last executing test programs:

1m24.268005031s ago: executing program 3 (id=101):
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000440)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
r3 = dup3(r0, r1, 0x0)
ioctl$MON_IOCG_STATS(r3, 0xc0109207, &(0x7f00000001c0))

1m24.13166936s ago: executing program 3 (id=102):
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140, 0x0)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
close(r1)
mount$bind(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x50009405, &(0x7f0000000180))

1m23.96971796s ago: executing program 3 (id=103):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f0000000040))

1m22.850077655s ago: executing program 3 (id=110):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x300001a, &(0x7f0000000800)=ANY=[], 0xd, 0x2ad, &(0x7f0000001100)="$eJzs3U9rI2UYAPBn8q+jIgniRREc0IOnsvXqpVFWEHtSIqgHDe4uSBIWdiFgBeOe+gk8+j38CF68+A0Er4K39lAZmcxMk9KkLTWm0P39Tg/vO8/7Ppl32pzyzNdvTEYPHifx7PiPSNMkGvuxHydJ9KIRtR+jFQDA3XGS5/F3fpPMVmPz1QAA21B+/5duuxYAYDs+/fyLj/sHB/c/ybI0XuseTQdJREyOpoNyvv8ovo1xPIx70Y3TiPxMGX/40cH9aGWFXrw9mU0HRebkq9+q9ft/Rczz96IbvdX5e1lpKX82HbTjxcii/6hdl9qNV1fnv7siPwadeOetpfp3oxu/fxOPYxwPoshd5P+wl2Uf5D8df/9lsU2RnzRisDO/biFvbvNcAAAAAAAAAAAAAAAAAAAAAAC423azLCnb98z79xRDVf+d5ul8fjer9c735ynzk3qhsj9QHlWLnlkeP9f9de5lWZZXF04HnSqhFa+3vFgAAAAAAAAAAAAAAAAAAAAACk+/OxwNx+OHTzYS1N0A6p/133Sd/aWRN+NwNGyuX3Dn2nu9vNxtoKj10jKi1YoN3ZargheKeja+8s7icD+LMqgPZqN7vfJ+uejhaJhVU/VNHg2Tq/ZK64P7ZTGVRsR/LSyfPxKneTnSLh/1SM9KPZ/V2dDd6Ly0cuqfPM/PRooa1q7z3p/lGS3/NV3z2WhXwcoPWATpxbP4df2Csa45R3MD/3YAAAAAAAAAAAAAAAAAAIAVFj/6XTH57NLUxv9WFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABs2eL9/3WQRsT5kQvBrEq+7Joq6MSTp7f8EQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgO/BsAAP//tI1Hsg==")
open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f00000001c0)='./bus\x00', 0x60200, 0x20)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b900000000fffffffff2060000000000000200"})
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

1m22.391929373s ago: executing program 3 (id=115):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001700)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0xb, 0xfff1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x0, 0x8}}]}}]}, 0x48}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8}]}}]}, 0x38}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m21.772170181s ago: executing program 3 (id=118):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pwritev(r2, &(0x7f0000000580)=[{0x0}], 0x1, 0x9, 0x200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m21.333052789s ago: executing program 32 (id=118):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pwritev(r2, &(0x7f0000000580)=[{0x0}], 0x1, 0x9, 0x200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m2.898242065s ago: executing program 5 (id=119):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x402, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==")
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b)
rmdir(&(0x7f0000000180)='./file0/../file0\x00')

1m2.445845422s ago: executing program 5 (id=210):
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x40000000)

1m1.967937191s ago: executing program 5 (id=214):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

1m1.456786099s ago: executing program 33 (id=214):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

53.087969135s ago: executing program 2 (id=265):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8401"], 0x184}}, 0x0)
r0 = socket(0x200000100000011, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4)
sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="34000000020000010000000000000000d96e6c8d5e85080045f00d80724e11d569116e3a1ce41e2a560254ea0043"], 0x34}, {&(0x7f00000005c0)=ANY=[], 0x100}], 0x2}, 0x0)

52.847437774s ago: executing program 2 (id=266):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000400)="3f4e55f1", 0x4)
sendto$unix(r2, &(0x7f0000000080), 0xffffff9d, 0x0, 0x0, 0x0)

52.276338842s ago: executing program 2 (id=268):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3804402, &(0x7f0000000440)={[{@user_xattr}, {@noload}, {@resuid}, {@errors_remount}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@stripe={'stripe', 0x3d, 0x8}}, {@noinit_itable}, {@nomblk_io_submit}, {@nodioread_nolock}, {@nogrpid}]}, 0x1, 0x54f, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00')
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x0, &(0x7f0000000540)={[{@journal_checksum}, {@discard}, {@nomblk_io_submit}, {@init_itable_val}, {@commit={'commit', 0x3d, 0x5e}}, {@noblock_validity}, {@nodiscard}, {@sysvgroups}]}, 0x1, 0x263, &(0x7f0000000600)="$eJzs3T+IHGUYBvBnZmcTN1kkaiMIKoiIHhyxE2zWRiEgRxARVIiI2CiJEBPscp2NhdYqqWyCpDNaSiyCjSJYRU1xNoIeCh4WWqzsn4O7vVXvbm935Ob3g92Zuftm3neYeb6phg3QWCeS9JK0kiwlaScptg64f/Q5Md683LlxJun3n/m1GI4bbY9s7nc8yWqSx5JcL4u8ViUXr72w9sfNpx5650L7wY+uPd9Z6EmOra/denrjw5W3Pzn16MWvv/15pUgv3W3ndfCKKX+riuTOeRT7nyiqujtgN06/dfW7Qe7vSvLAMP/tlBldvHfPH7neziMf/NO+7/3yzT2L7BU4eP1+e/AMXO0DjVMm6aYol5OM1sv25tzwfetY+fq5828uvXruwtlX6p2ngIPTTW49+dnRT49P5P+nVlkuL9fdHTBPg/w/e/rKD4P1jVbd3QCLNMj/0kuXHo78Q+PIPxwOK/vYp9uTf2gqz384ZHq7Hyr/0FzyD80l/9Bc/5b/L2rqCVgMz39ort3l/8hCewIWY2v+AYBm6R+t+w1koC51zz8AAAAAAAAAAAAAAAAAAMBOlzs3zmx+5l+tGH5/+X6y/kSSqphSvzX8PeLktuH3sd+LVBNHqPZadnX75ov37f8Mpvptb8M/rvnt69t/rLf+V/fOuUBrYjnh0tlcHa6crKqd918xvv/2747/+H/75RkLzOjx5+qt/9eVGotXyambyeeD+efk1vmvMx5Q5u7hcvr80x1cvxlbeOPPGQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwvwdAAD//yidbmk=")
mount$bind(&(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)='./file1\x00', 0x0, 0x3002, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file1\x00', 0x80b0, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0)
sendfile(r1, r0, 0x0, 0x8000000d)

51.536128319s ago: executing program 2 (id=276):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x2800488, &(0x7f0000000100), 0x5, 0x75b, &(0x7f0000000800)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnr2R7159cdV/wsP0lI1LVY8SGQ2s+m22U03aZJF9/OB1743M5s333kz897uDDMB9KzR9J9cxOGI+DCJGM6mJxExUM/1R5xcW+72ynIxTUmsrr7+e1Jf5tbKcjGaPpM6mBUej4gf3os4kttYb3VxaaZQLpfms/J4bfbCeHVx6ej52cJ0abo0d3xicvLYiedOHN+5QP/8eenQ9Y9eefrrk3+/+9jVD35M4mQcymY3x7FTRmM02yYD6Sa8y8s7XVmXJd1eAbYlPTT71o7yOBzD0VfPAQD/Z29HxCoA0GMS/T8A9JjG7wC3VpaLjdTdXyT21o2XImL/WvyN65trc/qza3b769dBh24ld10ZSSJiZAfqH42Iz79988s0xS5dhwRo5Z3LEXF2ZHTj+T/ZcM/CVj3TwTKj95Sd/2DvfJeOf55vNf7LrY9/osX4Z7DFsbsd9z/+c9d2oJq20vHfi033tt1uij8z0peVHqqP+QaSc+fLpfTc9nBEjMXAYFqe2KSOsZv/3Gw3r3n898fHb32R1p/+f2eJ3LX+wbs/M1WoFR4k5mY3Lkc80d8q/mS9/ZM249/THdbx6gvvf9ZuXhp/Gm8jbYx/d61eiXiqZfvfuaMt2fT+xPH67jDe2Cla+OaXT4fa1d/c/mlK6298F9gLafsPbR7/SNJ8v2Z163X8dGX4+3bz7h9/6/1/X/JGPb8vm3apUKvNT0TsS17bOP3Ync9m5QORLZ/GP/Zk6+N/s/0//U54tsP4+6//9tX2499dafxTW2r/rWeu3p7pa1d/Z+0/Wc+NZVM6Of91uoIPsu0AAAAAAAAAAAAAAAAAAAAAAAAAoFO5iDgUSS6/ns/l8vm1d3g/GkO5cqVaO3KusjA3FfV3ZY/EQK7xqMvhpuehTmTPw2+Uj91TfjYiHomITwYP1Mv5YqU81e3gAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBzsM37/1O/DnZ77QCAXbO/2ysAAOw5/T8A9B79PwD0Hv0/APQe/T8A9B79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvs9KlTaVr9a2W5mJanLi4uzFQuHp0qVWfyswvFfLEyfyE/XalMl0v5YmX2fn+vXKlcmIy5hUvjtVK1Nl5dXDozW1mYq505P1uYLp0pDexJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwNdXFpZlCuVyal5GRkVnPdPvMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDf8G8AAAD//7WFKeA=")
open(&(0x7f0000000340)='./bus\x00', 0x142342, 0x2)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x468, &(0x7f00000004c0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
chdir(&(0x7f00000000c0)='./file0\x00')

50.543785515s ago: executing program 2 (id=281):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fsync(r0)

50.543048925s ago: executing program 4 (id=282):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r2, r1, 0x26, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20)
recvmsg(r0, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x2111)

50.279935523s ago: executing program 4 (id=283):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004004}, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b00)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000b80)=@newtfilter={0x5c, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x7f, 0x1, 0x6}, {0x7fff, 0x2, 0x9a, 0x0, 0xe, 0x0, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}]}]}}]}, 0x5c}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

50.063850123s ago: executing program 4 (id=284):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xf000, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_ACT={0x4}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008020}, 0x0)

49.973329193s ago: executing program 2 (id=285):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfff1, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x44}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

49.31810633s ago: executing program 34 (id=285):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfff1, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x44}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

49.069651039s ago: executing program 4 (id=288):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x400e, &(0x7f0000000280)={[{@i_version}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@acl}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000440)='./file0\x00', &(0x7f00000003c0)='./file0/../file0/../file0/../file0\x00')

48.316438116s ago: executing program 4 (id=289):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000000), &(0x7f0000000100)=@udp=r1}, 0x20)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000011c0)={r0, &(0x7f00000001c0)="4addc387a7c74b6eb343d78806a9bfcf0b31766b6dc27b90a63d8bd24db093e86208", &(0x7f0000000000)=@udp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r0, &(0x7f0000000040)="4addc387a7c74b6eb343d78806a9bfcf0b31766b6dc27b90a63d8bd24db093e86208", &(0x7f0000000000)=@udp}, 0x20)

46.596288439s ago: executing program 4 (id=295):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x10, 0x6, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

46.320095708s ago: executing program 35 (id=295):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x10, 0x6, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

6.653756547s ago: executing program 1 (id=476):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r0, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000026c0)={&(0x7f0000002680)="cdf5083070ea05552d", 0x9}}, 0x0)
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0)

5.562247593s ago: executing program 1 (id=484):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xe, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="0f79fa660f1049ef66b9790a00000f32ba4100b009eef30fa7e866b9080900000f32f30f1efb66b8189f00000f23c00f21f86635030009000f23f8bad004ec2e0f0d977147", 0x45}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.211874641s ago: executing program 6 (id=487):
r0 = socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$unix(0x1, 0x1, 0x0)
sendmsg$unix(r2, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2], 0x18}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x45, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="54000000000000000000000400001b00000000010000000100010001000000010000000700000007442cc05000000000000000010000ee06000000080000000100000e4a000000200065000300000005000000080000000030000000000000000100000001"], 0x88}, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)

5.179977941s ago: executing program 1 (id=488):
r0 = socket(0x11, 0x3, 0x0)
socket$packet(0x11, 0xa, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

4.86322004s ago: executing program 6 (id=492):
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000010000000000000000000000000000000000000000000000002dd6b05595d5cefa4d35a0ba26f1197511fe9dca012c2f37b20b04ac7dc2d190ce96ea3c91705e2e2fc280ded328f8b091c6a2477d90ab3fc7edf1b2d412fe24db16446a4cd8e2571e63dc20047814737f33cedc0359bc193fbd2131d4832ffea9d794b40dc638814d8c23ac540704d5a0fb89a6136ed23217f7d232e585efeb27306179560d2dd87f1781e89c15d0b9c0dff62092ddaf6b7bd3df3aed43"], 0x48)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=0000000000000'])
syz_emit_ethernet(0x38, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000000180c200000008004900002a004000000000907800000000ffffffff000000000100081d8d"], 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

4.770708489s ago: executing program 7 (id=493):
unshare(0x4000400)
r0 = syz_open_dev$usbfs(0x0, 0x76, 0x101301)
ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

4.622362049s ago: executing program 1 (id=494):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x6, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x31)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000007f000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000900)='mm_page_alloc\x00', r1}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
sendfile(r2, r3, 0x0, 0x40000000000006)

4.471381609s ago: executing program 7 (id=496):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = creat(&(0x7f0000000440)='./file1\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000f800000015000000fb"], 0x39400)

4.306819298s ago: executing program 6 (id=498):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x3}}, 0x10)
bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x3}}, 0x10)
bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x1}, 0x10)
sendmsg$tipc(r0, &(0x7f00000010c0)={&(0x7f0000000540)=@name={0x1e, 0x2, 0x1, {{0x0, 0x1}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4008085}, 0x800)

4.265976938s ago: executing program 1 (id=499):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r2, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40)

4.200660827s ago: executing program 0 (id=500):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10)
syz_usb_control_io$hid(r0, 0x0, 0x0)
finit_module(0xffffffffffffffff, 0x0, 0x1)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x6500)

4.186359647s ago: executing program 7 (id=501):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000440)={{0x12, 0x1, 0x1, 0x91, 0x47, 0xf1, 0x40, 0x1d50, 0x60a1, 0x263d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb7, 0x0, 0x0, 0x83, 0xa7, 0xf7}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f00000001c0)={0x40, 0x7}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000100)={0x40, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f000001fd00)={0x2c, &(0x7f000001fb00)={0x40, 0x15}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000c00)={0x84, &(0x7f00000007c0)={0x0, 0x35}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000020000)={0x44, &(0x7f000001fe00)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.012302486s ago: executing program 6 (id=503):
setgid(0xee00)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000000)='map_files\x00')
getdents(r2, 0x0, 0x0)

3.803942916s ago: executing program 1 (id=505):
r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0)
close(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r2 = dup(r1)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0), 0x6df8}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x200400, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3.747315596s ago: executing program 6 (id=506):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f00000003c0)={[{@barrier}, {@autodefrag}, {@ref_verify}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@noenospc_debug}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
chdir(&(0x7f0000000140)='./file0\x00')
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000))
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x40, 0x40)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
getdents(r0, &(0x7f0000001fc0)=""/176, 0xb0)
getdents(r0, 0x0, 0x0)

2.029916499s ago: executing program 0 (id=513):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f00000001c0)={0xa8, 0x0, 0x1})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0, &(0x7f00007a4000/0x4000)=nil})

1.563548257s ago: executing program 6 (id=514):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000300000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffe00}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

1.519683207s ago: executing program 8 (id=515):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
dup(r0)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="5300000007000046009d40edce68510449b8a5038a1274120101"], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

1.385716016s ago: executing program 7 (id=516):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f0000000040)={0x1d, r2}, 0x10)
bind$can_raw(r1, &(0x7f0000000480), 0x10)

1.356104116s ago: executing program 0 (id=517):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
write(r1, &(0x7f00000007c0)="0c6e301fe9439ffa8f93fae3382330b64ccd364f36e8f745de235ff7c689b9a4c2095a2f1e23589d346b1f729bbd9565a19f716c4c72d7f5f7863fd4acf51860f9e7905f83f0657b832e63f64fe076127bd74c2e1bd041786c7cbeaff808aa635febbc5a98c61c", 0x67)

1.160060605s ago: executing program 8 (id=518):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x25c, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.069212005s ago: executing program 7 (id=520):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001b"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r0}, &(0x7f0000001c00), &(0x7f0000001c40)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

966.977534ms ago: executing program 0 (id=521):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x42)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x88700a, 0x0)
umount2(&(0x7f0000000180)='./file0/file0/file0\x00', 0xb)

747.896203ms ago: executing program 8 (id=522):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x9362, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)

640.288903ms ago: executing program 8 (id=523):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000600)='2', 0x1}], 0x1}, 0x8400)
r1 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$kcm(r1, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @empty}, 0x80, 0x0}, 0x8400)
sendmsg$inet(r1, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x0, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="9d", 0x1}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x0, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f00000000c0)="9d", 0x1}], 0x1}, 0x0)

570.854573ms ago: executing program 0 (id=524):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r2], 0x48}}, 0x0)

566.279493ms ago: executing program 7 (id=525):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0xdb42)
sendfile(r0, r1, 0x0, 0x8000002b)

379.108802ms ago: executing program 8 (id=526):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
sendmsg$tipc(r0, &(0x7f0000001880)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x40}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x40001)

126.681991ms ago: executing program 8 (id=527):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000d40), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='\b', 0x1, 0x0, 0x0, 0x0)
sendfile(r1, r0, &(0x7f0000000240)=0x100, 0x2a)

0s ago: executing program 0 (id=528):
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000)

kernel console output (not intermixed with test programs):

devsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.404053][ T4252] device veth0_macvtap entered promiscuous mode
[   85.421768][ T4252] device veth1_macvtap entered promiscuous mode
[   85.443444][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   85.453992][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   85.455281][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.466404][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   85.477489][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.510118][ T4247] device veth1_vlan entered promiscuous mode
[   85.527193][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   85.542095][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   85.554734][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.604963][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.617678][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.629975][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.641329][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.654321][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.665996][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.678762][ T4252] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.720941][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   85.730045][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.743050][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   85.776729][ T4310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.777393][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.792526][ T4310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.812433][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.823037][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.835737][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.847460][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.859675][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.869888][ T4252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.880773][ T4252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.892411][ T4252] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.902227][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.911665][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   85.920777][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   85.930455][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   85.974147][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   85.994145][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.024947][ T4252] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.034610][ T4252] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.044556][ T4252] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.054549][ T4252] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.068093][ T4247] device veth0_macvtap entered promiscuous mode
[   86.083526][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   86.086066][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.107616][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.137999][ T4305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.140948][ T4247] device veth1_macvtap entered promiscuous mode
[   86.167915][ T4305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.191609][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   86.264569][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.282438][ T4311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.298266][ T4311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.314200][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.328844][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.339964][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.350872][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.361143][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.372138][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.382897][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.393746][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.422045][ T4247] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.442611][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.451594][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   86.472444][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.498412][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.527598][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.565381][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.587277][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.597870][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.610148][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.620669][ T4265] Bluetooth: hci2: command 0x0419 tx timeout
[   86.627361][ T4247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.638355][ T4247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.650173][ T4247] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.676453][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   86.695681][ T4265] Bluetooth: hci4: command 0x0419 tx timeout
[   86.701777][ T4265] Bluetooth: hci0: command 0x0419 tx timeout
[   86.703037][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.708744][ T4265] Bluetooth: hci3: command 0x0419 tx timeout
[   86.717492][ T4268] Bluetooth: hci1: command 0x0419 tx timeout
[   86.733845][ T4247] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.752796][ T4247] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.761679][ T4247] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.776822][ T4247] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.778361][  T125] cfg80211: failed to load regulatory.db
[   86.820518][ T4311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.844118][ T4311] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.932422][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   86.937748][ T4305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.978012][ T4305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.030599][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   87.128878][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.141159][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.181977][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   87.321266][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.370707][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.397489][ T4305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   88.098625][ T4360] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   88.315501][   T22] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   88.525987][   T22] usb 3-1: unable to get BOS descriptor or descriptor too short
[   88.577625][   T22] usb 3-1: unable to read config index 0 descriptor/start: -71
[   88.591802][   T22] usb 3-1: can't read configurations, error -71
[   89.551850][ T4268] Bluetooth: hci3: Ignoring connect complete event for invalid link type
[   90.168147][ T4464] binder: 4456:4464 ioctl 4018620d 0 returned -22
[   90.312062][ T4464] binder: 4456:4464 ioctl c0306201 0 returned -14
[   91.495776][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   91.515582][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   91.524041][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   91.556861][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   92.834982][ T4297] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   93.135455][ T4297] usb 1-1: Using ep0 maxpacket: 8
[   93.163067][ T4297] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   93.205208][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   93.232150][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   93.241911][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   93.252108][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[   93.262320][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[   93.272538][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[   93.286566][ T4297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.364567][ T4297] usb 1-1: Product: syz
[   93.370672][ T4297] usb 1-1: Manufacturer: syz
[   93.385776][ T4297] usb 1-1: SerialNumber: syz
[   93.431303][ T4297] usb 1-1: config 0 descriptor??
[   93.644282][ T4573] ubi0: attaching mtd0
[   93.655364][ T4573] ubi0 error: ubi_attach_mtd_dev: bad VID header (32) or data offsets (96)
[   93.655732][ T4297] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   94.178032][ T4583] loop1: detected capacity change from 0 to 512
[   94.289674][ T4583] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   94.330561][ T4583] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.482479][ T4297] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32
[   94.523827][ T4297] usb 1-1: USB disconnect, device number 2
[   94.602737][ T4596] loop4: detected capacity change from 0 to 1024
[   94.616501][ T4596] EXT4-fs: Ignoring removed i_version option
[   94.626016][ T4596] EXT4-fs: inline encryption not supported
[   94.647819][ T4258] EXT4-fs (loop1): unmounting filesystem.
[   94.686879][ T4596] EXT4-fs (loop4): Test dummy encryption mode enabled
[   94.785103][ T4596] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   94.867831][ T4601] loop3: detected capacity change from 0 to 2048
[   94.949188][ T4601] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   94.977059][ T4604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.57'.
[   95.384574][ T4596] fscrypt (loop4): Error allocating 'xts(aes)' transform: -4
[   95.402388][ T4605] fscrypt (loop4): Error allocating 'xts(aes)' transform: -4
[   95.429623][ T4617] loop0: detected capacity change from 0 to 1024
[   95.451623][ T4617] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   95.515410][ T4617] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[   95.543185][ T4252] EXT4-fs (loop4): unmounting filesystem.
[   95.557348][ T4617] EXT4-fs (loop0): external journal device major/minor numbers have changed
[   95.616755][ T4617] EXT4-fs (loop0): filesystem has both journal inode and journal device!
[   95.788415][ T4660] loop3: detected capacity change from 0 to 256
[   95.851485][ T4617] 9pnet: p9_errstr2errno: server reported unknown error el/debug/binder/transactions
[   95.876139][ T4660] exfat: Unknown parameter 'a<�_�<"}�RR��(z]93�6�0���@�ؔt�B疀3��t�������];7]���-׸�"W�.�l�����i��)h�W.*�p{�G��-�Z��m�Ӈ>�G�qy��^%?HH]�����B/{��oW��p�8'
[   95.978307][ T4659] loop4: detected capacity change from 0 to 1024
[   96.453221][ T4659] hfsplus: xattr searching failed
[   96.480756][   T26] audit: type=1800 audit(1734358671.150:2): pid=4659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.62" name="file0" dev="loop4" ino=3 res=0 errno=0
[   96.558888][ T4659] hfsplus: xattr search failed
[   96.958499][ T4683] netlink: 'syz.0.70': attribute type 4 has an invalid length.
[   97.042277][ T4687] netlink: 'syz.0.70': attribute type 4 has an invalid length.
[   97.175486][ T4335] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   97.274161][ T4696] 9pnet: p9_errstr2errno: server reported unknown error �@b�骩�
[   97.365479][ T4335] usb 5-1: Using ep0 maxpacket: 8
[   97.386712][ T4335] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[   97.410152][ T4335] usb 5-1: config 179 has no interface number 0
[   97.422133][ T4335] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.433944][ T4335] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   97.446335][ T4335] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   97.459007][ T4335] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   97.472986][ T4335] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   97.492517][ T4335] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   97.521015][ T4335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.561945][ T4681] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   97.837835][ T4335] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input5
[   98.037610][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   98.046029][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   98.055049][    C1] vkms_vblank_simulate: vblank timer overrun
[   98.071993][ T4335] usb 5-1: USB disconnect, device number 2
[   98.089221][ T4335] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[   98.243292][ T4719] Zero length message leads to an empty skb
[   99.185665][ T4764] loop1: detected capacity change from 0 to 512
[   99.234307][ T4764] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal
[   99.490554][ T4773] loop0: detected capacity change from 0 to 64
[   99.541507][ T4773] =======================================================
[   99.541507][ T4773] WARNING: The mand mount option has been deprecated and
[   99.541507][ T4773]          and is ignored by this kernel. Remove the mand
[   99.541507][ T4773]          option from the mount to silence this warning.
[   99.541507][ T4773] =======================================================
[   99.576498][    C1] vkms_vblank_simulate: vblank timer overrun
[  100.085465][  T125] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  100.299134][  T125] usb 2-1: Using ep0 maxpacket: 16
[  100.319571][  T125] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.351476][  T125] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.370759][  T125] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00
[  100.391467][  T125] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.402700][  T125] usb 2-1: config 0 descriptor??
[  100.889862][  T125] input: HID 28bd:0935 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0935.0001/input/input6
[  101.032975][  T125] uclogic 0003:28BD:0935.0001: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.1-1/input0
[  101.106650][  T125] usb 2-1: USB disconnect, device number 2
[  101.402661][ T4830] loop3: detected capacity change from 0 to 256
[  101.487525][ T4832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.111'.
[  101.545250][ T4297] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  101.635408][ T4830] loop3: detected capacity change from 256 to 0
[  101.717879][ T4836] loop0: detected capacity change from 0 to 512
[  101.724995][ T4836] EXT4-fs: Ignoring removed oldalloc option
[  101.736906][    C1] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  101.741276][ T4297] usb 5-1: Using ep0 maxpacket: 16
[  101.752516][ T4836] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  101.755116][ T4253] FAT-fs (loop3): Directory bread(block 3) failed
[  101.792498][ T4836] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 11. Delete some EAs or run e2fsck.
[  101.807413][ T4836] EXT4-fs (loop0): 1 truncate cleaned up
[  101.813112][ T4836] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  101.824100][ T4297] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  101.837437][   T26] audit: type=1800 audit(1734358676.510:3): pid=4836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.113" name="file1" dev="loop0" ino=15 res=0 errno=0
[  101.860945][ T4297] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  101.901591][ T4297] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  101.915579][ T4297] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  101.933069][ T4297] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.941673][ T4297] usb 5-1: Product: syz
[  101.953025][ T4297] usb 5-1: Manufacturer: syz
[  101.957862][ T4297] usb 5-1: SerialNumber: syz
[  101.963421][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  101.973883][ T4253] FAT-fs (loop3): unable to read boot sector to mark fs as dirty
[  102.183234][ T4247] EXT4-fs (loop0): unmounting filesystem.
[  102.389966][ T4297] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[  102.493609][ T4469] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.647904][ T4469] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.823938][ T4469] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.923410][ T4469] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.951417][ T4859] loop2: detected capacity change from 0 to 1024
[  102.991206][ T4860] loop1: detected capacity change from 0 to 512
[  103.002466][ T4859] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  103.091159][ T4860] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  103.113065][ T4860] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.391978][ T4258] EXT4-fs (loop1): unmounting filesystem.
[  103.590710][ T4297] usb 5-1: USB disconnect, device number 3
[  103.903001][ T4267] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  103.917687][ T4267] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  103.927440][ T4267] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  103.945913][ T4267] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  103.954639][ T4267] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  103.964638][ T4267] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  104.334944][ T4882] netlink: 'syz.2.126': attribute type 2 has an invalid length.
[  104.345428][ T4882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.126'.
[  105.055074][ T4871] chnl_net:caif_netlink_parms(): no params data found
[  105.991769][ T4871] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.037032][ T4871] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.055495][ T4871] device bridge_slave_0 entered promiscuous mode
[  106.055647][ T4265] Bluetooth: hci3: command 0x0409 tx timeout
[  106.204195][ T4469] device hsr_slave_0 left promiscuous mode
[  106.218484][ T4469] device hsr_slave_1 left promiscuous mode
[  106.240496][ T4469] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.268593][ T4469] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.308596][ T4469] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.322683][ T4469] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.347646][ T4469] device bridge_slave_1 left promiscuous mode
[  106.371521][ T4469] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.423456][ T4469] device bridge_slave_0 left promiscuous mode
[  106.439025][ T4469] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.552802][ T4469] device veth1_macvtap left promiscuous mode
[  106.563486][ T4469] device veth0_macvtap left promiscuous mode
[  106.578194][ T4469] device veth1_vlan left promiscuous mode
[  106.584697][ T4469] device veth0_vlan left promiscuous mode
[  106.765967][ T4941] loop2: detected capacity change from 0 to 32768
[  106.812309][ T4941] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.140 (4941)
[  106.917324][ T4941] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  106.954775][ T4941] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  107.005029][ T4941] BTRFS info (device loop2): using free space tree
[  107.346164][ T4941] BTRFS info (device loop2): enabling ssd optimizations
[  107.553393][ T4992] loop4: detected capacity change from 0 to 128
[  107.766011][ T4251] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  108.135296][ T4265] Bluetooth: hci3: command 0x041b tx timeout
[  108.275298][ T5004] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  108.465226][ T5004] usb 5-1: Using ep0 maxpacket: 16
[  108.473704][ T5004] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  108.493076][ T5004] usb 5-1: config 0 has no interface number 0
[  108.510621][ T5004] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  108.532846][ T5004] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  108.544494][ T5004] usb 5-1: config 0 interface 41 has no altsetting 0
[  108.561872][ T5004] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  108.573253][ T5004] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.582018][ T5004] usb 5-1: Product: syz
[  108.586736][ T5004] usb 5-1: Manufacturer: syz
[  108.591493][ T5004] usb 5-1: SerialNumber: syz
[  108.608784][ T5004] usb 5-1: config 0 descriptor??
[  108.616555][ T5001] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  108.624356][ T5001] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  108.673875][ T4469] team0 (unregistering): Port device team_slave_1 removed
[  108.728607][ T4469] team0 (unregistering): Port device team_slave_0 removed
[  108.803430][ T4469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.853732][ T5001] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  108.874943][ T4469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.880001][ T5001] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  109.507835][ T4469] bond0 (unregistering): Released all slaves
[  109.539489][ T5004] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  109.590472][ T4871] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.597738][ T4871] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.606121][ T4871] device bridge_slave_1 entered promiscuous mode
[  109.845727][ T4871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.915914][ T4871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.957995][ T5004] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  109.982284][ T5004] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  110.023177][ T5004] CoreChips: probe of 5-1:0.41 failed with error -71
[  110.059365][ T5004] usb 5-1: USB disconnect, device number 4
[  110.140157][ T4871] team0: Port device team_slave_0 added
[  110.225474][ T4265] Bluetooth: hci3: command 0x040f tx timeout
[  110.273717][ T4871] team0: Port device team_slave_1 added
[  110.290555][ T4297] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  110.487358][ T4297] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  110.513842][ T4297] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  110.565656][ T4297] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  110.574776][ T4297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.610191][ T4297] usb 2-1: Product: syz
[  110.614503][ T4297] usb 2-1: Manufacturer: syz
[  110.639538][ T4297] usb 2-1: SerialNumber: syz
[  110.685070][ T5027] loop2: detected capacity change from 0 to 40427
[  110.738822][ T5027] F2FS-fs (loop2): invalid crc value
[  110.793462][ T5027] F2FS-fs (loop2): Found nat_bits in checkpoint
[  110.876860][ T4297] usb 2-1: 0:2 : does not exist
[  110.887773][ T4297] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  110.906887][ T5027] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  110.941366][ T5027] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  111.003046][ T4297] usb 2-1: USB disconnect, device number 3
[  111.263820][ T4375] udevd[4375]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  111.266082][ T4251] syz-executor: attempt to access beyond end of device
[  111.266082][ T4251] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  111.683643][ T5055] loop1: detected capacity change from 0 to 8192
[  111.711792][ T5055] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  111.734952][ T5055] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  111.747540][ T5055] REISERFS (device loop1): using ordered data mode
[  111.754135][ T5055] reiserfs: using flush barriers
[  111.763258][ T5055] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  111.789263][ T5055] REISERFS (device loop1): checking transaction log (loop1)
[  111.945638][ T5058] loop2: detected capacity change from 0 to 128
[  111.965621][ T5055] REISERFS (device loop1): Using tea hash to sort names
[  112.005075][ T5055] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  112.022084][   T26] audit: type=1800 audit(1734358686.690:4): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.163" name="bus" dev="loop2" ino=1048597 res=0 errno=0
[  112.151885][ T5059] syz.2.163: attempt to access beyond end of device
[  112.151885][ T5059] loop2: rw=2049, sector=1017, nr_sectors = 24 limit=128
[  112.297067][ T4265] Bluetooth: hci3: command 0x0419 tx timeout
[  112.746546][ T5004] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  112.948980][ T5004] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  112.965290][ T5004] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.984318][ T5004] usb 3-1: config 0 descriptor??
[  113.020384][ T5004] cp210x 3-1:0.0: cp210x converter detected
[  113.418449][ T5004] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  113.535411][ T5004] usb 3-1: cp210x converter now attached to ttyUSB0
[  113.652707][ T5004] usb 3-1: USB disconnect, device number 4
[  113.725954][ T5004] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  113.781452][ T5004] cp210x 3-1:0.0: device disconnected
[  114.029135][   T14] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  114.169902][ T4871] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.179693][ T4871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.219401][   T14] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  114.230906][ T4871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.257622][   T14] usb 2-1: New USB device strings: Mfr=223, Product=2, SerialNumber=3
[  114.285346][   T14] usb 2-1: Product: syz
[  114.290381][   T14] usb 2-1: Manufacturer: syz
[  114.295025][   T14] usb 2-1: SerialNumber: syz
[  114.361483][ T4871] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.367623][   T14] usb 2-1: config 0 descriptor??
[  114.379413][ T4871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.410800][   T14] ch341 2-1:0.0: ch341-uart converter detected
[  114.460722][ T4871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.603260][ T5085] loop4: detected capacity change from 0 to 4096
[  114.701419][ T4871] device hsr_slave_0 entered promiscuous mode
[  114.747649][ T4871] device hsr_slave_1 entered promiscuous mode
[  114.776550][ T4871] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.784177][ T4871] Cannot create hsr debugfs directory
[  114.825233][ T5090] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  115.378464][ T5104] loop4: detected capacity change from 0 to 2048
[  115.436239][ T5104] EXT4-fs: Ignoring removed mblk_io_submit option
[  115.522456][ T5104] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  115.578025][ T4871] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  115.594582][   T14] usb 2-1: ch341-uart converter now attached to ttyUSB0
[  115.636566][ T4871] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  115.669447][ T4871] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  115.696831][ T4871] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  115.798655][   T14] usb 2-1: USB disconnect, device number 4
[  115.811881][ T4252] EXT4-fs (loop4): unmounting filesystem.
[  115.835838][   T14] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  115.890568][   T14] ch341 2-1:0.0: device disconnected
[  116.038977][ T4871] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.074772][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  116.110330][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  116.179337][ T4871] 8021q: adding VLAN 0 to HW filter on device team0
[  116.249979][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  116.316717][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  116.363557][ T4460] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.370810][ T4460] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.428876][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  116.459735][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  116.496228][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  116.517437][ T4460] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.524643][ T4460] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.627045][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  116.628225][ T5139] Disabled LAPIC found during irq injection
[  116.666181][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  116.716429][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  116.748482][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  116.791882][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  116.832607][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  116.852773][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  116.878472][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  116.888773][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  116.900195][ T5147] loop0: detected capacity change from 0 to 128
[  116.959585][ T4871] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  117.008685][ T4871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  117.038106][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  117.057709][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  117.153602][ T5131] loop4: detected capacity change from 0 to 32768
[  117.203607][ T5131] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.180 (5131)
[  117.295543][ T5131] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  117.332713][ T5131] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  117.382537][ T5131] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  117.422640][ T5131] BTRFS info (device loop4): use zstd compression, level 3
[  117.464406][ T5153] syz.0.185: attempt to access beyond end of device
[  117.464406][ T5153] loop0: rw=2049, sector=140, nr_sectors = 16 limit=128
[  117.487827][ T5131] BTRFS info (device loop4): using free space tree
[  117.522271][ T5153] syz.0.185: attempt to access beyond end of device
[  117.522271][ T5153] loop0: rw=2049, sector=172, nr_sectors = 8 limit=128
[  117.574721][ T5153] syz.0.185: attempt to access beyond end of device
[  117.574721][ T5153] loop0: rw=2049, sector=196, nr_sectors = 8 limit=128
[  117.612342][ T5153] syz.0.185: attempt to access beyond end of device
[  117.612342][ T5153] loop0: rw=2049, sector=212, nr_sectors = 8 limit=128
[  117.755820][ T5153] syz.0.185: attempt to access beyond end of device
[  117.755820][ T5153] loop0: rw=2049, sector=228, nr_sectors = 8 limit=128
[  117.774572][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  117.789206][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  117.809903][ T5153] syz.0.185: attempt to access beyond end of device
[  117.809903][ T5153] loop0: rw=2049, sector=244, nr_sectors = 8 limit=128
[  117.824115][ T5131] BTRFS info (device loop4): enabling ssd optimizations
[  117.838106][ T5153] syz.0.185: attempt to access beyond end of device
[  117.838106][ T5153] loop0: rw=2049, sector=260, nr_sectors = 8 limit=128
[  117.848207][ T4871] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.855538][ T5153] syz.0.185: attempt to access beyond end of device
[  117.855538][ T5153] loop0: rw=2049, sector=276, nr_sectors = 8 limit=128
[  117.879979][ T5153] syz.0.185: attempt to access beyond end of device
[  117.879979][ T5153] loop0: rw=2049, sector=292, nr_sectors = 8 limit=128
[  117.893784][ T5153] syz.0.185: attempt to access beyond end of device
[  117.893784][ T5153] loop0: rw=2049, sector=308, nr_sectors = 8 limit=128
[  118.002163][ T5188] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  118.208112][ T5131] overlayfs: conflicting lowerdir path
[  118.579751][ T4252] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.842199][ T5176] loop2: detected capacity change from 0 to 32768
[  118.849854][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  118.871201][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  118.946044][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  118.967097][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  119.040143][ T5176] XFS (loop2): Mounting V5 Filesystem
[  119.050972][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  119.073575][ T4458] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  119.087044][ T5196] mmap: syz.0.189 (5196) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  119.141057][ T4871] device veth0_vlan entered promiscuous mode
[  119.209301][ T5225] syz.4.190 sent an empty control message without MSG_MORE.
[  119.258711][ T4871] device veth1_vlan entered promiscuous mode
[  119.329809][ T5176] XFS (loop2): Ending clean mount
[  119.458241][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  119.471746][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  119.513829][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  119.529924][ T5234] loop4: detected capacity change from 0 to 1024
[  119.537922][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  119.574822][ T4871] device veth0_macvtap entered promiscuous mode
[  119.629429][ T4871] device veth1_macvtap entered promiscuous mode
[  119.707622][ T4251] XFS (loop2): Unmounting Filesystem
[  119.736101][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  119.790329][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  119.810820][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  119.844820][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  119.862577][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  119.881795][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  119.902007][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  119.921823][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  119.953282][   T32] hfsplus: b-tree write err: -5, ino 4
[  119.973382][ T4871] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.034787][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  120.051757][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  120.116455][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  120.161725][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  120.180133][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.210163][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.240691][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.271677][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.297447][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.321836][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.333970][ T4871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.347546][ T4871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.360382][ T4871] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.379199][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  120.391704][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  120.471925][ T4871] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.499345][ T4871] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.555414][ T4871] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.564203][ T4871] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.897699][ T4460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.925443][ T4460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.992581][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  121.021330][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.069657][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.130763][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  121.378030][ T5288] loop5: detected capacity change from 0 to 128
[  121.459308][ T5288] process 'syz.5.119' launched './file0' with NULL argv: empty string added
[  121.596247][ T5292] bridge0: port 3(syz_tun) entered blocking state
[  121.617742][ T5292] bridge0: port 3(syz_tun) entered disabled state
[  121.639038][ T5292] device syz_tun entered promiscuous mode
[  121.660737][ T5292] bridge0: port 3(syz_tun) entered blocking state
[  121.668170][ T5292] bridge0: port 3(syz_tun) entered forwarding state
[  122.297402][ T4311] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.507626][ T4311] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.719405][ T4311] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.852841][ T5326] netlink: 'syz.4.219': attribute type 1 has an invalid length.
[  122.912460][ T4311] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.177988][ T5332] syz.4.221 uses obsolete (PF_INET,SOCK_PACKET)
[  123.281358][ T5305] loop1: detected capacity change from 0 to 40427
[  123.427440][ T5305] F2FS-fs (loop1): invalid crc value
[  123.472661][ T5305] F2FS-fs (loop1): Found nat_bits in checkpoint
[  123.744887][ T5305] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1
[  123.795551][ T5305] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  123.889274][ T4268] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  123.910720][ T4268] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  123.920090][ T4268] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  123.929631][ T4268] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  123.937601][ T4268] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  123.947496][ T4267] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  124.274526][ T4469] bio_check_eod: 22 callbacks suppressed
[  124.274549][ T4469] kworker/u4:23: attempt to access beyond end of device
[  124.274549][ T4469] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  124.308240][ T5305] VFS:Filesystem freeze failed
[  124.661978][ T5367] loop2: detected capacity change from 0 to 512
[  124.696586][ T5367] EXT4-fs: inline encryption not supported
[  124.760005][ T5367] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  124.787438][ T5367] EXT4-fs (loop2): Cannot use DAX on a filesystem that may contain inline data
[  125.118884][ T5344] chnl_net:caif_netlink_parms(): no params data found
[  125.438836][ T5388] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  125.472974][ T5391] capability: warning: `syz.1.230' uses 32-bit capabilities (legacy support in use)
[  125.740684][ T5394] loop1: detected capacity change from 0 to 256
[  125.790905][ T5373] loop4: detected capacity change from 0 to 32768
[  125.809135][ T5373] XFS: ikeep mount option is deprecated.
[  125.881672][ T5373] XFS (loop4): Mounting V5 Filesystem
[  125.968747][ T5344] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.976372][ T4267] Bluetooth: hci3: command 0x0409 tx timeout
[  126.005577][ T5344] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.008687][ T5373] XFS (loop4): Ending clean mount
[  126.023171][ T5344] device bridge_slave_0 entered promiscuous mode
[  126.034944][ T5373] XFS (loop4): Quotacheck needed: Please wait.
[  126.043635][ T5344] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.056894][ T5344] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.066539][ T5344] device bridge_slave_1 entered promiscuous mode
[  126.176086][  T125] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  126.191085][ T5373] XFS (loop4): Quotacheck: Done.
[  126.284850][ T5344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.331273][ T4311] device hsr_slave_0 left promiscuous mode
[  126.338480][ T4311] device hsr_slave_1 left promiscuous mode
[  126.354207][ T4311] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  126.378456][  T125] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  126.378749][ T4311] batman_adv: batadv0: Removing interface: batadv_slave_0
[  126.399923][  T125] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  126.414315][  T125] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  126.420463][ T4311] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.425713][  T125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.441468][  T125] usb 1-1: Product: syz
[  126.446397][  T125] usb 1-1: Manufacturer: syz
[  126.452306][  T125] usb 1-1: SerialNumber: syz
[  126.473099][ T4311] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.516273][ T4311] device bridge_slave_1 left promiscuous mode
[  126.526393][ T4311] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.553928][ T4311] device bridge_slave_0 left promiscuous mode
[  126.580975][ T4311] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.700248][ T5401] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  126.741345][ T4311] device veth1_macvtap left promiscuous mode
[  126.747955][ T4311] device veth0_macvtap left promiscuous mode
[  126.757028][ T4311] device veth1_vlan left promiscuous mode
[  126.764980][ T4311] device veth0_vlan left promiscuous mode
[  127.240899][ T4252] XFS (loop4): Unmounting Filesystem
[  127.325714][ T5401] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  127.467998][ T5428] loop2: detected capacity change from 0 to 4096
[  127.492243][ T5428] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512)
[  127.545369][ T5002] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  127.554590][  T125] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  127.785333][ T5002] usb 2-1: Using ep0 maxpacket: 8
[  127.792793][ T5002] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  127.814868][ T5002] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  127.838393][ T5002] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  127.863296][ T5002] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  127.893944][ T5002] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  127.920239][ T5002] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  127.935967][ T5002] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.059108][ T4267] Bluetooth: hci3: command 0x041b tx timeout
[  128.169979][ T5002] usb 2-1: usb_control_msg returned -32
[  128.176190][ T5002] usbtmc 2-1:16.0: can't read capabilities
[  128.441176][ T4311] team0 (unregistering): Port device team_slave_1 removed
[  128.497477][ T4311] team0 (unregistering): Port device team_slave_0 removed
[  128.591611][ T4311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  128.661052][ T4311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  128.813664][ T5002] usb 2-1: USB disconnect, device number 5
[  128.937738][ T4267] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  128.962893][ T4267] Bluetooth: hci1: Injecting HCI hardware error event
[  128.972545][ T4265] Bluetooth: hci1: hardware error 0x00
[  129.639482][ T5461] Driver unsupported XDP return value 0 on prog  (id 51) dev N/A, expect packet loss!
[  129.680569][ T5002] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  129.700388][ T4311] bond0 (unregistering): Released all slaves
[  129.812669][ T5344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.878418][  T125] cdc_ncm 1-1:1.0 eth9: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  129.890168][ T5002] usb 3-1: Using ep0 maxpacket: 8
[  129.897445][ T5002] usb 3-1: config 0 has no interfaces?
[  129.917489][ T5002] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  129.951714][ T5002] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.961565][  T125] usb 1-1: USB disconnect, device number 3
[  129.991569][  T125] cdc_ncm 1-1:1.0 eth9: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  130.003830][ T5002] usb 3-1: config 0 descriptor??
[  130.145590][ T4267] Bluetooth: hci3: command 0x040f tx timeout
[  130.187396][ T5344] team0: Port device team_slave_0 added
[  130.196680][ T5344] team0: Port device team_slave_1 added
[  130.242296][ T5002] usb 3-1: USB disconnect, device number 5
[  130.365592][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.391432][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.460699][ T5344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.494350][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_1
[  130.501962][ T5210] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  130.519915][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.614294][ T5344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.722496][ T5210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.751096][ T5210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.772310][ T5210] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  130.795249][ T5210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.826427][ T5210] usb 2-1: config 0 descriptor??
[  130.880579][ T5344] device hsr_slave_0 entered promiscuous mode
[  130.911681][ T5344] device hsr_slave_1 entered promiscuous mode
[  130.933249][ T5344] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  130.953015][ T5344] Cannot create hsr debugfs directory
[  131.054636][ T5004] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  131.095441][ T4265] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  131.115096][ T5490] loop4: detected capacity change from 0 to 128
[  131.204601][ T5490] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  131.214082][ T5490] ext4 filesystem being mounted at /51/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  131.237379][ T5004] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  131.262618][ T5210] uclogic 0003:5543:0781.0002: item fetching failed at offset 5/7
[  131.263430][ T5004] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  131.286744][ T5004] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  131.300818][ T5004] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.311808][ T5004] usb 1-1: Product: syz
[  131.316341][ T5004] usb 1-1: Manufacturer: syz
[  131.321866][ T5004] usb 1-1: SerialNumber: syz
[  131.330210][ T5210] uclogic 0003:5543:0781.0002: parse failed
[  131.380376][ T5210] uclogic: probe of 0003:5543:0781.0002 failed with error -22
[  131.484129][ T4252] EXT4-fs (loop4): unmounting filesystem.
[  131.486270][ T5210] usb 2-1: USB disconnect, device number 6
[  131.564746][ T5004] usb 1-1: 0:2 : does not exist
[  131.591213][ T5004] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  131.667974][ T5004] usb 1-1: USB disconnect, device number 4
[  131.726792][ T4375] udevd[4375]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  131.836361][ T5344] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  131.849869][ T5344] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  131.866576][ T5344] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  131.886650][ T5344] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  132.030031][ T5508] loop2: detected capacity change from 0 to 1024
[  132.076248][ T5508] EXT4-fs: Ignoring removed nomblk_io_submit option
[  132.167799][ T5508] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  132.196331][ T5344] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.215422][ T4265] Bluetooth: hci3: command 0x0419 tx timeout
[  132.272397][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.337186][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.346516][ T5508] EXT4-fs: Ignoring removed nomblk_io_submit option
[  132.353621][ T5508] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring
[  132.379943][ T5344] 8021q: adding VLAN 0 to HW filter on device team0
[  132.445906][ T5508] EXT4-fs (loop2): re-mounted. Quota mode: none.
[  132.462894][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.486078][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.516586][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.523769][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.547376][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.604898][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.644459][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.686025][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.693244][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.742959][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.767958][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.796664][ T4251] EXT4-fs (loop2): unmounting filesystem.
[  132.846586][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.863182][ T1274] ieee802154 phy0 wpan0: encryption failed: -22
[  132.870130][ T1274] ieee802154 phy1 wpan1: encryption failed: -22
[  132.932165][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.978779][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  133.003091][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  133.033189][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  133.064360][ T5540] loop2: detected capacity change from 0 to 2048
[  133.081152][ T5344] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  133.116482][ T5344] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  133.143501][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  133.167582][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  133.190310][ T5540] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.276: bad orphan inode 8192
[  133.192788][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  133.229377][ T5540] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  133.229393][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  133.231641][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  134.044545][ T4251] EXT4-fs (loop2): unmounting filesystem.
[  134.204046][ T5537] loop1: detected capacity change from 0 to 32768
[  134.220152][ T4311] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.333161][ T5537] XFS (loop1): Mounting V5 Filesystem
[  134.349738][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  134.373299][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  134.443248][ T5344] 8021q: adding VLAN 0 to HW filter on device batadv0
[  134.526776][ T5537] XFS (loop1): Ending clean mount
[  134.652448][ T4311] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.750723][ T4258] XFS (loop1): Unmounting Filesystem
[  134.818592][ T4311] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.044670][ T4311] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.190203][ T5562] loop0: detected capacity change from 0 to 40427
[  135.270997][ T5562] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3ffff
[  135.320306][ T5597] loop4: detected capacity change from 0 to 512
[  135.329123][ T5562] F2FS-fs (loop0): invalid crc value
[  135.386221][ T5597] EXT4-fs: Ignoring removed i_version option
[  135.392321][ T5597] EXT4-fs: Ignoring removed nobh option
[  135.405640][ T5562] F2FS-fs (loop0): Found nat_bits in checkpoint
[  135.456913][ T5597] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  135.540858][ T5597] EXT4-fs (loop4): 1 truncate cleaned up
[  135.555244][ T5597] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  135.765288][ T5562] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  135.812471][   T26] audit: type=1800 audit(1734358710.480:5): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.280" name="bus" dev="loop0" ino=10 res=0 errno=0
[  135.857490][ T4252] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /60/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  135.965980][ T4252] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  136.074596][ T4252] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /60/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  136.103438][ T4247] syz-executor: attempt to access beyond end of device
[  136.103438][ T4247] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  136.129878][ T4252] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  136.150656][ T4267] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  136.161569][ T4267] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  136.171573][ T4252] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /60/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  136.193968][ T4267] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  136.218787][ T4267] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  136.233043][ T4267] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  136.241331][ T4267] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  136.277850][ T4449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  136.287123][ T4449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  136.331409][ T4252] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  136.365699][ T4252] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /60/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  136.443461][ T5344] device veth0_vlan entered promiscuous mode
[  136.456501][ T4252] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  136.527631][ T4252] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /60/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  136.556280][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  136.570185][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  136.586584][ T5344] device veth1_vlan entered promiscuous mode
[  136.588878][ T4252] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  136.622890][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  136.643186][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  136.840115][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  136.892529][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  136.921315][ T5344] device veth0_macvtap entered promiscuous mode
[  137.001547][ T5620] netlink: 4 bytes leftover after parsing attributes in process `syz.1.293'.
[  137.029182][ T5620] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  137.061680][ T5620] batman_adv: batadv0: Removing interface: batadv_slave_0
[  137.096728][ T5620] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  137.135466][ T5620] batman_adv: batadv0: Removing interface: batadv_slave_1
[  137.320934][ T4252] bridge0: port 3(syz_tun) entered disabled state
[  137.413871][ T4252] device syz_tun left promiscuous mode
[  137.431916][ T4252] bridge0: port 3(syz_tun) entered disabled state
[  137.456361][ T5344] device veth1_macvtap entered promiscuous mode
[  137.501594][ T4252] EXT4-fs (loop4): unmounting filesystem.
[  137.586470][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  137.608661][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  137.910211][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.931187][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.939597][ T5622] loop0: detected capacity change from 0 to 32768
[  137.956166][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.982233][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.004215][ T5622] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.292 (5622)
[  138.015998][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  138.065397][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.092572][ T5622] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  138.096693][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.136934][ T5622] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  138.155893][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  138.177775][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  138.191046][ T5622] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  138.217835][ T5622] BTRFS info (device loop0): use zstd compression, level 3
[  138.231052][ T5622] BTRFS info (device loop0): using free space tree
[  138.244226][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.295353][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.295408][ T4267] Bluetooth: hci1: command 0x0409 tx timeout
[  138.335961][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.375570][ T5622] BTRFS info (device loop0): enabling ssd optimizations
[  138.376354][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.427769][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.448402][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.471293][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.486999][ T4265] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  138.500079][ T4265] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  138.514311][ T4265] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  138.526065][ T4265] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  138.533769][ T4265] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  138.542604][ T4265] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  138.554656][ T5614] chnl_net:caif_netlink_parms(): no params data found
[  138.698576][ T4247] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  139.070875][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  139.086061][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  139.098351][ T5344] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.108000][ T5344] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  139.122130][ T5344] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  139.131392][ T5344] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  139.247393][ T4311] device hsr_slave_0 left promiscuous mode
[  139.264358][ T4311] device hsr_slave_1 left promiscuous mode
[  139.331699][ T4311] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  139.395421][ T4311] batman_adv: batadv0: Removing interface: batadv_slave_0
[  139.434983][ T4311] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  139.444788][ T4311] batman_adv: batadv0: Removing interface: batadv_slave_1
[  139.477752][ T4311] device bridge_slave_1 left promiscuous mode
[  139.488325][ T4311] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.498693][ T4311] device bridge_slave_0 left promiscuous mode
[  139.504998][ T4311] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.543648][ T4311] device veth1_macvtap left promiscuous mode
[  139.555511][ T4311] device veth0_macvtap left promiscuous mode
[  139.562059][ T4311] device veth1_vlan left promiscuous mode
[  139.568690][ T4311] device veth0_vlan left promiscuous mode
[  140.294802][ T4311] team0 (unregistering): Port device team_slave_1 removed
[  140.351280][ T4311] team0 (unregistering): Port device team_slave_0 removed
[  140.385351][ T4267] Bluetooth: hci1: command 0x041b tx timeout
[  140.405452][ T4311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.452925][ T4311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.630691][ T4267] Bluetooth: hci2: command 0x0409 tx timeout
[  141.021500][ T4311] bond0 (unregistering): Released all slaves
[  141.224119][ T5614] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.231717][ T5614] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.241739][ T5614] device bridge_slave_0 entered promiscuous mode
[  141.274692][ T5614] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.284134][ T5614] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.292840][ T5614] device bridge_slave_1 entered promiscuous mode
[  141.349159][ T5614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.391867][ T5614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.425896][ T4471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.434288][ T4471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.463766][ T5614] team0: Port device team_slave_0 added
[  141.490845][ T5614] team0: Port device team_slave_1 added
[  141.524310][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  141.611407][ T4469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  141.630018][ T4469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  141.639424][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_0
[  141.651174][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.678780][ T5614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  141.694379][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_1
[  141.708588][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.752485][ T5614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  141.784677][ T4469] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  141.928821][ T5614] device hsr_slave_0 entered promiscuous mode
[  141.961057][ T5614] device hsr_slave_1 entered promiscuous mode
[  141.988885][ T5663] chnl_net:caif_netlink_parms(): no params data found
[  142.313421][ T4311] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.334943][ T5663] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.354374][ T5663] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.368584][ T5663] device bridge_slave_0 entered promiscuous mode
[  142.422460][ T5663] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.434389][ T5663] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.451696][ T5663] device bridge_slave_1 entered promiscuous mode
[  142.465567][ T4267] Bluetooth: hci1: command 0x040f tx timeout
[  142.508810][ T4311] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.570139][ T5716] loop6: detected capacity change from 0 to 32768
[  142.584288][ T5716] XFS: ikeep mount option is deprecated.
[  142.646148][ T5716] XFS (loop6): Mounting V5 Filesystem
[  142.685088][ T4311] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.695991][ T4267] Bluetooth: hci2: command 0x041b tx timeout
[  142.762318][ T5663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.843487][ T5716] XFS (loop6): Ending clean mount
[  142.854571][ T4311] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.854765][ T5716] XFS (loop6): Quotacheck needed: Please wait.
[  142.886266][ T5663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.953605][ T5716] XFS (loop6): Quotacheck: Done.
[  142.998891][ T5663] team0: Port device team_slave_0 added
[  143.037721][ T5663] team0: Port device team_slave_1 added
[  143.050115][ T5614] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  143.193562][ T5344] XFS (loop6): Unmounting Filesystem
[  143.224196][ T5614] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  143.303528][ T5663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  143.323667][ T5663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.394005][ T5663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  143.417080][ T5663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.424108][ T5663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.463305][ T5663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.492094][ T5614] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  143.561536][ T5614] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  143.797425][ T5663] device hsr_slave_0 entered promiscuous mode
[  143.802935][ T5755] loop1: detected capacity change from 0 to 128
[  143.852104][ T5663] device hsr_slave_1 entered promiscuous mode
[  143.887752][ T5755] VFS: Found a Xenix FS (block size = 512) on device loop1
[  143.907520][ T5663] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  143.910195][ T5755] sysv_free_block: trying to free block not in datazone
[  143.935959][ T5663] Cannot create hsr debugfs directory
[  143.987915][ T5755] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  144.468734][ T5762] netlink: 4 bytes leftover after parsing attributes in process `syz.6.303'.
[  144.493419][ T5762] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.521294][ T5762] batman_adv: batadv0: Removing interface: batadv_slave_0
[  144.540995][ T4267] Bluetooth: hci1: command 0x0419 tx timeout
[  144.551273][ T5762] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  144.566217][ T5762] batman_adv: batadv0: Removing interface: batadv_slave_1
[  144.771702][ T5614] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.775598][ T4267] Bluetooth: hci2: command 0x040f tx timeout
[  144.853897][ T5614] 8021q: adding VLAN 0 to HW filter on device team0
[  144.878858][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  144.891292][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  144.938950][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  144.963967][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  144.978799][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.986010][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.999543][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.020630][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  145.032295][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  145.051001][ T4460] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.058223][ T4460] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.193344][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.223643][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.272225][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.289063][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.298701][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.320637][ T5789] loop6: detected capacity change from 0 to 16
[  145.323353][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.361323][ T5789] erofs: (device loop6): mounted with root inode @ nid 36.
[  145.424541][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  145.440826][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  145.457720][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  145.470386][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  145.500156][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  145.578445][ T5614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  145.613642][ T5663] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  145.716382][ T5663] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  145.731244][ T5663] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  145.780503][ T5663] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  146.414663][ T5663] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.431183][ T4449] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  146.446268][ T4449] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  146.509089][ T5614] 8021q: adding VLAN 0 to HW filter on device batadv0
[  146.524850][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  146.546716][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  146.571425][ T5663] 8021q: adding VLAN 0 to HW filter on device team0
[  146.629381][ T4311] device hsr_slave_0 left promiscuous mode
[  146.641405][ T4311] device hsr_slave_1 left promiscuous mode
[  146.650300][ T4311] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.662718][ T4311] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.681070][ T4311] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  146.688924][ T4311] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.705062][ T4311] device bridge_slave_1 left promiscuous mode
[  146.711815][ T4311] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.721141][ T4311] device bridge_slave_0 left promiscuous mode
[  146.729754][ T4311] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.763487][ T4311] device veth1_macvtap left promiscuous mode
[  146.769850][ T4311] device veth0_macvtap left promiscuous mode
[  146.776878][ T4311] device veth1_vlan left promiscuous mode
[  146.782827][ T4311] device veth0_vlan left promiscuous mode
[  146.855427][ T4267] Bluetooth: hci2: command 0x0419 tx timeout
[  147.443080][ T4311] team0 (unregistering): Port device team_slave_1 removed
[  147.489570][ T4311] team0 (unregistering): Port device team_slave_0 removed
[  147.533601][ T4311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  147.589925][ T4311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  148.090903][ T4311] bond0 (unregistering): Released all slaves
[  148.193017][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  148.213691][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  148.224218][ T4471] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.231467][ T4471] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.265614][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  148.274617][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  148.286078][ T4471] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.293219][ T4471] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.301640][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  148.327744][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  148.353256][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  148.386206][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  148.401015][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  148.410126][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  148.426565][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  148.440150][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  148.449104][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  148.469371][ T5663] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  148.501607][ T5663] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  148.513688][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  148.527239][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  148.540695][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  148.566078][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  148.590511][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  148.637863][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  148.662872][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  148.677012][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  148.691468][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  148.711372][ T5614] device veth0_vlan entered promiscuous mode
[  148.741380][ T5614] device veth1_vlan entered promiscuous mode
[  148.784074][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  148.809203][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  148.826694][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  148.845975][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  148.859996][ T5614] device veth0_macvtap entered promiscuous mode
[  148.879848][ T5614] device veth1_macvtap entered promiscuous mode
[  148.923010][ T5614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.947575][ T5614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.970215][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.984268][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  148.994010][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  149.004311][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  149.018312][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  149.038498][ T5614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.049768][ T5614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.062400][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.082939][ T5663] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.094630][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  149.106761][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  149.126572][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  149.134156][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  149.159887][ T5614] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.171815][ T5614] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.197445][ T5614] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.217660][ T5614] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.331632][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.355543][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.368195][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  149.404750][ T4454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.431121][ T4454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.447093][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  149.630506][ T5860] loop7: detected capacity change from 0 to 1024
[  149.694797][ T5860] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  149.710837][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  149.732423][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  149.744490][ T5860] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  149.767275][ T5860] EXT4-fs (loop7): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28
[  149.795584][ T5860] EXT4-fs (loop7): This should not happen!! Data will be lost
[  149.795584][ T5860] 
[  149.807428][ T5860] EXT4-fs (loop7): Total free blocks count 0
[  149.811619][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  149.813442][ T5860] EXT4-fs (loop7): Free/Dirty block details
[  149.829602][ T5860] EXT4-fs (loop7): free_blocks=68451041280
[  149.831344][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  149.835551][ T5860] EXT4-fs (loop7): dirty_blocks=64
[  149.835571][ T5860] EXT4-fs (loop7): Block reservation details
[  149.835586][ T5860] EXT4-fs (loop7): i_reserved_data_blocks=4
[  149.868412][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  149.878045][ T4460] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  149.889394][ T5663] device veth0_vlan entered promiscuous mode
[  149.893570][ T5614] EXT4-fs (loop7): unmounting filesystem.
[  149.943412][ T5663] device veth1_vlan entered promiscuous mode
[  149.984640][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  149.994455][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  150.007278][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  150.019125][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  150.036254][ T5663] device veth0_macvtap entered promiscuous mode
[  150.053570][ T5663] device veth1_macvtap entered promiscuous mode
[  150.084811][ T5663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.099472][ T5663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.109907][ T5663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.124355][ T5663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.141287][ T5663] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.153067][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  150.167648][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  150.178465][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  150.191585][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  150.206640][ T5663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.218407][ T5663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.229514][ T5663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.243268][ T5663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.258894][ T5663] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.269138][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  150.282636][ T4454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  150.294666][ T5663] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.310797][ T5663] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.320144][ T5663] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.332594][ T5663] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.428511][ T4454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.445697][ T4454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.480339][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  150.494267][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.508750][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.524090][ T4471] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  150.699992][ T5886] loop0: detected capacity change from 0 to 512
[  150.818163][ T5886] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  150.855368][ T5886] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  150.944389][ T5894] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  150.962254][   T26] audit: type=1800 audit(1734358725.630:6): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.330" name="bus" dev="loop0" ino=18 res=0 errno=0
[  151.011788][ T5894] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  151.243745][ T5907] netlink: 4 bytes leftover after parsing attributes in process `syz.8.321'.
[  151.278279][ T5907] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  151.299238][ T5907] batman_adv: batadv0: Removing interface: batadv_slave_0
[  151.346434][ T5907] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.368016][ T5903] loop1: detected capacity change from 0 to 8192
[  151.374631][ T5907] batman_adv: batadv0: Removing interface: batadv_slave_1
[  151.406202][ T5903] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  151.445216][ T5903] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  151.465200][ T4334] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  151.472606][ T5903] REISERFS (device loop1): using ordered data mode
[  151.496418][ T5903] reiserfs: using flush barriers
[  151.502753][ T5903] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  151.524336][ T5903] REISERFS (device loop1): checking transaction log (loop1)
[  151.656161][ T4334] usb 8-1: Using ep0 maxpacket: 8
[  151.662216][ T4247] EXT4-fs (loop0): unmounting filesystem.
[  151.665373][ T4334] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  151.683686][ T5903] REISERFS (device loop1): Using tea hash to sort names
[  151.706306][ T4334] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  151.718214][ T5903] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  151.733401][ T5903] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  151.742963][ T4334] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  151.815836][ T4334] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  151.839403][ T4334] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  151.855465][ T4334] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.049836][ T5903] overlayfs: upper fs needs to support d_type.
[  152.083163][ T5903] overlayfs: upper fs does not support tmpfile.
[  152.111098][ T5903] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  152.124400][ T4334] usb 8-1: usb_control_msg returned -32
[  152.133320][ T4334] usbtmc 8-1:16.0: can't read capabilities
[  152.200311][ T5903] overlayfs: failed to resolve './file0/../file0': -2
[  152.243515][ T5914] loop6: detected capacity change from 0 to 32768
[  152.284824][ T5914] XFS: ikeep mount option is deprecated.
[  152.329247][ T5914] XFS (loop6): Mounting V5 Filesystem
[  152.375457][ T5210] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  152.481382][ T5914] XFS (loop6): Ending clean mount
[  152.514815][ T5914] XFS (loop6): Quotacheck needed: Please wait.
[  152.557784][ T5210] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.577489][ T5210] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.604787][ T5210] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  152.632892][ T5210] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  152.651879][ T5210] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.664617][ T5210] usb 9-1: config 0 descriptor??
[  152.690170][ T5914] XFS (loop6): Quotacheck: Done.
[  152.697011][ T5214] usb 8-1: USB disconnect, device number 2
[  152.917279][ T5344] XFS (loop6): Unmounting Filesystem
[  153.102584][ T5210] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  153.160023][ T5210] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  153.514262][ T5957] block device autoloading is deprecated and will be removed.
[  154.286757][ T5977] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  154.350819][ T5983] loop7: detected capacity change from 0 to 512
[  154.355799][ T5977] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  154.449666][ T5983] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  154.489608][ T5983] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  154.517587][ T5958] loop0: detected capacity change from 0 to 32768
[  154.524750][ T5958] XFS: ikeep mount option is deprecated.
[  154.590740][   T26] audit: type=1800 audit(1734358729.260:7): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.340" name="bus" dev="loop7" ino=18 res=0 errno=0
[  154.640704][ T5958] XFS (loop0): Mounting V5 Filesystem
[  154.805528][ T6008] syz.1.343[6008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  154.805647][ T6008] syz.1.343[6008] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  154.830536][ T5958] XFS (loop0): Ending clean mount
[  154.866107][ T5958] XFS (loop0): Quotacheck needed: Please wait.
[  154.985670][ T5958] XFS (loop0): Quotacheck: Done.
[  155.181496][ T5614] EXT4-fs (loop7): unmounting filesystem.
[  155.293751][ T4334] usb 9-1: USB disconnect, device number 2
[  155.376149][ T4247] XFS (loop0): Unmounting Filesystem
[  156.149278][ T6043] loop1: detected capacity change from 0 to 512
[  156.225705][ T6043] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  156.249270][ T6043] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.389174][ T6043] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  156.423081][ T6043] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 32779 with max blocks 1 with error 28
[  156.465502][ T6043] EXT4-fs (loop1): This should not happen!! Data will be lost
[  156.465502][ T6043] 
[  156.496644][ T6043] EXT4-fs (loop1): Total free blocks count 0
[  156.516907][ T6043] EXT4-fs (loop1): Free/Dirty block details
[  156.542461][ T6043] EXT4-fs (loop1): free_blocks=39626
[  156.572968][ T6043] EXT4-fs (loop1): dirty_blocks=1
[  156.596163][ T6043] EXT4-fs (loop1): Block reservation details
[  156.619583][ T6043] EXT4-fs (loop1): i_reserved_data_blocks=1
[  156.762386][ T4258] EXT4-fs (loop1): unmounting filesystem.
[  156.952654][ T6072] loop1: detected capacity change from 0 to 512
[  157.017153][ T6074] loop8: detected capacity change from 0 to 1024
[  157.050927][ T6072] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  157.065362][    T7] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  157.085430][ T6072] ext4 filesystem being mounted at /79/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  157.112370][ T6074] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  157.139792][   T26] audit: type=1800 audit(1734358731.810:8): pid=6072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.359" name="bus" dev="loop1" ino=18 res=0 errno=0
[  157.203341][ T6082] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  157.222712][ T6082] EXT4-fs (loop8): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 496 with error 28
[  157.238011][ T6082] EXT4-fs (loop8): This should not happen!! Data will be lost
[  157.238011][ T6082] 
[  157.248629][ T6082] EXT4-fs (loop8): Total free blocks count 0
[  157.257595][ T6082] EXT4-fs (loop8): Free/Dirty block details
[  157.294712][ T6082] EXT4-fs (loop8): free_blocks=68451041280
[  157.295377][    T7] usb 8-1: Using ep0 maxpacket: 32
[  157.308095][ T6082] EXT4-fs (loop8): dirty_blocks=512
[  157.314675][    T7] usb 8-1: config 0 has an invalid interface number: 12 but max is 0
[  157.318212][ T6082] EXT4-fs (loop8): Block reservation details
[  157.336207][    T7] usb 8-1: config 0 has no interface number 0
[  157.336836][ T6082] EXT4-fs (loop8): i_reserved_data_blocks=32
[  157.352869][    T7] usb 8-1: config 0 interface 12 has no altsetting 0
[  157.387983][    T7] usb 8-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  157.405241][    T7] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.427727][    T7] usb 8-1: Product: syz
[  157.431963][    T7] usb 8-1: Manufacturer: syz
[  157.444962][    T7] usb 8-1: SerialNumber: syz
[  157.462404][    T7] usb 8-1: config 0 descriptor??
[  157.480922][    T7] f81534 8-1:0.12: required endpoints missing
[  157.529162][ T5663] EXT4-fs (loop8): unmounting filesystem.
[  157.580306][ T6089] loop6: detected capacity change from 0 to 512
[  157.595280][ T4258] EXT4-fs (loop1): unmounting filesystem.
[  157.604311][ T6088] loop0: detected capacity change from 0 to 512
[  157.630395][ T6089] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  157.657503][ T6088] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  157.682276][   T26] audit: type=1800 audit(1734358732.350:9): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.371" name="file1" dev="loop0" ino=15 res=0 errno=0
[  157.717572][ T5210] usb 8-1: USB disconnect, device number 3
[  157.778069][ T6089] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  157.807612][ T6089] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.919569][ T4247] EXT4-fs (loop0): unmounting filesystem.
[  158.021007][ T5344] EXT4-fs (loop6): unmounting filesystem.
[  158.419148][ T6111] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  158.600307][ T6118] loop0: detected capacity change from 0 to 128
[  158.651918][ T6093] loop8: detected capacity change from 0 to 32768
[  158.679616][ T6093] XFS: ikeep mount option is deprecated.
[  158.691116][   T26] audit: type=1800 audit(1734358733.360:10): pid=6118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.367" name="bus" dev="loop0" ino=1048614 res=0 errno=0
[  158.774173][ T6093] XFS (loop8): Mounting V5 Filesystem
[  158.850310][ T6118] syz.0.367: attempt to access beyond end of device
[  158.850310][ T6118] loop0: rw=2049, sector=153, nr_sectors = 888 limit=128
[  158.908143][ T6102] loop1: detected capacity change from 0 to 32768
[  158.969692][ T6093] XFS (loop8): Ending clean mount
[  158.981961][ T6125] syz.0.367: attempt to access beyond end of device
[  158.981961][ T6125] loop0: rw=34817, sector=97, nr_sectors = 944 limit=128
[  158.993991][ T6093] XFS (loop8): Quotacheck needed: Please wait.
[  159.030394][ T6102] XFS (loop1): Mounting V5 Filesystem
[  159.160994][ T6093] XFS (loop8): Quotacheck: Done.
[  159.202295][ T6102] XFS (loop1): Ending clean mount
[  159.217308][ T6102] XFS (loop1): Quotacheck needed: Please wait.
[  159.317033][ T6102] XFS (loop1): Quotacheck: Done.
[  159.552134][ T5663] XFS (loop8): Unmounting Filesystem
[  159.848089][ T6130] loop6: detected capacity change from 0 to 32768
[  159.859379][ T4258] XFS (loop1): Unmounting Filesystem
[  160.021606][ T6130] JBD2: Ignoring recovery information on journal
[  160.192197][ T6170] loop0: detected capacity change from 0 to 8192
[  160.213569][ T6170] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  160.233495][ T6130] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  160.644235][ T5344] ocfs2: Unmounting device (7,6) on (node local)
[  160.797512][    T7] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  161.018631][    T7] usb 9-1: Using ep0 maxpacket: 16
[  161.028178][    T7] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.060081][    T7] usb 9-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  161.079228][    T7] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.090596][    T7] usb 9-1: config 0 descriptor??
[  161.142889][    T7] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input7
[  161.347704][ T6178] input: syz1 as /devices/virtual/input/input8
[  161.388219][ T3607] bcm5974 9-1:0.0: could not read from device
[  161.410250][    T7] usb 9-1: USB disconnect, device number 3
[  162.324789][ T6202] loop7: detected capacity change from 0 to 32768
[  162.361537][ T6202] XFS: ikeep mount option is deprecated.
[  162.449958][ T6202] XFS (loop7): Mounting V5 Filesystem
[  162.643003][ T6202] XFS (loop7): Ending clean mount
[  162.697373][ T6202] XFS (loop7): Quotacheck needed: Please wait.
[  162.735329][    T7] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  162.888895][ T6216] loop6: detected capacity change from 0 to 32768
[  162.902498][ T6202] XFS (loop7): Quotacheck: Done.
[  162.927524][    T7] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  162.979947][    T7] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.075301][    T7] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  163.111070][ T6216] XFS (loop6): Mounting V5 Filesystem
[  163.128332][    T7] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  163.154708][    T7] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.159947][ T6259] block nbd1: shutting down sockets
[  163.179738][    T7] usb 9-1: config 0 descriptor??
[  163.289373][ T6216] XFS (loop6): Ending clean mount
[  163.321457][ T6216] XFS (loop6): Quotacheck needed: Please wait.
[  163.363228][ T5614] XFS (loop7): Unmounting Filesystem
[  163.450441][ T6216] XFS (loop6): Quotacheck: Done.
[  163.602397][    T7] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  163.643644][    T7] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  163.676972][    T7] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  163.799280][ T5344] XFS (loop6): Unmounting Filesystem
[  164.011252][   T26] audit: type=1326 audit(1734358738.680:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6280 comm="syz.0.397" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x0
[  164.132034][ T5671] usb 9-1: USB disconnect, device number 4
[  164.427601][ T6293] loop1: detected capacity change from 0 to 2048
[  164.510030][ T6293] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  164.661656][ T6293] EXT4-fs (loop1): shut down requested (0)
[  164.945480][ T5210] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  165.023687][ T4258] EXT4-fs (loop1): unmounting filesystem.
[  165.137616][ T5210] usb 8-1: Using ep0 maxpacket: 32
[  165.152915][ T5210] usb 8-1: config 0 has an invalid interface number: 12 but max is 0
[  165.183163][ T5210] usb 8-1: config 0 has no interface number 0
[  165.205284][ T5210] usb 8-1: config 0 interface 12 has no altsetting 0
[  165.248602][ T5210] usb 8-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  165.275238][ T5210] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.283345][ T5210] usb 8-1: Product: syz
[  165.307578][ T5210] usb 8-1: Manufacturer: syz
[  165.323920][ T5210] usb 8-1: SerialNumber: syz
[  165.370275][ T5210] usb 8-1: config 0 descriptor??
[  166.543908][ T6366] capability: warning: `syz.6.417' uses deprecated v2 capabilities in a way that may be insecure
[  166.651071][ T6343] loop0: detected capacity change from 0 to 32768
[  166.672748][ T6343] XFS: ikeep mount option is deprecated.
[  166.721249][ T6343] XFS (loop0): Mounting V5 Filesystem
[  166.826129][ T5210] f81534 8-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71
[  166.834482][ T5210] f81534 8-1:0.12: f81534_find_config_idx: read failed: -71
[  166.904166][ T5210] f81534 8-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  166.934594][ T5210] f81534: probe of 8-1:0.12 failed with error -71
[  166.947616][ T6350] loop1: detected capacity change from 0 to 32768
[  166.954816][ T6350] XFS: ikeep mount option is deprecated.
[  166.973651][ T5210] usb 8-1: USB disconnect, device number 4
[  166.987677][ T6343] XFS (loop0): Ending clean mount
[  167.001464][ T6343] XFS (loop0): Quotacheck needed: Please wait.
[  167.093603][ T6343] XFS (loop0): Quotacheck: Done.
[  167.144732][ T6350] XFS (loop1): Mounting V5 Filesystem
[  167.192411][ T6388] loop8: detected capacity change from 0 to 2048
[  167.242581][ T6343] overlayfs: invalid redirect ((null))
[  167.281849][ T6350] XFS (loop1): Ending clean mount
[  167.321183][ T6350] XFS (loop1): Quotacheck needed: Please wait.
[  167.328547][ T6388] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  167.424924][ T6388] EXT4-fs (loop8): shut down requested (0)
[  167.481726][ T6350] XFS (loop1): Quotacheck: Done.
[  167.583387][ T4247] XFS (loop0): Unmounting Filesystem
[  167.797534][ T5663] EXT4-fs (loop8): unmounting filesystem.
[  167.896666][ T4258] XFS (loop1): Unmounting Filesystem
[  167.999620][ T6414] loop8: detected capacity change from 0 to 512
[  168.015941][ T6414] EXT4-fs: Ignoring removed oldalloc option
[  168.073901][ T6414] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  168.249601][ T6414] EXT4-fs (loop8): 1 truncate cleaned up
[  168.257783][ T6414] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  168.475509][ T5663] EXT4-fs (loop8): unmounting filesystem.
[  168.989221][ T6416] loop7: detected capacity change from 0 to 32768
[  169.012676][ T6416] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 scanned by syz.7.424 (6416)
[  169.056488][ T6416] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  169.080869][ T6416] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm
[  169.100319][ T6416] BTRFS info (device loop7): setting nodatasum
[  169.119447][ T6416] BTRFS info (device loop7): force zlib compression, level 3
[  169.144134][ T6416] BTRFS info (device loop7): metadata ratio 1
[  169.157594][ T6416] BTRFS info (device loop7): enabling ssd optimizations
[  169.164640][ T6416] BTRFS info (device loop7): allowing degraded mounts
[  169.206847][ T6416] BTRFS info (device loop7): using free space tree
[  169.568833][ T6435] loop1: detected capacity change from 0 to 32768
[  169.675039][ T6435] JBD2: Ignoring recovery information on journal
[  169.820558][ T6435] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  169.830350][ T4334] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  169.946612][   T26] audit: type=1800 audit(1734358744.620:12): pid=6435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.429" name="file1" dev="loop1" ino=16946 res=0 errno=0
[  170.035491][ T4334] usb 8-1: Using ep0 maxpacket: 8
[  170.045602][ T4334] usb 8-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  170.076048][ T4334] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.095246][ T4334] usb 8-1: Product: syz
[  170.108291][ T4334] usb 8-1: Manufacturer: syz
[  170.121801][ T4334] usb 8-1: SerialNumber: syz
[  170.160201][ T4334] usb 8-1: config 0 descriptor??
[  170.189339][ T4334] option 8-1:0.0: GSM modem (1-port) converter detected
[  170.207766][ T4258] ocfs2: Unmounting device (7,1) on (node local)
[  170.232338][ T6467] loop6: detected capacity change from 0 to 4096
[  170.272693][ T6467] ntfs3: loop6: Different NTFS' sector size (2048) and media sector size (512)
[  170.401895][   T26] audit: type=1326 audit(1734358745.070:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.447796][ T6467] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  170.469605][   T26] audit: type=1326 audit(1734358745.100:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.575085][   T26] audit: type=1326 audit(1734358745.100:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.660099][ T4334] usb 8-1: USB disconnect, device number 5
[  170.670894][ T4334] option 8-1:0.0: device disconnected
[  170.687656][   T26] audit: type=1326 audit(1734358745.100:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.745216][ T5671] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  170.771978][   T26] audit: type=1326 audit(1734358745.100:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.800219][ T5344] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22.
[  170.813041][   T26] audit: type=1326 audit(1734358745.100:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.836667][   T26] audit: type=1326 audit(1734358745.100:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.866878][   T26] audit: type=1326 audit(1734358745.100:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.891650][   T26] audit: type=1326 audit(1734358745.100:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6473 comm="syz.0.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f4267585d19 code=0x7ffc0000
[  170.945543][ T5671] usb 9-1: Using ep0 maxpacket: 8
[  170.956072][ T5671] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  170.986796][ T5671] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.007850][ T5671] usb 9-1: Product: syz
[  171.022276][ T5671] usb 9-1: Manufacturer: syz
[  171.039588][ T5671] usb 9-1: SerialNumber: syz
[  171.056527][ T6488] loop6: detected capacity change from 0 to 256
[  171.065444][ T5671] usb 9-1: config 0 descriptor??
[  171.101575][ T6488] FAT-fs (loop6): bogus number of FAT sectors
[  171.128569][ T6488] FAT-fs (loop6): Can't find a valid FAT filesystem
[  171.296140][ T5671] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  171.351220][ T5614] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  172.254618][ T6517] loop7: detected capacity change from 0 to 128
[  172.274923][ T6517] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  172.301873][ T6517] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  172.460325][ T6522] sock: sock_set_timeout: `syz.1.450' (pid 6522) tries to set negative timeout
[  172.521344][ T5671] dvb_usb_rtl28xxu: probe of 9-1:0.0 failed with error -71
[  172.545637][ T5671] usb 9-1: USB disconnect, device number 5
[  172.972002][ T6512] loop0: detected capacity change from 0 to 40427
[  172.991496][ T6512] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  173.005325][ T6512] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  173.058361][ T6512] F2FS-fs (loop0): Found nat_bits in checkpoint
[  173.237343][ T6512] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  173.245361][ T6512] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  173.543035][ T6531] loop7: detected capacity change from 0 to 32768
[  173.559170][ T6512] syz.0.448: attempt to access beyond end of device
[  173.559170][ T6512] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  173.563672][ T6531] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 scanned by syz.7.452 (6531)
[  173.633579][ T6531] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  173.654653][ T6531] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm
[  173.682860][ T6531] BTRFS info (device loop7): using free space tree
[  173.953848][ T6531] BTRFS info (device loop7): enabling ssd optimizations
[  174.115559][ T4247] syz-executor: attempt to access beyond end of device
[  174.115559][ T4247] loop0: rw=2051, sector=45096, nr_sectors = 8 limit=40427
[  174.158741][ T4247] F2FS-fs (loop0): Issue discard(5637, 5637, 1) failed, ret: -5
[  174.488938][ T5614] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  174.979967][ T6588] loop0: detected capacity change from 0 to 1024
[  174.994120][ T6561] loop6: detected capacity change from 0 to 40427
[  175.066369][ T6561] F2FS-fs (loop6): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  175.096250][ T6561] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  175.129078][ T6561] F2FS-fs (loop6): invalid crc value
[  175.169869][ T6561] F2FS-fs (loop6): Found nat_bits in checkpoint
[  175.222113][ T4311] hfsplus: b-tree write err: -5, ino 4
[  175.424217][ T6561] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  175.436453][ T6602] block nbd0: NBD_DISCONNECT
[  175.442827][ T6602] block nbd0: Disconnected due to user request.
[  175.452332][ T6561] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  175.472530][ T6602] block nbd0: shutting down sockets
[  175.775415][ T5344] syz-executor: attempt to access beyond end of device
[  175.775415][ T5344] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  176.003996][ T6628] loop8: detected capacity change from 0 to 1024
[  176.018184][    T7] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  176.049059][ T6628] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  176.215261][    T7] usb 8-1: Using ep0 maxpacket: 8
[  176.222353][    T7] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  176.275314][    T7] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  176.302915][    T7] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.337522][    T7] usb 8-1: config 0 descriptor??
[  176.542370][ T6638] loop8: detected capacity change from 0 to 1024
[  176.570730][    T7] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  176.675236][ T5205] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  176.803436][ T6623] loop1: detected capacity change from 0 to 32768
[  176.875798][ T5205] usb 1-1: Using ep0 maxpacket: 8
[  176.882363][ T6623] XFS (loop1): Mounting V5 Filesystem
[  176.883890][ T4471] hfsplus: b-tree write err: -5, ino 4
[  176.890083][ T5205] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.903783][ T5205] usb 1-1: config 0 has no interfaces?
[  176.909924][ T5205] usb 1-1: New USB device found, idVendor=207d, idProduct=2cfe, bcdDevice= 0.00
[  176.919493][ T5205] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.929977][ T5205] usb 1-1: config 0 descriptor??
[  177.080750][ T4261] usb 8-1: USB disconnect, device number 6
[  177.128248][ T6623] XFS (loop1): Ending clean mount
[  177.134631][ T6659] device syz_tun entered promiscuous mode
[  177.166306][ T6623] XFS (loop1): Quotacheck needed: Please wait.
[  177.173582][ T6659] device syz_tun left promiscuous mode
[  177.289228][ T6623] XFS (loop1): Quotacheck: Done.
[  177.302623][ T5205] usb 1-1: USB disconnect, device number 5
[  177.514733][ T4258] XFS (loop1): Unmounting Filesystem
[  177.804528][ T6668] loop8: detected capacity change from 0 to 1024
[  177.895376][ T6668] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  178.286605][ T5663] EXT4-fs (loop8): unmounting filesystem.
[  178.617543][ T6702] loop6: detected capacity change from 0 to 256
[  178.727244][ T6702] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  178.971151][ T6714] loop8: detected capacity change from 0 to 128
[  178.993841][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  179.016259][ T6714] UDF-fs: error (device loop8): udf_process_sequence: Primary Volume Descriptor not found!
[  179.086420][ T6714] UDF-fs: error (device loop8): udf_process_sequence: Primary Volume Descriptor not found!
[  179.134399][ T6714] UDF-fs: Scanning with blocksize 512 failed
[  179.141046][ T6722] netlink: 'syz.1.488': attribute type 10 has an invalid length.
[  179.175614][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  179.229131][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=512, location=512
[  179.245807][ T6722] 8021q: adding VLAN 0 to HW filter on device team0
[  179.246406][ T6714] UDF-fs: warning (device loop8): udf_load_vrs: No anchor found
[  179.289072][ T6722] bond0: (slave team0): Enslaving as an active interface with an up link
[  179.338085][ T6714] UDF-fs: Scanning with blocksize 1024 failed
[  179.354972][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  179.398400][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=512, location=512
[  179.426673][ T6729] loop9: detected capacity change from 0 to 7
[  179.427867][ T6714] UDF-fs: warning (device loop8): udf_load_vrs: No anchor found
[  179.467635][ T6729] Dev loop9: unable to read RDB block 7
[  179.474919][ T6714] UDF-fs: Scanning with blocksize 2048 failed
[  179.487681][ T6729]  loop9: AHDI p1 p3 p4
[  179.491805][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  179.513615][ T6729] loop9: partition table partially beyond EOD, truncated
[  179.533216][ T6714] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=512, location=512
[  179.536423][ T6729] loop9: p1 start 2048 is beyond EOD, truncated
[  179.587493][ T6714] UDF-fs: warning (device loop8): udf_load_vrs: No anchor found
[  179.599315][ T6729] loop9: p3 size 16779293 extends beyond EOD, truncated
[  179.656031][ T6714] UDF-fs: Scanning with blocksize 4096 failed
[  179.662171][ T6714] UDF-fs: warning (device loop8): udf_fill_super: No partition found (1)
[  180.295425][ T5205] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  180.385325][ T4261] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  180.487454][ T5205] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  180.533998][ T5205] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.568841][ T5205] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.589777][ T5205] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  180.599776][ T4261] usb 8-1: config 0 has an invalid interface number: 183 but max is 0
[  180.631304][ T4261] usb 8-1: config 0 has no interface number 0
[  180.633953][ T5205] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  180.637560][ T4261] usb 8-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=26.3d
[  180.637589][ T4261] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.676903][ T4261] usb 8-1: config 0 descriptor??
[  180.684987][ T5205] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  180.698272][ T5205] usb 1-1: Manufacturer: syz
[  180.713278][ T5205] usb 1-1: config 0 descriptor??
[  181.091437][ T4261] airspy 8-1:0.183: Board ID: 00
[  181.096636][ T4261] airspy 8-1:0.183: Firmware version: 
[  181.159268][ T5205] appleir 0003:05AC:8243.0005: unknown main item tag 0x0
[  181.183708][ T5205] appleir 0003:05AC:8243.0005: No inputs registered, leaving
[  181.232296][ T5205] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  181.371403][ T6769] loop6: detected capacity change from 0 to 32768
[  181.415829][ T6769] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.506 (6769)
[  181.488869][ T6769] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  181.516708][  T125] usb 1-1: USB disconnect, device number 6
[  181.517230][ T6769] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  181.572341][ T6769] BTRFS info (device loop6): enabling auto defrag
[  181.591455][ T6769] BTRFS info (device loop6): doing ref verification
[  181.627113][ T6769] BTRFS info (device loop6): use no compression
[  181.653914][ T6769] BTRFS info (device loop6): force clearing of disk cache
[  181.684354][ T6769] BTRFS info (device loop6): disabling free space tree
[  181.908151][ T6769] BTRFS info (device loop6): enabling ssd optimizations
[  181.931484][ T6769] BTRFS info (device loop6): rebuilding free space tree
[  182.010195][ T6769] BTRFS info (device loop6): disabling free space tree
[  182.018214][ T6769] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  182.032623][ T6769] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  182.098701][ T4261] airspy 8-1:0.183: usb_control_msg() failed -71 request 10
[  182.146685][ T4261] airspy 8-1:0.183: Registered as swradio24
[  182.166728][ T4261] airspy 8-1:0.183: SDR API is still slightly experimental and functionality changes may follow
[  182.225394][ T4261] usb 8-1: USB disconnect, device number 7
[  182.231904][ T4267] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  182.247954][ T4267] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  182.263412][ T4267] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  182.276016][ T4267] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  182.284999][ T4267] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  182.293712][ T4267] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  182.709426][ T5344] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  182.767838][ T6830] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���t


[  182.932874][ T6815] chnl_net:caif_netlink_parms(): no params data found
[  183.584003][ T6815] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.648744][ T6815] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.676521][ T6815] device bridge_slave_0 entered promiscuous mode
[  183.711663][ T6815] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.749122][ T6815] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.797414][ T6815] device bridge_slave_1 entered promiscuous mode
[  183.922667][ T6866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.524'.
[  184.012149][ T6815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.049460][ T6815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.220275][ T6815] team0: Port device team_slave_0 added
[  184.250531][ T6815] team0: Port device team_slave_1 added
[  184.288543][ T6875] 
[  184.290936][ T6875] ======================================================
[  184.297973][ T6875] WARNING: possible circular locking dependency detected
[  184.305014][ T6875] 6.1.120-syzkaller-00773-g52f863f820fd #0 Tainted: G        W         
[  184.313376][ T6875] ------------------------------------------------------
[  184.320420][ T6875] syz.8.527/6875 is trying to acquire lock:
[  184.326442][ T6875] ffff88801be99f58 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x60
[  184.336167][ T6875] 
[  184.336167][ T6875] but task is already holding lock:
[  184.343554][ T6875] ffff88807f977430 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x310
[  184.354495][ T6875] 
[  184.354495][ T6875] which lock already depends on the new lock.
[  184.354495][ T6875] 
[  184.364926][ T6875] 
[  184.364926][ T6875] the existing dependency chain (in reverse order) is:
[  184.373980][ T6875] 
[  184.373980][ T6875] -> #1 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}:
[  184.382689][ T6875]        lock_acquire+0x1f8/0x5a0
[  184.387753][ T6875]        down_write+0x36/0x60
[  184.392451][ T6875]        process_measurement+0x446/0x21b0
[  184.398197][ T6875]        ima_file_mmap+0x121/0x1c0
[  184.403322][ T6875]        __se_sys_remap_file_pages+0x67a/0x8b0
[  184.409482][ T6875]        do_syscall_64+0x3b/0xb0
[  184.414432][ T6875]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  184.420861][ T6875] 
[  184.420861][ T6875] -> #0 (&mm->mmap_lock){++++}-{3:3}:
[  184.428427][ T6875]        validate_chain+0x1661/0x5950
[  184.433801][ T6875]        __lock_acquire+0x125b/0x1f80
[  184.439183][ T6875]        lock_acquire+0x1f8/0x5a0
[  184.444219][ T6875]        down_read_killable+0xc6/0xd10
[  184.449685][ T6875]        mmap_read_lock_killable+0x1d/0x60
[  184.455533][ T6875]        lock_mm_and_find_vma+0x2a7/0x2e0
[  184.461261][ T6875]        exc_page_fault+0x169/0x620
[  184.466466][ T6875]        asm_exc_page_fault+0x22/0x30
[  184.471849][ T6875]        fault_in_readable+0x166/0x340
[  184.477311][ T6875]        fault_in_iov_iter_readable+0xdb/0x270
[  184.483472][ T6875]        generic_perform_write+0x454/0x5e0
[  184.489283][ T6875]        __generic_file_write_iter+0x176/0x400
[  184.495446][ T6875]        generic_file_write_iter+0xab/0x310
[  184.501370][ T6875]        vfs_write+0x857/0xbc0
[  184.506140][ T6875]        ksys_write+0x19c/0x2c0
[  184.510997][ T6875]        do_syscall_64+0x3b/0xb0
[  184.515946][ T6875]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  184.522372][ T6875] 
[  184.522372][ T6875] other info that might help us debug this:
[  184.522372][ T6875] 
[  184.532623][ T6875]  Possible unsafe locking scenario:
[  184.532623][ T6875] 
[  184.540098][ T6875]        CPU0                    CPU1
[  184.545481][ T6875]        ----                    ----
[  184.550855][ T6875]   lock(&sb->s_type->i_mutex_key#12);
[  184.556336][ T6875]                                lock(&mm->mmap_lock);
[  184.563196][ T6875]                                lock(&sb->s_type->i_mutex_key#12);
[  184.571195][ T6875]   lock(&mm->mmap_lock);
[  184.575535][ T6875] 
[  184.575535][ T6875]  *** DEADLOCK ***
[  184.575535][ T6875] 
[  184.583679][ T6875] 3 locks held by syz.8.527/6875:
[  184.588706][ T6875]  #0: ffff888020fff768 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ba/0x360
[  184.597960][ T6875]  #1: ffff88805546a460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x269/0xbc0
[  184.606945][ T6875]  #2: ffff88807f977430 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x310
[  184.618276][ T6875] 
[  184.618276][ T6875] stack backtrace:
[  184.624190][ T6875] CPU: 1 PID: 6875 Comm: syz.8.527 Tainted: G        W          6.1.120-syzkaller-00773-g52f863f820fd #0
[  184.635387][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  184.645451][ T6875] Call Trace:
[  184.648736][ T6875]  <TASK>
[  184.651696][ T6875]  dump_stack_lvl+0x1e3/0x2cb
[  184.656392][ T6875]  ? nf_tcp_handle_invalid+0x642/0x642
[  184.661870][ T6875]  ? print_circular_bug+0x12b/0x1a0
[  184.667110][ T6875]  check_noncircular+0x2fa/0x3b0
[  184.672062][ T6875]  ? add_chain_block+0x850/0x850
[  184.677104][ T6875]  ? lockdep_lock+0x11f/0x2a0
[  184.681836][ T6875]  ? _find_first_zero_bit+0xd0/0x100
[  184.687172][ T6875]  validate_chain+0x1661/0x5950
[  184.692038][ T6875]  ? reacquire_held_locks+0x660/0x660
[  184.697517][ T6875]  ? reacquire_held_locks+0x660/0x660
[  184.702895][ T6875]  ? mark_lock+0x9a/0x340
[  184.707262][ T6875]  ? reacquire_held_locks+0x660/0x660
[  184.712639][ T6875]  ? mark_lock+0x9a/0x340
[  184.716999][ T6875]  ? reacquire_held_locks+0x660/0x660
[  184.722373][ T6875]  ? __lock_acquire+0x125b/0x1f80
[  184.727416][ T6875]  ? mark_lock+0x9a/0x340
[  184.731759][ T6875]  ? search_extable+0xf0/0xf0
[  184.736446][ T6875]  __lock_acquire+0x125b/0x1f80
[  184.741318][ T6875]  lock_acquire+0x1f8/0x5a0
[  184.745831][ T6875]  ? mmap_read_lock_killable+0x1d/0x60
[  184.751303][ T6875]  ? read_lock_is_recursive+0x10/0x10
[  184.756686][ T6875]  ? ex_get_fixup_type+0x60/0x60
[  184.761632][ T6875]  ? __might_sleep+0xb0/0xb0
[  184.766233][ T6875]  down_read_killable+0xc6/0xd10
[  184.771179][ T6875]  ? mmap_read_lock_killable+0x1d/0x60
[  184.776648][ T6875]  ? mark_lock+0x9a/0x340
[  184.780992][ T6875]  ? cmp_ex_search+0x70/0x90
[  184.785608][ T6875]  ? mmap_read_lock_killable+0x1d/0x60
[  184.791086][ T6875]  ? bsearch+0x8e/0xb0
[  184.795174][ T6875]  ? down_read_interruptible+0xc40/0xc40
[  184.800845][ T6875]  ? search_extable+0xaf/0xf0
[  184.805527][ T6875]  ? trim_init_extable+0x3c0/0x3c0
[  184.810666][ T6875]  ? fault_in_readable+0x166/0x340
[  184.815785][ T6875]  ? __init_rwsem+0x160/0x160
[  184.820472][ T6875]  ? print_irqtrace_events+0x210/0x210
[  184.825949][ T6875]  mmap_read_lock_killable+0x1d/0x60
[  184.831246][ T6875]  lock_mm_and_find_vma+0x2a7/0x2e0
[  184.836454][ T6875]  exc_page_fault+0x169/0x620
[  184.841137][ T6875]  asm_exc_page_fault+0x22/0x30
[  184.846014][ T6875] RIP: 0010:fault_in_readable+0x166/0x340
[  184.851738][ T6875] Code: 00 00 00 0f 01 cb 0f ae e8 49 81 e6 ff 0f 00 00 31 ff 4c 89 f6 e8 1a b6 bf ff 48 8b 4c 24 08 48 89 c8 48 25 ff 0f 00 00 74 30 <8a> 19 e8 23 b2 bf ff 43 0f b6 04 2f 84 c0 0f 85 83 01 00 00 88 5c
[  184.871349][ T6875] RSP: 0018:ffffc90004bd79e0 EFLAGS: 00050202
[  184.877422][ T6875] RAX: 0000000000000d40 RBX: 00007fffffffe000 RCX: 0000000020160d40
[  184.885400][ T6875] RDX: ffffc9000d971000 RSI: 0000000000000d40 RDI: 0000000000000000
[  184.893376][ T6875] RBP: ffffc90004bd7a98 R08: ffffffff81caea36 R09: ffffffff844210c5
[  184.901353][ T6875] R10: 0000000000000002 R11: ffff88802a575940 R12: 0000000000001000
[  184.909329][ T6875] R13: dffffc0000000000 R14: 0000000000000d40 R15: 1ffff9200097af44
[  184.917400][ T6875]  ? fault_in_iov_iter_readable+0x45/0x270
[  184.923233][ T6875]  ? fault_in_readable+0x156/0x340
[  184.928387][ T6875]  ? fault_in_safe_writeable+0x250/0x250
[  184.934035][ T6875]  fault_in_iov_iter_readable+0xdb/0x270
[  184.939681][ T6875]  generic_perform_write+0x454/0x5e0
[  184.945014][ T6875]  ? generic_file_direct_write+0x460/0x460
[  184.950828][ T6875]  ? __file_remove_privs+0x640/0x640
[  184.956130][ T6875]  ? generic_write_checks+0x15c/0x1c0
[  184.961516][ T6875]  ? clear_nonspinnable+0x60/0x60
[  184.966555][ T6875]  __generic_file_write_iter+0x176/0x400
[  184.972202][ T6875]  generic_file_write_iter+0xab/0x310
[  184.977579][ T6875]  vfs_write+0x857/0xbc0
[  184.981842][ T6875]  ? file_end_write+0x250/0x250
[  184.986718][ T6875]  ? __fget_files+0x28/0x4a0
[  184.991344][ T6875]  ? __fget_files+0x435/0x4a0
[  184.996080][ T6875]  ? __fdget_pos+0x2ba/0x360
[  185.000680][ T6875]  ? ksys_write+0x77/0x2c0
[  185.005109][ T6875]  ksys_write+0x19c/0x2c0
[  185.009454][ T6875]  ? print_irqtrace_events+0x210/0x210
[  185.014927][ T6875]  ? __ia32_sys_read+0x80/0x80
[  185.019719][ T6875]  ? syscall_enter_from_user_mode+0x2e/0x230
[  185.025710][ T6875]  ? lockdep_hardirqs_on+0x94/0x130
[  185.030912][ T6875]  ? syscall_enter_from_user_mode+0x2e/0x230
[  185.036900][ T6875]  do_syscall_64+0x3b/0xb0
[  185.041332][ T6875]  ? clear_bhb_loop+0x45/0xa0
[  185.046033][ T6875]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  185.051941][ T6875] RIP: 0033:0x7fb649985d19
[  185.056379][ T6875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.076083][ T6875] RSP: 002b:00007fb64a848038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  185.084511][ T6875] RAX: ffffffffffffffda RBX: 00007fb649b75fa0 RCX: 00007fb649985d19
[  185.092487][ T6875] RDX: 000000000208e24b RSI: 0000000020000d40 RDI: 0000000000000003
[  185.100460][ T6875] RBP: 00007fb649a01a20 R08: 0000000000000000 R09: 0000000000000000
[  185.108435][ T6875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  185.116408][ T6875] R13: 0000000000000000 R14: 00007fb649b75fa0 R15: 00007ffd1bf86258
[  185.124404][ T6875]  </TASK>
[  185.128640][ T4268] Bluetooth: hci4: command 0x0409 tx timeout
[  185.919510][ T4449] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.121681][ T4449] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.215262][ T4449] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.319927][ T4449] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.117575][ T4449] device hsr_slave_0 left promiscuous mode
[  187.123957][ T4449] device hsr_slave_1 left promiscuous mode
[  187.131559][ T4449] device bridge_slave_1 left promiscuous mode
[  187.138364][ T4449] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.147245][ T4449] device bridge_slave_0 left promiscuous mode
[  187.153492][ T4449] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.164919][ T4449] device veth1_macvtap left promiscuous mode
[  187.171051][ T4449] device veth0_macvtap left promiscuous mode
[  187.177628][ T4449] device veth1_vlan left promiscuous mode
[  187.183467][ T4449] device veth0_vlan left promiscuous mode
[  187.362040][ T4449] team0 (unregistering): Port device team_slave_1 removed
[  187.378805][ T4449] team0 (unregistering): Port device team_slave_0 removed
[  187.420392][ T4449] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.462485][ T4449] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.518437][ T4449] bond0 (unregistering): Released all slaves
[  187.960326][ T4460] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.000940][ T4460] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.051003][ T4460] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.122078][ T4460] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.856779][ T4460] device hsr_slave_0 left promiscuous mode
[  188.863159][ T4460] device hsr_slave_1 left promiscuous mode
[  188.869880][ T4460] device bridge_slave_1 left promiscuous mode
[  188.877533][ T4460] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.887207][ T4460] device bridge_slave_0 left promiscuous mode
[  188.893437][ T4460] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.904986][ T4460] device bridge_slave_1 left promiscuous mode
[  188.912416][ T4460] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.922056][ T4460] device bridge_slave_0 left promiscuous mode
[  188.928754][ T4460] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.943069][ T4460] device veth1_macvtap left promiscuous mode
[  188.949755][ T4460] device veth0_macvtap left promiscuous mode
[  188.956099][ T4460] device veth1_vlan left promiscuous mode
[  188.961924][ T4460] device veth0_vlan left promiscuous mode
[  189.185790][ T4460] team0 (unregistering): Port device team_slave_1 removed
[  189.214628][ T4460] team0 (unregistering): Port device team_slave_0 removed
[  189.244868][ T4460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.276504][ T4460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  189.325973][ T4460] bond0 (unregistering): Released all slaves
[  189.384493][ T4460] team0 (unregistering): Port device team_slave_1 removed
[  189.398354][ T4460] team0 (unregistering): Port device team_slave_0 removed
[  189.409758][ T4460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.422094][ T4460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  189.465912][ T4460] bond0 (unregistering): Released all slaves