/y//D9DVbb8f+z750NNatL/AwAAQIWlHwfHvv9YqIn+HwAAACoj9v3HQ030/wAAAFAZse//cKhJTfp/1/9vz5635u8y+f/yXP//fNXy/2Nty8v/F+T/5f+HQf6/N/n/PuT/5f/l/+X/Gaqy5f9j378QalKT/h8AAADqIPb9Hwk10f8DAABAZcS+/6OhJvp/AAAAqIzY958INalJ/y//7/r/myL/fxWv/9/Isguu/y//32378v+bk/x/b/L/fcj//x979/Ek2VXlcfyppXarmeVsJkLrWc0OWEl/Aisi2BHBWljhjVp4EE54b4T33jvhvfdeeG+FFUQ0oapzTldVZr2s6squfO/ez2dzRh3dVPaoEPzo+MbV/+v/9f+s1dT6/9z918Qtnex/AAAA6EHu/nvELfY/AAAANCN3/z3jFvsfAAAAmpG7/15xSyf7X/+v/++9/x828v7/7p+v/9+m/9f/r8NCf3/F8p+3XxS+b////3e89m76f/2//n/Upvv/ywf9v/6fqZla/5+7/95xSyf7HwAAAHqQu/8+cYv9DwAAAM3I3X/fuMX+BwAAgGbk7r82bulk/+v/9f/6f/3/rv7/Zv2//n/eDtPfX7Xkx7z/H2bU/+d/e9P/H93c+/9Nf379v/6fRVPr/3P33y9u6WT/AwAAQA9y998/brH/AQAAoBm5+x8Qt9j/AAAA0Izc/Q+MWzrZ//p//b/+fy79/ynv/+/5/ej/9f/LHLW/1/+HGfX/g/f/9f8T+fz6f/0/i6bW/+fuf1Dc0sn+BwAAgB7k7n9w3GL/AwAAQDNy9z8kbrH/AQAAoBm5+x8at3Sy//X/+n/9/1z6/2N6/1//r/+fuZuGC/9M0P8v0v+vsKL/Hwb9/5gD9/PLf3vz+fz70P/r/1k0tf4/d//D4parh+HUxf4mAQAAgEnJ3f/wuKWTP/8HAACAHuTuvy5usf8BAACgGbn7z8Utnex//b/+X/+v/9f/L//6+v958v7/uKP3///339fcvd/+3/v/47z/v+7+//bvDP0/8za1/j93//VxSyf7HwAAAHqQu/8RcYv9DwAAAM3I3f/IuMX+BwAAgGbk7n9U3NLJ/tf/t9b/X77r1+3o/7dqF/2//l//r/9vnf5/nPf/V9j6x9zZ+kv9v/7f+//6f45mav1/7v5Hxy2d7H8AAADoQe7+x8Qt9j8AAAA0I3f/Y+MW+x8AAACakbv/cXFLJ/tf/99a/7/713n/X/+/7Ovr//X/LdP/j9P/r9DK+/8X+V2z6X7+qDb9+fX/+n8WTa3/z93/+Lilk/0PAAAAPcjd/4S4xf4HAACAZuTuvyFusf8BAACgGbn7nxi3dLL/9f/6/3n0//kV9P/6/0vf/yf9/zzp/8fp/1dopf+/SJvu5+f++fX/+n8WTa3/z93/pLilk/0PAAAAPcjd/+S4xf4HAACAZuTuf0rcYv8DAABAM3L3PzVu6WT/99n/X67/n13/7/1//b/3//X/B6P/H6f/X2Fn/3/ZMJzT/+v/9f/6f45kav1/7v4b45ZO9j8AAAD0IHf/0+IW+x8AAACakbv/6XGL/Q8AAADNyN3/jLilk/3fZ//v/X/9v/5f/6//b5X+f5z+f4XO3/8fzun/9f/6f9ZrQv3/jl91Znhm3NLJ/gcAAIAe5O5/Vtxi/wMAAEAzcvc/O26x/wEAAKAZufufE7d0sv/1/5Pp/7dyvrb6/7PDMOj/h077/7M7/n7W96X+X/9/DPT/4/T/K3Te/2+6n5/759f/6/9ZNKH+f+uvc/c/N27pZP8DAABAD3L3Py9usf8BAACgGbn7nx+32P8AAADQjNz9L4hbOtn/+v/J9P9b2ur/vf+/9/ujp/7f+/+L9P/HY839/5X54/r/bfr/9vr/Uzv+703380e16c+v/9f/s2hq/X/u/hfGTadOXvRvEQAAAJiY3P0vils6+fN/AAAA6EHu/hfHLfY/AAAAzNSNCz+Su/8lcUsn+1//v97+f2dDp//faP9/Rv+//9fX/+v/W7be/n8Ybokf1/9v0/+31//vtOl+fu6fX/+v/2fR1Pr/3P0vjVs62f8AAADQg9z9N8Ut9j8AAAA0I3f/y+IW+x8AAACakbv/5XFLJ/tf/+/9/0b7f+//j3z9w/b/F55D1f/r/6dvze//35A/rv/fpv/X/4/R/x+5/z994f/U/9OGQ/T/58+fv+6S9/+5+18Rt3Sy/wEAAKAHuftfGbfY/wAAANCM3P2vilvsfwAAAGhG7v5Xxy2d7H/9f6f9f36rz6v/PzcM+n/v/+v/9f/j9P/j9P8r6P/1/97/1/+zVlN7/z93/2vilk72PwAAAPQgd/9r4xb7HwAAAJqRu/91cYv9DwAAAM3I3f/6uKWT/a//77T/9/6//l//f9z9/22D/v9YzKL/P7v/1596/3+9/v9/73CX/FT6/7266//vfKddf6n/1/+zaGr9f+7+N8Qtnex/AAAA6EHu/jfGLdv7/8L/wAsAAADMVu7+N8Ut/vwfAAAAmpG7/81x0xWd7H/9v/5f/6//1/8v//rH/P7/qWEY9P9rMIv+f8TU+//1vP+/99/lF8yj//f+/3666//30P/r/1k0tf4/d/9b4pZO9j8AAAD0IHf/W+MW+x8AAACakbv/bXGL/Q8AAADNyN3/9rilk/2v/9f/6//1/833/9fPov/3/v+a6P/HTaP/35/+X/8/58+v/9f/c3Cb6v9z978jbulk/wMAAEAPcve/M26x/wEAAKAZufvfFbfY/wAAANCM3P3vjls62f/6f/3/Yfr//Jz6/7b6/9OT6//P7PrX6+T9f/3/muj/x+n/V9D/6//1/zfq/1mnqb3/n7v/PXFLJ/sfAAAAepC7/71x63+6tf8BAACgGbn73xe32P8AAADQjNz9749bOtn/+n/9v/f/9f/Nv/+v/++K/n+c/n8F/f86+vlz+v9Z9//e/2etptb/5+7/QNzSyf4HAACAHuTu/2DcYv8DAABAM3L3fyhusf8BAACgGbn7b45bOtn/+n/9v/5f/6//3/57qP9vg/5/3PH0/2f1/+vs/3f819OZ9P+7+vnL4t8F+n/9/6pfT5um1v/n7v9w3NLJ/gcAAIAe5O7/SNxi/wMAAEAzcvd/NG6x/wEAAGCWrljyY7n7Pxa3dLL/9f/6f/2//l//v/zr6//naSP9f35T6P+9/x/6ef//yl1/ddR+/rg//97//NL/6/9Zv6n1/7n7Px63dLL/AQAAoAe5+z8Rt9j/AAAA0Izc/Z+MW+x/AAAAaEbu/k/FLTPf/6cO+PP0//p//b/+X/+//Ovr/+fJ+//j9P8r6P83+n7+3D+//l//z6Kp9f+5+z8dt8x8/wMAAAAX5O7/TNxi/wMAAEAzcvd/Nm6x/wEAAKAZW7s/47IO97/+f339/96fq//X/+/8/hj0//p//f+x0P+P0/+voP/X/+v/9f+s1dT6/89t/aozw+fjlk72PwAAAPQgd/8X4hb7HwAAAJqRu/+LcYv9DwAAAM3I3f+luKWT/f8/cc/p/7d4/3+q/f/58+ev0/9Pr/8/PUyj/79F/0/R/4/T/6+g/9f/6//1/6zV1Pr/3P1fjls62f8AAADQg9z9X4lb7H8AAABoRu7+r8Yt9j8AAAA0I3f/1+KWTva/9/8n0P+f0f97/3+u/b/3/4dL2f+f2P6Hsv7/cLb6+wv/ca7/30P/v0KL/f+Zg//2N93PH9WmP7/+X//Poqn1/7n7vx63dLL/AQAAoAe5+78Rt9j/AAAA0Izc/d+MW+x/AAAAaEbu/m/FLZ3sf/3/gfr/vTnygoP0/7f/i/Ty/v/ZYfnn1//r//X/3v+/1Lz/P07/v0KL/f8hbLqfn/vn1//r/1k0tf4/d/+345bd+//k4X6XAAAAwJTk7v9O3NLJn/8DAABAD3L3fzdusf8BAACgGbn7vxe3dLL/9f8TeP+/wf7f+//Lvz/0/5Pu/0/o/9ug/x+n/19B/7+snz87DIP+X/9/yP4/v5v1/72bWv+fu//7cUsn+x8AAAB6kLv/B3GL/Q8AAADNyN3/w7jF/gcAAIBm5O6/JW7Zsf+Xtd2t0P/r//X/+n/9//Kvr/+fJ/3/uIP2/6eHo/X/Sf/fRP/v/X/9v/f/uWhT6/9z9/8obvHn/wAAADA7J/f58dz9P45b7H8AAABoRu7+n8Qt9j8AAAA0I3f/T+OWW09s6iMdK/2//l//r//X/y//+vr/edL/j/P+/wr6/3X081fp/9vo/4dB/8/RTa3/z93/s7jFn/8DAABAM3L3/zxusf8BAACgGbn7fxG32P8AAADQjNz9v4xbOtn/+n/9/xH7/600U/+/Tf+/Tf+/nP7/eOj/x+n/V9D/e/9f/+/9f9Zqav1/7v5fxS2d7H8AAADoQe7+X8ct9j8AAAA0I3f/b+IW+x8AAACakbv/t3FLJ/t/Y/1//L9a/z/7/t/7//r/zfX/Jwf9v/5/gf5/nP5/Bf2//l//r/9nrabW/+fu/13c0sn+BwAAgB7k7v993GL/AwAAQDNy9/8hbrH/AQAAoBm5+/8Yt3Sy/73/r//X/+v/Z9v/e/9f/7+E/n+c/n+5+hul/9f/6//1/6zV1Pr/3P1/ils62f8AAADQg9z9f45b7H8AAABoRu7+W+MW+x8AAACakbv/L3FLJ/t/4/3/1fp//b/+X/+/Tf+v/18H/f+4Tfb/d/2v1V/W+/8b7//zI+j/9f/6f9Ziav1/7v6/xi2d7H8AAADoQe7+v8Ut9j8AAAA0I3f/3+MW+x8AAACakbv/H3FLJ/t/Rf9/un7i4fv/E6u+tvf/9f/6f/2//l//v276/3He/19B/+/9f/2//p+1mlr/n7v/n3FLJ/sfAAAAepC7/7a4xf4HAACAZuTu/1fcYv8DAABAM3L3/ztu6WT/b/z9f/3/Ifr/q/T/+n/9v/5f/7+C/n+c/n8F/b/+X/+v/2etptb/5+7/TwAAAP//10Q9fw==")
chdir(&(0x7f0000000040)='./file0\x00') (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xf, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xf30}}, &(0x7f0000014ff5)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x40, '\x00', 0x0, @fallback, r4, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.445736525s ago: executing program 2 (id=821):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
chdir(&(0x7f0000000000)='./file0\x00')
r3 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0)

4.443867595s ago: executing program 3 (id=822):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
chdir(&(0x7f0000000000)='./file0\x00')
r3 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=""/67, 0x43)

3.908007551s ago: executing program 0 (id=823):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0xf0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}, 0x1, 0x0, 0x800000000000000}, 0x0)

2.516325358s ago: executing program 4 (id=824):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x694, &(0x7f0000000d00)="$eJzs3c1vXFfdB/DvHY8dO0+Vx2mTNkJFRIlUkCISv8gFsyEghLyoUFUWrK3EaaxMnMp2kVshcAHBColF/4CC5B0rJPZBYV123XpZCYlNxCJiY3Tv3LHHnnFsJ36Fzye6Pufec+65v/ndt3nJaAL8z5q5kebjFJm58c5KOb++NtlaX5s8Vze3kpT1RtJsFykWkuJJcrtsL7qmdJU9Pp2ffu+Lp+tftuea9VT1bzxvvT769F2tp1xNMlCXvQb3u4lt491J8kpPl6H9jrWtY5m063UJJ26jx+pBVj/IeQucMp27U9G+b/YYTc4nGa6fB6S+OjSOL8KjcaCrHAAAAJxRnz866QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7Kl//7+op0Zd5mqKzu//D3WW1fUz7fFJBwAAAAAAAAAAh+Brz/IsK7nQmd8oqs/8r1Uzl/LvjeT/8mGWMpfF3MxKZrOc5SxmPMlo10BDK7PLy4vjm2uW+q850XfNieN6xAAAAAAAAADwX+mXmdn6/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6DIhloF9V0qVMfTaOZdttQ2W81+XunfkYU/RY+Pv44AAAA4KUMv8A6//8sz7KSC535jaJ6zf969Xp5OB9mIcuZz3Jamcvd+jV0+aq/sb422Vpfm3xYTr3jfu+fBwqjGrF+f6H/lq9UPUZyL/PVkpu5UwVzN41qzdKVTjz94/qkjKn4bm2fkTXrtJYb+/1u7yIcioO+FTFaBpdsZmSsjq3MxsV2BorqjZpkZyb23DvNnVtKI4ObWxpPY/Odn0tHkPPzdVk+nt8cac4PajMTjVSZmOg6+l5/fiaSr//lTz+531p4cP/e0o3T85D2MLDL8p3HxGRXJt4405loHrD/WJWJy5vzM/lhfpwbuZp3s5j5/DSzWc5cNur22fp4Lv+OPj9Tt7fNvbtXJEP1fmnvs/3EdDU/qGqzuVateyHzKfIodzOXt6t/ExnPtzKVqUx37eHLu8ZdPbbqrG/sPOs7e/qvfYO//o26MpLkt3XZk4Mddjs6D0v72l/m9WJXXttH/dPNXhe7zoOxriy92snOYN/BX+Ta2PxKXSm38au6PB1G60yUJ1DnLtGJ7rV2JprVvaj3OP9DdW4stRYeLN6f/WCX8Vd3zL9Vl+VhtfbV/UbZf1ccrvJ4eTXD9ZVk+9FRtr22eZW5uO2uOlR/4tJua/S0Xa7aiqJzpv5o1zN1qH4O1zvSRNX2Rt+2yartSlfbtudbeZRW7h5D/gB4SaM5PzTyj5HPRz4b+fXI/ZF3hr9/7tvn3hzK4N8Gv9McG3ir8Wbx53yWn2+9/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7c0kcfP5htteYW+1cauzftUdlr5B2Vov5Bnxfa1imsDCfZtmSwXHDsYYzsDKOnsvGL5Njz0/kRwf59fldWmtnPgLf36vPJiR8Jp70ykP4HwAlfmIAjd2v54Qe3lj76+JvzD2ffn3t/bmFwamp6bHrq7clb9+Zbc2PtvycdJXAUtm76Jx0JAAAAAAAAAAAAsF/9vhhw7ZW9vjSyr+94+J+FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKGYuZHm4xQZH7s5Vs6vr022yqlT3+rZTNJoJMXPkuJJcjvtKaNdwxX545Ns9NnOp/PT733xdP3LrbGa7f5Joy5fwmo95WqSgbo8rPHuvPR4xb86j7BM2PVO4uCk/ScAAP//kSr0rQ==")
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$minix(&(0x7f0000000540), &(0x7f00000002c0)='./file1\x00', 0x8040, &(0x7f0000000c00)=ANY=[@ANYRES16=0x0], 0xfd, 0x1d0, &(0x7f0000000300)="$eJzs3O9uk1AYx/EftIXNP/H/G99qom8cdiYSXxi3O3Hp2Fxkaqxv2jSxxivxRrwVb6BN7A2IAVoKqBVRoK3fT7LsPPQczvM0oZzThArAf+uqJEOGOpKCIHj/4m5wpemcANQj0LegqKeLMQC2ROvrH3U3pHFluQCo0/SwZUY39bH0ZTbqTeZ/ndw6YTcTtZPW9DAefiBpkhpvFVx/TD8Y0f/b7ex4W9JOkfXLp3j8vcX8YWqzUS+Tb76Y/Pze5zhIzX+hcP5x/ffvZPO/KOmSpMthIfay/zVJ139S/3H2/bNvFZwf+BuG9vJx5oCpkzPfe5jEHZ1Y8rpJbEWv7+fiR0lsR/Fe77V/XFUJAEoyf7j+n5vpuKVwwb+8/tvR9dytL0EAlekPhi+PfN97W6ZhjIt1NspPQaOehrUeaZRohJu7NUgj1/ho/oPz7NSac7hzTh3JfVAU3dAD2BjOu/M3Tn8wfHB2fnTqnXqv9t0nrit1H7tOtPN3svv/2Iov1ABsjMXdf7fpRAAAAAAAAAAAAAAAQGk3JN1chgdN5gIAAACgWr97MEjzn/tZ+fDQs/nJftGn4RIBAAAAAAAAAAAAAAAAAACArfE9AAD//zpGOPg=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f0000000540)=""/239, 0xef)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r8, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90)

7.174459ms ago: executing program 3 (id=825):
syz_mount_image$nilfs2(&(0x7f0000000740), &(0x7f0000000100)='./file1\x00', 0x4800, &(0x7f0000000040)=ANY=[], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7ffffffc, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x1e, 0x2, 0x0, "4bc46729173b668be6a25f3e4f018b1166ae91f347f81b7a0000000000000002"})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000480))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x30a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x20004010}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="c40000001900674c0000000000000000ff01098817c5d2d2353cd8d1f31a5656176e0000000000000010"], 0xc4}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff013000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff000000000000000000000000000000000000000000000300000000000000000040"], 0xb8}}, 0x0)

0s ago: executing program 2 (id=826):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(0x0, 0x14113e, 0x0)
write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f00000003c0)='.\x00', 0x0, 0x0)
renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2)

kernel console output (not intermixed with test programs):

9: 0000000000000000
[  221.961860][ T6068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  221.969855][ T6068] R13: 0000000000000000 R14: 00007f955dee9f80 R15: 00007ffefdc3ffe8
[  221.977868][ T6068]  </TASK>
[  221.988940][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.010028][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.020349][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.031203][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.041385][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.052204][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.062859][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.073799][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.086593][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.096253][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  222.115445][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  222.146516][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  222.183586][ T5817] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.207520][ T5817] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.225141][ T5817] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.257033][ T5817] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.869090][ T3873] Bluetooth: hci4: command 0x0419 tx timeout
[  224.406492][ T5928] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  224.468770][ T5928] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  224.508291][ T5928] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  224.564195][ T5928] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  224.654834][ T3666] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  224.688784][ T3666] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.788111][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  224.832569][ T4099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  224.874257][ T4099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.910799][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  224.963744][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.027636][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  225.049097][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  225.072510][ T5928] 8021q: adding VLAN 0 to HW filter on device team0
[  225.121118][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  225.161939][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  225.198454][ T1192] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.205835][ T1192] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.225776][ T6097] loop3: detected capacity change from 0 to 2048
[  225.226127][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  225.265053][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  225.299333][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  225.328236][ T1192] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.335493][ T1192] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.450327][ T6099] loop2: detected capacity change from 0 to 512
[  225.561840][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  225.587983][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  225.619481][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  225.688820][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  225.729868][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  225.740168][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  225.750243][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  225.760378][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  225.769884][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  225.778816][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  225.788035][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  225.844110][ T6099] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  225.867085][ T6099] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038 (0x7fffffff)
[  226.004632][ T6113] loop0: detected capacity change from 0 to 256
[  226.165856][ T6113] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  226.192382][   T26] audit: type=1326 audit(1728930341.676:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.260916][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.278263][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  226.279227][ T6121] loop1: detected capacity change from 0 to 1024
[  226.296088][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  226.298991][   T26] audit: type=1326 audit(1728930341.676:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.403371][ T6121] EXT4-fs (loop1): INFO: recovery required on readonly filesystem
[  226.430597][ T6121] EXT4-fs (loop1): write access will be enabled during recovery
[  226.440661][   T26] audit: type=1326 audit(1728930341.676:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.480875][ T6121] JBD2: no valid journal superblock found
[  226.481908][ T6113] netlink: 16 bytes leftover after parsing attributes in process `syz.0.500'.
[  226.496162][ T6121] EXT4-fs (loop1): error loading journal
[  226.548297][   T26] audit: type=1326 audit(1728930341.676:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.558076][ T6113] netlink: 16 bytes leftover after parsing attributes in process `syz.0.500'.
[  226.584278][ T6113] netlink: 24 bytes leftover after parsing attributes in process `syz.0.500'.
[  226.671238][   T26] audit: type=1326 audit(1728930341.676:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.700896][ T2989] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  226.732515][   T26] audit: type=1326 audit(1728930341.676:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.783192][   T26] audit: type=1326 audit(1728930341.676:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  226.860826][   T26] audit: type=1326 audit(1728930341.676:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf3a3da990 code=0x7ffc0000
[  226.948093][ T6134] loop3: detected capacity change from 0 to 512
[  226.983915][   T26] audit: type=1326 audit(1728930341.676:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  227.092815][   T26] audit: type=1326 audit(1728930341.686:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000
[  227.094002][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  227.131600][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  227.140810][ T2989] usb 3-1: Using ep0 maxpacket: 16
[  227.196027][ T6144] netlink: 12 bytes leftover after parsing attributes in process `syz.0.505'.
[  229.839544][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  229.849010][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  229.874218][ T2989] usb 3-1: unable to read config index 0 descriptor/start: -71
[  229.875713][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  229.910526][ T2989] usb 3-1: can't read configurations, error -71
[  229.923503][ T6149] loop3: detected capacity change from 0 to 1024
[  229.941328][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  229.996170][ T5928] device veth0_vlan entered promiscuous mode
[  230.067494][ T5928] device veth1_vlan entered promiscuous mode
[  230.149959][ T6152] loop2: detected capacity change from 0 to 4096
[  230.178546][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  230.192933][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  230.213823][ T5928] device veth0_macvtap entered promiscuous mode
[  230.284562][ T5928] device veth1_macvtap entered promiscuous mode
[  230.408988][ T6159] loop0: detected capacity change from 0 to 512
[  230.434804][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.467832][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.510022][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.524715][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.536584][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.560088][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.583284][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.608946][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.632147][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.654709][ T6161] loop2: detected capacity change from 0 to 4096
[  230.662119][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.675408][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.709112][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  230.719956][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  230.730553][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  230.741995][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  230.765714][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.776858][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.784487][ T6159] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  230.788213][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.810040][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.813419][ T6161] ntfs: volume version 3.1.
[  230.822922][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.835854][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.845917][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.856718][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.869030][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.879699][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.891589][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1
[  230.903472][ T6159] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038 (0x7fffffff)
[  230.953762][ T5928] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.990588][ T5928] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  231.009735][ T5928] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  231.032736][ T5928] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.048883][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  231.081532][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  231.089901][ T6171] loop3: detected capacity change from 0 to 512
[  231.113694][ T6166] netlink: 100 bytes leftover after parsing attributes in process `syz.1.515'.
[  231.285148][ T6177] loop2: detected capacity change from 0 to 2048
[  231.349431][ T6177] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  231.437205][ T6182] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  231.832148][ T1203] device hsr_slave_0 left promiscuous mode
[  231.901224][ T1203] device hsr_slave_1 left promiscuous mode
[  231.918412][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  232.032439][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.093106][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  232.115391][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.181037][ T1203] device bridge_slave_1 left promiscuous mode
[  232.190794][ T1203] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.194092][ T6191] loop0: detected capacity change from 0 to 8192
[  232.248777][ T1203] device bridge_slave_0 left promiscuous mode
[  234.228495][ T1203] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.272268][ T6191] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  234.295594][ T1203] device veth1_macvtap left promiscuous mode
[  234.300865][ T6191] REISERFS (device loop0): using ordered data mode
[  234.303558][ T1203] device veth0_macvtap left promiscuous mode
[  234.308180][ T6191] reiserfs: using flush barriers
[  234.315614][ T1203] device veth1_vlan left promiscuous mode
[  234.325484][ T1203] device veth0_vlan left promiscuous mode
[  234.360724][ T6191] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  234.405337][ T6191] REISERFS (device loop0): checking transaction log (loop0)
[  234.419296][ T6191] REISERFS (device loop0): Using r5 hash to sort names
[  234.428983][ T6191] REISERFS (device loop0): using 3.5.x disk format
[  234.441720][ T6191] REISERFS warning (device loop0): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  234.457747][ T6191] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  234.743695][ T1203] team0 (unregistering): Port device team_slave_1 removed
[  234.767138][ T1203] team0 (unregistering): Port device team_slave_0 removed
[  234.787970][ T1203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  234.835138][ T1203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  234.982906][ T1203] bond0 (unregistering): Released all slaves
[  235.064874][ T6209] loop0: detected capacity change from 0 to 4096
[  235.067483][ T6205] tipc: Started in network mode
[  235.083782][ T3666] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.092030][ T6205] tipc: Node identity 2, cluster identity 2544
[  235.099492][ T6205] tipc: Node number set to 2
[  235.105148][ T3666] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.106799][ T6205] tipc: Cannot configure node identity twice
[  235.131225][ T6209] ntfs3: Unknown parameter 'hide_dot_files'
[  235.142847][ T6206] device geneve2 entered promiscuous mode
[  235.186409][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  235.315282][ T4099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.380037][ T4099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.396504][ T6216] devtmpfs: Unknown parameter ''
[  235.410455][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  235.589617][ T6224] FAULT_INJECTION: forcing a failure.
[  235.589617][ T6224] name failslab, interval 1, probability 0, space 0, times 0
[  235.680872][ T6227] loop4: detected capacity change from 0 to 1024
[  235.720597][ T6224] CPU: 1 PID: 6224 Comm: syz.2.532 Not tainted 5.15.167-syzkaller #0
[  235.728720][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  235.738796][ T6224] Call Trace:
[  235.742090][ T6224]  <TASK>
[  235.745034][ T6224]  dump_stack_lvl+0x1e3/0x2d0
[  235.749739][ T6224]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  235.755392][ T6224]  ? panic+0x860/0x860
[  235.759486][ T6224]  ? __might_sleep+0xc0/0xc0
[  235.764200][ T6224]  should_fail+0x38a/0x4c0
[  235.768644][ T6224]  should_failslab+0x5/0x20
[  235.773170][ T6224]  slab_pre_alloc_hook+0x53/0xc0
[  235.778131][ T6224]  kmem_cache_alloc_trace+0x49/0x290
[  235.783528][ T6224]  ? snd_timer_instance_new+0x4d/0x210
[  235.789018][ T6224]  snd_timer_instance_new+0x4d/0x210
[  235.794325][ T6224]  snd_seq_timer_open+0x218/0x6d0
[  235.799403][ T6224]  ? _raw_spin_lock_irqsave+0xac/0x120
[  235.804888][ T6224]  ? snd_seq_timer_set_skew+0xc0/0xc0
[  235.810282][ T6224]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  235.816219][ T6224]  ? _raw_spin_unlock+0x40/0x40
[  235.821092][ T6224]  ? snd_seq_timer_defaults+0x32/0x550
[  235.826573][ T6224]  snd_seq_queue_alloc+0x442/0x760
[  235.831731][ T6224]  snd_seq_ioctl_create_queue+0x7f/0x350
[  235.837400][ T6224]  snd_seq_oss_open+0x687/0x1010
[  235.842392][ T6224]  ? snd_seq_oss_delete_client+0x50/0x50
[  235.848376][ T6224]  ? read_lock_is_recursive+0x10/0x10
[  235.853837][ T6224]  ? __lock_acquire+0x1ff0/0x1ff0
[  235.858896][ T6224]  ? mutex_lock_io_nested+0x60/0x60
[  235.864136][ T6224]  ? snd_seq_oss_process_event+0x29e0/0x29e0
[  235.870177][ T6224]  ? async_call_lookup_ports+0x10/0x10
[  235.875718][ T6224]  odev_open+0x5f/0x90
[  235.879807][ T6224]  chrdev_open+0x54a/0x630
[  235.884363][ T6224]  ? cd_forget+0x160/0x160
[  235.888812][ T6224]  ? do_raw_spin_unlock+0x137/0x8b0
[  235.894034][ T6224]  ? fsnotify_perm+0x47b/0x590
[  235.898927][ T6224]  ? cd_forget+0x160/0x160
[  235.903372][ T6224]  do_dentry_open+0x807/0xfb0
[  235.908211][ T6224]  path_openat+0x2705/0x2f20
[  235.912861][ T6224]  ? do_filp_open+0x460/0x460
[  235.917609][ T6224]  do_filp_open+0x21c/0x460
[  235.922146][ T6224]  ? vfs_tmpfile+0x2e0/0x2e0
[  235.926779][ T6224]  ? _raw_spin_unlock+0x24/0x40
[  235.931657][ T6224]  ? alloc_fd+0x598/0x630
[  235.936018][ T6224]  do_sys_openat2+0x13b/0x4f0
[  235.940718][ T6224]  ? do_sys_open+0x220/0x220
[  235.945339][ T6224]  __x64_sys_openat+0x243/0x290
[  235.950212][ T6224]  ? __ia32_sys_open+0x270/0x270
[  235.955174][ T6224]  ? syscall_enter_from_user_mode+0x2e/0x240
[  235.961186][ T6224]  ? lockdep_hardirqs_on+0x94/0x130
[  235.966427][ T6224]  ? syscall_enter_from_user_mode+0x2e/0x240
[  235.972449][ T6224]  do_syscall_64+0x3b/0xb0
[  235.976894][ T6224]  ? clear_bhb_loop+0x15/0x70
[  235.981593][ T6224]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  235.987514][ T6224] RIP: 0033:0x7fb5cc898ff9
[  235.991947][ T6224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.000014][ T6233] loop1: detected capacity change from 0 to 8192
[  236.011569][ T6224] RSP: 002b:00007fb5cad11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  236.011599][ T6224] RAX: ffffffffffffffda RBX: 00007fb5cca50f80 RCX: 00007fb5cc898ff9
[  236.011617][ T6224] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: ffffffffffffff9c
[  236.011632][ T6224] RBP: 00007fb5cad11090 R08: 0000000000000000 R09: 0000000000000000
[  236.050277][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  236.058272][ T6224] R13: 0000000000000000 R14: 00007fb5cca50f80 R15: 00007ffd37864368
[  236.066287][ T6224]  </TASK>
[  236.069446][    C1] vkms_vblank_simulate: vblank timer overrun
[  236.104873][ T6233] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  236.126372][ T6233] REISERFS (device loop1): using ordered data mode
[  236.145959][ T6227] EXT4-fs (loop4): Ignoring removed orlov option
[  236.178689][ T6227] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  236.214442][ T6233] reiserfs: using flush barriers
[  236.269983][ T6244] loop0: detected capacity change from 0 to 512
[  236.274218][ T6233] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  237.412053][ T6233] REISERFS (device loop1): checking transaction log (loop1)
[  238.420462][ T6227] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  238.446190][ T6244] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  238.500575][ T6244] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038 (0x7fffffff)
[  238.588622][ T6252] EXT4-fs error (device loop4): ext4_map_blocks:628: inode #2: block 16: comm syz.4.464: lblock 0 mapped to illegal pblock 16 (length 1)
[  238.679411][ T6233] REISERFS (device loop1): Using tea hash to sort names
[  238.721672][ T6233] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  238.899059][ T5928] EXT4-fs error (device loop4): ext4_map_blocks:628: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  238.933716][ T5928] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm syz-executor: Invalid inode table block 0 in block_group 0
[  238.967668][ T5928] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5803: Corrupt filesystem
[  239.017128][ T5928] EXT4-fs error (device loop4): ext4_dirty_inode:6007: inode #2: comm syz-executor: mark_inode_dirty error
[  239.113701][ T3836] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm kworker/u4:9: Invalid inode table block 0 in block_group 0
[  239.183447][ T3836] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm kworker/u4:9: Invalid inode table block 0 in block_group 0
[  239.234568][ T3836] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm kworker/u4:9: Invalid inode table block 0 in block_group 0
[  239.303385][ T6256] netlink: 60 bytes leftover after parsing attributes in process `syz.1.542'.
[  239.559805][ T6266] loop1: detected capacity change from 0 to 512
[  239.704839][ T6268] loop2: detected capacity change from 0 to 1024
[  239.727843][ T6266] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  239.799948][ T6266] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038 (0x7fffffff)
[  239.805212][ T6268] EXT4-fs (loop2): Project quota feature not enabled. Cannot enable project quota enforcement.
[  239.904324][ T6268] overlayfs: failed to resolve './file1': -2
[  240.077104][ T6275] loop1: detected capacity change from 0 to 64
[  240.234391][ T6278] netlink: 32 bytes leftover after parsing attributes in process `syz.2.549'.
[  240.661680][ T6284] loop3: detected capacity change from 0 to 4096
[  241.083546][ T6285] chnl_net:caif_netlink_parms(): no params data found
[  241.443020][ T6285] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.470737][ T6285] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.476144][ T6288] loop1: detected capacity change from 0 to 32768
[  241.496836][ T6285] device bridge_slave_0 entered promiscuous mode
[  241.518650][ T6285] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.448889][ T3874] Bluetooth: hci4: command 0x0409 tx timeout
[  243.467196][ T6285] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.569890][ T6285] device bridge_slave_1 entered promiscuous mode
[  243.713098][ T6285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.750486][ T6285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.925551][ T6291] loop3: detected capacity change from 0 to 32768
[  243.967357][ T6285] team0: Port device team_slave_0 added
[  243.978636][ T6285] team0: Port device team_slave_1 added
[  244.062938][ T6285] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.131550][ T6285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.211174][ T6307] loop1: detected capacity change from 0 to 512
[  244.234679][ T6285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.323491][ T6285] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.334202][ T6307] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.555: iget: bad extended attribute block 1
[  244.348405][ T6285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.429765][ T6307] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.555: couldn't read orphan inode 15 (err -117)
[  244.442838][ T6313] netlink: 68 bytes leftover after parsing attributes in process `syz.3.558'.
[  244.488588][ T6307] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,resgid=0x000000000000ee00,auto_da_alloc=0x0000000000000003,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none.
[  244.623062][ T6285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.893087][ T6285] device hsr_slave_0 entered promiscuous mode
[  244.938040][ T6285] device hsr_slave_1 entered promiscuous mode
[  244.971365][ T6285] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  245.019401][ T6285] Cannot create hsr debugfs directory
[  245.341287][ T6339] FAULT_INJECTION: forcing a failure.
[  245.341287][ T6339] name failslab, interval 1, probability 0, space 0, times 0
[  245.418449][ T6339] CPU: 0 PID: 6339 Comm: syz.1.567 Not tainted 5.15.167-syzkaller #0
[  245.426623][ T6339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  245.436705][ T6339] Call Trace:
[  245.440007][ T6339]  <TASK>
[  245.443349][ T6339]  dump_stack_lvl+0x1e3/0x2d0
[  245.448063][ T6339]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  245.453741][ T6339]  ? panic+0x860/0x860
[  245.457855][ T6339]  ? __might_sleep+0xc0/0xc0
[  245.462474][ T6339]  should_fail+0x38a/0x4c0
[  245.466928][ T6339]  ? snd_timer_instance_new+0x66/0x210
[  245.472432][ T6339]  should_failslab+0x5/0x20
[  245.476961][ T6339]  slab_pre_alloc_hook+0x53/0xc0
[  245.481928][ T6339]  ? snd_timer_instance_new+0x66/0x210
[  245.487414][ T6339]  __kmalloc_track_caller+0x6c/0x300
[  245.492721][ T6339]  ? snd_timer_instance_new+0x66/0x210
[  245.498823][ T6339]  kstrdup+0x31/0x70
[  245.502746][ T6339]  snd_timer_instance_new+0x66/0x210
[  245.508055][ T6339]  snd_seq_timer_open+0x218/0x6d0
[  245.513101][ T6339]  ? _raw_spin_lock_irqsave+0xac/0x120
[  245.518677][ T6339]  ? snd_seq_timer_set_skew+0xc0/0xc0
[  245.518897][ T4914] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  245.524070][ T6339]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  245.537592][ T6339]  ? _raw_spin_unlock+0x40/0x40
[  245.542484][ T6339]  ? snd_seq_timer_defaults+0x32/0x550
[  245.548001][ T6339]  snd_seq_queue_alloc+0x442/0x760
[  245.553158][ T6339]  snd_seq_ioctl_create_queue+0x7f/0x350
[  245.558841][ T6339]  snd_seq_oss_open+0x687/0x1010
[  245.563913][ T6339]  ? snd_seq_oss_delete_client+0x50/0x50
[  245.569595][ T6339]  ? read_lock_is_recursive+0x10/0x10
[  245.575206][ T6339]  ? __lock_acquire+0x1ff0/0x1ff0
[  245.580259][ T6339]  ? mutex_lock_io_nested+0x60/0x60
[  245.585497][ T6339]  ? snd_seq_oss_process_event+0x29e0/0x29e0
[  245.591506][ T6339]  ? async_call_lookup_ports+0x10/0x10
[  245.596999][ T6339]  odev_open+0x5f/0x90
[  245.601092][ T6339]  chrdev_open+0x54a/0x630
[  245.605541][ T6339]  ? cd_forget+0x160/0x160
[  245.610066][ T6339]  ? do_raw_spin_unlock+0x137/0x8b0
[  245.615290][ T6339]  ? fsnotify_perm+0x47b/0x590
[  245.620076][ T6339]  ? cd_forget+0x160/0x160
[  245.624511][ T6339]  do_dentry_open+0x807/0xfb0
[  245.629218][ T6339]  path_openat+0x2705/0x2f20
[  245.633853][ T6339]  ? do_filp_open+0x460/0x460
[  245.638598][ T6339]  do_filp_open+0x21c/0x460
[  245.643177][ T6339]  ? vfs_tmpfile+0x2e0/0x2e0
[  245.647819][ T6339]  ? _raw_spin_unlock+0x24/0x40
[  245.652693][ T6339]  ? alloc_fd+0x598/0x630
[  245.657058][ T6339]  do_sys_openat2+0x13b/0x4f0
[  245.661764][ T6339]  ? do_sys_open+0x220/0x220
[  245.666405][ T6339]  __x64_sys_openat+0x243/0x290
[  245.671282][ T6339]  ? __ia32_sys_open+0x270/0x270
[  245.676355][ T6339]  ? syscall_enter_from_user_mode+0x2e/0x240
[  245.682354][ T6339]  ? lockdep_hardirqs_on+0x94/0x130
[  245.687582][ T6339]  ? syscall_enter_from_user_mode+0x2e/0x240
[  245.693601][ T6339]  do_syscall_64+0x3b/0xb0
[  245.698049][ T6339]  ? clear_bhb_loop+0x15/0x70
[  245.702757][ T6339]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  245.708690][ T6339] RIP: 0033:0x7f31d0c54ff9
[  245.713129][ T6339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.732796][ T6339] RSP: 002b:00007f31cf0cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  245.741248][ T6339] RAX: ffffffffffffffda RBX: 00007f31d0e0cf80 RCX: 00007f31d0c54ff9
[  245.749252][ T6339] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: ffffffffffffff9c
[  245.757254][ T6339] RBP: 00007f31cf0cd090 R08: 0000000000000000 R09: 0000000000000000
[  245.765354][ T6339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  245.773477][ T6339] R13: 0000000000000000 R14: 00007f31d0e0cf80 R15: 00007ffd1ebeadc8
[  245.781582][ T6339]  </TASK>
[  245.788564][ T2989] Bluetooth: hci4: command 0x041b tx timeout
[  245.805560][ T6285] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.049038][ T4914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  247.432777][ T4914] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  247.460308][ T4914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.842967][ T3874] Bluetooth: hci4: command 0x040f tx timeout
[  247.864687][ T4914] usb 1-1: config 0 descriptor??
[  247.921418][ T4914] pwc: Askey VC010 type 2 USB webcam detected.
[  247.984099][ T6285] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.058035][ T6340] loop2: detected capacity change from 0 to 32768
[  248.100784][ T6285] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.167268][ T6285] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.200578][ T6340] XFS (loop2): Mounting V5 Filesystem
[  248.403637][ T6285] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  248.421965][ T6340] XFS (loop2): Ending clean mount
[  248.434757][ T6340] XFS (loop2): Quotacheck needed: Please wait.
[  248.458036][ T6285] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  248.487117][ T6285] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  248.525621][ T6340] XFS (loop2): Quotacheck: Done.
[  248.546166][ T6285] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  248.573329][ T5671] XFS (loop2): Unmounting Filesystem
[  248.608882][ T4914] pwc: recv_control_msg error -71 req 02 val 2700
[  248.639024][ T4914] pwc: recv_control_msg error -71 req 02 val 2c00
[  248.658750][ T4914] pwc: recv_control_msg error -71 req 04 val 1000
[  248.692923][ T4914] pwc: recv_control_msg error -71 req 04 val 1300
[  248.729367][ T4914] pwc: recv_control_msg error -71 req 04 val 1400
[  248.758979][ T4914] pwc: recv_control_msg error -71 req 02 val 2000
[  248.788888][ T4914] pwc: recv_control_msg error -71 req 02 val 2100
[  248.808988][ T4914] pwc: recv_control_msg error -71 req 04 val 1500
[  248.823041][ T6285] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.838640][ T4914] pwc: recv_control_msg error -71 req 02 val 2500
[  248.847032][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  248.857401][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  248.860227][ T4914] pwc: recv_control_msg error -71 req 02 val 2400
[  248.963273][ T4914] pwc: recv_control_msg error -71 req 02 val 2600
[  248.981651][ T6285] 8021q: adding VLAN 0 to HW filter on device team0
[  248.995731][ T4914] pwc: recv_control_msg error -71 req 02 val 2900
[  249.007868][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  249.030617][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  249.050642][ T4914] pwc: recv_control_msg error -71 req 02 val 2800
[  249.060445][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.067583][ T6345] bridge0: port 1(bridge_slave_0) entered forwarding state
[  249.080545][ T4914] pwc: recv_control_msg error -71 req 04 val 1100
[  249.113817][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  249.121910][ T4914] pwc: recv_control_msg error -71 req 04 val 1200
[  249.143770][ T4914] pwc: Registered as video71.
[  249.172211][ T4914] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input23
[  249.212533][ T4914] usb 1-1: USB disconnect, device number 11
[  249.262630][ T6371] loop0: detected capacity change from 0 to 128
[  249.292183][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  249.306326][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  249.348121][ T6375] 9pnet: Insufficient options for proto=fd
[  249.408920][ T4100] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.416095][ T4100] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.528531][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  249.557539][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  249.578596][ T3644] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  249.848574][ T3644] usb 4-1: Using ep0 maxpacket: 16
[  249.979834][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.152870][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.272113][ T3644] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  250.333638][ T3874] Bluetooth: hci4: command 0x0419 tx timeout
[  250.389920][ T3644] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  250.394678][ T6285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  250.417209][ T6285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  250.422017][ T3644] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.437816][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  250.469981][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  251.460425][ T3644] usb 4-1: config 0 descriptor??
[  252.458459][ T3644] usb 4-1: can't set config #0, error -71
[  252.532698][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  252.543067][ T3644] usb 4-1: USB disconnect, device number 13
[  252.569150][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  252.594025][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  252.614842][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  252.629417][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  252.639251][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  252.647923][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  252.656156][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  252.773044][ T6400] loop1: detected capacity change from 0 to 64
[  252.921966][ T6398] loop3: detected capacity change from 0 to 4096
[  253.012215][ T1203] device hsr_slave_0 left promiscuous mode
[  253.052852][ T6398] __ntfs_warning: 34 callbacks suppressed
[  253.052873][ T6398] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker.
[  253.088557][ T1203] device hsr_slave_1 left promiscuous mode
[  253.108565][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  253.116313][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_0
[  253.135293][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  253.146683][ T6398] ntfs: (device loop3): map_mft_record_page(): Mft record 0x0 is corrupt.  Run chkdsk.
[  253.176464][ T6398] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[  253.186123][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_1
[  253.196053][ T6402] loop2: detected capacity change from 0 to 8192
[  253.224403][ T6398] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x0 as bad.  Run chkdsk.
[  253.239538][ T1203] device bridge_slave_1 left promiscuous mode
[  253.278561][ T1203] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.298383][ T6398] ntfs: (device loop3): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net
[  253.328095][ T1203] device bridge_slave_0 left promiscuous mode
[  253.335484][ T1203] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.351287][ T1203] device veth1_macvtap left promiscuous mode
[  253.357406][ T1203] device veth0_macvtap left promiscuous mode
[  253.363896][ T1203] device veth1_vlan left promiscuous mode
[  253.370098][ T1203] device veth0_vlan left promiscuous mode
[  253.372955][ T6402] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  253.790430][ T6398] ntfs: (device loop3): ntfs_fill_super(): Failed to load essential metadata.
[  253.807751][ T6402] REISERFS (device loop2): using ordered data mode
[  253.817919][ T6402] reiserfs: using flush barriers
[  253.849350][ T6402] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  253.876135][ T6402] REISERFS (device loop2): checking transaction log (loop2)
[  253.885918][ T6402] REISERFS (device loop2): Using r5 hash to sort names
[  253.901107][ T6402] REISERFS (device loop2): using 3.5.x disk format
[  253.908368][ T6402] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  253.942991][ T6402] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  254.089181][ T6416] 9pnet: Insufficient options for proto=fd
[  254.565614][ T1203] team0 (unregistering): Port device team_slave_1 removed
[  254.612953][ T1203] team0 (unregistering): Port device team_slave_0 removed
[  254.684132][ T6425] loop2: detected capacity change from 0 to 40427
[  254.692471][ T1203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  254.737887][ T6425] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  254.745705][ T6425] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  254.763673][ T6425] F2FS-fs (loop2): invalid crc value
[  254.785916][ T6428] ALSA: mixer_oss: invalid OSS volume '—ˆ†åÉY¢'
[  254.790067][ T1203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  254.802618][ T6425] F2FS-fs (loop2): Found nat_bits in checkpoint
[  254.890873][ T6425] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  254.898029][ T6425] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  255.234487][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  255.244211][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  255.432295][ T1203] bond0 (unregistering): Released all slaves
[  255.599934][ T6285] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.736013][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  255.744301][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  255.989869][ T6438] bridge0: port 3(gretap0) entered blocking state
[  256.025229][ T6438] bridge0: port 3(gretap0) entered disabled state
[  256.051401][ T6438] device gretap0 entered promiscuous mode
[  256.067669][ T6438] bridge0: port 3(gretap0) entered blocking state
[  256.074233][ T6438] bridge0: port 3(gretap0) entered forwarding state
[  256.092820][ T6445] device gretap0 left promiscuous mode
[  256.103692][ T6445] bridge0: port 3(gretap0) entered disabled state
[  256.120427][ T6463] tipc: Enabled bearer <eth:team0>, priority 0
[  256.195460][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  256.216625][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  256.320337][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  257.417868][ T3617] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  258.368976][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  258.386561][ T6285] device veth0_vlan entered promiscuous mode
[  258.412792][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  258.438814][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  258.466531][ T6285] device veth1_vlan entered promiscuous mode
[  258.473983][ T6473] sctp: [Deprecated]: syz.2.599 (pid 6473) Use of struct sctp_assoc_value in delayed_ack socket option.
[  258.473983][ T6473] Use struct sctp_sack_info instead
[  258.525068][ T6474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  258.551851][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  258.579629][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  258.626127][ T6285] device veth0_macvtap entered promiscuous mode
[  258.664582][ T6285] device veth1_macvtap entered promiscuous mode
[  258.734187][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.783476][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.794387][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.806011][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.823427][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.834611][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.855909][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  258.879917][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.899704][ T3617] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  258.900497][ T6285] batman_adv: batadv0: Interface activated: batadv_slave_0
[  258.920214][ T3617] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.923592][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  258.945204][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  258.949847][ T3617] usb 2-1: Product: syz
[  258.968008][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  258.970097][ T6485] loop2: detected capacity change from 0 to 4096
[  258.984312][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  258.985954][ T3617] usb 2-1: Manufacturer: syz
[  258.998360][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.010685][ T3617] usb 2-1: SerialNumber: syz
[  259.021160][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.038324][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.072832][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.088267][ T3617] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  259.099870][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.135965][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.147993][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.160880][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.173713][ T6285] batman_adv: batadv0: Interface activated: batadv_slave_1
[  259.191723][ T3874] usb 2-1: USB disconnect, device number 21
[  259.198489][ T3617] usb 2-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  259.226341][ T6485] ntfs: (device loop2): is_boot_sector_ntfs(): Invalid end of sector marker.
[  259.242628][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  259.254251][ T3874] usb 2-1: ath9k_htc: USB layer deinitialized
[  259.258267][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  259.276357][ T6485] ntfs: (device loop2): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[  259.314200][ T6485] ntfs: (device loop2): map_mft_record(): Failed with error code 5.
[  259.348572][ T6489] netlink: 'syz.1.609': attribute type 3 has an invalid length.
[  259.366727][ T6485] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  259.406795][ T6485] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[  259.426509][ T6285] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  259.435690][ T6285] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  259.501652][ T6485] ntfs: volume version 3.1.
[  259.631891][ T6285] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  259.649617][ T6489] loop1: detected capacity change from 0 to 8192
[  259.675721][ T6285] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  259.808315][ T6500] qrtr: Invalid version 47
[  259.894414][ T6489] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  259.910196][ T6489] REISERFS (device loop1): using ordered data mode
[  259.918232][ T6489] reiserfs: using flush barriers
[  259.924705][ T6489] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  259.941924][ T6489] REISERFS (device loop1): checking transaction log (loop1)
[  259.993554][ T6489] REISERFS (device loop1): Using r5 hash to sort names
[  260.033361][ T6489] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  260.148872][ T1192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.180779][ T1192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.243609][ T6508] loop0: detected capacity change from 0 to 1764
[  260.265364][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  260.332768][ T4139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  260.366513][ T4139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  260.382414][ T6512] loop2: detected capacity change from 0 to 512
[  260.402301][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  260.578236][ T6512] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  260.785546][ T6512] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038 (0x7fffffff)
[  262.132712][ T6489] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  265.028655][ T6541] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  265.036753][ T6541] IPv6: NLM_F_CREATE should be set when creating new route
[  265.044015][ T6541] IPv6: NLM_F_CREATE should be set when creating new route
[  265.143500][ T6542] 9pnet: Insufficient options for proto=fd
[  265.621451][ T6535] loop4: detected capacity change from 0 to 32768
[  265.845508][ T3644] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  266.275827][ T3644] usb 1-1: Using ep0 maxpacket: 16
[  266.399138][ T3644] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  266.456352][ T3644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  266.525538][ T3644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  266.571880][ T6557] loop3: detected capacity change from 0 to 512
[  266.588800][ T3644] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  266.638960][ T3644] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  266.759912][ T6558] loop1: detected capacity change from 0 to 512
[  266.861939][ T6558] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal
[  266.905624][ T3644] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  267.053278][ T3644] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  267.235589][ T3644] usb 1-1: Manufacturer: syz
[  267.432532][ T3644] usb 1-1: config 0 descriptor??
[  267.825314][ T3644] rc_core: IR keymap rc-hauppauge not found
[  267.831267][ T3644] Registered IR keymap rc-empty
[  267.849071][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  267.861631][ T6565] loop2: detected capacity change from 0 to 256
[  267.877843][ T6562] loop3: detected capacity change from 0 to 4096
[  267.897505][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  267.938503][ T6565] FAT-fs (loop2): Unrecognized mount option "nfs=nostale_rouni_xlate=1" or missing value
[  267.949353][ T3644] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  267.955783][ T6562] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker.
[  268.002094][ T6562] ntfs: (device loop3): map_mft_record_page(): Mft record 0x0 is corrupt.  Run chkdsk.
[  268.003268][ T3644] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input24
[  268.022343][ T6562] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[  268.049953][ T6569] fuse: Bad value for 'fd'
[  268.066876][ T6562] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x0 as bad.  Run chkdsk.
[  268.091816][ T6562] ntfs: (device loop3): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net
[  268.102225][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.152663][ T6562] ntfs: (device loop3): ntfs_fill_super(): Failed to load essential metadata.
[  268.215190][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.259866][ T6567] loop4: detected capacity change from 0 to 8192
[  268.267730][ T6574] loop2: detected capacity change from 0 to 512
[  268.267824][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.321950][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.346058][ T6567] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  268.375628][ T6567] REISERFS (device loop4): using ordered data mode
[  268.385534][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.455167][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.462480][ T6567] reiserfs: using flush barriers
[  268.525813][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.535458][ T6574] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  268.549646][ T6567] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  268.575165][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.605537][ T6574] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038 (0x7fffffff)
[  268.616658][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.655194][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  268.671223][ T6567] REISERFS (device loop4): checking transaction log (loop4)
[  268.686668][ T3644] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  268.706131][ T3644] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  268.729877][ T6567] REISERFS (device loop4): Using r5 hash to sort names
[  268.731464][ T3644] usb 1-1: USB disconnect, device number 12
[  268.765788][ T6567] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  268.986246][ T6587] 9pnet: Insufficient options for proto=fd
[  269.009818][ T6587] 9pnet: Insufficient options for proto=fd
[  269.244499][ T6586] loop2: detected capacity change from 0 to 8192
[  269.323421][ T6586] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  269.365017][ T6586] REISERFS (device loop2): using ordered data mode
[  269.392840][ T6586] reiserfs: using flush barriers
[  269.416785][ T6586] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  269.440908][ T6577] loop3: detected capacity change from 0 to 40427
[  269.489491][ T6589] loop0: detected capacity change from 0 to 8192
[  269.541703][ T6586] REISERFS (device loop2): checking transaction log (loop2)
[  269.681445][ T6586] REISERFS (device loop2): Using r5 hash to sort names
[  269.797336][ T6586] REISERFS (device loop2): using 3.5.x disk format
[  270.180060][ T6586] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  270.408059][ T6586] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  270.480437][ T6589] REISERFS warning (device loop0):  reiserfs_fill_super: Cannot allocate commit workqueue
[  270.705585][ T6607] netlink: 36 bytes leftover after parsing attributes in process `syz.1.642'.
[  271.145853][ T6619] loop2: detected capacity change from 0 to 512
[  271.210822][ T6624] 9pnet: Insufficient options for proto=fd
[  271.232525][ T6624] 9pnet: Insufficient options for proto=fd
[  271.333533][ T6619] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback.
[  271.412041][ T6619] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038 (0x7fffffff)
[  271.433967][ T6628] mmap: syz.4.649 (6628) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  272.412943][ T6643] loop3: detected capacity change from 0 to 8192
[  272.706651][ T3615] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  273.782559][ T6643] loop3: detected capacity change from 0 to 512
[  273.815762][ T3615] usb 2-1: Using ep0 maxpacket: 32
[  273.913699][ T6666] loop0: detected capacity change from 0 to 1024
[  273.939340][ T3615] usb 2-1: device descriptor read/all, error -71
[  274.019106][ T6666] hfsplus: request for non-existent node 3 in B*Tree
[  274.044465][ T6666] hfsplus: request for non-existent node 3 in B*Tree
[  274.399216][ T6677] loop1: detected capacity change from 0 to 1024
[  274.484178][ T3617] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  274.606217][ T6685] loop2: detected capacity change from 0 to 128
[  274.722466][ T6685] VFS: Found a Xenix FS (block size = 1024) on device loop2
[  274.752306][ T6685] attempt to access beyond end of device
[  274.752306][ T6685] loop2: rw=0, want=6491538, limit=128
[  274.766460][ T6685] Buffer I/O error on dev loop2, logical block 3245768, async page read
[  274.842708][ T5671] sysv_free_block: flc_count > flc_size
[  274.873187][ T5671] sysv_free_block: flc_count > flc_size
[  274.879748][ T3617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.914021][ T5671] sysv_free_block: flc_count > flc_size
[  274.914068][ T3617] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  274.919610][ T5671] sysv_free_block: flc_count > flc_size
[  275.010154][ T3617] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  275.014761][ T5671] sysv_free_block: flc_count > flc_size
[  275.049705][ T6690] Cannot find del_set index 2 as target
[  275.055626][ T3617] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.071434][ T5671] sysv_free_block: flc_count > flc_size
[  275.089722][ T5671] sysv_free_block: flc_count > flc_size
[  275.110023][ T3617] usb 4-1: config 0 descriptor??
[  275.176004][ T5671] sysv_free_block: flc_count > flc_size
[  275.182607][ T5671] sysv_free_block: flc_count > flc_size
[  275.210688][ T5671] sysv_free_block: flc_count > flc_size
[  275.248253][ T5671] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  275.644512][ T6704] net_ratelimit: 10 callbacks suppressed
[  275.644567][ T6704] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  275.679292][ T3617] usbhid 4-1:0.0: can't add hid device: -71
[  275.695808][ T3617] usbhid: probe of 4-1:0.0 failed with error -71
[  275.718002][ T3617] usb 4-1: USB disconnect, device number 14
[  276.889732][ T6708] loop1: detected capacity change from 0 to 8192
[  277.053927][ T6708] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  277.114161][ T6708] REISERFS (device loop1): using ordered data mode
[  277.121350][ T6708] reiserfs: using flush barriers
[  277.149063][ T6708] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  277.207390][ T6708] REISERFS (device loop1): checking transaction log (loop1)
[  277.302644][ T6708] REISERFS (device loop1): Using r5 hash to sort names
[  277.330117][ T6708] REISERFS (device loop1): using 3.5.x disk format
[  277.354196][ T6708] REISERFS warning (device loop1): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  277.623125][ T6708] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  277.733451][ T3617] Bluetooth: hci0: command 0x0406 tx timeout
[  277.901868][ T6730] loop3: detected capacity change from 0 to 1024
[  278.257365][ T6732] loop4: detected capacity change from 0 to 2048
[  278.842970][ T6732] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  279.516734][ T6760] loop0: detected capacity change from 0 to 1024
[  279.527402][ T6762] loop1: detected capacity change from 0 to 1024
[  279.610849][ T6762] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  279.669719][ T6760] hfsplus: request for non-existent node 3 in B*Tree
[  279.686370][ T6760] hfsplus: request for non-existent node 3 in B*Tree
[  279.709830][ T6756] loop2: detected capacity change from 0 to 8192
[  279.749199][ T6762] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback.
[  280.007960][ T6756] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  280.066761][ T6756] REISERFS (device loop2): using ordered data mode
[  280.144154][ T6756] reiserfs: using flush barriers
[  280.179908][ T6756] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  280.274162][ T6756] REISERFS (device loop2): checking transaction log (loop2)
[  280.337723][ T6756] REISERFS (device loop2): Using r5 hash to sort names
[  280.363763][ T6756] REISERFS (device loop2): using 3.5.x disk format
[  280.370681][ T6756] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  280.463403][ T6756] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  280.793280][ T3644] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  281.065893][ T6778] loop2: detected capacity change from 0 to 512
[  281.163111][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  281.183753][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  281.199388][ T3644] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  281.220159][ T3644] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  281.230358][ T3644] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.244818][ T3789] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.246982][ T6778] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  281.257182][ T3644] usb 4-1: config 0 descriptor??
[  281.284616][ T6771] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  281.285165][ T6772] chnl_net:caif_netlink_parms(): no params data found
[  281.323498][ T6778] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038 (0x7fffffff)
[  281.393548][ T3789] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.470624][ T6772] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.493117][ T6772] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.501384][ T6772] device bridge_slave_0 entered promiscuous mode
[  281.526864][ T3789] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.603104][ T6772] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.610215][ T6772] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.630771][ T6787] loop2: detected capacity change from 0 to 512
[  281.645231][ T6772] device bridge_slave_1 entered promiscuous mode
[  281.701357][ T3789] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.736683][ T6787] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  281.764913][ T3644] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd
[  281.775662][ T3644] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  281.788324][ T6787] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038 (0x7fffffff)
[  281.822893][ T3644] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  281.965685][ T6772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  281.982070][ T6772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.050531][ T6772] team0: Port device team_slave_0 added
[  282.089548][ T6772] team0: Port device team_slave_1 added
[  282.251216][ T6772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.267532][ T6798] loop0: detected capacity change from 0 to 512
[  282.288856][ T6772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.390331][ T6772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.411870][ T6798] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  282.418721][ T6802] loop1: detected capacity change from 0 to 128
[  282.432197][ T6798] EXT4-fs (loop0): group descriptors corrupted!
[  282.469205][ T6772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.497667][ T6772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.516727][ T6802] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  282.551352][ T6772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.692921][ T3617] Bluetooth: hci4: command 0x0409 tx timeout
[  282.745506][ T6800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.697'.
[  282.779615][ T3874] usb 4-1: USB disconnect, device number 15
[  282.820605][ T6805] loop0: detected capacity change from 0 to 8192
[  282.915573][ T6805] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  282.937460][ T6805] REISERFS (device loop0): using ordered data mode
[  283.018354][ T6805] reiserfs: using flush barriers
[  283.029686][ T6772] device hsr_slave_0 entered promiscuous mode
[  283.072144][ T6805] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  283.103035][ T6805] REISERFS (device loop0): checking transaction log (loop0)
[  283.111777][ T6772] device hsr_slave_1 entered promiscuous mode
[  283.113610][ T6805] REISERFS (device loop0): Using r5 hash to sort names
[  283.134746][ T6805] REISERFS (device loop0): using 3.5.x disk format
[  283.141844][ T6805] REISERFS warning (device loop0): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  283.162685][ T6805] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  283.205357][ T6805] FAULT_INJECTION: forcing a failure.
[  283.205357][ T6805] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  283.225983][ T6805] CPU: 0 PID: 6805 Comm: syz.0.705 Not tainted 5.15.167-syzkaller #0
[  283.234100][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  283.244176][ T6805] Call Trace:
[  283.247469][ T6805]  <TASK>
[  283.250411][ T6805]  dump_stack_lvl+0x1e3/0x2d0
[  283.255118][ T6805]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  283.260774][ T6805]  ? panic+0x860/0x860
[  283.264865][ T6805]  ? __lock_acquire+0x1ff0/0x1ff0
[  283.269914][ T6805]  should_fail+0x38a/0x4c0
[  283.274451][ T6805]  strncpy_from_user+0x32/0x370
[  283.279329][ T6805]  getname_flags+0xf5/0x4e0
[  283.283854][ T6805]  user_path_at_empty+0x2a/0x180
[  283.288927][ T6805]  __se_sys_mount+0x296/0x3c0
[  283.293632][ T6805]  ? __x64_sys_mount+0xc0/0xc0
[  283.298427][ T6805]  ? syscall_enter_from_user_mode+0x2e/0x240
[  283.304461][ T6805]  ? lockdep_hardirqs_on+0x94/0x130
[  283.309848][ T6805]  ? __x64_sys_mount+0x1c/0xc0
[  283.314902][ T6805]  do_syscall_64+0x3b/0xb0
[  283.319339][ T6805]  ? clear_bhb_loop+0x15/0x70
[  283.324133][ T6805]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  283.330049][ T6805] RIP: 0033:0x7f955dd3379a
[  283.334487][ T6805] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.354662][ T6805] RSP: 002b:00007f955c1a9e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  283.363187][ T6805] RAX: ffffffffffffffda RBX: 00007f955c1a9ef0 RCX: 00007f955dd3379a
[  283.371175][ T6805] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000
[  283.379365][ T6805] RBP: 0000000020000180 R08: 00007f955c1a9ef0 R09: 00000000000000e1
[  283.387358][ T6805] R10: 00000000000000e1 R11: 0000000000000246 R12: 0000000020000100
[  283.395349][ T6805] R13: 00007f955c1a9eb0 R14: 0000000000000000 R15: 0000000020000140
[  283.403354][ T6805]  </TASK>
[  283.430042][ T6772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  283.462538][ T6772] Cannot create hsr debugfs directory
[  283.577477][ T6816] loop3: detected capacity change from 0 to 512
[  283.946265][ T6816] loop3: detected capacity change from 0 to 512
[  284.020946][ T6816] EXT4-fs (loop3): error: journal path ./file0 is not a block device
[  284.030084][ T6824] loop1: detected capacity change from 0 to 1024
[  284.574623][ T6824] hfsplus: request for non-existent node 3 in B*Tree
[  284.781644][ T6824] hfsplus: request for non-existent node 3 in B*Tree
[  284.788969][   T13] Bluetooth: hci4: command 0x041b tx timeout
[  285.634544][ T6856] loop2: detected capacity change from 0 to 64
[  286.465614][ T6851] loop0: detected capacity change from 0 to 4096
[  286.475168][ T6772] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  286.525871][ T6856] MINIX-fs: bad superblock
[  286.555751][ T6851] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker.
[  286.575820][ T6865] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  286.577200][ T6772] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  286.613478][ T6851] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[  286.662139][ T6851] ntfs: (device loop0): map_mft_record(): Failed with error code 5.
[  286.691020][ T6851] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  286.778283][ T6772] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  286.792095][ T6851] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[  286.830049][ T6772] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  286.893881][ T6851] ntfs: volume version 3.1.
[  286.942024][ T3874] Bluetooth: hci4: command 0x040f tx timeout
[  286.959476][ T6873] loop3: detected capacity change from 0 to 1764
[  286.980325][ T3789] device hsr_slave_0 left promiscuous mode
[  286.991253][ T3789] device hsr_slave_1 left promiscuous mode
[  287.046234][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.062621][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_0
[  287.085811][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  287.104746][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_1
[  287.151284][ T3789] device bridge_slave_1 left promiscuous mode
[  287.167850][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.334931][ T3789] device bridge_slave_0 left promiscuous mode
[  287.357473][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.372481][ T3789] device veth1_macvtap left promiscuous mode
[  287.378832][ T3789] device veth0_macvtap left promiscuous mode
[  287.385058][ T3789] device veth1_vlan left promiscuous mode
[  287.390902][ T3789] device veth0_vlan left promiscuous mode
[  288.037292][ T3874] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  288.270221][ T3789] team0 (unregistering): Port device team_slave_1 removed
[  288.300298][ T3789] team0 (unregistering): Port device team_slave_0 removed
[  288.315521][ T3789] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  288.334552][ T3789] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.462798][ T3789] bond0 (unregistering): Released all slaves
[  288.609428][ T6902] capability: warning: `syz.1.731' uses 32-bit capabilities (legacy support in use)
[  288.659571][ T6900] loop2: detected capacity change from 0 to 1024
[  288.666338][ T3644] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  288.682245][ T3874] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  288.688050][ T6902] loop1: detected capacity change from 0 to 512
[  288.707246][ T3874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.743327][ T3874] usb 1-1: Product: syz
[  288.752235][ T6900] EXT4-fs (loop2): Ignoring removed nobh option
[  288.759100][ T6900] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  288.766534][ T3874] usb 1-1: Manufacturer: syz
[  288.785116][ T3874] usb 1-1: SerialNumber: syz
[  288.795593][ T6772] 8021q: adding VLAN 0 to HW filter on device bond0
[  288.825920][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  288.826665][ T6900] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,noblock_validity,resuid=0x0000000000000000,nobh,lazytime,usrquota,mblk_io_submit,data_err=abort,,errors=continue. Quota mode: writeback.
[  288.834899][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  288.862329][ T3874] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  288.889520][ T6772] 8021q: adding VLAN 0 to HW filter on device team0
[  288.929837][ T6772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  288.941539][ T6772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  288.954726][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  288.990536][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  289.012152][ T3615] Bluetooth: hci4: command 0x0419 tx timeout
[  289.019563][ T3835] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.026748][ T3835] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.058758][ T6913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.730'.
[  289.083676][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  289.102913][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  289.128276][ T3835] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.135594][ T3835] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.161946][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  289.182541][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  289.207379][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  289.219057][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  289.232140][ T3644] usb 4-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=56.a0
[  289.242338][ T3644] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.250760][ T3644] usb 4-1: Product: syz
[  289.256878][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  289.266788][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  289.275235][ T3644] usb 4-1: Manufacturer: syz
[  289.282174][ T3644] usb 4-1: SerialNumber: syz
[  289.288161][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  289.300673][ T3644] usb 4-1: config 0 descriptor??
[  289.307995][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  289.317251][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  289.326854][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  289.337048][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  289.346022][ T3644] ums_eneub6250 4-1:0.0: USB Mass Storage device detected
[  289.354282][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  289.364873][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  289.521537][ T3874] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  289.529358][ T6934] netlink: 68 bytes leftover after parsing attributes in process `syz.1.733'.
[  289.586304][ T3615] usb 4-1: USB disconnect, device number 16
[  289.830166][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  289.849816][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  289.954612][ T6943] netlink: 40 bytes leftover after parsing attributes in process `syz.1.734'.
[  290.190338][ T4914] usb 1-1: USB disconnect, device number 13
[  290.197797][ T6772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  290.565839][ T6950] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 19971 - 0
[  290.575454][ T6950] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 19971 - 0
[  290.585261][ T6950] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 19971 - 0
[  290.594591][ T6950] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 19971 - 0
[  290.607500][ T6950] device geneve3 entered promiscuous mode
[  290.686917][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  290.727717][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  290.781496][ T3874] usb 1-1: Service connection timeout for: 256
[  290.787875][ T3874] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  290.804071][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  290.814289][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  290.823069][ T3874] ath9k_htc: Failed to initialize the device
[  290.831404][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  290.845001][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  290.854107][ T4914] usb 1-1: ath9k_htc: USB layer deinitialized
[  290.875566][ T6772] device veth0_vlan entered promiscuous mode
[  290.924732][ T6772] device veth1_vlan entered promiscuous mode
[  290.987802][ T6942] loop2: detected capacity change from 0 to 32768
[  291.038117][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  291.052655][ T6942] (syz.2.736,6942,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "heartbeat=
" or missing value
[  291.083286][ T6942] (syz.2.736,6942,0):ocfs2_fill_super:1177 ERROR: status = -22
[  291.109159][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  291.144017][ T6772] device veth0_macvtap entered promiscuous mode
[  291.179574][ T6772] device veth1_macvtap entered promiscuous mode
[  291.181322][ T4921] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  291.300905][ T6963] team0: Port device team_slave_0 removed
[  291.324409][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  291.342424][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  291.364456][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.385391][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.404949][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.433138][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.445808][ T4921] usb 4-1: Using ep0 maxpacket: 16
[  291.453431][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.474428][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.511094][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.543237][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.562507][ T6772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.571342][ T4921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  291.594422][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  291.609541][ T4921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  291.633939][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  291.668664][ T4921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  291.685418][ T4921] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  291.685743][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.712457][ T4921] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  291.725694][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.725723][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.725741][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.725760][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.812778][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.834353][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  291.836853][ T6942] loop2: detected capacity change from 0 to 32768
[  291.853512][ T4921] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  291.857428][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.867691][ T4921] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  291.887479][ T4921] usb 4-1: Manufacturer: syz
[  291.894192][ T4921] usb 4-1: config 0 descriptor??
[  291.894826][ T6772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  291.926316][ T6966] netlink: 'syz.0.743': attribute type 10 has an invalid length.
[  291.976550][ T6966] batman_adv: batadv0: Adding interface: team0
[  291.991084][ T6966] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.043083][ T6966] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  292.081076][ T6967] netlink: 'syz.0.743': attribute type 10 has an invalid length.
[  292.115466][ T6967] netlink: 2 bytes leftover after parsing attributes in process `syz.0.743'.
[  292.146326][ T6967] device team0 entered promiscuous mode
[  292.166460][ T6967] device team_slave_1 entered promiscuous mode
[  292.195608][ T6967] 8021q: adding VLAN 0 to HW filter on device team0
[  292.217933][ T6967] batman_adv: batadv0: Interface activated: team0
[  292.227892][ T6967] batman_adv: batadv0: Interface deactivated: team0
[  292.239599][ T4921] rc_core: IR keymap rc-hauppauge not found
[  292.253202][ T6967] batman_adv: batadv0: Removing interface: team0
[  292.253571][ T6942] loop2: detected capacity change from 0 to 512
[  292.270005][ T4921] Registered IR keymap rc-empty
[  292.271366][ T6967] bridge0: port 3(team0) entered blocking state
[  292.277881][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.290565][ T6967] bridge0: port 3(team0) entered disabled state
[  292.300800][ T6967] bridge0: port 3(team0) entered blocking state
[  292.308006][ T6967] bridge0: port 3(team0) entered forwarding state
[  292.316738][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.330292][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  292.339905][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  292.352237][ T6772] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  292.359288][ T4921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  292.378472][ T6942] EXT4-fs (loop2): Test dummy encryption mode enabled
[  292.395434][ T4921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input26
[  292.405219][ T6772] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  292.452326][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.460605][ T6942] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz.2.736: iget: bogus i_mode (0)
[  292.473802][ T6772] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  292.491895][ T6942] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.736: couldn't read orphan inode 17 (err -117)
[  292.504152][ T6772] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  292.511550][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.521375][ T6973] loop0: detected capacity change from 0 to 4096
[  292.528189][ T6942] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,barrier,journal_dev=0x0000000000000003,test_dummy_encryption,journal_dev=0x0000000000006000,,errors=continue. Quota mode: none.
[  292.541009][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.629742][ T6976] EXT4-fs (loop2): shut down requested (2)
[  292.665359][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.673865][ T6977] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  292.714983][ T6976] EXT4-fs warning (device loop2): ext4_resize_begin:73: won't resize using backup superblock at 1
[  292.752317][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.777898][ T6942] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  292.801169][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.841414][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.871472][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.898338][ T6345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.970975][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  292.981761][ T6345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.008139][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  293.048089][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  293.092407][ T4921] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  293.118695][ T4468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.139484][ T4921] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  293.201583][ T4468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.252716][ T4921] usb 4-1: USB disconnect, device number 17
[  293.314395][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  293.678282][ T6988] loop3: detected capacity change from 0 to 512
[  293.784116][ T6990] tipc: Started in network mode
[  293.789113][ T6990] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  293.856658][ T6990] tipc: Enabled bearer <eth:team0>, priority 0
[  293.876527][ T6993] loop2: detected capacity change from 0 to 256
[  293.900755][ T3615] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  294.145974][ T7002] udc-core: couldn't find an available UDC or it's busy
[  294.162025][ T3615] usb 5-1: Using ep0 maxpacket: 8
[  294.189849][ T7002] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  294.379652][ T6997] loop0: detected capacity change from 0 to 8192
[  294.490682][ T3615] usb 5-1: unable to get BOS descriptor or descriptor too short
[  294.517631][ T6997] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "cgroup.stat"
[  294.600766][ T3615] usb 5-1: config 8 has an invalid interface number: 255 but max is 0
[  294.609877][ T3615] usb 5-1: config 8 has no interface number 0
[  294.622158][ T7012] netlink: 'syz.3.752': attribute type 10 has an invalid length.
[  294.630097][ T3615] usb 5-1: config 8 interface 255 has no altsetting 0
[  294.704829][ T7014] loop3: detected capacity change from 0 to 256
[  294.820004][ T7012] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.829597][ T7012] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.847970][   T13] tipc: Node number set to 11578026
[  294.889546][ T7012] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.893285][ T3615] usb 5-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[  294.896771][ T7012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  294.898575][ T7012] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.916592][ T3615] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.920477][ T7012] bridge0: port 1(bridge_slave_0) entered forwarding state
[  294.936773][ T3615] usb 5-1: Product: syz
[  294.944626][ T3615] usb 5-1: Manufacturer: syz
[  294.949785][ T3615] usb 5-1: SerialNumber: syz
[  295.701462][ T7012] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  295.941343][ T3615] catc 5-1:8.255: Can't set altsetting 1.
[  295.947246][ T3615] catc: probe of 5-1:8.255 failed with error -5
[  296.000727][ T3615] usb 5-1: USB disconnect, device number 11
[  296.063042][ T4152] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  296.090249][ T7037] loop0: detected capacity change from 0 to 1024
[  296.229911][ T7037] hfsplus: unable to find HFS+ superblock
[  296.349724][ T7048] fuse: Bad value for 'fd'
[  296.360648][ T4152] usb 3-1: Using ep0 maxpacket: 16
[  296.409337][ T7042] loop4: detected capacity change from 0 to 4096
[  296.451695][ T7042] ntfs3: Unknown parameter './file0'
[  296.643999][ T4152] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.654810][ T4152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  296.666554][ T4152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  296.676892][ T4152] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  296.687517][ T4152] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  297.443286][ T7042] loop4: detected capacity change from 0 to 4096
[  297.532002][ T7042] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  297.580656][ T4152] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  297.589829][ T4152] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  297.604384][ T4152] usb 3-1: Manufacturer: syz
[  297.613671][ T4152] usb 3-1: config 0 descriptor??
[  297.657262][ T7054] loop0: detected capacity change from 0 to 1024
[  297.698327][ T7057] x_tables: duplicate underflow at hook 3
[  298.000610][ T4152] rc_core: IR keymap rc-hauppauge not found
[  298.006665][ T4152] Registered IR keymap rc-empty
[  298.036883][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.218299][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.388417][ T4152] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  298.563833][ T4152] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input27
[  298.638153][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.680489][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.720487][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.790549][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.838728][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.900488][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.929458][ T7079] FAULT_INJECTION: forcing a failure.
[  298.929458][ T7079] name failslab, interval 1, probability 0, space 0, times 0
[  298.933784][ T7080] loop3: detected capacity change from 0 to 512
[  298.949274][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  298.952718][ T7079] CPU: 1 PID: 7079 Comm: syz.4.769 Not tainted 5.15.167-syzkaller #0
[  298.964481][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  298.974645][ T7079] Call Trace:
[  298.977934][ T7079]  <TASK>
[  298.980874][ T7079]  dump_stack_lvl+0x1e3/0x2d0
[  298.985593][ T7079]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  298.991242][ T7079]  ? panic+0x860/0x860
[  298.995326][ T7079]  ? __might_sleep+0xc0/0xc0
[  299.000003][ T7079]  ? memset+0x1f/0x40
[  299.004051][ T7079]  should_fail+0x38a/0x4c0
[  299.007126][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  299.008515][ T7079]  should_failslab+0x5/0x20
[  299.020121][ T7079]  slab_pre_alloc_hook+0x53/0xc0
[  299.025090][ T7079]  kmem_cache_alloc_trace+0x49/0x290
[  299.030385][ T7079]  ? snd_seq_oss_timer_new+0x4d/0x230
[  299.035775][ T7079]  ? __raw_spin_lock_init+0x41/0x100
[  299.041079][ T7079]  snd_seq_oss_timer_new+0x4d/0x230
[  299.046300][ T7079]  snd_seq_oss_open+0x8ba/0x1010
[  299.050487][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  299.051278][ T7079]  ? snd_seq_oss_delete_client+0x50/0x50
[  299.051326][ T7079]  ? read_lock_is_recursive+0x10/0x10
[  299.069575][ T7079]  ? __lock_acquire+0x1ff0/0x1ff0
[  299.074719][ T7079]  ? mutex_lock_io_nested+0x60/0x60
[  299.079931][ T7079]  ? snd_seq_oss_process_event+0x29e0/0x29e0
[  299.085922][ T7079]  ? async_call_lookup_ports+0x10/0x10
[  299.091410][ T7079]  odev_open+0x5f/0x90
[  299.095484][ T7079]  chrdev_open+0x54a/0x630
[  299.099910][ T7079]  ? cd_forget+0x160/0x160
[  299.100548][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  299.104334][ T7079]  ? do_raw_spin_unlock+0x137/0x8b0
[  299.104367][ T7079]  ? fsnotify_perm+0x47b/0x590
[  299.121667][ T7079]  ? cd_forget+0x160/0x160
[  299.126130][ T7079]  do_dentry_open+0x807/0xfb0
[  299.130823][ T7079]  path_openat+0x2705/0x2f20
[  299.135473][ T7079]  ? do_filp_open+0x460/0x460
[  299.140172][ T7079]  do_filp_open+0x21c/0x460
[  299.144692][ T7079]  ? vfs_tmpfile+0x2e0/0x2e0
[  299.149310][ T7079]  ? _raw_spin_unlock+0x24/0x40
[  299.154173][ T7079]  ? alloc_fd+0x598/0x630
[  299.154406][ T4152] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  299.158532][ T7079]  do_sys_openat2+0x13b/0x4f0
[  299.158568][ T7079]  ? do_sys_open+0x220/0x220
[  299.166819][ T4152] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  299.171225][ T7079]  __x64_sys_openat+0x243/0x290
[  299.171260][ T7079]  ? __ia32_sys_open+0x270/0x270
[  299.171287][ T7079]  ? syscall_enter_from_user_mode+0x2e/0x240
[  299.181554][ T4152] usb 3-1: USB disconnect, device number 12
[  299.184168][ T7079]  ? lockdep_hardirqs_on+0x94/0x130
[  299.184203][ T7079]  ? syscall_enter_from_user_mode+0x2e/0x240
[  299.216969][ T7079]  do_syscall_64+0x3b/0xb0
[  299.221396][ T7079]  ? clear_bhb_loop+0x15/0x70
[  299.226080][ T7079]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  299.231993][ T7079] RIP: 0033:0x7f6171d22ff9
[  299.236404][ T7079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.256106][ T7079] RSP: 002b:00007f617019b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  299.264522][ T7079] RAX: ffffffffffffffda RBX: 00007f6171edaf80 RCX: 00007f6171d22ff9
[  299.272503][ T7079] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: ffffffffffffff9c
[  299.280481][ T7079] RBP: 00007f617019b090 R08: 0000000000000000 R09: 0000000000000000
[  299.288554][ T7079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  299.296539][ T7079] R13: 0000000000000000 R14: 00007f6171edaf80 R15: 00007fffe11762b8
[  299.304525][ T7079]  </TASK>
[  299.312702][ T7079] ALSA: seq_oss: can't alloc timer
[  299.359268][ T7083] fuse: Bad value for 'fd'
[  299.551653][ T7088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  300.030689][ T7088] loop4: detected capacity change from 0 to 4096
[  301.063997][ T7088] ntfs: volume version 3.1.
[  301.669609][ T7100] loop2: detected capacity change from 0 to 8192
[  301.705032][ T7091] loop3: detected capacity change from 0 to 32768
[  301.709253][ T7111] loop4: detected capacity change from 0 to 256
[  301.793945][ T7100] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  301.830190][ T7100] REISERFS (device loop2): using ordered data mode
[  301.860025][ T7091] /dev/loop3: Can't open blockdev
[  301.865784][ T7100] reiserfs: using flush barriers
[  301.872696][ T7100] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  301.893199][ T7100] REISERFS (device loop2): checking transaction log (loop2)
[  301.911635][ T7100] REISERFS (device loop2): Using r5 hash to sort names
[  301.914137][ T7103] loop0: detected capacity change from 0 to 40427
[  301.925552][ T7100] REISERFS (device loop2): using 3.5.x disk format
[  301.932681][ T7100] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  301.945619][ T7100] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  301.976732][ T7103] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  301.990160][ T7103] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  302.119888][ T7103] F2FS-fs (loop0): invalid crc value
[  302.152236][ T3789] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.217170][ T3789] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0
[  302.231942][ T7103] F2FS-fs (loop0): Found nat_bits in checkpoint
[  302.395194][ T3789] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.454650][ T3789] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0
[  302.526207][ T7106] chnl_net:caif_netlink_parms(): no params data found
[  302.558473][ T7103] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  302.588321][ T3789] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.605088][ T7103] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  302.618857][ T4152] libceph: connect (1)[c::]:6789 error -101
[  302.640950][ T4152] libceph: mon0 (1)[c::]:6789 connect error
[  302.659431][ T3789] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0
[  303.427915][ T3874] Bluetooth: hci5: command 0x0409 tx timeout
[  303.580030][ T3789] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.639947][ T3789] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0
[  303.654197][ T4152] libceph: connect (1)[c::]:6789 error -101
[  303.660477][ T4152] libceph: mon0 (1)[c::]:6789 connect error
[  303.716160][ T7145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.787'.
[  303.866973][ T7136] loop3: detected capacity change from 0 to 32768
[  303.879755][ T4921] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  303.893022][ T7106] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.909891][ T7106] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.921501][ T7136] XFS: ikeep mount option is deprecated.
[  303.922238][ T7106] device bridge_slave_0 entered promiscuous mode
[  303.962655][ T7106] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.009262][ T7106] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.009918][ T7136] /dev/loop3: Can't open blockdev
[  304.028354][ T7106] device bridge_slave_1 entered promiscuous mode
[  304.119896][ T4921] usb 5-1: Using ep0 maxpacket: 16
[  304.158092][ T3789] tipc: Disabling bearer <eth:team0>
[  304.167381][ T3789] tipc: Left network mode
[  304.175250][ T7106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.186803][ T3874] libceph: connect (1)[c::]:6789 error -101
[  304.193049][ T3615] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  304.215349][ T3874] libceph: mon0 (1)[c::]:6789 connect error
[  304.227058][ T7106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.239901][ T4921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  304.267222][ T4921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  304.296946][ T4921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  304.321811][ T4921] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  304.331994][ T4921] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  304.420706][ T4921] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  304.436229][ T4921] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  304.444814][ T4921] usb 5-1: Manufacturer: syz
[  304.460783][ T4921] usb 5-1: config 0 descriptor??
[  304.514938][ T7106] team0: Port device team_slave_0 added
[  304.558787][ T7127] ceph: No mds server is up or the cluster is laggy
[  304.562523][ T7106] team0: Port device team_slave_1 added
[  304.706966][ T7106] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.729676][ T7106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.785712][ T7106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.837037][ T3615] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  304.849612][ T3615] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.869396][ T3615] usb 3-1: Product: syz
[  304.874277][ T3615] usb 3-1: Manufacturer: syz
[  304.884703][ T3615] usb 3-1: SerialNumber: syz
[  304.897595][ T3615] usb 3-1: config 0 descriptor??
[  304.900008][ T4921] rc_core: IR keymap rc-hauppauge not found
[  304.908867][ T4921] Registered IR keymap rc-empty
[  304.917883][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  304.953850][ T7106] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.962109][ T3615] gspca_main: sq905c-2.14.0 probing 2770:9052
[  304.968614][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  304.976040][ T7168] loop0: detected capacity change from 0 to 8192
[  304.977188][ T7106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.012361][ T7106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  305.040286][ T4921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  305.080276][ T7168] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  305.092796][ T7168] REISERFS (device loop0): using journaled data mode
[  305.097789][ T4921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input28
[  305.109585][ T7168] reiserfs: using flush barriers
[  305.135172][ T7168] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  305.152382][ T7168] REISERFS (device loop0): checking transaction log (loop0)
[  305.177068][ T7176] loop3: detected capacity change from 0 to 4096
[  305.181414][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.198573][ T7168] REISERFS (device loop0): Using r5 hash to sort names
[  305.206459][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  305.220884][ T7168] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  305.225009][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.241599][ T7176] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker.
[  305.299345][ T7176] ntfs: (device loop3): map_mft_record_page(): Mft record 0x1 is corrupt.  Run chkdsk.
[  305.300848][ T7106] device hsr_slave_0 entered promiscuous mode
[  305.316844][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.325509][ T7176] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[  305.336160][ T7106] device hsr_slave_1 entered promiscuous mode
[  305.343912][ T7176] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  305.357151][ T7106] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  305.365680][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.374532][ T7106] Cannot create hsr debugfs directory
[  305.376614][ T7176] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[  305.389797][ T3615] gspca_sq905c: sq905c_read: usb_control_msg failed (-71)
[  305.400598][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.413296][ T3615] sq905c 3-1:0.0: Reading version command failed
[  305.425074][ T3615] sq905c: probe of 3-1:0.0 failed with error -71
[  305.449084][ T7176] ntfs: volume version 3.1.
[  305.452472][ T3615] usb 3-1: USB disconnect, device number 13
[  305.453933][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.485697][ T3789] device erspan0 left promiscuous mode
[  305.497745][ T3617] Bluetooth: hci5: command 0x041b tx timeout
[  305.500006][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.555314][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.620135][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.648193][ T3789] device gretap0 left promiscuous mode
[  305.661309][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  305.700636][ T4921] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[  305.724432][ T4921] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  305.740031][ T3874] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  305.791917][ T4921] usb 5-1: USB disconnect, device number 12
[  306.069663][ T3615] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  306.243268][ T7204] netlink: 68 bytes leftover after parsing attributes in process `syz.2.798'.
[  306.279772][ T3615] usb 4-1: device descriptor read/64, error -71
[  306.320501][ T3789] device hsr_slave_0 left promiscuous mode
[  306.342442][ T3874] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  306.352136][ T3789] device hsr_slave_1 left promiscuous mode
[  306.365478][ T3874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.371830][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  306.384644][ T7208] loop2: detected capacity change from 0 to 1024
[  306.387795][ T3874] usb 1-1: Product: syz
[  306.400715][ T3874] usb 1-1: Manufacturer: syz
[  306.404478][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_0
[  306.405348][ T3874] usb 1-1: SerialNumber: syz
[  306.434446][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  306.442085][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_1
[  306.471230][ T3874] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  306.473987][ T3789] device bridge_slave_1 left promiscuous mode
[  306.480675][ T7208] hfsplus: request for non-existent node 3 in B*Tree
[  306.515072][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.522290][ T7208] hfsplus: request for non-existent node 3 in B*Tree
[  306.587851][ T3789] device bridge_slave_0 left promiscuous mode
[  306.722207][ T3615] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  306.740915][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.766413][ T3789] device veth1_macvtap left promiscuous mode
[  306.847691][ T3789] device veth0_macvtap left promiscuous mode
[  308.550798][ T4152] Bluetooth: hci5: command 0x040f tx timeout
[  308.591359][ T3789] device veth1_vlan left promiscuous mode
[  308.597213][ T3789] device veth0_vlan left promiscuous mode
[  308.639412][ T3615] usb 4-1: device descriptor read/64, error -71
[  308.681835][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  308.721413][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  308.745299][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  308.769479][ T3615] usb usb4-port1: attempt power cycle
[  309.045797][ T7224] loop3: detected capacity change from 0 to 2048
[  309.079521][   T13] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  309.198263][ T7228] loop4: detected capacity change from 0 to 1024
[  309.255582][ T7228] EXT4-fs (loop4): Ignoring removed orlov option
[  309.265690][ T7228] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  309.290470][ T4152] usb 1-1: USB disconnect, device number 14
[  310.087958][ T3789] team0 (unregistering): Port device veth3 removed
[  310.139060][   T13] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  310.146675][   T13] ath9k_htc: Failed to initialize the device
[  310.154188][ T4152] usb 1-1: ath9k_htc: USB layer deinitialized
[  310.193744][ T7228] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  310.606077][ T3789] team0 (unregistering): Port device team_slave_1 removed
[  310.614098][   T13] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  310.630273][ T2989] Bluetooth: hci5: command 0x0419 tx timeout
[  310.645190][ T3789] team0 (unregistering): Port device team_slave_0 removed
[  310.675452][ T3789] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  310.696139][ T3789] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  310.802673][ T7245] netlink: 40 bytes leftover after parsing attributes in process `syz.0.807'.
[  311.413288][ T3789] bond0 (unregistering): Released all slaves
[  311.535238][ T7247] netlink: 16 bytes leftover after parsing attributes in process `syz.4.808'.
[  311.558630][ T7249] loop0: detected capacity change from 0 to 512
[  311.630003][ T7249] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  311.658902][   T13] usb 3-1: Using ep0 maxpacket: 16
[  311.709095][ T7249] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038 (0x7fffffff)
[  311.808995][   T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  311.845485][   T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  311.877291][   T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  311.900311][   T13] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  311.948805][   T13] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  311.985576][ T7106] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  312.017085][ T7106] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  312.042743][ T7259] 9pnet: Insufficient options for proto=fd
[  312.067640][ T7106] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  312.094814][ T7264] 9pnet: Insufficient options for proto=fd
[  312.126950][ T7106] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  312.139620][   T13] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  312.168007][   T13] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  312.196878][   T13] usb 3-1: Manufacturer: syz
[  312.237063][   T13] usb 3-1: config 0 descriptor??
[  312.458501][ T7106] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.550041][ T7106] 8021q: adding VLAN 0 to HW filter on device team0
[  312.557373][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  312.575160][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  312.633816][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  312.671721][ T7277] loop4: detected capacity change from 0 to 1024
[  312.679100][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  312.699475][   T13] rc_core: IR keymap rc-hauppauge not found
[  312.706721][   T13] Registered IR keymap rc-empty
[  312.718131][ T3835] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.725319][ T3835] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.740928][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  312.763027][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  312.785803][ T7277] hfsplus: request for non-existent node 3 in B*Tree
[  312.792854][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  312.809827][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  312.812645][ T7277] hfsplus: request for non-existent node 3 in B*Tree
[  312.830202][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  312.839887][   T13] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  312.864959][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.872129][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.883689][   T13] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input29
[  312.948132][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  312.998855][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  313.067649][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  313.088183][ T7106] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  313.145177][ T7106] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  313.158650][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  313.182795][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  313.197467][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  313.210811][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  314.377648][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  314.426406][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  314.435805][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  314.458720][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  314.498491][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  314.519790][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  314.547056][ T7291] loop4: detected capacity change from 0 to 128
[  314.558451][   T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  314.574159][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  314.586735][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  314.608050][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  314.618498][   T13] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  314.635082][   T13] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  314.655306][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  314.672929][ T7295] loop3: detected capacity change from 0 to 512
[  314.683949][   T13] usb 3-1: USB disconnect, device number 14
[  314.697299][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  314.725319][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  314.767728][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  314.776918][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  314.784816][ T7291] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  314.819682][ T7291] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  314.973236][ T7301] loop0: detected capacity change from 0 to 1024
[  315.075398][ T7301] EXT4-fs (loop0): Ignoring removed orlov option
[  315.094319][ T7301] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  315.862298][ T7324] netlink: 40 bytes leftover after parsing attributes in process `syz.3.818'.
[  316.326280][ T7301] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  316.461555][    C1] hrtimer: interrupt took 3471319 ns
[  316.693951][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  316.700397][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  316.965490][ T7106] 8021q: adding VLAN 0 to HW filter on device batadv0
[  316.999560][ T7106] device veth0_vlan entered promiscuous mode
[  317.012260][ T7106] device veth1_vlan entered promiscuous mode
[  318.447006][ T7106] device veth0_macvtap entered promiscuous mode
[  318.457573][ T7106] device veth1_macvtap entered promiscuous mode
[  318.498204][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  318.528844][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.548346][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  318.580361][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.600673][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  318.632315][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.665265][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  318.676134][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.688195][ T7106] batman_adv: batadv0: Interface activated: batadv_slave_0
[  318.698966][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.715955][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.726313][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.737097][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.747257][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.767845][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.778165][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  318.788962][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  318.800672][ T7106] batman_adv: batadv0: Interface activated: batadv_slave_1
[  318.819063][ T7106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  318.828068][ T7106] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  318.836776][ T7106] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  320.761944][ T7106] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  320.773233][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  320.784649][ T2989] Bluetooth: hci1: command 0x0406 tx timeout
[  320.801760][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  320.847414][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  320.944906][ T7358] loop3: detected capacity change from 0 to 4096
[  324.427315][ T2989] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  324.540245][ T7364] loop4: detected capacity change from 0 to 1024
[  324.585283][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  324.595437][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  324.604551][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  324.614220][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  324.623027][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  324.640097][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  324.649837][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  324.659202][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  324.667842][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  324.676854][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  324.694780][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  324.704326][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  324.715664][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  324.724317][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  324.742097][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  324.763405][ T7366] loop2: detected capacity change from 0 to 1024
[  329.476783][ T2989] usb 4-1: device descriptor read/all, error -71
[  344.073598][ T4152] Bluetooth: hci3: command 0x0406 tx timeout
[  344.096481][ T1077] Bluetooth: hci2: command 0x0409 tx timeout
[  353.998387][   T13] Bluetooth: hci7: command 0x0409 tx timeout
[  354.049244][   T13] Bluetooth: hci8: command 0x0409 tx timeout
[  354.075575][   T13] Bluetooth: hci6: command 0x0409 tx timeout
[  382.162478][ T2989] Bluetooth: hci2: command 0x041b tx timeout
[  382.171447][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  382.177769][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  382.310386][ T2989] Bluetooth: hci6: command 0x041b tx timeout
[  382.350576][ T2989] Bluetooth: hci8: command 0x041b tx timeout
[  382.356949][ T2989] Bluetooth: hci7: command 0x041b tx timeout
[  382.380349][ T2989] Bluetooth: hci9: command 0x0409 tx timeout
[  382.938137][ T7376] chnl_net:caif_netlink_parms(): no params data found
[  382.985919][ T7372] chnl_net:caif_netlink_parms(): no params data found
[  383.031718][ T7375] chnl_net:caif_netlink_parms(): no params data found
[  383.042425][ T7374] chnl_net:caif_netlink_parms(): no params data found
[  384.400381][ T3871] Bluetooth: hci7: command 0x040f tx timeout
[  384.406535][ T3871] Bluetooth: hci8: command 0x040f tx timeout
[  384.422211][ T3871] Bluetooth: hci6: command 0x040f tx timeout
[  384.428324][ T3871] Bluetooth: hci2: command 0x040f tx timeout
[  386.450697][ T3874] Bluetooth: hci2: command 0x0419 tx timeout
[  386.460315][ T3874] Bluetooth: hci6: command 0x0419 tx timeout
[  386.472064][ T3874] Bluetooth: hci8: command 0x0419 tx timeout
[  386.478132][ T3874] Bluetooth: hci7: command 0x0419 tx timeout
[  392.399359][ T3874] Bluetooth: hci10: command 0x0409 tx timeout
[  398.618637][ T3871] Bluetooth: hci11: command 0x0409 tx timeout
[  398.718461][ T3871] Bluetooth: hci12: command 0x0409 tx timeout
[  400.748478][ T7415] chnl_net:caif_netlink_parms(): no params data found
[  402.368365][ T3615] Bluetooth: hci9: command 0x041b tx timeout
[  402.375379][ T3615] Bluetooth: hci12: command 0x041b tx timeout
[  402.397108][ T3615] Bluetooth: hci13: command 0x0409 tx timeout
[  404.470225][ T3871] Bluetooth: hci13: command 0x041b tx timeout
[  404.487519][ T3871] Bluetooth: hci12: command 0x040f tx timeout
[  404.493756][ T3871] Bluetooth: hci9: command 0x040f tx timeout
[  406.518438][ T3871] Bluetooth: hci9: command 0x0419 tx timeout
[  406.530280][ T3871] Bluetooth: hci12: command 0x0419 tx timeout
[  406.545935][ T3871] Bluetooth: hci13: command 0x040f tx timeout
[  408.608085][ T3615] Bluetooth: hci13: command 0x0419 tx timeout
[  448.299272][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  448.306115][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  478.049491][ T3612] kworker/dying (3612) used greatest stack depth: 18560 bytes left
[  478.082949][ T4152] Bluetooth: hci5: command 0x0406 tx timeout
[  478.118392][ T4152] Bluetooth: hci0: command 0x0409 tx timeout
[  512.347913][ T3873] Bluetooth: hci14: command 0x0409 tx timeout
[  512.354041][ T3873] Bluetooth: hci16: command 0x0409 tx timeout
[  512.374877][ T7389] chnl_net:caif_netlink_parms(): no params data found
[  512.385581][ T1391] ieee802154 phy0 wpan0: encryption failed: -22
[  512.391906][ T1391] ieee802154 phy1 wpan1: encryption failed: -22
[  512.516817][ T3873] Bluetooth: hci15: command 0x0409 tx timeout
[  552.126633][   T27] INFO: task kworker/u5:3:3576 blocked for more than 144 seconds.
[  552.164557][   T27]       Not tainted 5.15.167-syzkaller #0
[  552.218732][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  552.304353][   T27] task:kworker/u5:3    state:D stack:26368 pid: 3576 ppid:     2 flags:0x00004000
[  552.400165][   T27] Workqueue: hci10 hci_rx_work
[  552.440153][   T27] Call Trace:
[  552.443493][   T27]  <TASK>
[  552.446439][   T27]  __schedule+0x12c4/0x45b0
[  552.504433][   T27]  ? release_firmware_map_entry+0x190/0x190
[  552.540133][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  552.545660][   T27]  ? kthread_data+0x4e/0xc0
[  552.590142][   T27]  ? wq_worker_sleeping+0x5d/0x200
[  552.595317][   T27]  schedule+0x11b/0x1f0
[  552.599494][   T27]  schedule_preempt_disabled+0xf/0x20
[  552.650133][   T27]  __mutex_lock_common+0xe34/0x25a0
[  552.655399][   T27]  ? le_conn_complete_evt+0xc9a/0x1500
[  552.691306][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  552.696582][   T27]  mutex_lock_nested+0x17/0x20
[  552.709237][   T27]  le_conn_complete_evt+0xc9a/0x1500
[  552.730166][   T27]  ? cs_le_create_conn+0x5f0/0x5f0
[  552.735354][   T27]  hci_le_meta_evt+0x28c/0x3f50
[  552.750119][   T27]  ? __lock_acquire+0x1ff0/0x1ff0
[  552.755189][   T27]  ? __mutex_lock_common+0x444/0x25a0
[  552.796440][   T27]  ? hci_remote_host_features_evt+0x280/0x280
[  552.854490][   T27]  ? __mutex_unlock_slowpath+0x218/0x750
[  552.864505][   T27]  ? hci_event_packet+0x3b4/0x1550
[  552.870033][   T27]  ? mutex_unlock+0x10/0x10
[  552.884622][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  552.893247][   T27]  ? print_irqtrace_events+0x210/0x210
[  552.898780][   T27]  hci_event_packet+0xc41/0x1550
[  552.904157][   T27]  ? rcu_lock_release+0x20/0x20
[  552.909048][   T27]  ? hci_send_to_monitor+0x99/0x4d0
[  552.915239][   T27]  hci_rx_work+0x232/0x990
[  552.919790][   T27]  process_one_work+0x8a1/0x10c0
[  552.937137][   T27]  ? worker_detach_from_pool+0x260/0x260
[  552.943166][   T27]  ? _raw_spin_lock_irqsave+0x120/0x120
[  552.948827][   T27]  ? kthread_data+0x4e/0xc0
[  552.953721][   T27]  ? wq_worker_running+0x97/0x170
[  552.958774][   T27]  worker_thread+0xaca/0x1280
[  552.963845][   T27]  kthread+0x3f6/0x4f0
[  552.967935][   T27]  ? rcu_lock_release+0x20/0x20
[  552.980313][   T27]  ? kthread_blkcg+0xd0/0xd0
[  552.984985][   T27]  ret_from_fork+0x1f/0x30
[  552.989439][   T27]  </TASK>
[  552.998409][   T27] INFO: task kworker/u5:8:3585 blocked for more than 145 seconds.
[  553.006617][   T27]       Not tainted 5.15.167-syzkaller #0
[  553.012665][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  553.030266][   T27] task:kworker/u5:8    state:D stack:25600 pid: 3585 ppid:     2 flags:0x00004000
[  553.039522][   T27] Workqueue: hci11 hci_rx_work
[  553.049408][   T27] Call Trace:
[  553.053056][   T27]  <TASK>
[  553.056116][   T27]  __schedule+0x12c4/0x45b0
[  553.061199][   T27]  ? release_firmware_map_entry+0x190/0x190
[  553.067126][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  553.080299][   T27]  ? kthread_data+0x4e/0xc0
[  553.084938][   T27]  ? wq_worker_sleeping+0x5d/0x200
[  553.095899][   T27]  schedule+0x11b/0x1f0
[  553.100390][   T27]  schedule_preempt_disabled+0xf/0x20
[  553.105783][   T27]  __mutex_lock_common+0xe34/0x25a0
[  553.111435][   T27]  ? le_conn_complete_evt+0xc9a/0x1500
[  553.116923][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  553.135772][   T27]  mutex_lock_nested+0x17/0x20
[  553.140910][   T27]  le_conn_complete_evt+0xc9a/0x1500
[  553.146236][   T27]  ? cs_le_create_conn+0x5f0/0x5f0
[  553.151817][   T27]  hci_le_meta_evt+0x28c/0x3f50
[  553.156700][   T27]  ? __lock_acquire+0x1ff0/0x1ff0
[  553.162114][   T27]  ? __mutex_lock_common+0x444/0x25a0
[  553.167518][   T27]  ? hci_remote_host_features_evt+0x280/0x280
[  553.186436][   T27]  ? __mutex_unlock_slowpath+0x218/0x750
[  553.192436][   T27]  ? hci_event_packet+0x3b4/0x1550
[  553.197584][   T27]  ? mutex_unlock+0x10/0x10
[  553.202476][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  553.208523][   T27]  ? print_irqtrace_events+0x210/0x210
[  553.214416][   T27]  hci_event_packet+0xc41/0x1550
[  553.219391][   T27]  ? rcu_lock_release+0x20/0x20
[  553.237206][   T27]  ? hci_send_to_monitor+0x99/0x4d0
[  553.242815][   T27]  hci_rx_work+0x232/0x990
[  553.247283][   T27]  process_one_work+0x8a1/0x10c0
[  553.252634][   T27]  ? worker_detach_from_pool+0x260/0x260
[  553.258293][   T27]  ? _raw_spin_lock_irqsave+0x120/0x120
[  553.264209][   T27]  ? kthread_data+0x4e/0xc0
[  553.268735][   T27]  ? wq_worker_running+0x97/0x170
[  553.287137][   T27]  worker_thread+0xaca/0x1280
[  553.292197][   T27]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  553.298141][   T27]  kthread+0x3f6/0x4f0
[  553.302602][   T27]  ? rcu_lock_release+0x20/0x20
[  553.307483][   T27]  ? kthread_blkcg+0xd0/0xd0
[  553.312543][   T27]  ret_from_fork+0x1f/0x30
[  553.317087][   T27]  </TASK>
[  553.330075][   T27] INFO: task syz-executor:7106 blocked for more than 145 seconds.
[  553.338005][   T27]       Not tainted 5.15.167-syzkaller #0
[  553.347572][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  553.356558][   T27] task:syz-executor    state:D stack:20896 pid: 7106 ppid:     1 flags:0x00004006
[  553.368640][   T27] Call Trace:
[  553.380549][   T27]  <TASK>
[  553.383532][   T27]  __schedule+0x12c4/0x45b0
[  553.388086][   T27]  ? release_firmware_map_entry+0x190/0x190
[  553.398724][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  553.404645][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  553.409905][   T27]  schedule+0x11b/0x1f0
[  553.414441][   T27]  schedule_preempt_disabled+0xf/0x20
[  553.419838][   T27]  __mutex_lock_common+0xe34/0x25a0
[  553.438270][   T27]  ? hci_conn_hash_flush+0xb8/0x220
[  553.443873][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  553.449095][   T27]  ? __mutex_unlock_slowpath+0x218/0x750
[  553.455112][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  553.460578][   T27]  ? _raw_spin_unlock_irq+0x1f/0x40
[  553.465796][   T27]  ? lockdep_hardirqs_on+0x94/0x130
[  553.480210][   T27]  mutex_lock_nested+0x17/0x20
[  553.488519][   T27]  hci_conn_hash_flush+0xb8/0x220
[  553.493974][   T27]  hci_dev_do_close+0x9f6/0x1070
[  553.498950][   T27]  hci_unregister_dev+0x2d7/0x580
[  553.504423][   T27]  vhci_release+0x73/0xc0
[  553.508782][   T27]  ? vhci_open+0x290/0x290
[  553.513563][   T27]  __fput+0x3fe/0x8e0
[  553.517581][   T27]  task_work_run+0x129/0x1a0
[  553.536185][   T27]  do_exit+0x6a3/0x2480
[  553.540713][   T27]  ? put_task_struct+0x80/0x80
[  553.545534][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  553.551952][   T27]  do_group_exit+0x144/0x310
[  553.556574][   T27]  ? lockdep_hardirqs_on+0x94/0x130
[  553.562176][   T27]  get_signal+0xc66/0x14e0
[  553.566635][   T27]  arch_do_signal_or_restart+0xc3/0x1890
[  553.580191][   T27]  ? netlink_getsockopt+0x5b0/0x5b0
[  553.590867][   T27]  ? __sys_sendto+0x5a2/0x720
[  553.595673][   T27]  ? __ia32_sys_getpeername+0x80/0x80
[  553.601433][   T27]  ? get_sigframe_size+0x10/0x10
[  553.606416][   T27]  ? print_irqtrace_events+0x210/0x210
[  553.612269][   T27]  ? exit_to_user_mode_loop+0x39/0x130
[  553.617755][   T27]  exit_to_user_mode_loop+0x97/0x130
[  553.640021][   T27]  exit_to_user_mode_prepare+0xb1/0x140
[  553.645629][   T27]  syscall_exit_to_user_mode+0x5d/0x240
[  553.656834][   T27]  do_syscall_64+0x47/0xb0
[  553.661640][   T27]  ? clear_bhb_loop+0x15/0x70
[  553.666434][   T27]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  553.680188][   T27] RIP: 0033:0x7ff5e557ee8c
[  553.684636][   T27] RSP: 002b:00007fffee7a9730 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  553.699028][   T27] RAX: 0000000000000020 RBX: 00007ff5e6263620 RCX: 00007ff5e557ee8c
[  553.707333][   T27] RDX: 0000000000000020 RSI: 00007ff5e6263670 RDI: 0000000000000003
[  553.715578][   T27] RBP: 0000000000000000 R08: 00007fffee7a9784 R09: 000000000000000c
[  553.733009][   T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  553.748125][   T27] R13: 0000000000000000 R14: 00007ff5e6263670 R15: 0000000000000000
[  553.756511][   T27]  </TASK>
[  553.759595][   T27] INFO: task syz.4.824:7364 blocked for more than 146 seconds.
[  553.767558][   T27]       Not tainted 5.15.167-syzkaller #0
[  553.780109][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  553.788794][   T27] task:syz.4.824       state:D stack:25528 pid: 7364 ppid:  6772 flags:0x00004006
[  553.804790][   T27] Call Trace:
[  553.808096][   T27]  <TASK>
[  553.811462][   T27]  __schedule+0x12c4/0x45b0
[  553.816015][   T27]  ? release_firmware_map_entry+0x190/0x190
[  553.830239][   T27]  ? __mutex_trylock_common+0x8d/0x2e0
[  553.841460][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[  553.846714][   T27]  schedule+0x11b/0x1f0
[  553.851323][   T27]  schedule_preempt_disabled+0xf/0x20
[  553.856815][   T27]  __mutex_lock_common+0xe34/0x25a0
[  553.862452][   T27]  ? hci_conn_hash_flush+0xb8/0x220
[  553.868024][   T27]  ? mutex_lock_io_nested+0x60/0x60
[  553.880168][   T27]  ? kobject_put+0x429/0x460
[  553.884804][   T27]  ? kobject_put+0x422/0x460
[  553.889647][   T27]  ? hci_conn_cleanup+0x4dc/0x670
[  553.901272][   T27]  mutex_lock_nested+0x17/0x20
[  553.906113][   T27]  hci_conn_hash_flush+0xb8/0x220
[  553.911618][   T27]  hci_dev_do_close+0x9f6/0x1070
[  553.916615][   T27]  hci_unregister_dev+0x2d7/0x580
[  553.930183][   T27]  vhci_release+0x73/0xc0
[  553.934554][   T27]  ? vhci_open+0x290/0x290
[  553.943842][   T27]  __fput+0x3fe/0x8e0
[  553.948000][   T27]  task_work_run+0x129/0x1a0
[  553.953283][   T27]  do_exit+0x6a3/0x2480
[  553.957565][   T27]  ? put_task_struct+0x80/0x80
[  553.962837][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  553.968858][   T27]  do_group_exit+0x144/0x310
[  553.985841][   T27]  ? lockdep_hardirqs_on+0x94/0x130
[  553.991416][   T27]  get_signal+0xc66/0x14e0
[  553.996233][   T27]  arch_do_signal_or_restart+0xc3/0x1890
[  554.002364][   T27]  ? print_irqtrace_events+0x210/0x210
[  554.007848][   T27]  ? cpu_online+0x40/0x40
[  554.012615][   T27]  ? get_sigframe_size+0x10/0x10
[  554.017786][   T27]  ? __might_sleep+0xc0/0xc0
[  554.030203][   T27]  ? exit_to_user_mode_loop+0x39/0x130
[  554.035713][   T27]  exit_to_user_mode_loop+0x97/0x130
[  554.047390][   T27]  exit_to_user_mode_prepare+0xb1/0x140
[  554.053319][   T27]  syscall_exit_to_user_mode+0x5d/0x240
[  554.059031][   T27]  do_syscall_64+0x47/0xb0
[  554.063985][   T27]  ? clear_bhb_loop+0x15/0x70
[  554.068689][   T27]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  554.087337][   T27] RIP: 0033:0x7f6171d21c8a
[  554.092123][   T27] RSP: 002b:00007f617019ae50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  554.101232][   T27] RAX: 0000000000000000 RBX: 00007f617019aef0 RCX: 00007f6171d21c8a
[  554.109225][   T27] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  554.117622][   T27] RBP: 0000000020000000 R08: 0000000000000000 R09: 000000000000068e
[  554.137912][   T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000020000080
[  554.146997][   T27] R13: 00007f617019aeb0 R14: 0000000000000694 R15: 00000000200013c0
[  554.155315][   T27]  </TASK>
[  554.158391][   T27] 
[  554.158391][   T27] Showing all locks held in the system:
[  554.166570][   T27] 3 locks held by kworker/0:1/13:
[  554.180094][   T27]  #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.194660][   T27]  #1: ffffc90000d27d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.205765][   T27]  #2: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20
[  554.216541][   T27] 1 lock held by khungtaskd/27:
[  554.230104][   T27]  #0: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  554.239488][   T27] 3 locks held by kworker/u4:2/154:
[  554.249988][   T27]  #0: ffff8880b903a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140
[  554.260363][   T27]  #1: ffff8880b9027848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x53d/0x810
[  554.280075][   T27]  #2: ffff8880b903a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140
[  554.295465][   T27] 4 locks held by kworker/0:3/2989:
[  554.301001][   T27] 2 locks held by getty/3334:
[  554.306053][   T27]  #0: ffff8880297e6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  554.316260][   T27]  #1: ffffc9000248e2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0
[  554.338944][   T27] 4 locks held by kworker/u5:2/3575:
[  554.344629][   T27]  #0: ffff88807d877938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.356156][   T27]  #1: ffffc90002e07d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.367960][   T27]  #2: ffff88807c1a0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50
[  554.390068][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50
[  554.401119][   T27] 4 locks held by kworker/u5:3/3576:
[  554.406815][   T27]  #0: ffff888024047938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.417764][   T27]  #1: ffffc90002e17d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.440065][   T27]  #2: ffff88807da4c078 (&hdev->lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xb0/0x1500
[  554.452325][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xc9a/0x1500
[  554.462975][   T27] 4 locks held by kworker/u5:6/3583:
[  554.468281][   T27]  #0: ffff88807d870938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.490108][   T27]  #1: ffffc90002eb7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.503026][   T27]  #2: ffff88801b3fc078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50
[  554.513720][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50
[  554.537649][   T27] 4 locks held by kworker/u5:8/3585:
[  554.543352][   T27]  #0: ffff8880241d2138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.554758][   T27]  #1: ffffc90002ed7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.566580][   T27]  #2: ffff88807da48078 (&hdev->lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xb0/0x1500
[  554.588980][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xc9a/0x1500
[  554.599695][   T27] 2 locks held by kworker/1:7/3644:
[  554.605149][   T27] 4 locks held by kworker/1:13/3785:
[  554.611049][   T27] 4 locks held by kworker/u4:7/3789:
[  554.616344][   T27]  #0: ffff8880171d5938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.639043][   T27]  #1: ffffc90002da7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.649397][   T27]  #2: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60
[  554.659623][   T27]  #3: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_mc_drop_socket+0x75/0x270
[  554.669277][   T27] 3 locks held by kworker/0:8/3871:
[  554.689915][   T27]  #0: ffff88814ae50138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.707325][   T27]  #1: ffffc900040e7d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.730043][   T27]  #2: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720
[  554.739519][   T27] 2 locks held by kworker/0:11/3874:
[  554.747580][   T27]  #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.758909][   T27]  #1: ffffc90003577d20 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.768912][   T27] 3 locks held by kworker/1:16/4915:
[  554.789874][   T27]  #0: ffff88814ae50138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.802009][   T27]  #1: ffffc90003207d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.814869][   T27]  #2: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720
[  554.836918][   T27] 3 locks held by kworker/1:17/4921:
[  554.842537][   T27]  #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  554.853348][   T27]  #1: ffffc9000139fd20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  554.866406][   T27]  #2: ffff88801f8fd240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2cd/0x4120
[  554.888939][   T27] 3 locks held by syz-executor/5817:
[  554.894580][   T27]  #0: ffff888064774ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  554.904730][   T27]  #1: ffff888064774078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  554.914766][   T27]  #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  554.937518][   T27] 3 locks held by syz-executor/7106:
[  554.943218][   T27]  #0: ffff88801ff3cff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  554.953353][   T27]  #1: ffff88801ff3c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  554.963702][   T27]  #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  554.986102][   T27] 3 locks held by syz.2.826/7359:
[  554.991443][   T27]  #0: ffff88801eeecff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  555.001497][   T27]  #1: ffff88801eeec078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  555.011714][   T27]  #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  555.030023][   T27] 1 lock held by syz.0.823/7361:
[  555.035030][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0
[  555.049602][   T27] 3 locks held by syz.4.824/7364:
[  555.055032][   T27]  #0: ffff88807a15cff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  555.065714][   T27]  #1: ffff88807a15c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  555.088133][   T27]  #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  555.098522][   T27] 3 locks held by syz-executor/7372:
[  555.104074][   T27]  #0: ffff88801f620ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  555.114135][   T27]  #1: ffff88801f620078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  555.136343][   T27]  #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  555.146944][   T27] 1 lock held by syz-executor/7374:
[  555.152409][   T27] 3 locks held by syz-executor/7375:
[  555.157763][   T27]  #0: ffff88801dea8ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  555.168565][   T27]  #1: ffff88801dea8078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  555.189977][   T27]  #2: ffffffff8c924228 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740
[  555.201778][   T27] 3 locks held by syz-executor/7376:
[  555.207164][   T27]  #0: ffff88807d708ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070
[  555.217410][   T27]  #1: ffff88807d708078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070
[  555.239472][   T27]  #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220
[  555.249905][   T27] 1 lock held by syz-executor/7389:
[  555.255113][   T27]  #0: ffffffff8c924228 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740
[  555.266422][   T27] 2 locks held by syz-executor/7402:
[  555.279979][   T27]  #0: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0
[  555.289474][   T27]  #1: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700
[  555.304667][   T27] 2 locks held by syz-executor/7409:
[  555.310274][   T27]  #0: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0
[  555.319715][   T27]  #1: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700
[  555.339310][   T27] 2 locks held by syz-executor/7410:
[  555.348467][   T27]  #0: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0
[  555.358275][   T27]  #1: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700
[  555.368055][   T27] 1 lock held by syz-executor/7415:
[  555.386051][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.395842][   T27] 4 locks held by kworker/u5:1/7416:
[  555.401361][   T27]  #0: ffff88807a1df938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  555.412201][   T27]  #1: ffffc900032a7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  555.436345][   T27]  #2: ffff888073eb0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50
[  555.446670][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50
[  555.457444][   T27] 1 lock held by syz-executor/7428:
[  555.462971][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.479976][   T27] 1 lock held by syz-executor/7436:
[  555.485325][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.500521][   T27] 1 lock held by syz-executor/7437:
[  555.505740][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.515591][   T27] 1 lock held by syz-executor/7443:
[  555.530244][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.544105][   T27] 1 lock held by syz-executor/7444:
[  555.549447][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.559840][   T27] 4 locks held by kworker/u5:5/7445:
[  555.565155][   T27]  #0: ffff88802241e138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  555.589111][   T27]  #1: ffffc900033ffd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  555.600922][   T27]  #2: ffff88807c1a4078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50
[  555.611196][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50
[  555.621949][   T27] 4 locks held by kworker/u5:7/7447:
[  555.627273][   T27]  #0: ffff888074a87138 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  555.650007][   T27]  #1: ffffc90003467d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  555.662352][   T27]  #2: ffff888073e88078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50
[  555.672620][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50
[  555.695977][   T27] 1 lock held by dhcpcd/7449:
[  555.701062][   T27]  #0: ffff888074364120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50
[  555.711110][   T27] 1 lock held by dhcpcd/7450:
[  555.715810][   T27]  #0: ffff888074360120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50
[  555.725897][   T27] 1 lock held by dhcpcd/7451:
[  555.739782][   T27]  #0: ffff8880242e8120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50
[  555.749521][   T27] 1 lock held by dhcpcd/7452:
[  555.767451][   T27]  #0: ffff888024d56120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50
[  555.777539][   T27] 1 lock held by dhcpcd/7453:
[  555.789940][   T27]  #0: ffff8880796cc120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50
[  555.799672][   T27] 1 lock held by dhcpcd/7454:
[  555.810328][   T27]  #0: ffff888078f90120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50
[  555.820357][   T27] 1 lock held by syz-executor/7460:
[  555.825599][   T27]  #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0
[  555.848323][   T27] 4 locks held by kworker/u5:9/7462:
[  555.853970][   T27]  #0: ffff88806629d938 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[  555.876184][   T27]  #1: ffffc900034b7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[  555.900001][   T27]  #2: ffff888073e8c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50
[  555.914190][   T27]  #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50
[  555.925031][   T27] 
[  555.927366][   T27] =============================================
[  555.927366][   T27] 
[  555.948755][   T27] NMI backtrace for cpu 0
[  555.953124][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.167-syzkaller #0
[  555.961122][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  555.971190][   T27] Call Trace:
[  555.974475][   T27]  <TASK>
[  555.977510][   T27]  dump_stack_lvl+0x1e3/0x2d0
[  555.982202][   T27]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  555.987845][   T27]  ? panic+0x860/0x860
[  555.991932][   T27]  ? nmi_cpu_backtrace+0x23b/0x4a0
[  555.997057][   T27]  nmi_cpu_backtrace+0x46a/0x4a0
[  556.002005][   T27]  ? __wake_up_klogd+0xd5/0x100
[  556.006873][   T27]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[  556.013038][   T27]  ? _printk+0xd1/0x120
[  556.017206][   T27]  ? panic+0x860/0x860
[  556.021286][   T27]  ? __wake_up_klogd+0xcc/0x100
[  556.026159][   T27]  ? panic+0x860/0x860
[  556.030242][   T27]  ? __rcu_read_unlock+0x92/0x100
[  556.035278][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  556.041354][   T27]  nmi_trigger_cpumask_backtrace+0x181/0x2a0
[  556.047351][   T27]  watchdog+0xe72/0xeb0
[  556.051529][   T27]  kthread+0x3f6/0x4f0
[  556.055605][   T27]  ? hungtask_pm_notify+0x50/0x50
[  556.060639][   T27]  ? kthread_blkcg+0xd0/0xd0
[  556.065254][   T27]  ret_from_fork+0x1f/0x30
[  556.069721][   T27]  </TASK>
[  556.073137][   T27] Sending NMI from CPU 0 to CPUs 1:
[  556.078360][    C1] NMI backtrace for cpu 1
[  556.078372][    C1] CPU: 1 PID: 3785 Comm: kworker/1:13 Not tainted 5.15.167-syzkaller #0
[  556.078390][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  556.078403][    C1] Workqueue: events_power_efficient gc_worker
[  556.078423][    C1] RIP: 0010:preempt_count_add+0x32/0x180
[  556.078445][    C1] Code: c7 c0 c0 8f 86 96 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 e2 00 00 00 83 3d d0 23 2f 15 00 75 07 <65> 8b 05 cf 03 ab 7e 65 01 1d c8 03 ab 7e 48 c7 c0 c0 8f 86 96 48
[  556.078459][    C1] RSP: 0018:ffffc90000dd0c00 EFLAGS: 00000046
[  556.078472][    C1] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffffffff96868f03
[  556.078484][    C1] RDX: 0000000000010000 RSI: ffffffff8a8cbd20 RDI: 0000000000000001
[  556.078495][    C1] RBP: ffffc90000dd0cb8 R08: ffffffff816f6a9f R09: 0000000000000003
[  556.078507][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000046
[  556.078519][    C1] R13: 1ffff920001ba184 R14: ffffffff96a39fe0 R15: dffffc0000000000
[  556.078532][    C1] FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  556.078546][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  556.078557][    C1] CR2: 0000555578f89808 CR3: 000000000c68e000 CR4: 00000000003506e0
[  556.078573][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  556.078583][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  556.078593][    C1] Call Trace:
[  556.078598][    C1]  <NMI>
[  556.078604][    C1]  ? nmi_cpu_backtrace+0x39f/0x4a0
[  556.078624][    C1]  ? read_lock_is_recursive+0x10/0x10
[  556.078643][    C1]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[  556.078662][    C1]  ? unknown_nmi_error+0xd0/0xd0
[  556.078688][    C1]  ? nmi_cpu_backtrace_handler+0x8/0x10
[  556.078705][    C1]  ? nmi_handle+0xf7/0x370
[  556.078723][    C1]  ? preempt_count_add+0x32/0x180
[  556.078741][    C1]  ? default_do_nmi+0x62/0x150
[  556.078760][    C1]  ? exc_nmi+0xa8/0x100
[  556.078777][    C1]  ? end_repeat_nmi+0x16/0x31
[  556.078796][    C1]  ? __hrtimer_run_queues+0x69f/0xcf0
[  556.078814][    C1]  ? preempt_count_add+0x32/0x180
[  556.078833][    C1]  ? preempt_count_add+0x32/0x180
[  556.078852][    C1]  ? preempt_count_add+0x32/0x180
[  556.078870][    C1]  </NMI>
[  556.078875][    C1]  <IRQ>
[  556.078881][    C1]  _raw_spin_lock_irqsave+0xb6/0x120
[  556.078900][    C1]  ? _raw_spin_lock+0x40/0x40
[  556.078917][    C1]  ? do_raw_spin_unlock+0x137/0x8b0
[  556.078940][    C1]  debug_object_activate+0x63/0x4e0
[  556.078956][    C1]  ? _raw_spin_lock_irqsave+0x120/0x120
[  556.078977][    C1]  enqueue_hrtimer+0x30/0x390
[  556.078995][    C1]  __hrtimer_run_queues+0x6b6/0xcf0
[  556.079021][    C1]  ? hrtimer_interrupt+0x980/0x980
[  556.079043][    C1]  hrtimer_interrupt+0x392/0x980
[  556.079071][    C1]  __sysvec_apic_timer_interrupt+0x139/0x470
[  556.079093][    C1]  sysvec_apic_timer_interrupt+0x8c/0xb0
[  556.079113][    C1]  </IRQ>
[  556.079118][    C1]  <TASK>
[  556.079123][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  556.079143][    C1] RIP: 0010:lock_acquire+0x252/0x4f0
[  556.079165][    C1] Code: 2b 00 74 08 4c 89 f7 e8 0c 75 67 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  556.079179][    C1] RSP: 0018:ffffc900034f7980 EFLAGS: 00000206
[  556.079192][    C1] RAX: 0000000000000001 RBX: 1ffff9200069ef3c RCX: 1ffff9200069eedc
[  556.079204][    C1] RDX: dffffc0000000000 RSI: ffffffff8a8b3da0 RDI: ffffffff8ad904c0
[  556.079217][    C1] RBP: ffffc900034f7ae0 R08: dffffc0000000000 R09: fffffbfff20e2419
[  556.079229][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200069ef38
[  556.079241][    C1] R13: dffffc0000000000 R14: ffffc900034f79e0 R15: 0000000000000246
[  556.079266][    C1]  ? read_lock_is_recursive+0x10/0x10
[  556.079287][    C1]  ? __might_sleep+0xc0/0xc0
[  556.079302][    C1]  ? seqcount_lockdep_reader_access+0x1d3/0x220
[  556.079332][    C1]  rcu_lock_acquire+0x2a/0x30
[  556.079347][    C1]  ? rcu_lock_acquire+0x5/0x30
[  556.079361][    C1]  gc_worker+0x289/0x14b0
[  556.079382][    C1]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  556.079403][    C1]  ? init_conntrack+0x1740/0x1740
[  556.079418][    C1]  ? do_raw_spin_unlock+0x137/0x8b0
[  556.079440][    C1]  process_one_work+0x8a1/0x10c0
[  556.079468][    C1]  ? worker_detach_from_pool+0x260/0x260
[  556.079489][    C1]  ? _raw_spin_lock_irqsave+0x120/0x120
[  556.079508][    C1]  ? kthread_data+0x4e/0xc0
[  556.079524][    C1]  ? wq_worker_running+0x97/0x170
[  556.079542][    C1]  worker_thread+0xaca/0x1280
[  556.079574][    C1]  kthread+0x3f6/0x4f0
[  556.079589][    C1]  ? rcu_lock_release+0x20/0x20
[  556.079606][    C1]  ? kthread_blkcg+0xd0/0xd0
[  556.079622][    C1]  ret_from_fork+0x1f/0x30
[  556.079648][    C1]  </TASK>
[  556.565002][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  556.571880][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.167-syzkaller #0
[  556.579868][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  556.590013][   T27] Call Trace:
[  556.593300][   T27]  <TASK>
[  556.596237][   T27]  dump_stack_lvl+0x1e3/0x2d0
[  556.600930][   T27]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  556.606575][   T27]  ? panic+0x860/0x860
[  556.610667][   T27]  panic+0x318/0x860
[  556.614575][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  556.620226][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[  556.626394][   T27]  ? fb_is_primary_device+0xd0/0xd0
[  556.631611][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  556.637695][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[  556.643864][   T27]  ? nmi_trigger_cpumask_backtrace+0x281/0x2a0
[  556.650034][   T27]  ? nmi_trigger_cpumask_backtrace+0x286/0x2a0
[  556.656326][   T27]  watchdog+0xeb0/0xeb0
[  556.660505][   T27]  kthread+0x3f6/0x4f0
[  556.664584][   T27]  ? hungtask_pm_notify+0x50/0x50
[  556.669619][   T27]  ? kthread_blkcg+0xd0/0xd0
[  556.674221][   T27]  ret_from_fork+0x1f/0x30
[  556.678688][   T27]  </TASK>
[  557.825305][   T27] Shutting down cpus with NMI
[  557.830454][   T27] Kernel Offset: disabled
[  557.834790][   T27] Rebooting in 86400 seconds..