last executing test programs:

5m2.885163696s ago: executing program 32 (id=309):
r0 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0x1, 0x3})
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600040000ff7f00000000000003003e00ecfffbff94020000200000004000000000000000e503000000000000000000002c9f38000004"], 0x78)
close(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003240)=ANY=[@ANYBLOB="347441f953d439cd5e80aba529e3bc0572bf1ab6aaaeb734af895ff7b9138406920cfa63f0da5969d6e8e4aff1c3acb4d8a607510571be2372abab5abe2c36d5b989ae7a11a6a9d42a84ecc69419dc580ad2507ddcffeec1303640693bddfc33a76f645ea70122fdd0e048e06d3f8c00d1a1307db974094e1fccb2c5357ed167729c649c9e90b1560be4c973632cbe91d6", @ANYRESDEC, @ANYBLOB="a0ce58e1a10c3092709977498d73bbc70380cfe551d25f2c39713a17dce9e8a375c62de150adfa28d1e07d8f58833be5eba2086346adcb2f63f20e184c3e87aa7c5ce75b45", @ANYRES64], 0x7c}}, 0x4)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0\x00'})
io_uring_setup(0x57f0, &(0x7f0000000500)={0x0, 0xb72b, 0x1, 0x2, 0x6d})
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000000b80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000180)=[{&(0x7f00000008c0)="99", 0x1}], 0x1}}, {{&(0x7f00000003c0)={0x2, 0x4e20, @private=0xa010100}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000000580)="4d2041e8324b407c4e701a603ac31fd007c857597d75311451d8cd343eff987e2cd7f2ce3391c2fe10d30cb0e47c1e44b0de47246bb0cf48cddb7eb947330e29d73599a3c27dca2db1304c52809d906f1626fa463b1b0cd0a51887ea214d312470980c7b78691c86437d44a9d2af7a2e338384bb7f46da2f8e0187ca638a1456edf9c4e83b2368812b9f0d3165851b2bf5ab2695a2e532e3d1b58fe5f718938844cdeea57139063f679cc841f355ca4dd05600219fed5a57d0ed664a9b3e2fa8c6044e0f", 0xc4}, {&(0x7f0000000680)="c6808833e0a6af0777d9a29609f876dca088d49a9053834423dc0d64c03cd1f38daefc10377017f82db6f335c62c713ea2a51f3b9c6c6a77a7cf80258ecaa49b536fcf826ff2d41c82184413aff354426631a35e22265d82b968f6f72a09e6279c401d726ac9a45a5c35dc5c3a6560f100221c2f215ced9dbaa8d52c9a314b9eeb56801dceb29d89cf5bacbc93ef28da", 0x90}, {&(0x7f0000000740)="363c2c1b39781dd9970f87a7c370d6c89efa8ad287f60a668bf9702007cf1455e5672293996a3c1eee85a9292be382afdbd39172f7e26b6d924d0a49505dd6245abe5501fbc5e1a2f56ff1dc13a917be4cdca0fe61947cec9566c8a5c49ecd825ea447f16568c78aae96ff534009ced92b10340addef16ac2b450c00c1e827f58772fa68b52b4f694d39dc61a2f8ced1e6d2dc26d4155807065f1d02a24309798a8b872f21b182debf37991fd3c64b8d21f152f9d9f1154f61267ea4d6e29edf14f53f9bd43041a8ce9b0dee3d48400a20cde58f", 0xd4}, {&(0x7f0000000880)="db23fb59e3138a0162dd5ae6526da8663e502bee6d7ac271e9fe5e6699bee19bebaefa3074e4b42dee83b561d6ef9d94efdf2fa42836bf1d2697560d33", 0x3d}, {&(0x7f00000009c0)="9a4fc823d87f91a514c73778b7a979c43df74ef781f41380f8d204abd271e08fa7cebdce7704a99dcae2eafc69a890852deb5d7bbb7a9cb056c2ea2e6c27f50c1dbd013f97f59a94380c7d0011966e10f456b1ec0c2208479f31d9d27b74e92446d088c68d55c7d432633f672204a1d751cf93c638a0cf198c7aa29def14dbc1f14e801dad1732dec5ea795a20f4c3bbc9410d9e859f6a85fdce54d8588621d221cc1a8f6a0d3a11e7cc509a19fd2801fdb5f3ecff2d0ac3458f1c6c193e6b3a391faa3c96c3d7d8938e65f1c19decde7aad", 0xd2}, {&(0x7f0000000900)="df23c27179d514a2b8064a4dbb0306d49c435b3f2e6f0dd6a95e81000000c0199a0c04a872621bee47289d68d251eefce0e959e60b822f6500"/69, 0x45}], 0x6, &(0x7f0000000b40)}}], 0x3, 0x48000)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x40000)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000200)='/dev/comedi3\x00', 0x10000, 0x0)
ioctl$COMEDI_POLL(r4, 0x640f)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000000c0)={r3, 0x8, {0x0, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x3, 0x1, "dce5749a31463840e2ddcbc5355f5d3c3f4d3777a0ae0c017b64388de54d6053dc1c4aa786df29353bffe44ce6033561556b7f7b092208afb6f791a2b0554cb8", "83b4591411019dcfdcb5389a9395975313d748ba5f48346e576ab9e350556131fd51fa656b472de61c753da0031039950b3917e6581d8c1cb96e634204bab52f", "767c201f49819c07844f6ddf8d396fff8549543290ec81b4f7709e65c0770535", [0x9, 0x9]}})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mq_timedsend(r0, 0x0, 0x0, 0xa, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', 0x0, 0x8002, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
mq_timedreceive(r0, &(0x7f0000000340)=""/200, 0xc8, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x12)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)

4m8.91250667s ago: executing program 4 (id=544):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1008404, &(0x7f0000000180)=ANY=[], 0x85, 0x6b9, &(0x7f00000008c0)="$eJzs3c1vHGcZAPBn1uu1N5TESZM2QZViNRIgrCb+kAvm0oAQ8qFCVTlwthInsbJJg+0it0LEfBQuHHrIH1AOvnFASNwjyoUL3Hr1sRKCSy81p0Hzseu1vbte49TrTX+/aDzvzDvv+z7zzNeuN9YG8KW1OBXVp5HE4tSbG9ny9tZcY3tr7kGzHBFjEVGJqBazSD5P0/TjiJtRTHElW1l2l+zt/dG5ZunJysLbn3y2/WmxVC2nfPvKwXZd/P5xl4rNcorJiBgp58ewp79bh/U3flh3SWsPs4RdayYOBm00ItLcv58Ua3769xdaNW3qnVofeuYDQyApnpsHTEScKS/07HVA8VQsntlDbXPQAQAAAMAJOLcTO7ERZwcdBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyT8vv/k3KqNMuTkTS//79WrouyfLpcPdrmT7+oOAAAAAAAAADgBF3diZ3YiLPN5TTJP/N/NV+4mP/8Srwba7Ecq3E9NmIp1mM9VmMmIibaOqptLK2vr860Wjb/Z8DBlrMdW84eEuhYOa8/i70GAAAAAAAAgGHzeZqmPTf4VSzufv4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnQZKm6eOIJIrpYjlPJqJSjYjxiKhl221G/LNZHlZXXot4OuggAAAA4BjSPrc7txM7sRFnW+2S/D3/S/n7/vF4Nx7GeqzEejRiOW7nvwso3vVXtrfmGttbcw+y6WC/3/vPkcLNe4yIkXyp08iX8y3qcSdW8jXX41a8E0lyOyp5y8zlLJbRKGI6GNcvs5iSNwqjfUZ2u5xne/5hOd+veqR97eqIv0yZyDMy2srIdBlblo3zzQx0zsQRj87+kWai0gr2YtsoWSL27cSenL/R53hnynm2P7/tkvPB2J+J2baz76XdTIx3vCq+8Zc//uRe4+H9e3fWpk7PLh202WHdSDkv7iv1MhOPdzMx15aJl3uffcOTib5M5+fEpdbyYvwwfhxTMRlvxWqsxM9iKdZjOSbjB3lpqTyfk7ZLvi1Tlbaub+4Z6K3DIqmVZ2hxsPbGFIfE9Gre9mysxI/inbgdy/F6/m82ZuLbMR/zsdB2hC/1PsL5VV/pctWnX+0Y/LVvloV6RPyunOfudrm/9nsLP7Ysr+fb8to665PiSJ7fcxfezdKFPrK0/974p96hVL9WFrIxfh17T5fBmtiXiZm2TLzYOxN/yG8ra42H91fvLT3qb7gLH5aF7Bh80Psp8Ywe0P3KzpcLrWH3nh1Z3YtFXf4apD1ftfITl6Jd5UDdpVZdcaVudr1Sa+VruIM9zeZ1L3esG8/XXG6r2/96q9F6PTTsH/4APLc+qEWc+daZWv1f9X/UP6r/pn6v/ub498e+M/ZKLUb/Nvrd6vTI1yuvJH+Oj+IXu+//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/9/ae+/fX2o0llf3FdI0fdylapgLza8zO8FBr7wQMahdrkXE6cj8f9M0LdckpyGe3oU0MxbpUZsnReGvEdFfq2pEdKq6Ovgk9Lhp+AIoeC7cWH/w6Mbae++/tvJg6e7y3eWHC/PzC9ML86/P3biz0lieLn4OOkrgi7D70B90JAAAAAAAAAAAAEC/TuLPCbqPPn6SuwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMqcWpqD6NJGamr09ny9tbc41sapZ3t6xGRCUikp9HJB9H3Ixiiom27pJu4zxZWXj7k8+2P93tq9rcvtKrXX82yykmI2KknD+r/m4du7+ktYdZwq41EweD9r8AAAD//0jrDBA=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$unix(r1, 0x0, 0x20008840)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

4m8.26260838s ago: executing program 4 (id=549):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c00020008000100", @ANYRES16=r1], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x428a4}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x8000)

4m7.220724144s ago: executing program 4 (id=552):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000180)={@hyper, 0x1})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r1=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0xd, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0}])

4m5.609750365s ago: executing program 4 (id=557):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000280)={[{}]}, 0x82, 0x499, &(0x7f0000000840)="$eJzs3M1vVFUfAODfvf3gffmsigpItEqMjR8tLags3Gg0cYFRowvUVW0LIRRqaE0sIVCNwY2JIdG1ujTxL3DnxqgrExNXujckRNmAxsWYe+demE47dFqnM4V5nmSYc+acO+ecOffMPfccpgF0rcHsnyRia0T8GhE7qtHFGQarT9eunJ3468rZiSQqldf+SPJ8V6+cnSizlsdtKSJDaUT6YVIUstjs/JkT49PTU6eL+MjcyXdGZufPPHH85PixqWNTp8YOHTp4YPTpp8aebEk7s3Zd3XNuZu/uF9+4+NLEkYtv//B1Vt+tRXptO9akf+lLg1nD/6zk6tMejv//p+I2mm014aS3gxVhVXoiIuuuvmz8VyqV8zVpO+KFD1Y4fMs6Vw9YR9m1adMyrxfXxYVKQ8lNU4FbQRKdrgHQGeX1Prv/LR9tnH503OVnqzdAWbuvFY9qSm+kRZ6+uvvbVhqMiCMLf3+ePaIV6xAAACv4eOKzw/H4cvO/NO6pybe92EMZiIg7IuLOiLgrInZGxN0Red57I2JXM4XWbBDUbw0tnf+kl+qytHR3IZv/PVPsbS2e/5WzvxjoKWLb8vb3JUePT0/tLz6ToejblMVHb1LGt8///EmjtNr5X/bIyi/ngkU9LvXWLdBNjs+N55PSFrj8fsSe3vinUqnUtT+5/kEnEbE7Ivas7q23l4Hjj361t1Gmldu/5O1uaMGZUPky4pFq/y9EXftLydL9yf5tN/YnR/4X01P7R8qzYqkff7rwSqPym2//+sj6f/Pi879I+WK+CAy8VbtfOxsNdi63Nizjwm8fNbynWev535+8nn8flduu743PzZ0ejehPDufxRa+P3Ti2jJf5s/YP7ctSyvaXR6b5d1wU/X9fROwt9svuj4gHiro/GBEPRcS+hq2P+P65xmkbof8na/o/ifrzf9e56nPZ//OrDvSc+O6bRuU31/8H89BQ8Ur+/beCZiu49k8OAAAAbh1pvnKTpMPXw2k6PFz9j707Y3M6PTM799jRmXdPTVZXeAaiLy1XunbUrIeOJgvFO1bjY8VacZl+oFg3/rQn8vjwxMz0ZIfbDt1uS4Pxn/m9p9O1A9bdcvtoY8v8oA24/dSP/3Rx9PzL7awM0FZ+rw3da4Xxn7arHkD7uf5D91pu/J+vi9sLgNuT6z90L+MfupfxD92rbvz3xC+dqgnQRmv4Ob/Ahgm8OryaozZFK0uPdIN8CE0Emv97EOsdeHNjVKOJQKe/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//dNXrDA==")
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='tracefs\x00', 0x400, 0x0)
mount$bind(&(0x7f0000000300)='.\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x185093, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20000, 0x0)
move_mount(r0, &(0x7f0000000a80)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x152)

4m4.105738713s ago: executing program 4 (id=564):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80, &(0x7f0000000000)={[{@nogrpid}, {@dioread_lock}, {@nouid32}]}, 0xfe, 0x244, &(0x7f0000000840)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
symlinkat(&(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181341, 0x84)
symlinkat(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x28541, 0x140)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f0000000140))

4m1.515843926s ago: executing program 4 (id=572):
r0 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0x1, 0x3})
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600040000ff7f00000000000003003e00ecfffbff94020000200000004000000000000000e503000000000000000000002c9f38000004"], 0x78)
close(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003240)=ANY=[@ANYBLOB="347441f953d439cd5e80aba529e3bc0572bf1ab6aaaeb734af895ff7b9138406920cfa63f0da5969d6e8e4aff1c3acb4d8a607510571be2372abab5abe2c36d5b989ae7a11a6a9d42a84ecc69419dc580ad2507ddcffeec1303640693bddfc33a76f645ea70122fdd0e048e06d3f8c00d1a1307db974094e1fccb2c5357ed167729c649c9e90b1560be4c973632cbe91d6", @ANYRESDEC, @ANYBLOB="a0ce58e1a10c3092709977498d73bbc70380cfe551d25f2c39713a17dce9e8a375c62de150adfa28d1e07d8f58833be5eba2086346adcb2f63f20e184c3e87aa7c5ce75b45", @ANYRES64], 0x7c}}, 0x4)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0\x00'})
io_uring_setup(0x57f0, &(0x7f0000000500)={0x0, 0xb72b, 0x1, 0x2, 0x6d})
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000000b80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000180)=[{&(0x7f00000008c0)="99", 0x1}], 0x1}}, {{&(0x7f00000003c0)={0x2, 0x4e20, @private=0xa010100}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000000580)="4d2041e8324b407c4e701a603ac31fd007c857597d75311451d8cd343eff987e2cd7f2ce3391c2fe10d30cb0e47c1e44b0de47246bb0cf48cddb7eb947330e29d73599a3c27dca2db1304c52809d906f1626fa463b1b0cd0a51887ea214d312470980c7b78691c86437d44a9d2af7a2e338384bb7f46da2f8e0187ca638a1456edf9c4e83b2368812b9f0d3165851b2bf5ab2695a2e532e3d1b58fe5f718938844cdeea57139063f679cc841f355ca4dd05600219fed5a57d0ed664a9b3e2fa8c6044e0f", 0xc4}, {&(0x7f0000000680)="c6808833e0a6af0777d9a29609f876dca088d49a9053834423dc0d64c03cd1f38daefc10377017f82db6f335c62c713ea2a51f3b9c6c6a77a7cf80258ecaa49b536fcf826ff2d41c82184413aff354426631a35e22265d82b968f6f72a09e6279c401d726ac9a45a5c35dc5c3a6560f100221c2f215ced9dbaa8d52c9a314b9eeb56801dceb29d89cf5bacbc93ef28da", 0x90}, {&(0x7f0000000740)="363c2c1b39781dd9970f87a7c370d6c89efa8ad287f60a668bf9702007cf1455e5672293996a3c1eee85a9292be382afdbd39172f7e26b6d924d0a49505dd6245abe5501fbc5e1a2f56ff1dc13a917be4cdca0fe61947cec9566c8a5c49ecd825ea447f16568c78aae96ff534009ced92b10340addef16ac2b450c00c1e827f58772fa68b52b4f694d39dc61a2f8ced1e6d2dc26d4155807065f1d02a24309798a8b872f21b182debf37991fd3c64b8d21f152f9d9f1154f61267ea4d6e29edf14f53f9bd43041a8ce9b0dee3d48400a20cde58f", 0xd4}, {&(0x7f0000000880)="db23fb59e3138a0162dd5ae6526da8663e502bee6d7ac271e9fe5e6699bee19bebaefa3074e4b42dee83b561d6ef9d94efdf2fa42836bf1d2697560d33", 0x3d}, {&(0x7f00000009c0)="9a4fc823d87f91a514c73778b7a979c43df74ef781f41380f8d204abd271e08fa7cebdce7704a99dcae2eafc69a890852deb5d7bbb7a9cb056c2ea2e6c27f50c1dbd013f97f59a94380c7d0011966e10f456b1ec0c2208479f31d9d27b74e92446d088c68d55c7d432633f672204a1d751cf93c638a0cf198c7aa29def14dbc1f14e801dad1732dec5ea795a20f4c3bbc9410d9e859f6a85fdce54d8588621d221cc1a8f6a0d3a11e7cc509a19fd2801fdb5f3ecff2d0ac3458f1c6c193e6b3a391faa3c96c3d7d8938e65f1c19decde7aad", 0xd2}, {&(0x7f0000000900)="df23c27179d514a2b8064a4dbb0306d49c435b3f2e6f0dd6a95e81000000c0199a0c04a872621bee47289d68d251eefce0e959e60b822f6500"/69, 0x45}], 0x6, &(0x7f0000000b40)}}], 0x3, 0x48000)
syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x40000)
r3 = openat$comedi(0xffffff9c, &(0x7f0000000200)='/dev/comedi3\x00', 0x10000, 0x0)
ioctl$COMEDI_POLL(r3, 0x640f)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mq_timedsend(r0, 0x0, 0x0, 0xa, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
mq_timedreceive(r0, &(0x7f0000000340)=""/200, 0xc8, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x12)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)

4m0.882912706s ago: executing program 33 (id=572):
r0 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0x1, 0x3})
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600040000ff7f00000000000003003e00ecfffbff94020000200000004000000000000000e503000000000000000000002c9f38000004"], 0x78)
close(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003240)=ANY=[@ANYBLOB="347441f953d439cd5e80aba529e3bc0572bf1ab6aaaeb734af895ff7b9138406920cfa63f0da5969d6e8e4aff1c3acb4d8a607510571be2372abab5abe2c36d5b989ae7a11a6a9d42a84ecc69419dc580ad2507ddcffeec1303640693bddfc33a76f645ea70122fdd0e048e06d3f8c00d1a1307db974094e1fccb2c5357ed167729c649c9e90b1560be4c973632cbe91d6", @ANYRESDEC, @ANYBLOB="a0ce58e1a10c3092709977498d73bbc70380cfe551d25f2c39713a17dce9e8a375c62de150adfa28d1e07d8f58833be5eba2086346adcb2f63f20e184c3e87aa7c5ce75b45", @ANYRES64], 0x7c}}, 0x4)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth0\x00'})
io_uring_setup(0x57f0, &(0x7f0000000500)={0x0, 0xb72b, 0x1, 0x2, 0x6d})
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000000b80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000180)=[{&(0x7f00000008c0)="99", 0x1}], 0x1}}, {{&(0x7f00000003c0)={0x2, 0x4e20, @private=0xa010100}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000000580)="4d2041e8324b407c4e701a603ac31fd007c857597d75311451d8cd343eff987e2cd7f2ce3391c2fe10d30cb0e47c1e44b0de47246bb0cf48cddb7eb947330e29d73599a3c27dca2db1304c52809d906f1626fa463b1b0cd0a51887ea214d312470980c7b78691c86437d44a9d2af7a2e338384bb7f46da2f8e0187ca638a1456edf9c4e83b2368812b9f0d3165851b2bf5ab2695a2e532e3d1b58fe5f718938844cdeea57139063f679cc841f355ca4dd05600219fed5a57d0ed664a9b3e2fa8c6044e0f", 0xc4}, {&(0x7f0000000680)="c6808833e0a6af0777d9a29609f876dca088d49a9053834423dc0d64c03cd1f38daefc10377017f82db6f335c62c713ea2a51f3b9c6c6a77a7cf80258ecaa49b536fcf826ff2d41c82184413aff354426631a35e22265d82b968f6f72a09e6279c401d726ac9a45a5c35dc5c3a6560f100221c2f215ced9dbaa8d52c9a314b9eeb56801dceb29d89cf5bacbc93ef28da", 0x90}, {&(0x7f0000000740)="363c2c1b39781dd9970f87a7c370d6c89efa8ad287f60a668bf9702007cf1455e5672293996a3c1eee85a9292be382afdbd39172f7e26b6d924d0a49505dd6245abe5501fbc5e1a2f56ff1dc13a917be4cdca0fe61947cec9566c8a5c49ecd825ea447f16568c78aae96ff534009ced92b10340addef16ac2b450c00c1e827f58772fa68b52b4f694d39dc61a2f8ced1e6d2dc26d4155807065f1d02a24309798a8b872f21b182debf37991fd3c64b8d21f152f9d9f1154f61267ea4d6e29edf14f53f9bd43041a8ce9b0dee3d48400a20cde58f", 0xd4}, {&(0x7f0000000880)="db23fb59e3138a0162dd5ae6526da8663e502bee6d7ac271e9fe5e6699bee19bebaefa3074e4b42dee83b561d6ef9d94efdf2fa42836bf1d2697560d33", 0x3d}, {&(0x7f00000009c0)="9a4fc823d87f91a514c73778b7a979c43df74ef781f41380f8d204abd271e08fa7cebdce7704a99dcae2eafc69a890852deb5d7bbb7a9cb056c2ea2e6c27f50c1dbd013f97f59a94380c7d0011966e10f456b1ec0c2208479f31d9d27b74e92446d088c68d55c7d432633f672204a1d751cf93c638a0cf198c7aa29def14dbc1f14e801dad1732dec5ea795a20f4c3bbc9410d9e859f6a85fdce54d8588621d221cc1a8f6a0d3a11e7cc509a19fd2801fdb5f3ecff2d0ac3458f1c6c193e6b3a391faa3c96c3d7d8938e65f1c19decde7aad", 0xd2}, {&(0x7f0000000900)="df23c27179d514a2b8064a4dbb0306d49c435b3f2e6f0dd6a95e81000000c0199a0c04a872621bee47289d68d251eefce0e959e60b822f6500"/69, 0x45}], 0x6, &(0x7f0000000b40)}}], 0x3, 0x48000)
syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x40000)
r3 = openat$comedi(0xffffff9c, &(0x7f0000000200)='/dev/comedi3\x00', 0x10000, 0x0)
ioctl$COMEDI_POLL(r3, 0x640f)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mq_timedsend(r0, 0x0, 0x0, 0xa, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
mq_timedreceive(r0, &(0x7f0000000340)=""/200, 0xc8, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x12)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)

4m0.805525429s ago: executing program 2 (id=577):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x901, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f00007f3000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10201, 0x0, 0x0, 0x2000, &(0x7f0000002000/0x2000)=nil})

3m59.375099325s ago: executing program 2 (id=581):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000002900), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)='\\', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000080)={0x40000001, 0x2, 0xffff5f11, 0xfffd, 0xfffffffffffffff7, 0xb, 0xfffffffffffffffa, 0x1fe, 0xc0, 0x28, 0x4, 0x2})

3m58.551967581s ago: executing program 2 (id=587):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@x86={0x0, 0xa9, 0x40, 0x0, 0x8, 0x0, 0x7, 0x9, 0x40, 0x3, 0xfc, 0x4, 0x0, 0x100, 0x5, 0xd, 0xf0, 0x1, 0x4, '\x00', 0x92, 0x6})

3m57.94782015s ago: executing program 2 (id=590):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x2048c5, &(0x7f0000000400)={[{@fat=@uid={'uid', 0x3d, 0xee00}}, {@utf8}, {@numtail}, {@shortname_mixed}, {@utf8no}, {@rodir}, {@fat=@time_offset={'time_offset', 0x3d, 0xfffffffffffffe77}}, {@shortname_mixed}, {@fat=@tz_utc}, {@fat=@sys_immutable}, {@fat=@usefree}, {@utf8no}, {@utf8}, {@rodir}]}, 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x11480, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020)

3m57.367318608s ago: executing program 2 (id=591):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x30, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0x5, 0x12e}]}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f00000002c0)="05031612d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

3m51.442715328s ago: executing program 2 (id=607):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r1)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0xb31}, 0x1c)
getsockname$packet(r1, &(0x7f0000000440)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010003704feffffff0000000000000000", @ANYRES32=r2, @ANYBLOB="c13c06001b14bf262000128008000100736974001400028008000100e00000020500050081"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmmsg$inet(r0, &(0x7f00000018c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

3m51.001521442s ago: executing program 34 (id=607):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r1)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0xb31}, 0x1c)
getsockname$packet(r1, &(0x7f0000000440)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010003704feffffff0000000000000000", @ANYRES32=r2, @ANYBLOB="c13c06001b14bf262000128008000100736974001400028008000100e00000020500050081"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmmsg$inet(r0, &(0x7f00000018c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

2m54.448729568s ago: executing program 5 (id=827):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)}], 0x1, 0x0, 0x0, 0x2c}, 0x8000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1035, 0x200000000006, 0x0, 0x5, 0xfffffffffffffffc, 0xffffffff, 0xbf4, 0xfff, 0x808000000000005, 0x800000068], 0x2000, 0x80cd4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m54.097485549s ago: executing program 5 (id=831):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x30000, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0xf6, 0x3, 0x6c})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

2m53.78230335s ago: executing program 5 (id=835):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xc, 0x4}, {0x0, 0x9}, {0xfff3, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x7}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL={0x5, 0x2, 0x4}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040005}, 0x20040054)

2m50.233218713s ago: executing program 6 (id=840):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x80000001}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000016c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x8801}, 0x20048841)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x7, 0x9}, 0x8)

2m50.129464446s ago: executing program 5 (id=841):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000002880)={[{@utf8no}, {@shortname_winnt}, {@numtail}, {@numtail}, {@rodir}, {@rodir}, {@shortname_lower}, {@fat=@check_strict}, {@uni_xlate}, {@fat=@usefree}, {@rodir}, {@utf8no}, {@utf8}]}, 0x0, 0x2ad, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhYsH3ehmaOMnCNKCGFBqI+pCmNqJhoxJyMRIRGx3bv0cxaUrBfULdOPOvbgpguCmC3GkyUybpgHTapza/H9Q5u05886c4cyEdwYy2b75/EG56FlFu6FY0igmbWhHyuxGgbFgGWvHk+q2oQvTXz/8f/3W7Su5fH5x2Zil3MrFrDFm9sybR09enH3XmL7xcvZ1QluZO9tfsh+3/tn6d/v7Srj1qmSb1Wq1Ya+6jlkreWXLmGuuY3uOKVU8p94wXf1Ft1qrtYxdWZtJ1eqO5xm70jJlp2UaVdOot4x9zy5VjGVZZialURM/ckZhc3nZzg1lMIjCVL/Gej1nx/t2Fjb/xKAAAMDJElX9f7/kmZJnKtUD9f3h+j+mI9T/0kjX/8dVi3oAGKrd+j8VXL8HUf8DAAAAAAAAAAAAAAAAAAAAAPA32PH9tO/76XAZ/iUkJSWF/0c9TgwH8z/aur64l5TcZ81Cs9BZdvpzRZXkytH8hPStfT4EOvHS5fzivGnL6K27HuSvNwtxJcL8UKZ//kIn33Tnr2tCqe79Z5XWXP/8bJ/8ZmFS58/5iWDPjiyl9f6uqnK11j6v9/OfLhhz6Wq+J3+qvR4AAAAAAKeBZfYcun9v91smfG1IT3+ncf/5gNI/eT7Qc389rv/GoztuAAAAAABGiTepsu26Tt1rPT7tQfj7B79lg1LUh5McdOVxSUHLq5MyF4MEMUm9XROHWvoH8V+b5c/SwetiLvLpPnbgx/fO1U8PO1fAIOlRfioBAAAAGIaw6B+LeiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIywQd8iFq5/nJeQde0uHs1RAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfDjwAAAP//5JwTUw==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x11480, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000000840)={0x2020}, 0x2020)

2m50.128519676s ago: executing program 6 (id=842):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x80000001}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x2, 0xfffff010}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x7, 0x9}, 0x8)

2m49.564259425s ago: executing program 6 (id=844):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x101800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fb, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m49.170508027s ago: executing program 5 (id=845):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000440)={'wg1\x00', &(0x7f0000000040)=@ethtool_gstrings={0x1b, 0x6, 0x7, "44896b5d3e6adc"}})
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})

2m48.063453142s ago: executing program 6 (id=847):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0xa1300)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x20042)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x3}, 0xb2a1})
write$sndseq(r2, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32}], 0x1c)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

2m45.069873688s ago: executing program 5 (id=855):
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file1\x00'})
execve(&(0x7f0000000280)='./file0\x00', 0x0, 0x0)

2m44.473892067s ago: executing program 35 (id=855):
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file1\x00'})
execve(&(0x7f0000000280)='./file0\x00', 0x0, 0x0)

2m44.465664517s ago: executing program 6 (id=861):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x80000, 0x12d)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

2m44.181047856s ago: executing program 6 (id=863):
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x3214212, &(0x7f00000000c0)=ANY=[], 0x7, 0xf08, &(0x7f0000001e40)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcRXnPXv3xZPdnaxnvbu/n/T32zdvdv7/8UbOzOzs2wCMrcb6z8OHl4oQPvji/Sdee7b43ZVl926ssW/9ZxF7zRDCVEu/yLb3VVxw6fyrx7Zqi3Bw/WfqhyfPbTx3LoRwJuwLX4Zm+HRl9cInHz6+/7O3Zm9/9/Tzr2/T7m/I9wMAAEbR2b+s/uPBf/354cWLZ/ceDTMby9PxeTP25+Jx/4F4oJyOlxuhvV+0RKvpbL2JGI1svYlsvcksz2RJvqlsO1Ml6013yDfRsmyr/QQAAIBhlM5rm6FoLLf1G43l5avn/Vd8tTBdLL94cvXEqQEVCgAAAFT23zfWb7oVQgghhBBCCCHECMfawqCvQAAAAADjJp8v7Bpn+jtT18bWmt3lP/dYY+vnQx/U/e9f/uHK//Gb/uIAAFDdqB5Npv1Kx9FpHoN8HsGJ7Hm9Hv83su1M9lhn2byCwzLfYFmd+e91pyqrv9fXcVDK6s/nw9ypyurP5+ncqcrqn6m5jqrK6p+tuY6qyurfVXMdVZXVv7vmOqoqq3+u5jqqKqt/vuY6qiqr/6aa66iqrP49NddRVVn9w3JbbVn9zZrrqKqs/sWa66iqrP6ba66jqrL6b6m5jqrK6r+15joG5Z7Ypt/D3my89fw5P6cblnM8AAAAGHf/M/+fEEIIIcQIxG07oAYhhBA7Od4Y9AUIAAAAYODS5wLSp97XojQ+0WF8ssP4VIfx6Q7jMx3GAQAAgBB+//aJO98rNj/nf6Pz4aV5o9L8S73OY5TPR9hr/hud96x9axd6zj8s85YBAAAwXorvf3n5oSc+ennx4tm9R1vOfi/H8900D+hkvDbweeyn+wLms36RzqGPtudplKyXXx+4qWx7T93gjgIAAMAYS+fvzVCsn3I3NvqNxvLy5vn4UpgqTpxcPX4g9tP3s/xpYWrmyvJH6y0bAAAA6MHm+X7RWN7i/D99j+9SmC6WXzy5euLU1f78xvKpRut1gYXN5UXrdYFmtvxgyfJDsZ++v/OHC7vWly8f+9Hqs/3eeQAAABgTp145/fwzq6vHf7zlg/Rp9uut08uD9PmCXp4VQhH6k90DDzzo9sEA/ygBAADb4uuv35/6yaH5P1z9/P/m/Hfp8//7Yr8Z5/b7a1wh3SeQPgdwzef1n27Ps1C23kvt6zWz9SZizGR1z7ZsJ7TMN5iet1iWr9m+nemSfHNZvvksXz5PwWS2fsq3J1uez0+Y1lvIlufzME5mOYos/30BAAAAyq28/MJLK6deOf3IyReeee74c8dfPHTwyPeOHDnw6HcfXVm/r3+l9e5+AAAAYBht3vQ76EoAAAAAAAAAAAAAAAAAAABgfNXxdWKD3kcAAAAYd/95I4RwRghREle/ArP/2938JsrB76MY3di1A2oQQgjR77h4nbGJHVCfEGLHxtpa/k3zAAAAANvr0vlXj7W21zhT9DXfxtbiu7GXY97Uzj/y98UrkVY791j79ZLdfa2GcVf3v3/5hyv/x2/2N/9setD1379G+waOVsv7wMqvllrz3zXZZf58/5+qln9/lv+B0F3+tY+y/E9Xy/9gln93l/mv2f+XquV/KOZfiv3993ebv/31n4lt2o9dXeb/Trb/z4Zu82f73+wyYebhmB8AxlFj0AVsk3SUkI6j52I/7W883Az53Q+9Hv83su1M3nDl7dtNx0F3xH46XprP8ia91j+Xbe+minXmhuWukrL6+/U6brey+qdqrqOqsvqna66jqrL6Z2quo6qy+mdrrqOqsvq7PQ8dtLL6h+W6cln9czXXUVVZ/fM111FVWf29/j8+KGX176m5jqrK6l+ouY6qyuqveFmtdmX1L9ZcR1Vl9d9ccx1VldV/S811VFVW/6011zEod8e27Hw4nX8uxLHUb2b9mS1+l6N6bQEAAACGzb/N/yeGJQ7PD74GIYToW+zaATWI8Y747s/A6xBiNGJt7fLaFYOuQ4jrxdraoK9AMEjb+2lmAHYqf//Hm9d/vHn9x5vXn+tJ9/AXWT+Z6DA+2WF8qsP4dDae/3ud6TB+S7bdtSiN39ph/LYO43s6jN/RYXypw/idHcbv6jB+d4dxAAAAxsPtsXV+CAAAAKPrtV9//s5vH3j6/OLFs3uPhulr5p0/EPsz8b31t2M/n/c+mYrv+f809n8Z2z/G9p/Z+u4/AQAAgO2XvifG+/8AAAAwutL3lDr/BwAAgNG1GFvn/wAAADC6bo6t838AAAAYYcXs1otjm64L3Bfbbuf1AwB2vm/E9p7Y7o3tvbH9ZmzTccD9sf1WTfUBAP3zix/87Mh7xeZ8/4ey8UtxeWqvcebqlYKi0T6T/67Y7o7tt7usJ/8+gG7zJ3u6zLNd+RduMD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDoa6z8PH14qQvjgi/ef+Pn0O3+7suzejTX2rf8sYq8ZQpjaeF4a3ez/Jq546fyrx1rby7EtwsFQhGJjeXjy3EamuRDCmbAvfBma4dOV1QuffPj4/s/emr393dPPv76Nv4K2/QMAAIBR9P8AAAD//6d9HGQ=")
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0xfffffff7)
socket(0x28, 0x801, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$XFS_IOC_INUMBERS(0xffffffffffffffff, 0x80405880, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2, 0x11, r0, 0x0)
read(r0, &(0x7f0000001400)=""/4096, 0x1000)

2m28.968808282s ago: executing program 36 (id=863):
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x3214212, &(0x7f00000000c0)=ANY=[], 0x7, 0xf08, &(0x7f0000001e40)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcRXnPXv3xZPdnaxnvbu/n/T32zdvdv7/8UbOzOzs2wCMrcb6z8OHl4oQPvji/Sdee7b43ZVl926ssW/9ZxF7zRDCVEu/yLb3VVxw6fyrx7Zqi3Bw/WfqhyfPbTx3LoRwJuwLX4Zm+HRl9cInHz6+/7O3Zm9/9/Tzr2/T7m/I9wMAAEbR2b+s/uPBf/354cWLZ/ceDTMby9PxeTP25+Jx/4F4oJyOlxuhvV+0RKvpbL2JGI1svYlsvcksz2RJvqlsO1Ml6013yDfRsmyr/QQAAIBhlM5rm6FoLLf1G43l5avn/Vd8tTBdLL94cvXEqQEVCgAAAFT23zfWb7oVQgghhBBCCCHECMfawqCvQAAAAADjJp8v7Bpn+jtT18bWmt3lP/dYY+vnQx/U/e9f/uHK//Gb/uIAAFDdqB5Npv1Kx9FpHoN8HsGJ7Hm9Hv83su1M9lhn2byCwzLfYFmd+e91pyqrv9fXcVDK6s/nw9ypyurP5+ncqcrqn6m5jqrK6p+tuY6qyurfVXMdVZXVv7vmOqoqq3+u5jqqKqt/vuY6qiqr/6aa66iqrP49NddRVVn9w3JbbVn9zZrrqKqs/sWa66iqrP6ba66jqrL6b6m5jqrK6r+15joG5Z7Ypt/D3my89fw5P6cblnM8AAAAGHf/M/+fEEIIIcQIxG07oAYhhBA7Od4Y9AUIAAAAYODS5wLSp97XojQ+0WF8ssP4VIfx6Q7jMx3GAQAAgBB+//aJO98rNj/nf6Pz4aV5o9L8S73OY5TPR9hr/hud96x9axd6zj8s85YBAAAwXorvf3n5oSc+ennx4tm9R1vOfi/H8900D+hkvDbweeyn+wLms36RzqGPtudplKyXXx+4qWx7T93gjgIAAMAYS+fvzVCsn3I3NvqNxvLy5vn4UpgqTpxcPX4g9tP3s/xpYWrmyvJH6y0bAAAA6MHm+X7RWN7i/D99j+9SmC6WXzy5euLU1f78xvKpRut1gYXN5UXrdYFmtvxgyfJDsZ++v/OHC7vWly8f+9Hqs/3eeQAAABgTp145/fwzq6vHf7zlg/Rp9uut08uD9PmCXp4VQhH6k90DDzzo9sEA/ygBAADb4uuv35/6yaH5P1z9/P/m/Hfp8//7Yr8Z5/b7a1wh3SeQPgdwzef1n27Ps1C23kvt6zWz9SZizGR1z7ZsJ7TMN5iet1iWr9m+nemSfHNZvvksXz5PwWS2fsq3J1uez0+Y1lvIlufzME5mOYos/30BAAAAyq28/MJLK6deOf3IyReeee74c8dfPHTwyPeOHDnw6HcfXVm/r3+l9e5+AAAAYBht3vQ76EoAAAAAAAAAAAAAAAAAAABgfNXxdWKD3kcAAAAYd/95I4RwRghREle/ArP/2938JsrB76MY3di1A2oQQgjR77h4nbGJHVCfEGLHxtpa/k3zAAAAANvr0vlXj7W21zhT9DXfxtbiu7GXY97Uzj/y98UrkVY791j79ZLdfa2GcVf3v3/5hyv/x2/2N/9setD1379G+waOVsv7wMqvllrz3zXZZf58/5+qln9/lv+B0F3+tY+y/E9Xy/9gln93l/mv2f+XquV/KOZfiv3993ebv/31n4lt2o9dXeb/Trb/z4Zu82f73+wyYebhmB8AxlFj0AVsk3SUkI6j52I/7W883Az53Q+9Hv83su1M3nDl7dtNx0F3xH46XprP8ia91j+Xbe+minXmhuWukrL6+/U6brey+qdqrqOqsvqna66jqrL6Z2quo6qy+mdrrqOqsvq7PQ8dtLL6h+W6cln9czXXUVVZ/fM111FVWf29/j8+KGX176m5jqrK6l+ouY6qyuqveFmtdmX1L9ZcR1Vl9d9ccx1VldV/S811VFVW/6011zEod8e27Hw4nX8uxLHUb2b9mS1+l6N6bQEAAACGzb/N/yeGJQ7PD74GIYToW+zaATWI8Y747s/A6xBiNGJt7fLaFYOuQ4jrxdraoK9AMEjb+2lmAHYqf//Hm9d/vHn9x5vXn+tJ9/AXWT+Z6DA+2WF8qsP4dDae/3ud6TB+S7bdtSiN39ph/LYO43s6jN/RYXypw/idHcbv6jB+d4dxAAAAxsPtsXV+CAAAAKPrtV9//s5vH3j6/OLFs3uPhulr5p0/EPsz8b31t2M/n/c+mYrv+f809n8Z2z/G9p/Z+u4/AQAAgO2XvifG+/8AAAAwutL3lDr/BwAAgNG1GFvn/wAAADC6bo6t838AAAAYYcXs1otjm64L3Bfbbuf1AwB2vm/E9p7Y7o3tvbH9ZmzTccD9sf1WTfUBAP3zix/87Mh7xeZ8/4ey8UtxeWqvcebqlYKi0T6T/67Y7o7tt7usJ/8+gG7zJ3u6zLNd+RduMD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDoa6z8PH14qQvjgi/ef+Pn0O3+7suzejTX2rf8sYq8ZQpjaeF4a3ez/Jq546fyrx1rby7EtwsFQhGJjeXjy3EamuRDCmbAvfBma4dOV1QuffPj4/s/emr393dPPv76Nv4K2/QMAAIBR9P8AAAD//6d9HGQ=")
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0xfffffff7)
socket(0x28, 0x801, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$XFS_IOC_INUMBERS(0xffffffffffffffff, 0x80405880, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2, 0x11, r0, 0x0)
read(r0, &(0x7f0000001400)=""/4096, 0x1000)

1m58.34428608s ago: executing program 3 (id=1070):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x58, &(0x7f00000002c0)}, 0x10)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0)

1m58.184523835s ago: executing program 3 (id=1072):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x3, 0x4, 0x8}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000680)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @val={@void}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x25, 0x58, 0x68, 0x0, 0xba, 0x2f, 0x0, @loopback, @multicast1}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}, {0x8, 0x88be, 0x2, {{0x4, 0x1, 0xf3, 0x3, 0x0, 0x2, 0x6, 0x8}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x3, {{0xf, 0x2, 0x70, 0x0, 0x1, 0x1, 0x6, 0x3c}, 0x2, {0x7ff, 0x4, 0x0, 0x1d, 0x1, 0x0, 0x2}}}, {0x8, 0x6558, 0x3}}}}}}, 0x0)

1m57.989684832s ago: executing program 3 (id=1074):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @multicast1}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x8, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)="341c6970826c8d4b5c11b970df9ba99356da67926a9ec3ade529abcdb90bd856d940b30d62502e8bd2da2273e46adca15152c3ada09720c93730f8a240b97dc3ddaf3933416584aeea0849e24c15887cf481a02d1fac21c4741da961105b326e43fc2389a5dac54db82491d54d0fe46230d76297c86effdba339d1eeea410793dc09c0117a422e04d047174251dec07a31cb58e4773ab8715a2a4189fa87ab20b6c6153fc96fe645fa33a965ed60bcc4fc93319cb4397ad0e0e5671cf342697e8f01c11fed", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)="571b7755a3267219bc00ce4995113b19f86da7ee35b633ca3217bdafcab5938c1a8c3f7a0a6379c44b6ad1a10a957a3fc906cfe82f7834d4783ccc4bcaa881fff2b93cfb3b24ee0a645810f393e480f21fe274a860d3d194ef7470f48d05d7ba4b999e4ed4774e89227703d36c3198fce775c36b446e1d46ec5ac828d080f91cfc5c6bdebacd8738fbdc7c60ab968e6f02c5ba7566a1fc64b6023fbb34fdf8f71a23a2450fa8dc4c97c3ce1753a0d0278b61e951ab5bbd3e81a9c8b5f78793ba70a1f573ba", 0xc5}], 0x1}}], 0x2, 0x4008041)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r1)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1)

1m57.818090667s ago: executing program 3 (id=1076):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000000000)='./bus\x00', 0x810, &(0x7f0000000180)={[{@discard}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@discard_async}, {@usebackuproot}, {@skip_balance}, {@autodefrag}, {@commit={'commit', 0x3d, 0x9}}, {@acl}]}, 0xff, 0x5122, &(0x7f0000006440)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paWLOSWiSzMILauJDCCNyGhrlwoxhILtpp3HvOc+fe53jPvTONjennIzPnPOd3nuc893IW93udc04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEMJzv31ypKx++vr02fMz9d2Hts1cOTC94UwIlfb2Sl7ftf3pl17fsev5idhh9sVsWav1GzLreiFrrOnZ2OrX+/NqCGEsGaCaL59aVxi1e3VfccBSNy7tPbZlf33ziaPN6rXL504VXzotE6s9gdWSn1cXF8+levv3SLJHp9116lV6TtGsf3rC/SsvAgBYkqlGe9H5OJp/xO20D6b1pF1P2s2kHT8hNLsby5GNu6bfPDel9VWaZz2LCuN955nU8/e/026k/ZN2EjWWMM/eXfNIM9FvnnNJfbXmCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA7eejN0QfK6qevT589P1PffWjbzJUD0xvOhFBrb69k5crad4/W//xm+/FDP2z98sTFZx+p5v3icrRr5/BrXHlsMoTXuioX47CX1ofQ6C20m+HzYuGN9sozsQAAAMCd5N7275FOO4uDYz3tSjtNVtr/oiws3ri099iW/fXNJ442q9cunzu1/PEafcar33S8Tru2+FPpCsYx/qbjLdbjrvsK45RLR0zz/KMXpv4q61/I/7Xy/B/fOfkfAACAf0L+T8cpNyj/f/vK7x+V9S/k/009hyzk/zjjmP9HwvLyPwAAANzObnX+rxfGKTco/4+/MPZVWf9C/p8aLv+Pdk87bvwlTnjPZAhTg6YOAAAA9BH/333xq4WY17NvDtK8/sTDh8+XjVfI//Xh8v9Y+GJ+RV8YAAAAsGzzn+18sKxeyP+N4fL/+C2dNQAAALAUb70/8V5ZvZD/Z4fL/2vzZX7lQ9bpx/hXCEcmQ5horcxlhZ9C88lOAQAAAFghMaf/8fHu78v2K+T/ufL7/8c7HcTr/3vu/1e4/r+rkN3173E3BgAAAOBuVLyeP94eP3tyQb/n7w97/f99/zv8ctnxC/n/4HD5v9q9XMnn/wEAAMAy/Nee/7ezME65Qff/v+eDt38u61/I/83h8n9crut+eScrlez9eWcyhI2tlfxugl/Hw+1JCgtjXYW2RtJjR+yRFxbGuwptc0mPrZMh3N9aOZgU/h8LzaRwdX1emE8KZ2IhPx86heNJ4WQ80z5dn083LXwXC/kFFgvxCop1nUsikh7X+vVoFW7a41zn4AAAAHeVGJ7zLDvW2wxplF2oDNph7aAdRgbtUB20w2iyQ7pjv+1htrcQtzfPbl7a8//nh8v/8a1Yky36Xf8f4vX/+XMNO9f/z8ZCLSksxEIjvWNAIx4jC7sfxmPUGnmPqxs7BQAAALijxe8Fqqs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/Zu9cYua76AOBnn+N9eHcTqAgpggXqGBe8XtvhoTYV6zRVUShlXVKiClFs7HVYvMHGdgqOADk2KEURNC2R4EOjOEKozoekFgkKNIniRsIoah4oVSOSKBFpnSCi0DSAQiESrmbuPbN3zt15+LGON/39JO+cmf953nl4zr13zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/hyNf+szftorf/9tLHn/q8qlP7t9w+fOfv+Tch0OYrj3elYW7Bq+9cernt1582/671t10x7FL396fl8vjYaj6pzu/88VY67HlIdzZFUJvGlg9nAX68vvDsb43DIdwTpgP1EvMDGYl0obD9wdCOBjmA/WqvjcQwnAhcNkj9937lWrihoEQVoQQKmkbT1ayNgbSwAX9WWAwDezozQK/Op6pB77bnQXglMU3Q/1Ff3i6McPYwuWavP76TlvHXlnp8HpiYqx5vp9tWOROFfSnD0yf0tNWqo5FUXp7HPFuWwLvttJ2vt7TVvwilX9DOT4fqoTurTPbNl81tyc+0h0mJnqa1bRIz/NjL35uy4mkl8zrMHZg7LS8Dr/60Ipbe1Z94ME7Vq949tA7Djx3qt38UWGTFtOLrRLy19ySeR6jKZ8nS+DtV/qWNO5LVwhh2yd+74Ot4qX5/1jr+X98Ocfb7obcsdaXR7K5eXxkOCZeGMnm5gAAALBkLIW9pjsm7nlPofhoJamvNP8f7+z4fzzkn0/ms9EeCWGqljgwGsJ5tcezwC2xuY+PhvDmWmq6MbAhCRwJ4fW1xKp6VUmJZbHEeBL4yUgemEoCR2NgOgl8KwauTwJfjIHDSWBLDBxJAhfHQJhtHMfvj+Tj6DgwEAObso14OJ6F8IuR2FqyrZ6oVwUAAHCa5LPDvsa7hXMdTjVDnF4eHmiXIZ6B3TRDJakhncHWp1VNa+htV0N3uxrq497Xevilmrva1Vw6DaOrMcONv/ybD4UWSvP/ydbz/8oCHekqHf8PYWPtb8zdnUfm6vFN0w0ZAAAAgFMw9L9Pf7NVvDT/n+rs/P+4T6SnkDk8EHdDbB8NYbIxkFX7h+VAdtR7KA8AAADAUlA/Hl8/Fj6b32anaKfz6XL+6RPMHw/8Ty2Yv//I3Zta9bc0/5/u7Pz/wcbbrBNHYy++NhrCskLgB7GX1UDNeAz8+L2NgXz8R+MGuC5WlZ+YUK/qulhiUwxMJoGDzUr8sF7ivMZA/mTVGz9QH8dsXqIQAAAAgDMu7g6Ix+Xj+f9v+c26z7QqV5r/bzqx8/9r8+DS6f1zQyGs6Q2hJ/1hwAOD2cKAMTDclSfuGczq6kmrumYwhIuqA0urejpf/783XWPwkYGsqhg47y2HXrygmvjmQAhrioFHP3LzO6uJPUmg3vhfDoTwpupo08a/syxrvC9t/OvLQnhjIVCv6uPLQqg21p9WdV8lv45BWtU/V0J4TSFQr+pdlRD2BgCWqPhf6dbig7v3Xr1989zczK5FTMR9+ANh2+zczMSWHXNbK036tDXpc8MyRteUx9TplW+eyJco+vDtG4c7Sdd/JzhZbCvfj186cTC/H78L9dXGua6v4e76dMhve2u5iVD4JtVsyN2LPOTBYiXzT2Kp/pi/PwyFZVftntk18dnNe/bsWpv97TT7uuxvPMyUbau16bYaXKhvHbw8mq6WlTjZbbWyWMmaPVfuXLN779WrZ6/cfMXMFTOfWvuudZMXTq6ffPeFa6qjmsz+thnqyoWqToZ6/OYOx3Uah3p+b6GSM/GpISEhsdQSO4ZWtvw/uTT/39l6/h8/deInf74+Q7Pj/2PxMH/2+Pxh/k0xcLDT4/9jzY7m108MGE8C+2Jgn8P8AAAAvDrESX7cmxn3Sv901XeebVWuNP/f19nv/0/T+v/1pesvbbbM/6pYYrLZ+v/pMv/19f/3NVv/P13mv77+/8FXYP3/q+qBZJP8wvr/AADAq8GZW/+/7fL+6QUCShnaLu+fXiCglKHtMv6dXiDghNf/f/I//+q/Qwul+f/1nc3/LdwPAAAAZ48v/NlnfqdVvDT/P9jZ/P/Mr/8Xmp3/P94sMN1sYUDr/wEAALBENVv/b+zawY+1Klea/x/ubP4fT7vobsgda315JFvTLqRr2r0wUv/JAAAAACwN3WFioq/DvA0ro244+TYfy5cCbZUuevpPjp3Y+f9HOpv/N/wu46sPrbi1Z9UHHnz5jtUrnj30jgPPzR//BwAAABZPp/slAAAAAAAAAAAAAACAV97T/7F/fat46ff/YWPt8Wa//4/X/Yu/L3htQ+5Ya/v1//L7l73/tr21JQsfGAnhrcXA9v3bzwn5tflXFgP3fnTV66qJ/WmJu5+6+Jlq4mNp4H2rz32pmrgoCWyKiyS+Pg3Eqyq+tDwJxOUV/z0NxO1xOA3054EvL8/G0ZVuq58OZ9uqK91Wjw+HMFoI1LfVncNZG13pAG9IAvUBfjoNxAH+eR7oTnt121DWqxgYjkVvGsp6BQDAWSt+C+wL22bnZibjV/h4e35v423UsGTZNeVquzps/ol8abIP375xuJN0T/pddP5a432hUh3C2tLX1WKWrtooT08tbTbda5sMud1qb91NyqVOdNP1Nx/RQDaiiS075rb2tR34+vZZ1vW2zbK2NNkpZumubdIOaumgLx2MqMNt00GX4/3uMDHRk+T6gxgcCw3avSI6/b1+cZ2/Zq+CYp5PHTvwq1b1leb/Y53N/yvFcb2UXwxgX7yy3t+NWuYfAAAAFteXN/z6G/Hfh669/9FWeUvz//HO5v9xD1Z+KDjb23EkXv//wGgItUvrj2WBW2JzHx8N4c211HQskV1Q/9JYYjIL3BJ3mKyKJTZNN1a1LAYOJ4GfjOSBI0ngaAzkeykOhXxXzt+PhPDOWmpjY4mdscRYEvhgDIwngYkYmEwCy2NgKgk8vzwPTCeBf4uBMNu4rW5fnm8rAACADtWu4ZbPs+Lx5zjtSud5h3vbZehql2GwXYbudhkqLTP0hcPNRhHvfztm6EtOXukqZOpLmx1IailliBfDb9rxtlu3fvj/h40504KlpuP5B/XzDboaM9z1nt5KaKE0/5/sbP4/2HibtX40zv/nr/+XBX4Qu/e1eOr4eAz8+L2NgXzHwNE42b2uXtV0XiKftF8XS0zFwHgS2BkDU0lg08Y8cPB1jYF8pl1v/EC98dm8RCEAAAAAZ1zcQRB308T5/027vzTUqlxp/j/V2fw/tjdUbOyLsdZjy0O4s2u+N/XA6uEsEPdjDMefx79hOIRzCjs46iVmBrMS/UnD4fsD2S/U+9OqvjeQ/fgg3r/skfvu/Uo1ccNACCsKe1/qbTxZydoYSAMX9GeBwTSwozcLxD0/9cB3u7MAnLL6XsH4gspPdakbW7hck9ffq+WaoOnwSvtAF8i30G+uFktph2u+T7XuxJ62lvtvOW1Kb48j3m1L8d025t1W/CKVf0M5Ph+qhO6tM9s2XzW3Jz5S/CVrySI9z8VfqXaSPg2vw30n39v2KmkHJpOPj8mFyy38OuyK1X31oRW39qz6wIN3rF7x7KF3HHiu4240EX8ofN/n/3X4R4XNu9gqIX/NLbnPk2mfJ0viv4Hk3T3uaQshbHz+69e1ipfm/9Odzf97k9uaX8eNuXs0hLcVNu4DcfP/8Wj2OVgIZJ+SrykHskPu/zXS9JMTAAAATrf67o76/oLZ/DY7ITydJ5fzT4dwfPQE8sf9FVML5u+034N//dEVreKl+f+m1vP/ZUk3Hf93/J9F4vj/gs72XdHL0gf2ndKu6FJ1LArH/xd0tr/bHP9fkOP/jv8vxPH/Nhz/X9DZ/rSVviXt9KUrhPDsH93zeKt4af6/s7P5v/X/Fl60r77+36Zm6//tbLb+3z7r/wEAAIuqyUJz6TyvtHpfKUO6el8pQ9sFAtsuMdh6/b8W6+y9atb/K23Uduv/PXP+k78JLZTm//s6m//Hl8NQsfWlsv7f+MYmVV0fAzstDAgAAMDZqNm+CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF5Zd/3D/2xtFb//t5c8/tTlU5/cv+Hy5z9/ybkPhzBbe7wrC3cNXnvj1M9vvfi2/Xetu+mOY5e+vZKX68tvf7chd6z15ZEQDhYeGY6JF0aqd+YDl73/tr291cQDIyG8NQsM55VsP6f691sjIawslrj3o6teV03sny+RBe5+6uJnqomPpYH3rT73pWriojzQlXb3H5dn3e1Ku/uV5SGMFgL17n5yeWNV9Tb+NA90p23803DWRgwMx6LfGM7aiIG5WGJ2WQhrekPoSau6v5JV1ZNW9S+VrKqetKovVEK4KITQm1b1VH9WVW868of7s6pi4Ly3HHrxgmriYH8Ia4qBRz9y8zuriU8ngXrjf9EfwpuqL5m08W/3ZY33pY3f0BfCG0MI/WmJX/ZmJfrTEk/3hvCaQqDe+Cd6Q9gbeFWIHz4Nn2i79169ffPc3MyuxUh8JEv0520NhG2zczMTW3bMba0kfWqmq5A+fs3Jj/2JFz+3pXr74ds3DneS7s3L9dW6vK6v4e76s733sV+DxUrmn5hS/TF/fxgKy67aPbNr4rOb9+zZtTb722n2ddnfnjyabau1S2VbrSxWsmbPlTvX7N579erZKzdfMXPFzKfWvmvd5IWT6yfffeGa6qgms7+nY6g3N4QGzsRQz+8tVLKoHwASEhJnILF2EWrubvh0mzzbP8hLX/TnO9oXKrUP6NK0opilqzbK0zHoDSc54pP5ntJ2RGtLE4dSlnULZLmmMcv60mRivpaBLEvte11pclhsrLu2SeP97jAx0dNsO4w13i1u3p+dwuZ9LN90naYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//t/8lBw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101142, 0xeaff)
write$binfmt_register(r0, &(0x7f0000000700)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x5, 0x3a, 'compress', 0x3a, 'i\xb2\xf6\xed\xee\xe7 \xcc\xe0Wy7\xeb\x8agQ', 0x3a, 'mnt/encrypted_dir'}, 0x49)
r1 = syz_clone3(&(0x7f0000000480)={0x280000, 0x0, &(0x7f0000000240), &(0x7f0000000280), {0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES64, @ANYRESHEX=r0, @ANYRES16=r1], 0x29f)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000000c0)={{r0}, 0x0, 0x0, 0x100000})

1m56.439543781s ago: executing program 3 (id=1083):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x439, 0x10000000, 0x0, {0x0, 0x0, 0x0, r3, 0x69801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x2}}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
sendto$packet(r0, &(0x7f00000001c0)="11eb030086dd", 0x6, 0x2404c081, &(0x7f0000000200)={0x11, 0x88a8, r3, 0x1, 0x4, 0x6, @multicast}, 0x14)

1m54.488067273s ago: executing program 3 (id=1097):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)

1m54.033569938s ago: executing program 37 (id=1097):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)

7.717741324s ago: executing program 9 (id=1679):
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f00000008c0)=ANY=[@ANYRESOCT, @ANYBLOB="b7db55e41f6664aa3818e410753dc69bd7c68bee0685c246ddb17be615ad2293efd505e1e48a57cfcd05cd"], 0x68}, 0x1, 0x0, 0x0, 0x4004890}, 0xa040)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000500)=@req3={0x4, 0x7fe, 0xde, 0x7, 0x2, 0x5, 0x8}, 0x1c)
sendmmsg(r0, 0x0, 0x0, 0x45)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x100, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x1e, &(0x7f00000004c0)={@multicast, @multicast, @void, {@can={0xc, {{0x1, 0x1, 0x0, 0x1}, 0x5, 0x4, 0x0, 0x0, "b6103da1d1b0a32f"}}}}, 0x0)

7.52709113s ago: executing program 0 (id=1680):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000980)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@mblk_io_submit}]}, 0x1, 0x5a2, &(0x7f00000003c0)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQFNGVzc6mabpbN2k3W7O/H8zu+85M5nnfmX3e7AwzbAB963D9JY14KiLOJxHDG5YNRLbwcGO91ZWl4t2VpWIStdqFX5JIIuLOylKxuX6SvR+IiOWI+H9EfJOPOJqub3JPs1BdWJwaL5dLs1l9ZG768kh1YfHYpenxydJkaebEiy+dOn3y1NjxsY3NvVvbWMtvra/Xfrz+7rXvXrl5/dPPDi0X3x9P4kwMZcs29uNxauyTfJzZNP9kN4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6DO9I8oItqgxG1dRuKQB9IJD30qeb3gPr5b3Paye8ft842TkDqcVdXlorvRDP+QOPaROxdOzfZ/2ty35lJ/Xzz4E42lF1p+WpEjA4MPPj5T7LP3/aNPo4G0lVfn20cqAePf7o+/kSL8Weoee30ETXHv9Vs/FttET/XZvw732GMP17/6aO28a8OxtMt4yfr8ZMW8dOIeLPD+Dde+/J0u2W1jyOOROv4TcnDrw+PXLxULo02XlvG+OrIoZfb9z9if5v4jWu2e9casrH/e7I2pR32/4tvP39m+SHxn3/24ce/1f7fFxHvdRj/P3c+ebXdsltXk9v1bwFbPf5J5ONmh/FfOHP4h6zoqiEAAAAAAAAAADxG6dq9bElaWC+naaHQeIb3v7E/LVeqc0cvVuZnJhr3vB2MfNq802q4UU/q9bHsftxm/fim+olcFjC3b61eKFbKEz3uOwAAAAAAAAAAAAAAAAAAADwpDmx6/v+33Nrz/5t/rhrYrdr/5Dew28l/6F/353/Ss3YAO8//f+hbNfkP/Uv+Q/+S/9C/5D/0L/kP/Uv+Q/+S/wAAAAAAAAAAAAAAAAAAAAAAAAAA0BXnz52rT7W7K0vFen1iYGF+qvLWsYlSdaowPV8sFCuzlwuTlcpkuVQoVqb/bntJpXJ5NGbmr4zMlapzI9WFxTemK/Mzzd8ULeW73iMAAAAAAAAAAAAAAAAAAAD45xlam5K0EJFv1NO0UIj4V0QcTCK5eKlcGo2If0fE97n8YL0+1utGAwAAAAAAAAAAAAAAAAAAwC5TXVicGi+XS7PdKwxkoboYovPCwFZWjojlRwn6e61Wu39OfYtb3k4+24E93nW7o5B7Mj6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qXsP/Xb6F392t0EAAAAAAAAAAAAAAAAAAADQl9Kfk4ioT0eGnxvavHRPsppbe4+It29c+ODK+Nzc7Fh9/u31+XMfZvOP96L9QKeaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHuqC4tT4+VyaXabhcEO1ul1HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2468AAAD//3+o0IY=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000700)='./file1\x00', 0x42041, 0x12c)
pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0xd, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r4, 0x702, 0xe, 0x0, &(0x7f0000000580)="e460334470d8d400eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)

6.911545669s ago: executing program 9 (id=1682):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffffffffffffc50, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

6.701394326s ago: executing program 8 (id=1683):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, 0x0, 0x1, 0x0, 0x80000000, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x3c, r4, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback={0x0, 0xffffac1414aa}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x3c}}, 0x0)

6.695692047s ago: executing program 7 (id=1684):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_open_procfs(0x0, &(0x7f0000000640)='fd\x00')
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x10)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0xffff0018)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000180))
r1 = syz_ublk_setup_io_uring(0x21f, &(0x7f0000000340)={0x0, 0xfcb, 0x800, 0x3, 0x350}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_io_uring_submit(r2, r3, r4, &(0x7f0000000980)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x9, 0x0, 0x0, 0x0, {0x11e6}})
syz_ublk_add_dev(r1, r2, r3, r4, &(0x7f00000003c0)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x1, 0xf, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000300)=@any_dev={0x4, 0xd73, 0x0, 0x0, 0x1000, 0xf, 0x0, 0x0, 0x10}}}, 0x0)

6.647481048s ago: executing program 1 (id=1685):
r0 = socket(0x2a, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast2}]}}]}, 0x44}}, 0x4000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

6.396061026s ago: executing program 8 (id=1686):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c40)=ANY=[@ANYBLOB="bf16000000000000b7070000ff030000487000000000000050000000000000009500000000000000e83d24a394a293b3bd23212fb56fa54f0b71d0e6adfefc41d86b60717142fa9ea4318123741c0a0f168c1886bf0fccf8d56ccb659427cf8593dbe3a2a3ad358061011fbc5ba1f07318988e6e01a41cc0990d0dc840a23f72eca0b2d89fc474c2a10000000077beee1cebf45fab73962fa8f6296b32a8343881dcc7b1b85f3c3da4cd36414e90a61965c3de4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d0054ce21fa41181a9580cfca031e5388ee5c9a7ddd04201f5200001fcadf95e5a4725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f588cb211624f40401691721715f46e0500000000000000a663739a190a4e825c908c0abc85d457ec5a57cb706eef32a3ed12d63c9c4c508530e173650a8a8f2a9c81bcffe437bccbe158024d8d4939e6fd9adc43f0f4b049218db92bf466e934330ed79bc9f626d68b0000600057d14854eef851bc8c30f5d0df6b94ea0b852d495085ff4eabaac9606f0497958c2c357a7124a69f6770ea6702bc53896a15fad5e55c64efd217450a975221b20d78e445e3da74a3c1e59bae44546bde4ac6de55a480f3ad5dc0f2d1818b696492285f60d914283f8d687b0bdb46261277671bba2c550bfef679bddf38ab35eaaf0268c4efa45b56a188a9195044a222ec06bb49784d5608d87c4832e4305bf8889e5db2a70f6a83d4b3cdc12546d2e9f6720dec489b6276856de6d895704ba3e8ee12c8121ffc4f5d2ae03f0227dcc4f38699d3db16f69ed45e918b07ce58bf576e253364fe0000000084f897400d4f5503a6e9ea4a480e3221f3c247ee8c55e487eaa25a7689689c9c305da4b0181f0f653fec399fcc0cc800e82bde039cc29c19b538c76e65642875bddbef61e5985751d9ebd37d2f32375357b5d2b4dc24baa6a7010038380f7029a292f1ad05000000e4e801a819aef69d081e2cacaa8ad1b4ca6df5dc37962ebc5337379e00645b6d2bec249c0612510000000000a7060d8d9b9ad109b62d1dab0eec6beabc76d765b9caf70900000399772ddfe89be4338e70d0ecfed537780a31fcaf4acaf9bd3711a4359d68ec71b0693ede07e7d18e797697901fbae4a9d9966b68eadae75ef1b8931b0818a57e5136fb8c61d73b17d8fd55c2b8d321a6cba8743114fcff01e5c10200c512000800009a021d377e477ea807cc00919ee8bfbd090034f67609cfde8877b5bb072572b421d6b1fdae83e5e250190628d02d01f978323fe36685e652ceb218a9cc9e125a4880faccaf5ac2345f20b1ee403885790500d0bc75c7e95d23904dc446e0201aafea0d3f4cc0cf285ccd000000000100005aee4199a34686905441c1fa62ed20328a10690432f59a4d3e05bd00997ea2b6f5213cb883d05b620f31869f6cce80f1ae09009ed7e3c5f3aa61bfd240cb9726bc512ba0eb1f68579c76144feb0100809f12bcf79c4d57f66703c2aee08e52de3eff160623e1af555dc7481128ed0bab22dcb6e5b6ac5e4010eaf2510fa440aabfdc80c77108c769ed2d666c555c6c38b30899a688d96a6c6dc0dd4309f6548765d3f53261b4890aa004e7f667a230b22bc6e248bf56b219d9a547b6e1c5077c9ba463329323b53910e7358b4d0c6882c590cf25e4d044a6afb10a070f285e3c94ed405aa8dc41718dd3f4bf474868538aad9a23f85a707e325c10a9f22e37c4213d0ca2910726de8e62d2e3ae7f64e40c7af3dc00bab70cf607869c5a11a03bce8aa43fa010348bc2fb420ba5e344fcdcb302548e571157d323f5fd535800284d32ffff000088ccd685f07309101a3196b705479897f4c9d97c4c7b77db7b15bfb4305d5e954a34385418e665af882a7d505323070929b228bc94b70300000066dab8c4e63debff174621a0ac7dd85b14cb7616ca23f044bd0ccd1c79292c3aa8f6e4a1c27315ef8d55781edbe368f72aeb2f48256131aaab707451c14747dfa3bb5f8725a98f6d3c797573f18810bf378e38107ece5cb7cf3b98975e9254248af60de2f04e2429d9b6eba525fd1b1b665f77710fa494e2b619c975acd535fc78696fc980573c35e9916f0000000000002c8ee5ec55faffffffffffffffcd59cc0600000053d0a1f4ea4477022c9f376b3191efeb46be3c174fb24009379bbc949fd2923715540556450f12d1645177ce3eca0d65d17deff51a024f0180000000006100499e829bda469048c70e5968375feb39e6918e591a384851ba3079ad9c376bdaf0650e212eb4185cbbb6c0dc0e699afc34ca3b9a307cd2519cd9b192d678492ea2228ff0817d68f97b18402d271036067c141b911c4e0207e2c9d37ac203f440e1a065a2d227c6ec860c0104000000000000fe7144ec680c0dac7b5906a6197c8173080c9ab3ecb72820f04a42e4a43ee3f325f93edb3a204b9c9dc8953375e37c83876f248d91f166676b54781c6855c5e067ab2c2c6d22b20a703d68d77312333deff80883cb5a25c738f4e7cbb075e10f5c36396156abb221adebb9303342bfa2b745a5e045d5db847e4810270ed1c5bbb1548ec3184ff9b8ed1687333d0e0412d452ba6b390199bd684ff458d6c8114833efde87215e5f9569d92d24579f3ef473bce24e61eb21336ad441eea93cbcb69d2156b9b6e3000000000000000000fc411d2eadcadc7c0a2c12410e4b9d634807f2a6f1c3a13508e274ecef5cfccb707a1640973973fd2d1d60138d9b7a778827fd07fbd093a0ba779dcd32556613e1fac161825da91acde7fa964c689b1f0ea96047a98260270c3a3ccb2142b074db79aa88614663ff33f9966502a2361e49aabe58eb086c5827dd9d92fa4ff0c0e8b949d585f2cbc111de478905cb37f3cbfb019c6daace508b926718506a577234468f9279a52360d1a80b88b4eb1cda949ca77b6ec43bdf5f5a400989705746b86b400947891b33d591ec5ea9ae45983273f62027998d72f83625021a72e27e0449fa154ade55071546d4000000000000000000000000000000002f907c5db9c967a1f86c57bb5062fed7c37ec16a7e62b6e370c3c5a32adee9032367814394a7a7fd12c44b81fb5ac2ad92220a72aa3355e894cbefe344a6b5eb4c25128d5427a640faae401eccf3aca4294410461e946010c50f9ee556b38eae0b252ef288397672bbbd17e5306589f93dc130b6be5b19dfb2462348355ef24762509cf29becacf8515abe299b8a7dfd585f5dbf7578bfdbfa37deeb872c3291b59349238add315cd18e6f4196b404e48955657d680511c7ba7f5e0f9d97d649583190c78015aaf4db05aa2a6cc9d00084ce958406e09fe508a0ee5feb2d34f48d87000000000000001108780004ec696f618c20771a7ae436d733f603f20c9189567b63d47fae002e616969d888a418d139a25b11c0da7aecb8c14f1a879f7b985ab634b0f5cdb2090ad2c336e9a28289247ef4f3cfcafa393927d27711ed0543a5e8ec6c1c62082549791f75fccd54582f990234496954e6e54bcbb90f2756912ab7e511a55a9e0512e5c1c10bcd76ee4799af611179a39bd0c0323cae1aaaaaa8dafb55bca104ada3252c5d9de5b9cdb6217c35ca3d28b1d8b9d2fa79376c13167a9ef1b1f4b7509debbeacc153ca8bea4a0a65ee1d1d20a9106499f0bf7f416b051e835d790ac978b90143d9125224f74b6167f7a967c7e33eb5f43570b9f3c91371968a30e528968b233d0396db424e5fd73d380318e9676d074dd5ce552a222e250f9f6d0bdd9e46e7f22d9abfd4573b57e3b52d407b464b0146ea15560a2ce034b1623fecc84842928223d17ce4ab31ef4c2a9f9caebf65341fa3da1bbae7972097e24603b9db8edc25a152bd39af179eab23ed555040c2bbb89ea22c08b97264b3616a41abfad0ab12a79574c60cf1841ea45f10e9438e55e1e0eb645200993b08833bb14517b0d0e5ba72bdacd92d57b6029129c95ab0a93857c7205e8450b27aee5e684ece77f53112873f40247a998cc896ab4d55573c7a7ef2936a29425cab46cd4fdd1452ea8429c63c74d5673f5e4d47d1b001d0d3a9e1d5c840ab37a69cb30d17ff7591f01549e552dc43b672e0feff94408171d682565dc2d84476297c6901040000cb9f7f2eb690d7a032c09f0a3d48663fe5ece30f592d71755dd6cbfac96016a2ecd4e499ce9adce6e59db0494fa25117a2bc13275c9a94a3532c1b8417e9ed5e6cd5f51f8ccc878ba73305ad19b0cf05625439cdf688d33c8fd6cf52c5c5685444b65eb918884727d3a780bdac17d447745e4accd85d3aca4d63127bb3a58095cffa08a6cecae329dd5f47552c40b560b05e962363e99300d61931ddd97444c2bae02edb26383cb96ee7d2742d24dc7e9b6dac831674ae09b7d180ebb30b9221480ad78706dadf7ca3540eb6c6c43dc7e31b2c8d188f28d6ab10d3c0c97b9f6b5feb9abeb6a801975c0bbab0b1fed7485f2fca1730906a6dc1914386118646dab2618582c4ce0a8ce7a1a3ca7d56f6ca8c7d43cad0116c70751a0db051d9adc4ab34dafbca31fecd9191d38fa011a4c1fc19df0b9aac3a0de17dc01b413c4d4eccf9eb1cd90569508fc6479111544807f11dad193a170ac290f28d3e7f702c5bced7ed90c3251897446fdbb1195136d9092168e2deedb3e0afdf0f543363fbf8759df07270981c0bd7260998963e45a2c84e8b82ddfa98dab68a23cfb2ffa4fcc4ebcd38f273e9bdb240f77eb51e259bb88dc383b19107af39ffcc708a1278b3e53c2130a9c7150593794f8f22ae9b2ff0d46c8d175bf9ff227870f1dcecd5b564d20230ac32a10982cf1bbe5ca15ed6d85b2c447f3fb0872ea6170352fd4c76c75941d1c3684a466c81a5892e9f56c0b512be586381c2390aaf93347d318aa5de4322b11088435730c69bc1cfd96d869803a3113b2a33dbf7973434ba9e4ec15c0423bb384975498ff56bf8b51237dadf6264532fdca7c44e485e4c9b695cd000"/3569], &(0x7f0000000140)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4)
r2 = socket$inet6(0xa, 0x2, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x800000, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r3, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000003c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3d0, 0x190, 0x190, 0x0, 0x230, 0x2c8, 0x3c0, 0x3c0, 0x3c0, 0x3c0, 0x3c0, 0x6, 0x0, {[{{@ip={@private=0xa010100, @dev={0xac, 0x14, 0x14, 0x20}, 0xff, 0xffffff00, 'veth0_vlan\x00', 'lo\x00', {0xff}, {0xff}, 0x2e, 0x3, 0x6}, 0x0, 0x70, 0x98}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x7, 0x7f}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@empty, [0xffffffff, 0xffffffff, 0xffffff00, 0xff000000], 0x4e20, 0x4e23, 0x4e24, 0x4e21, 0x141e, 0x1, 0x8, 0x8000, 0xb}}}, {{@uncond, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x5, 0x5, @dev={0xac, 0x14, 0x14, 0x15}, 0x4e24}}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0xb}, @local, 0x0, 0xffffff00, '\x00', 'bond0\x00', {0x7f}, {0xff}, 0x70, 0x1}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x9, 0x1, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
sendto$inet6(r2, 0x0, 0x0, 0x4098884, &(0x7f0000000380)={0xa, 0x4e20, 0xc, @mcast2}, 0x1c)
sendto$inet6(r2, &(0x7f0000000040), 0x3000, 0x0, 0x0, 0x0)

6.395735996s ago: executing program 9 (id=1687):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x0, 0x0, 0x20303159}})

6.327420238s ago: executing program 7 (id=1688):
socket(0x1d, 0x2, 0x6)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x408, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x800, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))
syz_open_procfs(0x0, &(0x7f0000002600)='net/dev_mcast\x00')
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0xf}, 0x0, 0x0)

6.27214167s ago: executing program 1 (id=1689):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
alarm(0x5)
alarm(0x38)

6.254999521s ago: executing program 0 (id=1690):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000002240)={'sit0\x00', &(0x7f00000001c0)={@multicast2, 0x0, 0x0, 0x10, 0x0, [{@multicast2}]}})
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2200890, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000900)={0x18, r3, 0x9c2f0f67201acf05, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x20000080)
read$FUSE(r1, &(0x7f0000002780)={0x2020}, 0x5ecfb203)
r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r4, &(0x7f0000006a00)={0x2020}, 0x2020)
sendfile(r1, r1, 0x0, 0x9b)

4.506710966s ago: executing program 1 (id=1691):
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0x1c2a)

3.900106756s ago: executing program 8 (id=1692):
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)
mkdirat(r0, &(0x7f00000001c0)='./file7\x00', 0x1ac)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r1, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

3.700095612s ago: executing program 7 (id=1693):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000140)=0x7fffffff, 0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20040880)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000004, 0x50, 0xffffffffffffffff, 0xa399a000)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000100)=0xb329, 0x4)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r1, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9025a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
shutdown(r1, 0x1)

3.574425026s ago: executing program 0 (id=1694):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x101}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)

3.488187609s ago: executing program 8 (id=1695):
syz_mount_image$hfsplus(&(0x7f0000000a40), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2010410, &(0x7f0000000000)=ANY=[], 0x1, 0x694, &(0x7f0000000a80)="$eJzs3UtsHGcdAPD/rNdrbwip2zptQJVqNRIgLBI7lgvmQkCALNFDVQ6crcRprGzSYm+RWyG6vK899IpUDj4gcULiHqlcuMCth158rITEpRcMl0UzO7PvTXbz2nX7+0Wz3zfzzXyP/7z2EWsC+NzaXo3y3Uhie/WVw3T++Gijdny0cbvIR8RCRDQiyhFRiojkP81m88OIqxFJu5qkL42Y723n/b2t1z769PiT1lw5n7L1Sz3bPZBGPsVKRMzl6aOq79pD15e0R3g1Ii7mKUxdepo2e/z072dbJZWeFavDtl58Mp0EHqukdd8csBRxJj/R0/cBrbti6559qjWm3QEAAAB4Ap46iZM4TM5Nux8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwWjQ6z/9P8qlU5FciKZ7/X8mXRZ6fLS/ef5VSV/7u4+wLAAAAAAAAADyIhck3efEkTuIwzhXzzST7efylbGY5e/1CvBUHsRv7cSkOYyfqUY/9WI+Ipa6KKoc79fr++hhbXhm65ZUxx1YdKBlcAgAAAAAAAACfP7+K7c7v/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAuSiLlWkk3LUW4tXopSmluMiEq6oBHxzyJ/mt2ddgcAAADg4VWHLVzoyj91EidxGOeK+WYSyxHxXPb5fzHeijtRj72oRy1243r2nUDrU3/p+Gijdny0cTudBtv47r8n6mdWY7S+exje8oVsjWrciL1syaW4Fm9ELa5HKdsydSHvT1FrX79+mfYp+U5uzJ5dz9N05O/l6YB3JxrsKPf+MuXWYp6Zy9OlLCLz7Yis5X1Lo/F0sWfae6ini8XemR+vY/0trUep3dnlvpb6BtGJ+eJ4baXO5Gk6nt+NivlU9EQiG1Hn6HtuIOZ9vvrXP//kZu3OrZs3DlZnZ0jjKQ66ZvZaHTwmNroi8fxnORID1rJInG/Pb8cP48exGivxauzHXvwsdqIeu7ES389yO/nxnHSd8iMidbVn7tURHWhfvCv5EdraWZP16aVs23Ox174ovJz9uxLr8c3YjM3Y6trD5++9h7OzvjTiStv84tBRXPxanknvWb8fde+aijSuTxdxTaLnmruUlXUv6UTpmTGiNOH9qPzl/BxM2/h1ns6G/kisd0Xi2XtH4o/ZkA5qd27t39x5c7zmnnkvz6Tn0W9n6i5Ryc+h1m8nvUdHeiw9O7RsPStbbpeVBsrOt8taZ2oj3ojrsTvkTK3k7+EGa7qSlT0/tGwjK7vQVTbs/RYAMy29HZ75+plK9V/Vf1Q/qP6merP6yuL3Fr618EIl5v82/+3y2txXSi8kf4kP4hedt5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCDO3j7nVs7tdrufk+mUWs2m+8OLXrYzMcf/yl7wNOjr3mcTPE4syfY6JfORtx35bNTicZDZ5Jk3JX/22w28yXJo+tGKR7PuJq5WYnzNDLTvS4Bj9/l+u03Lx+8/c439m7vvL77+u6drc3NrbWtzZc3Lt/Yq+2utV77t5rgma7AzOrc9PtL/jCdDgEAAAAAAAAAAAD3NfR///8vHtlfESTTHiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw6m2vRvluJLG+dmktnT8+2qilU5HvrFmOiFJEJD+PSD6MuBqtKZa6qktGtfP+3tZrH316/EmnrnKxfmnIdj+YbBSNfIqViJjL08KPxqqiPLK+a/2lE0vaI0wDdrEIHEzb/wMAAP//oBkKiA==")
socket$nl_generic(0x10, 0x3, 0x10)
unlink(&(0x7f0000000080)='./file1\x00')
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f0000000080)='.\x00', 0x10000, 0x5b)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xc4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, 0x0, 0x8840)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)

3.487892489s ago: executing program 9 (id=1696):
r0 = socket(0x10, 0x803, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20044890)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r2 = socket$kcm(0xa, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x9}}, 0x44)
accept(0xffffffffffffffff, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d4c}}, 0x44)
sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

3.283164675s ago: executing program 7 (id=1697):
socket$nl_generic(0x10, 0x3, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/mdstat\x00', 0x0, 0x0)
socket(0x1d, 0x2, 0x6)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x408, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
syz_open_dev$radio(&(0x7f00000001c0), 0x0, 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x4001000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0xf}, 0x0, 0x0)

2.588469127s ago: executing program 1 (id=1698):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000002c0)={0x3948, 0x6, 0x8, 0x8, 0x8, 0x1})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, 0x0}}], 0x1, 0x48000)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0x1}, "02"}}, 0x4)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000480)={{0x1, 0x2, 0x0, 0x8, 0x0, 0x10001}, 0x311, [0x3, 0x8, 0x1, 0x1000, 0x9, 0xffffffff, 0x1, 0x44000000, 0x5, 0x7, 0x400, 0x5, 0x80000000, 0xc, 0x8, 0x6, 0xff, 0x400, 0x7ff, 0x3, 0x1, 0x7fffffff, 0x9, 0x7, 0x8001, 0x7, 0x7f21fe40, 0xfe, 0x8000, 0x8, 0x9, 0x61f, 0x9, 0x7, 0x65e4, 0x3, 0xffffffff, 0x0, 0x4, 0x40, 0xff, 0x4, 0x8000, 0x9, 0xfffff1a7, 0x80000001, 0x0, 0x4, 0x4, 0xd5, 0x2, 0x4, 0x9d35, 0x7f550721, 0x4, 0x81, 0xfffffffe, 0x2, 0x8, 0xfffffffa, 0x1, 0x0, 0x7ff, 0x7ff, 0x6, 0x1, 0x2, 0x10, 0x200, 0x9, 0xfffffdfa, 0x6, 0x3, 0x6, 0x4, 0x80000000, 0x7, 0x7fff, 0x7ff, 0x3, 0x5, 0x800, 0xf6, 0x7, 0x1, 0x3, 0x64, 0x4, 0x1, 0x6, 0x5, 0xff, 0x100, 0x7f, 0x8, 0x0, 0xcc, 0x8000, 0x9, 0xffffffff, 0x3, 0x2, 0x0, 0x2, 0x0, 0x39d5, 0x7fff, 0x20000000, 0x81, 0x3, 0x5, 0x9, 0x7, 0x8001, 0x6f, 0x4, 0x800, 0x401, 0x0, 0x6, 0xd, 0x3, 0x1, 0x4, 0xfffffff9, 0x1, 0x6, 0x4, 0x5, 0x0, 0x9, 0x7, 0x7, 0x9, 0x4, 0x4, 0xfb5, 0x0, 0xffffffff, 0xfffffffc, 0x9, 0x4, 0x3, 0x4db, 0x2, 0x200, 0x0, 0x8, 0x4, 0x6, 0x1a6, 0xbd, 0x9, 0x10, 0x7fffffff, 0x6, 0x9a, 0x6a9d, 0xfffffffd, 0x8, 0x2, 0xffff, 0x9, 0x7, 0x6, 0xfffffff9, 0xb, 0x543367e9, 0xfffffff8, 0x200, 0xcee7, 0x3ff, 0x7, 0x0, 0x8, 0x156, 0xffffff80, 0x80000000, 0x4, 0x174, 0x4, 0x8, 0xd34, 0xffffff80, 0xfff, 0x53, 0xa6, 0x3, 0x80000001, 0x6, 0x0, 0x400, 0xfffffffe, 0x10001, 0x2d, 0x5, 0xffff, 0x3ff, 0x5, 0x2, 0xffff8001, 0x4, 0x99, 0x5, 0x2, 0xc, 0x80, 0x7ff, 0x7, 0x1, 0xfffffffc, 0x3, 0x3, 0x2, 0x7, 0x9, 0x4, 0x7, 0x10, 0xb87e, 0x2, 0x1, 0x9, 0x995, 0x6, 0x6, 0x1ff, 0x5, 0xfc3d, 0xfffffff9, 0x5, 0x4, 0x4, 0xd00, 0x800, 0x8, 0x4, 0x9, 0x6, 0x3, 0xf8f, 0x4, 0x6, 0x4, 0x4, 0x4, 0x81, 0x9abb, 0x2, 0x1ff, 0xd01, 0x7, 0xffffffff, 0x7, 0x1, 0x7, 0x8, 0x1b591f9c, 0xff, 0x6ce16fcb, 0x0, 0x7, 0x5, 0x5, 0x7, 0xb, 0x7fff, 0x8, 0xf, 0x4, 0x6, 0x5, 0xfffffffd, 0x5, 0xfff, 0x6, 0x4, 0x8, 0xf, 0x7, 0x8, 0x34f7b024, 0xfffffffa, 0x3, 0xfffffffc, 0x7, 0x6, 0x1, 0x5, 0x27c3, 0x7, 0x7fffffff, 0x3, 0x6, 0xfffffff8, 0x4, 0x3, 0x1, 0x8, 0x4, 0x9, 0x2, 0x9, 0x5, 0x1, 0x3, 0x0, 0x7fffffff, 0x5, 0x2, 0x401, 0x10000, 0x2, 0x40, 0xa2e3, 0xee3, 0x7, 0x2, 0x800, 0x58, 0x8, 0x4, 0x101, 0x2, 0x40, 0x80, 0x4, 0x9, 0x356d, 0xf4, 0x40, 0x39d, 0x10, 0x2, 0xaa, 0x5, 0x7, 0x5, 0x5, 0x7, 0x7fffffff, 0x9, 0x1, 0x6, 0x4, 0x8, 0x3, 0x2, 0x5507b1d9, 0x1, 0x7, 0xccf, 0x0, 0x9, 0xb6, 0xff, 0x5, 0xd9, 0x6b57, 0x2, 0x691, 0x8b91, 0x7, 0x36, 0x1, 0x0, 0x723, 0x4, 0x8, 0x38a00, 0x8, 0x7, 0x8, 0x2, 0x3ff, 0xff, 0x9, 0x7, 0x13cffa0e, 0x1, 0x0, 0x9, 0x8, 0xcbb9, 0x9, 0x2, 0x1, 0x2, 0x5e, 0x3, 0xad, 0xfffffffc, 0x1, 0x1, 0x10, 0xffff, 0x8, 0x4, 0x9, 0x5, 0xffffffff, 0x101, 0x9, 0x0, 0xe9e, 0x40, 0x3, 0x8, 0xfffff3ca, 0x918, 0x3f16ac1f, 0xfff, 0x5, 0xe74, 0x7, 0x0, 0xe, 0xb, 0x2, 0x0, 0x8, 0x9d30, 0x7, 0x7fff, 0x6, 0x1, 0x1, 0x3, 0x2, 0x8, 0x2, 0x7, 0x4, 0xffffffff, 0x5, 0x100000, 0x2, 0x6, 0x11, 0x6, 0x5, 0x8, 0x7, 0x8001, 0xfff, 0x7f, 0x0, 0x2, 0x9, 0x7, 0xd05c, 0x0, 0x9, 0x4, 0x7, 0x80000001, 0xa, 0x4, 0x5, 0xe78, 0x3, 0x1, 0x51, 0x7, 0x7ff, 0x7fff, 0x4, 0x4, 0x80, 0xe6d8, 0xa4, 0x2ee, 0xa, 0x0, 0x7, 0x1e4, 0x2, 0x2, 0x8, 0x98b, 0x10001, 0x3, 0x1, 0x8000, 0x7, 0x2, 0x5e, 0x5536, 0xe, 0x37, 0x1, 0xfffffff7, 0xad8, 0x2, 0x9, 0x1, 0x200, 0x1, 0x7, 0x10001, 0xffffff2c, 0xcf9, 0x6, 0x3, 0x2094, 0x10001, 0x4, 0x800, 0x4, 0x6, 0xfffffffb, 0x0, 0xfff, 0xd, 0x7, 0x400, 0x80000000, 0x2, 0x7, 0x0, 0x80000000, 0x20000000, 0x4, 0xfffffffc, 0x4904, 0x1b, 0xc7, 0xe, 0x800, 0x5, 0x8, 0x2, 0x2, 0x4d, 0x5, 0x3, 0x2, 0x3, 0x1, 0x3, 0x7fffffff, 0x8, 0x2, 0x1, 0x2, 0x8001, 0xffff, 0x1d, 0xc, 0x22d4, 0xfffffffd, 0x8, 0x3d, 0xf7, 0x1, 0x8, 0x4, 0x6, 0x6, 0x412, 0x1, 0x5, 0xfffffff9, 0x81, 0x10001, 0x4, 0x5, 0x7, 0x9, 0x2, 0xf515, 0x2, 0x363b5aae, 0x6f, 0x6, 0x0, 0x8, 0x800, 0xffe, 0x1, 0x2, 0x2, 0x5, 0x9, 0x10d, 0x0, 0x5, 0x4, 0x5, 0x1, 0x0, 0x7, 0x3ff, 0x10, 0xa, 0x5, 0x4, 0x7, 0x6, 0x8, 0xf, 0x2, 0x4, 0x2, 0x9, 0xbf1, 0x5, 0x8, 0xe, 0x81, 0x2, 0x0, 0x3, 0x9, 0x1ff, 0x3, 0x864, 0x4, 0x7f, 0x561f, 0xe, 0x2, 0xffffffa8, 0xfffffff8, 0x7, 0x1000, 0xc01c, 0x3, 0xb0000000, 0x6, 0x7, 0x5, 0x20000, 0x81, 0x2, 0x2, 0x6, 0x200, 0x2, 0xb, 0x0, 0x8, 0x8, 0x2, 0x2, 0xfffff2ff, 0x8, 0x33a6, 0x4, 0xfffffffc, 0x7, 0x7, 0x9, 0x800, 0x200, 0x7, 0x2, 0xff, 0x6, 0x1, 0x9, 0xa, 0x4, 0x3, 0x6, 0x9, 0x81, 0x8001, 0x4, 0x8000, 0x8, 0x7, 0x0, 0x7, 0xfffff594, 0x8, 0xb54, 0x9, 0x4, 0xffff, 0x7, 0x2, 0x9, 0x5, 0x4, 0x6, 0x8, 0x0, 0x5, 0x8, 0x8, 0x4, 0x9, 0x9, 0x2, 0x10, 0x7, 0x2118, 0x1, 0x7ff, 0x100, 0x100, 0x400, 0x3, 0x2, 0x7, 0x9, 0x96ea, 0x3, 0xa7, 0xffff8001, 0x8, 0x4, 0x9, 0xfffffffd, 0x2, 0x9, 0x9, 0x10, 0x9, 0x6, 0x0, 0x2, 0x0, 0xb, 0x3, 0x6, 0xd4c9, 0x8000, 0x6ad6, 0x7, 0x8bf, 0x6, 0xfff, 0x3, 0x5, 0x6, 0xc, 0xf4ea, 0x4bb5930c, 0x5, 0x24b, 0x3, 0x81, 0x0, 0x9, 0x2, 0x7, 0x401, 0x95, 0x8, 0x7, 0x1, 0xa, 0xb, 0xc000, 0x9, 0x5c4, 0x0, 0x8, 0xfffffff9, 0x14a0, 0x9, 0x4, 0xcb5, 0x3, 0x7, 0x6, 0x7, 0x1ff, 0x9, 0x1, 0x40, 0x53, 0x8001, 0x9, 0x7, 0x2, 0xffff, 0x0, 0x9, 0x180000, 0x2, 0x5, 0x0, 0x58, 0x8, 0x7, 0x1, 0x1, 0x3, 0x775, 0x4, 0x8, 0xfff, 0x6, 0x1, 0x9, 0x82, 0x1, 0xfff, 0x9, 0x3, 0x792e, 0x2, 0x9, 0x9, 0x7, 0xe, 0x8, 0xe69, 0x7fff, 0x8, 0x115, 0xfffffffd, 0x3, 0x101, 0xffffff94, 0x4, 0x8000, 0x8000, 0x7fffffff, 0x10, 0xe, 0x5a3, 0x7, 0x100, 0x2, 0x1, 0x2, 0x398, 0x8000, 0x89, 0x7, 0x1, 0x5, 0x6, 0x7f, 0x37, 0x6, 0x10001, 0x7, 0x2, 0x2, 0x7ff, 0x10001, 0x9, 0xfffffffb, 0x7ae2, 0xfffffffe, 0x800, 0x3bf, 0xffff4e1c, 0x800, 0x4, 0x7, 0x8, 0x0, 0xffffffff, 0x5, 0x9, 0x800, 0x6, 0x3f, 0x3, 0x16e, 0x9, 0x0, 0x9, 0x5, 0x7, 0x8, 0x3, 0xac1a, 0x3, 0xfffffff9, 0x6, 0x9, 0xa, 0x7f, 0x4, 0x2, 0x0, 0x9, 0x3, 0x2d2d2c77, 0x5, 0x8, 0x8, 0x4, 0x200, 0x2, 0x7, 0x7fff, 0x4, 0x1, 0x0, 0x80000000, 0x7ff, 0xe2e, 0xc, 0x1, 0x9, 0x3, 0x2, 0x6, 0xb4, 0x1, 0x6, 0x4, 0x80, 0x4, 0x7, 0x80, 0x1, 0x5, 0x246, 0x1fffe0, 0x9, 0x876, 0x7f5bc838, 0x183c099c, 0x3cd, 0x7ff, 0x6, 0x4, 0x0, 0x0, 0x4, 0x85d, 0x3, 0x5c, 0x9, 0x10001, 0x4, 0x7f, 0x6, 0x8, 0x81, 0x8, 0xd, 0x6e1c, 0x0, 0xfffffffe, 0xfffff5bd, 0x6, 0x6, 0x6, 0xb, 0x1, 0xfffffffe, 0x9, 0xffffffff, 0x2, 0x7, 0x3, 0x0, 0x40, 0x6, 0x6, 0x5, 0x1, 0xa, 0x8, 0x7, 0x6, 0x6, 0xd, 0x6e, 0x6, 0x9, 0x6, 0x2, 0xc033, 0xffffffff, 0x9, 0x5e, 0x5, 0x3, 0x8, 0xeced, 0x7, 0x0, 0x5, 0x7, 0x883, 0x8001, 0x5, 0x8001, 0x100, 0x4, 0x5, 0xf81, 0x0, 0x3ff, 0x1, 0x8000, 0x6, 0xff, 0x86e, 0x3, 0x5, 0x200, 0x1, 0x3, 0x9, 0x8, 0x10, 0x7, 0xffffffff, 0x6, 0x9, 0x4, 0x7fff, 0x0, 0x8001, 0x8, 0xe403, 0x0, 0x7b5, 0x0, 0x1ff, 0x6, 0x24000]})
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x22}, 0x94)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x801a01, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

2.450597052s ago: executing program 0 (id=1699):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
close(0x3)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={<r4=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)

2.449578012s ago: executing program 9 (id=1700):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000180)='auxv\x00')
read$FUSE(r2, 0x0, 0x0)

1.537587741s ago: executing program 0 (id=1701):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x687, 0x6, 0xfffa}, 0x1d, [0x108e8fd7, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x20002, 0x20003, 0x84, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x5b2, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x10007, 0x4, 0x3c5b, 0x1, 0xb, 0x40000009, 0xfffffffd, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0x11, 0x0, 0xffffffff, 0x2, 0x406, 0x3, 0x2, 0x5, 0x3e, 0x8b, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000009, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1001, 0xfffffffc, 0x43, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x0, 0x0, 0xfffffffe, 0x8, 0x4, 0x8002, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x4, 0x9, 0x5, 0x9, 0x6, 0xb, 0xa, 0x1, 0x6, 0x9, 0x2, 0x7f, 0x7, 0x1, 0x3, 0x9, 0x425, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0x2, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x2, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x8c, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0xffffffff, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x1, 0x1ff, 0x3, 0x7, 0xfd, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2002, 0xf, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000004, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7b, 0x20100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x2, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x800, 0x8, 0x5, 0xb1c, 0x1, 0x1fd, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1.488158073s ago: executing program 7 (id=1702):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, 0x0, &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000000140)=""/162, 0x0, 0xf000})
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0xbb, 0xc8}}}, 0x6)
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000040)={0x1, r2})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.466885323s ago: executing program 8 (id=1703):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000380)=""/85, 0x0, 0xb000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000100)={0x0, r1})

1.416602265s ago: executing program 1 (id=1704):
socket(0x1d, 0x2, 0x6)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x408, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x800, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))
syz_open_procfs(0x0, &(0x7f0000002600)='net/dev_mcast\x00')
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0xf}, 0x0, 0x0)

1.24419285s ago: executing program 7 (id=1705):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000400)={0x1, 0x1, 0x0, &(0x7f0000001500)=""/87, 0x0, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x801, 0x80000)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$XFS_IOC_ERROR_INJECTION(r1, 0x40085874, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4060})
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

743.223126ms ago: executing program 0 (id=1706):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x4000087, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f0, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x2000, 0x8, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x68, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}})

158.449195ms ago: executing program 8 (id=1707):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000027c0)='/proc/asound/timers\x00', 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xfffffffffffffffe, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

82.508688ms ago: executing program 1 (id=1708):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
getpgrp(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4ea7, 0x0, @local, 0x1}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952b, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

0s ago: executing program 9 (id=1709):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
sendfile(r0, r0, &(0x7f0000000040)=0x9, 0x3)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r3, 0xae9a)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x5, @any, 0x5, 0x1}, 0xe)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x100, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x3, 0x20000, 0xcb5e, 0x0, 0x5, 0x1], 0x0, 0x41981})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

.641696][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  252.649641][ T6992] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  252.687695][ T6992] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm
[  252.689242][   T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.725500][ T6992] BTRFS info (device loop7): setting nodatacow, compression disabled
[  252.768114][ T6992] BTRFS info (device loop7): turning on flush-on-commit
[  252.788356][ T6992] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_LZO (0x8)
[  252.804681][   T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.826265][ T6992] BTRFS info (device loop7): use lzo compression, level 0
[  252.855324][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  252.881802][ T6992] BTRFS info (device loop7): setting nodatasum
[  252.889974][   T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.916954][ T6992] BTRFS info (device loop7): use no compression
[  252.918550][ T7015] loop5: detected capacity change from 0 to 512
[  252.934679][   T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.952554][ T6992] BTRFS info (device loop7): trying to use backup root at mount time
[  252.997287][ T7015] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  253.006919][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  253.014516][ T6992] BTRFS info (device loop7): max_inline at 0
[  253.031090][ T6992] BTRFS info (device loop7): using free space tree
[  253.038924][   T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  253.075387][   T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  253.118857][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  253.176193][   T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  253.231656][   T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  253.253788][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  253.271684][   T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  253.297038][   T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  253.308823][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  253.333867][   T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  253.353534][   T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  253.375030][   T14] usb 1-1: config 0 interface 0 has no altsetting 0
[  253.382805][    T9] BTRFS warning (device loop7): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0
[  253.401467][   T14] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  253.410930][   T14] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  253.419526][   T14] usb 1-1: Product: syz
[  253.424022][   T14] usb 1-1: Manufacturer: syz
[  253.428674][   T14] usb 1-1: SerialNumber: syz
[  253.454189][   T14] usb 1-1: config 0 descriptor??
[  253.461627][ T4318] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  253.483080][   T14] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  253.502057][ T6992] BTRFS warning (device loop7): couldn't read tree root
[  253.509130][ T6992] BTRFS warning (device loop7): try to load backup roots slot 1
[  253.562364][ T4941] BTRFS warning (device loop7): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0
[  253.576130][    T9] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  253.587885][ T6992] BTRFS warning (device loop7): couldn't read tree root
[  253.595459][ T6992] BTRFS warning (device loop7): try to load backup roots slot 2
[  253.632523][ T6992] BTRFS error (device loop7): parent transid verify failed on logical 5255168 mirror 1 wanted 5 found 7
[  253.658586][ T4318] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.672042][ T6992] BTRFS warning (device loop7): couldn't read tree root
[  253.679059][ T6992] BTRFS warning (device loop7): try to load backup roots slot 3
[  253.721224][ T4318] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  253.762362][ T4318] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.770691][ T4318] usb 4-1: Product: syz
[  253.787636][ T6992] BTRFS info (device loop7): enabling ssd optimizations
[  253.795990][ T4318] usb 4-1: Manufacturer: syz
[  253.812557][ T6992] BTRFS info (device loop7): rebuilding free space tree
[  253.821008][ T4318] usb 4-1: SerialNumber: syz
[  253.890667][ T4325] usb 1-1: USB disconnect, device number 14
[  253.949638][ T4325] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  254.018035][ T6992] BTRFS info (device loop7): checking UUID tree
[  254.129938][   T26] audit: type=1800 audit(1780366545.774:7): pid=6992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.722" name="file1" dev="loop7" ino=257 res=0 errno=0
[  254.666115][ T6543] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  254.851080][ T4318] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  254.871754][ T4318] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  254.880986][ T4318] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  255.253209][ T4318] cdc_ncm 4-1:1.0: setting tx_max = 88
[  255.311677][ T4318] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  255.342077][ T4318] usb 4-1: USB disconnect, device number 10
[  255.411458][ T4318] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[  255.844519][ T7065] 9pnet_virtio: no channels available for device syz
[  255.938134][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  255.944915][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  256.894290][ T7083] netlink: 27 bytes leftover after parsing attributes in process `syz.5.741'.
[  257.101773][ T4318] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  257.181695][ T4324] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  257.204535][ T7092] loop5: detected capacity change from 0 to 4096
[  257.227730][ T7092] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512)
[  257.261955][ T4357] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  257.303571][ T4318] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  257.322254][ T4318] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  257.348359][ T4318] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  257.383512][ T4324] usb 4-1: config 9 has an invalid interface number: 203 but max is 0
[  257.394085][ T4318] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  257.426692][ T4324] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  257.446210][ T4318] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  257.462052][ T4324] usb 4-1: config 9 has no interface number 0
[  257.468614][ T4357] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  257.484612][ T4324] usb 4-1: config 9 interface 203 altsetting 8 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  257.497409][ T4357] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.507556][ T4318] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  257.531717][ T4324] usb 4-1: config 9 interface 203 altsetting 8 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  257.536235][ T4357] usb 1-1: Product: syz
[  257.547878][ T4318] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  257.566311][ T4318] usb 8-1: Product: syz
[  257.582363][ T4324] usb 4-1: config 9 interface 203 altsetting 8 has 5 endpoint descriptors, different from the interface descriptor's value: 12
[  257.595859][ T4357] usb 1-1: Manufacturer: syz
[  257.595883][ T4357] usb 1-1: SerialNumber: syz
[  257.611208][ T4318] usb 8-1: Manufacturer: syz
[  257.638225][ T4357] usb 1-1: config 0 descriptor??
[  257.646040][ T4318] cdc_wdm 8-1:1.0: skipping garbage
[  257.652596][ T7092] ntfs3: loop5: ino=5, "/" directory corrupted
[  257.661809][ T4318] cdc_wdm 8-1:1.0: skipping garbage
[  257.674026][ T4357] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  257.686193][ T4318] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  257.693391][ T4324] usb 4-1: config 9 interface 203 has no altsetting 0
[  257.709891][ T4318] cdc_wdm 8-1:1.0: Unknown control protocol
[  257.718151][ T4324] usb 4-1: New USB device found, idVendor=166a, idProduct=0304, bcdDevice=63.85
[  257.758930][ T4324] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.807628][ T4324] usb 4-1: Product: syz
[  257.840598][ T4324] usb 4-1: Manufacturer: syz
[  257.866283][ T4324] usb 4-1: SerialNumber: syz
[  257.910643][ T4318] usb 8-1: USB disconnect, device number 2
[  257.920485][ T5391] ntfs3: loop5: ntfs_sync_fs r=1a failed, -22.
[  257.942916][ T5391] ntfs3: loop5: ntfs_evict_inode r=1a failed, -22.
[  257.951710][ T5391] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  258.147368][ T4324] cp210x 4-1:9.203: cp210x converter detected
[  258.174408][ T4324] cp210x 4-1:9.203: failed to get vendor val 0x370b size 1: -71
[  258.218819][ T4324] cp210x 4-1:9.203: querying part number failed
[  258.263377][ T4324] usb 4-1: cp210x converter now attached to ttyUSB0
[  258.340313][ T4324] usb 4-1: USB disconnect, device number 11
[  258.387580][ T4324] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  258.414640][ T4324] cp210x 4-1:9.203: device disconnected
[  258.661696][ T4318] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  258.853628][ T4318] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  258.876494][ T4318] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  258.907853][ T7109] device syzkaller1 entered promiscuous mode
[  258.912849][ T4318] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  258.956405][ T4318] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  258.997292][ T4318] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  259.033170][ T4318] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  259.062166][ T4318] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  259.081090][ T4318] usb 8-1: Product: syz
[  259.090778][ T4357] gspca_sunplus: reg_w_riv err -71
[  259.091718][ T4318] usb 8-1: Manufacturer: syz
[  259.102341][ T4357] sunplus: probe of 1-1:0.0 failed with error -71
[  259.164930][ T4357] usb 1-1: USB disconnect, device number 15
[  259.166310][ T4318] cdc_wdm 8-1:1.0: skipping garbage
[  259.221844][ T4318] cdc_wdm 8-1:1.0: skipping garbage
[  260.083873][ T4318] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  260.089980][ T4318] cdc_wdm 8-1:1.0: Unknown control protocol
[  260.295270][ T7124] 9pnet_virtio: no channels available for device syz
[  261.287829][ T4357] usb 8-1: USB disconnect, device number 3
[  262.217702][ T7136] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  262.591669][ T4325] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  262.668537][ T7155] loop6: detected capacity change from 0 to 512
[  262.715967][ T7155] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  262.781750][ T4325] usb 4-1: Using ep0 maxpacket: 32
[  262.787372][ T4357] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  262.792391][ T4318] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  262.803677][ T4325] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  262.814060][ T4325] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  262.823941][ T4325] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  262.833102][ T4325] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  262.843136][ T4325] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  262.852998][ T4325] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  262.872252][ T4325] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  262.887443][ T4325] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.898483][ T4325] usb 4-1: config 0 descriptor??
[  263.001663][ T4318] usb 6-1: Using ep0 maxpacket: 8
[  263.017604][ T4318] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  263.036221][ T4357] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  263.098275][ T4318] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  263.205180][ T4325] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  263.280040][ T4318] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  263.406169][ T4318] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  263.552529][ T4318] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  263.625994][ T4357] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  263.643491][ T4357] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  263.652195][ T4357] usb 8-1: Product: syz
[  263.656587][ T4357] usb 8-1: Manufacturer: syz
[  263.661330][ T4357] usb 8-1: SerialNumber: syz
[  263.669629][ T4318] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  263.709464][ T4318] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.779046][ T4324] usb 4-1: USB disconnect, device number 12
[  263.803113][ T6415] EXT4-fs (loop6): unmounting filesystem.
[  263.828390][ T4324] usblp0: removed
[  263.898936][ T4357] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  263.986350][ T4318] usb 6-1: GET_CAPABILITIES returned 0
[  263.996525][ T4318] usbtmc 6-1:16.0: can't read capabilities
[  264.144204][ T7175] 9pnet_virtio: no channels available for device syz
[  264.547579][ T7173] loop6: detected capacity change from 0 to 1024
[  264.863151][ T7151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  264.910941][ T7151] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.931366][ T7173] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  264.963099][ T4357] usb 6-1: USB disconnect, device number 8
[  265.181339][ T7173] EXT4-fs error (device loop6): xattr_find_entry:297: inode #12: comm syz.6.764: corrupted xattr entries
[  265.317508][ T6415] EXT4-fs (loop6): unmounting filesystem.
[  265.766488][ T4357] usb 8-1: USB disconnect, device number 4
[  265.796989][ T4357] usblp0: removed
[  265.875134][ T7193] kvm: pic: non byte read
[  265.880811][ T7193] kvm: pic: level sensitive irq not supported
[  265.880956][ T7193] kvm: pic: non byte read
[  265.931366][ T7193] kvm: pic: level sensitive irq not supported
[  265.931444][ T7193] kvm: pic: non byte read
[  265.958952][ T7193] kvm: pic: level sensitive irq not supported
[  265.959027][ T7193] kvm: pic: non byte read
[  265.978004][ T7193] kvm: pic: level sensitive irq not supported
[  265.978077][ T7193] kvm: pic: non byte read
[  265.992953][ T7193] kvm: pic: level sensitive irq not supported
[  265.993025][ T7193] kvm: pic: non byte read
[  266.012359][ T7193] kvm: pic: level sensitive irq not supported
[  266.012431][ T7193] kvm: pic: non byte read
[  266.024061][ T4600] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  266.063523][ T7182] loop3: detected capacity change from 0 to 32768
[  266.228847][ T4600] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.247199][ T4600] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  266.274479][ T4600] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  266.283766][ T4600] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  266.284896][ T7182] XFS (loop3): Mounting V5 Filesystem
[  266.292751][ T4600] usb 1-1: Manufacturer: syz
[  266.309732][ T4600] usb 1-1: config 0 descriptor??
[  266.437327][ T7182] XFS (loop3): Ending clean mount
[  266.568178][ T7225] loop5: detected capacity change from 0 to 7
[  266.642221][ T7225]  loop5: [POWERTEC] p1 p2 p3 p4
[  266.651940][ T7225] loop5: p1 size 1153433600 extends beyond EOD, truncated
[  266.692075][ T7225] loop5: p2 size 327680 extends beyond EOD, truncated
[  266.710459][ T7225] loop5: p3 start 589824 is beyond EOD, truncated
[  266.756780][ T7225] loop5: p4 start 1848407154 is beyond EOD, truncated
[  266.786431][ T4284] XFS (loop3): Unmounting Filesystem
[  266.872157][ T4545] udevd[4545]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  266.889620][ T5247] udevd[5247]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  267.321865][ T4324] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  267.355436][ T4600] input: syz Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000D/input/input11
[  267.477087][ T4600] input: syz Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.000D/input/input12
[  267.494991][ T7247] loop3: detected capacity change from 0 to 64
[  267.514365][ T4324] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  267.527160][ T4600] uclogic 0003:256C:006D.000D: input,hiddev0,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.0-1/input0
[  267.533897][ T4324] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  267.587646][ T4324] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  267.619568][ T4600] usb 1-1: USB disconnect, device number 16
[  267.622737][ T4324] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.903059][ T4324] usb 6-1: usb_control_msg returned -32
[  267.908732][ T4324] usbtmc 6-1:16.0: can't read capabilities
[  267.924220][ T7253] fido_id[7253]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  268.251628][ T4280] Bluetooth: hci4: command 0x0406 tx timeout
[  268.327813][ T7265] loop2: detected capacity change from 0 to 7
[  268.385902][ T7265]  loop2:
[  268.406348][ T7265] loop2: partition table partially beyond EOD, truncated
[  268.732151][ T7258] loop3: detected capacity change from 0 to 32768
[  268.752650][ T7258] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.782 (7258)
[  268.778363][ T7258] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  268.799972][ T7258] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  268.827611][ T7258] BTRFS info (device loop3): setting nodatasum
[  268.841967][ T7258] BTRFS info (device loop3): force zlib compression, level 3
[  268.858403][ T7258] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  268.879100][ T7258] BTRFS info (device loop3): use lzo compression, level 0
[  268.895707][ T7258] BTRFS info (device loop3): turning on flush-on-commit
[  268.921409][ T7258] BTRFS info (device loop3): enabling auto defrag
[  268.928429][ T7258] BTRFS info (device loop3): max_inline at 4096
[  268.935406][ T7258] BTRFS info (device loop3): using free space tree
[  269.069750][ T7258] BTRFS info (device loop3): enabling ssd optimizations
[  269.408600][ T4284] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  270.098503][ T7317] usb 6-1: USB disconnect, device number 9
[  271.533373][ T7336] loop5: detected capacity change from 0 to 4096
[  271.776907][ T7345] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  271.945349][   T26] audit: type=1800 audit(1780366563.594:8): pid=7336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.792" name="file1" dev="loop5" ino=15 res=0 errno=0
[  271.977547][ T7325] loop6: detected capacity change from 0 to 32768
[  272.023136][ T7340] capability: warning: `syz.0.794' uses deprecated v2 capabilities in a way that may be insecure
[  272.262665][ T7325] XFS (loop6): Mounting V5 Filesystem
[  272.423264][ T7325] XFS (loop6): Ending clean mount
[  272.561674][ T7318] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  272.639967][ T7371] 9pnet_virtio: no channels available for device syz
[  273.731083][ T7318] usb 6-1: device descriptor read/all, error -71
[  274.037503][ T6415] XFS (loop6): Unmounting Filesystem
[  276.573964][ T7434] loop6: detected capacity change from 0 to 4096
[  276.696853][ T7435] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  278.491952][ T4280] Bluetooth: hci0: command 0x0406 tx timeout
[  278.950266][ T7450] loop3: detected capacity change from 0 to 512
[  278.994791][ T7450] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  279.097200][ T7450] EXT4-fs (loop3): 1 truncate cleaned up
[  279.115313][ T7450] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  279.346328][ T7450] EXT4-fs error (device loop3): xattr_find_entry:297: inode #12: comm syz.3.817: corrupted xattr entries
[  279.462570][ T7450] EXT4-fs (loop3): Remounting filesystem read-only
[  279.620661][ T4284] EXT4-fs (loop3): unmounting filesystem.
[  279.635471][ T7467] serio: Serial port ptm0
[  280.424136][ T7482] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  280.844754][ T7495] loop5: detected capacity change from 0 to 7
[  280.869401][ T5247]  loop5:
[  280.878289][ T5247] loop5: partition table partially beyond EOD, truncated
[  280.922541][ T7495]  loop5:
[  280.925756][ T7495] loop5: partition table partially beyond EOD, truncated
[  281.565949][ T7492] loop7: detected capacity change from 0 to 32768
[  284.618672][ T7530] loop5: detected capacity change from 0 to 128
[  285.537696][ T5391] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  285.557189][ T5391] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  285.863473][ T7542] 9pnet_virtio: no channels available for device syz
[  289.520119][ T7565] fuse: Bad value for 'fd'
[  289.741172][ T5194] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.979732][ T5194] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.178748][ T5194] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.329657][ T5194] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  290.711610][ T7318] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  290.902249][ T7318] usb 1-1: Using ep0 maxpacket: 16
[  290.909750][ T7318] usb 1-1: config 0 has no interfaces?
[  290.930364][ T7318] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  290.959433][ T7318] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.984186][ T7318] usb 1-1: Product: syz
[  290.995642][ T7318] usb 1-1: Manufacturer: syz
[  291.009740][ T7318] usb 1-1: SerialNumber: syz
[  291.036680][ T7318] usb 1-1: config 0 descriptor??
[  291.113794][ T4280] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  291.136417][ T4280] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  291.147352][ T4280] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  291.157333][ T4280] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  291.165346][ T4280] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  291.184354][ T4280] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  291.281285][ T7587] Disabled LAPIC found during irq injection
[  291.306769][ T7315] usb 1-1: USB disconnect, device number 17
[  292.020480][ T7604] chnl_net:caif_netlink_parms(): no params data found
[  292.230404][ T7604] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.237844][ T7604] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.246752][ T7604] device bridge_slave_0 entered promiscuous mode
[  292.256789][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.264788][ T7604] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.275463][ T7604] device bridge_slave_1 entered promiscuous mode
[  292.304904][ T7604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  292.317292][ T7604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.357993][ T7604] team0: Port device team_slave_0 added
[  292.366700][ T7604] team0: Port device team_slave_1 added
[  292.460764][ T7604] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.468086][ T7604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.519513][ T7604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.559701][ T7604] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.567411][ T7604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.596823][ T7604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.623195][ T5194] device hsr_slave_0 left promiscuous mode
[  292.633894][ T5194] device hsr_slave_1 left promiscuous mode
[  292.640728][ T5194] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  292.653970][ T5194] batman_adv: batadv0: Removing interface: batadv_slave_0
[  292.664994][ T5194] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  292.672709][ T5194] batman_adv: batadv0: Removing interface: batadv_slave_1
[  292.681011][ T5194] device bridge_slave_1 left promiscuous mode
[  292.693694][ T5194] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.704251][ T5194] device bridge_slave_0 left promiscuous mode
[  292.710646][ T5194] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.838725][ T5194] device veth1_macvtap left promiscuous mode
[  292.848396][ T5194] device veth0_macvtap left promiscuous mode
[  292.858044][ T5194] device veth1_vlan left promiscuous mode
[  292.868912][ T5194] device veth0_vlan left promiscuous mode
[  293.225393][ T4357] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  293.296696][ T4280] Bluetooth: hci0: command 0x0409 tx timeout
[  293.413252][ T4357] usb 4-1: Using ep0 maxpacket: 8
[  293.439901][ T4357] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  293.456093][ T4357] usb 4-1: config 179 has no interface number 0
[  293.464737][ T4357] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  293.480439][ T4357] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  293.500678][ T4357] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  293.516639][ T4357] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  293.529014][ T4357] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  293.542747][ T4357] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  293.552133][ T4357] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.588336][ T7650] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  293.859620][ T4318] usb 4-1: USB disconnect, device number 13
[  293.859816][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  293.873974][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  294.129758][ T5194] team0 (unregistering): Port device team_slave_1 removed
[  294.184814][ T5194] team0 (unregistering): Port device team_slave_0 removed
[  294.246170][ T5194] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  294.300606][ T5194] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  294.850527][ T5194] bond0 (unregistering): Released all slaves
[  295.112342][ T7604] device hsr_slave_0 entered promiscuous mode
[  295.130760][ T7604] device hsr_slave_1 entered promiscuous mode
[  295.371776][ T4280] Bluetooth: hci0: command 0x041b tx timeout
[  295.560127][ T7686] 9pnet_virtio: no channels available for device syz
[  296.586387][ T7604] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.620963][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  296.645580][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.663715][ T7604] 8021q: adding VLAN 0 to HW filter on device team0
[  296.807511][ T7704] 9pnet_virtio: no channels available for device syz
[  296.882242][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  296.973667][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  297.087728][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.095018][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.315476][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  297.439475][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  297.451748][ T4280] Bluetooth: hci0: command 0x040f tx timeout
[  297.544307][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  297.553202][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.560506][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.578551][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  297.588190][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  297.598341][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  297.611328][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  297.640462][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  297.649873][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  297.660133][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  297.669978][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  297.679780][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  297.693529][ T7604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  297.707650][ T7604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  297.717539][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  297.728330][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  298.613751][ T7732] Bluetooth: MGMT ver 1.22
[  298.625272][ T7732] Bluetooth: hci0: invalid len left 7, exp >= 115
[  298.752366][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  298.759988][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  298.785129][ T7604] 8021q: adding VLAN 0 to HW filter on device batadv0
[  298.840023][ T7739] overlayfs: failed to resolve './file0': -2
[  299.531843][ T4280] Bluetooth: hci0: command 0x0419 tx timeout
[  300.355853][ T4608] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  300.575998][ T4608] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  300.588279][ T4608] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  300.597700][ T4608] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  300.609031][ T4608] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  300.618447][ T4608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.645332][ T7753] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  300.663878][ T4608] hub 1-1:1.0: bad descriptor, ignoring hub
[  300.669837][ T4608] hub: probe of 1-1:1.0 failed with error -5
[  300.679226][ T4608] cdc_wdm 1-1:1.0: skipping garbage
[  300.684867][ T4608] cdc_wdm 1-1:1.0: skipping garbage
[  300.711177][ T4608] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  300.717299][ T4608] cdc_wdm 1-1:1.0: Unknown control protocol
[  301.108740][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  301.115713][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  301.124153][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  301.131108][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  302.038556][ T7315] usb 1-1: USB disconnect, device number 18
[  302.231734][ T7315] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  302.421706][ T7315] usb 1-1: Using ep0 maxpacket: 8
[  302.428734][ T7315] usb 1-1: config 0 has no interfaces?
[  302.439578][ T7315] usb 1-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5
[  302.449136][ T7315] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.477221][ T7315] usb 1-1: config 0 descriptor??
[  302.740820][ T7316] usb 1-1: USB disconnect, device number 19
[  303.997976][ T7315] usb 8-1: new full-speed USB device number 5 using dummy_hcd
[  304.099694][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  304.125398][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  304.177302][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  304.185744][ T7315] usb 8-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  304.210716][ T7315] usb 8-1: config 0 interface 0 has no altsetting 0
[  304.214176][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  304.234690][ T7315] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  304.244477][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  304.267773][ T7315] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.274245][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  304.300736][ T7315] usb 8-1: config 0 descriptor??
[  304.319628][ T7604] device veth0_vlan entered promiscuous mode
[  304.559751][ T7604] device veth1_vlan entered promiscuous mode
[  305.139686][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  305.156703][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  305.198128][ T7604] device veth0_macvtap entered promiscuous mode
[  305.246184][ T7604] device veth1_macvtap entered promiscuous mode
[  305.342054][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.355145][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.365761][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.380640][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.390832][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.434911][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.456330][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.468689][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.481302][ T7604] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.491231][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  305.519872][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  305.543023][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  305.567016][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  305.605670][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.624060][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.645412][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.659141][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.669832][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.680891][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.696164][ T7604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.730699][ T7604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.769050][ T7604] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.798188][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  305.829682][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  305.868247][ T4609] usb 8-1: USB disconnect, device number 5
[  306.082696][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.107726][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.129373][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  306.198023][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.215163][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.245775][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  306.723566][ T4288] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  306.737478][ T4288] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  306.750290][ T4288] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  306.761945][ T4288] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  306.774510][ T4288] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  306.787828][ T4288] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  306.967370][    T9] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.127204][    T9] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.278076][    T9] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.454178][    T9] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  307.686817][ T7822] chnl_net:caif_netlink_parms(): no params data found
[  308.088856][ T7822] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.110479][ T7822] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.119212][ T7822] device bridge_slave_0 entered promiscuous mode
[  308.163950][ T7860] netlink: 24 bytes leftover after parsing attributes in process `syz.8.924'.
[  308.189489][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.203829][ T7822] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.228984][ T7822] device bridge_slave_1 entered promiscuous mode
[  308.361161][ T7848] loop7: detected capacity change from 0 to 8192
[  308.449796][ T7865] netlink: 32 bytes leftover after parsing attributes in process `syz.3.926'.
[  308.653599][ T7822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  308.794492][ T7822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  308.891782][ T4288] Bluetooth: hci3: command 0x0409 tx timeout
[  309.040366][ T7877] netlink: 20 bytes leftover after parsing attributes in process `syz.0.930'.
[  309.235818][ T7822] team0: Port device team_slave_0 added
[  309.344625][ T7822] team0: Port device team_slave_1 added
[  309.589969][ T7822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.603184][ T7822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.663209][ T7822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.794783][ T7895] 9pnet_virtio: no channels available for device syz
[  310.128759][ T7822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.190046][ T7822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.521722][ T7822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.686248][ T7822] device hsr_slave_0 entered promiscuous mode
[  310.705204][ T7822] device hsr_slave_1 entered promiscuous mode
[  310.738928][ T7822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  310.751608][ T7822] Cannot create hsr debugfs directory
[  310.791654][ T7315] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  310.972298][ T4288] Bluetooth: hci3: command 0x041b tx timeout
[  310.984972][ T7315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  311.007155][ T7315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255
[  311.046096][ T7315] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  311.064512][ T7315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.081824][ T7315] usb 4-1: Product: syz
[  311.090619][ T7315] usb 4-1: Manufacturer: syz
[  311.102006][ T7315] usb 4-1: SerialNumber: syz
[  311.119768][ T7315] usb 4-1: config 0 descriptor??
[  311.132207][ T7902] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  311.144031][ T7902] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  311.328249][ T4280] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  311.341639][ T4280] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  311.362208][ T4280] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  311.370449][ T4280] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  311.378914][ T4280] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  311.386038][ T7902] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  311.393673][ T4280] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  311.444083][ T7902] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  311.484537][    T9] device hsr_slave_0 left promiscuous mode
[  311.499310][    T9] device hsr_slave_1 left promiscuous mode
[  311.507791][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.515749][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.524164][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  311.532682][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.542747][    T9] device bridge_slave_1 left promiscuous mode
[  311.549240][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.559389][    T9] device bridge_slave_0 left promiscuous mode
[  311.566255][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.650539][    T9] device veth1_macvtap left promiscuous mode
[  311.667675][    T9] device veth0_macvtap left promiscuous mode
[  311.679904][    T9] device veth1_vlan left promiscuous mode
[  311.688381][    T9] device veth0_vlan left promiscuous mode
[  311.700860][ T7315] Error reading MAC address
[  311.733420][ T7315] usb 4-1: USB disconnect, device number 14
[  312.399688][ T7932] loop3: detected capacity change from 0 to 128
[  312.466816][ T7932] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  312.498549][ T7932] ext4 filesystem being mounted at /209/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  312.652817][ T7932] fscrypt: loop3: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  312.788514][ T4284] EXT4-fs (loop3): unmounting filesystem.
[  313.052825][ T4288] Bluetooth: hci3: command 0x040f tx timeout
[  313.540380][ T4288] Bluetooth: hci0: command 0x0409 tx timeout
[  313.682261][    T9] team0 (unregistering): Port device team_slave_1 removed
[  313.763392][    T9] team0 (unregistering): Port device team_slave_0 removed
[  313.828235][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  313.899989][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  314.463331][    T9] bond0 (unregistering): Released all slaves
[  314.801859][ T7822] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.832553][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  314.845334][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  314.901991][ T7822] 8021q: adding VLAN 0 to HW filter on device team0
[  314.937428][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  314.952052][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  314.967208][ T7133] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.974458][ T7133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.994184][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  315.009968][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  315.019044][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  315.027775][ T7133] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.032899][    C1] vkms_vblank_simulate: vblank timer overrun
[  315.035115][ T7133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.083514][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  315.100787][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  315.122674][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  315.132259][ T4288] Bluetooth: hci3: command 0x0419 tx timeout
[  315.150681][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  315.160532][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  315.170261][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  315.184766][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  315.252003][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  315.264725][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  315.282822][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  315.297541][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  315.308875][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  315.325278][ T7912] chnl_net:caif_netlink_parms(): no params data found
[  315.392143][ T7980] loop3: detected capacity change from 0 to 512
[  315.476890][ T7912] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.482980][ T7980] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  315.493245][ T7980] ext4 filesystem being mounted at /216/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.505218][ T7912] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.513939][ T7912] device bridge_slave_0 entered promiscuous mode
[  315.532295][ T7912] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.539672][ T7912] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.563286][ T7912] device bridge_slave_1 entered promiscuous mode
[  315.611940][ T4288] Bluetooth: hci0: command 0x041b tx timeout
[  315.656002][ T7912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.683848][ T7912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  315.723723][ T7988] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  315.848722][ T7912] team0: Port device team_slave_0 added
[  315.860378][ T7912] team0: Port device team_slave_1 added
[  315.885008][ T7912] batman_adv: batadv0: Adding interface: batadv_slave_0
[  315.893825][ T7912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  315.919755][    C1] vkms_vblank_simulate: vblank timer overrun
[  315.935310][ T5228] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  315.947885][ T5228] EXT4-fs (loop3): This should not happen!! Data will be lost
[  315.947885][ T5228] 
[  315.958540][ T5228] EXT4-fs (loop3): Total free blocks count 0
[  315.964882][ T5228] EXT4-fs (loop3): Free/Dirty block details
[  315.970879][ T5228] EXT4-fs (loop3): free_blocks=65281
[  315.976919][ T7912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  315.988970][ T5228] EXT4-fs (loop3): dirty_blocks=1
[  315.989236][ T7946] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  315.999739][ T5228] EXT4-fs (loop3): Block reservation details
[  316.012093][ T7912] batman_adv: batadv0: Adding interface: batadv_slave_1
[  316.019141][ T7912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  316.046786][ T5228] EXT4-fs (loop3): i_reserved_data_blocks=1
[  316.054868][ T7912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  316.066615][ T4284] EXT4-fs (loop3): unmounting filesystem.
[  316.348505][ T7998] Bluetooth: MGMT ver 1.22
[  316.372453][ T7998] Bluetooth: hci0: service_discovery: too big uuid_count value 63764
[  316.411049][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  316.428943][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  316.516951][ T7822] 8021q: adding VLAN 0 to HW filter on device batadv0
[  316.536698][ T7912] device hsr_slave_0 entered promiscuous mode
[  316.552602][ T7912] device hsr_slave_1 entered promiscuous mode
[  316.572574][ T7912] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  316.590493][ T7912] Cannot create hsr debugfs directory
[  317.174615][ T8017] loop3: detected capacity change from 0 to 2048
[  317.203337][ T8017] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967169, location=4294967169
[  317.281994][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.342158][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.386841][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  317.393264][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  317.431882][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.473597][ T8017] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967169, location=4294967169
[  317.528479][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.569056][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.609587][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.652082][ T8017] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967169, location=4294967169
[  317.689127][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.692304][ T4288] Bluetooth: hci0: command 0x040f tx timeout
[  317.762002][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.833462][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.856978][ T8017] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967169, location=4294967169
[  317.878319][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.927936][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  317.983318][ T8017] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  318.013144][ T8017] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  318.326552][ T7912] 8021q: adding VLAN 0 to HW filter on device bond0
[  318.427245][    T9] device hsr_slave_0 left promiscuous mode
[  318.452373][    T9] device hsr_slave_1 left promiscuous mode
[  318.480347][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  318.501897][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  318.528970][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  318.548943][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  318.576947][    T9] device bridge_slave_1 left promiscuous mode
[  318.596635][ T8032] loop7: detected capacity change from 0 to 32768
[  318.597651][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.635101][    T9] device bridge_slave_0 left promiscuous mode
[  318.642277][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.680984][ T8032] XFS (loop7): Mounting V5 Filesystem
[  318.707809][    T9] device veth1_macvtap left promiscuous mode
[  318.748600][    T9] device veth0_macvtap left promiscuous mode
[  318.765488][ T8032] XFS (loop7): Ending clean mount
[  318.770791][    T9] device veth1_vlan left promiscuous mode
[  318.782059][    T9] device veth0_vlan left promiscuous mode
[  318.863911][   T26] audit: type=1800 audit(1780366610.514:9): pid=8032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.971" name="file1" dev="loop7" ino=6154 res=0 errno=0
[  318.909570][ T4609] XFS (loop7): Metadata CRC error detected at xfs_allocbt_read_verify+0x3a/0xd0, xfs_bnobt block 0x4 
[  318.937745][ T4609] XFS (loop7): Unmount and run xfs_repair
[  318.957898][ T4609] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  318.988790][ T4609] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  318.998383][ T4609] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10  ................
[  319.008960][ T4609] 00000020: ed 37 bf 6e 74 ea 4e 01 f8 ba 5f ee 27 4b 0f 3a  .7.nt.N..._.'K.:
[  319.018768][ T4609] 00000030: 00 00 00 00 f6 3b 25 b5 00 00 00 07 00 00 00 01  .....;%.........
[  319.027944][ T4609] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  319.044518][ T4609] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  319.053930][ T4609] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  319.065884][ T4609] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  319.075535][ T8032] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x4 len 4 error 74
[  319.165155][ T6543] XFS (loop7): Unmounting Filesystem
[  319.771738][ T4288] Bluetooth: hci0: command 0x0419 tx timeout
[  320.526720][    T9] team0 (unregistering): Port device team_slave_1 removed
[  320.593133][    T9] team0 (unregistering): Port device team_slave_0 removed
[  320.663152][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  320.748767][ T8090] loop7: detected capacity change from 0 to 8192
[  320.810226][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  320.847591][ T8090]  loop7: p1 p2
[  320.851177][ T8090] loop7: partition table partially beyond EOD, truncated
[  320.865076][ T8090] loop7: p1 start 16777216 is beyond EOD, truncated
[  320.872066][ T8090] loop7: p2 start 50331648 is beyond EOD, truncated
[  321.596894][    T9] bond0 (unregistering): Released all slaves
[  321.735873][ T5194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  321.750146][ T5194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  321.791076][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  321.812517][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  321.842945][ T7912] 8021q: adding VLAN 0 to HW filter on device team0
[  321.913546][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  321.953059][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  321.992740][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  322.012435][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  322.026366][ T4553] bridge0: port 1(bridge_slave_0) entered blocking state
[  322.033592][ T4553] bridge0: port 1(bridge_slave_0) entered forwarding state
[  322.067959][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  322.077125][ T8100] loop3: detected capacity change from 0 to 256
[  322.084269][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  322.097838][ T8100] exfat: Unknown parameter 'ÿÿÐS”º�Ì 
[  322.097838][ T8100] ž­¨Sì°ÎBïxz:ºþ�žIµ)od&[&BF~™þ¸ðØ…�ß7]1k:ÏË©õ€Œ ûXÉi£Í£Øßéä^+ü>¹b'ôôOtö@'
[  322.113929][ T4553] bridge0: port 2(bridge_slave_1) entered blocking state
[  322.121185][ T4553] bridge0: port 2(bridge_slave_1) entered forwarding state
[  322.132114][ T7822] device veth0_vlan entered promiscuous mode
[  322.162615][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  322.181056][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  322.199941][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  322.232259][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  322.282968][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  322.335341][ T7822] device veth1_vlan entered promiscuous mode
[  322.365708][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  322.398858][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  322.460122][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  322.508635][ T7912] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  322.520805][ T7912] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  322.544515][ T8109] md2: error: failed to get bitmap file
[  322.560454][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  322.579639][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  322.624201][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  322.666689][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  322.689193][ T8114] loop3: detected capacity change from 0 to 1024
[  322.699239][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  322.719801][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  322.734704][ T8114] EXT4-fs: Ignoring removed bh option
[  322.740264][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  322.744904][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  322.820289][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  322.851432][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  322.889201][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  322.912972][ T8114] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  322.937277][ T7822] device veth0_macvtap entered promiscuous mode
[  322.970941][ T7822] device veth1_macvtap entered promiscuous mode
[  323.083396][ T7822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.115138][ T7822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.143723][ T7822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.154666][ T7822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.164901][ T7822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.185776][ T7822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.215014][ T4284] EXT4-fs (loop3): unmounting filesystem.
[  323.237379][ T7822] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.283400][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  323.312547][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  323.351991][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  323.379571][ T7822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.405090][ T7822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.415643][ T7822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.426757][ T7822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.445167][ T7822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.456370][ T7822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.474737][ T7822] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.498452][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  323.521454][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  323.842505][ T7133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  323.891573][ T7133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.929675][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  323.985543][ T4382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.017987][ T4382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.042153][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  324.098310][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  324.131898][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  324.152211][ T7912] 8021q: adding VLAN 0 to HW filter on device batadv0
[  324.253432][ T4553] Bluetooth: hci5: Frame reassembly failed (-84)
[  324.374319][ T8157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1001'.
[  325.047940][ T8155] loop7: detected capacity change from 0 to 32768
[  325.082091][ T8155] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 scanned by syz.7.1002 (8155)
[  325.145103][ T8155] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  325.181703][ T8155] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm
[  325.198383][ T8158] loop9: detected capacity change from 0 to 32768
[  325.225476][ T8155] BTRFS info (device loop7): using free space tree
[  325.234002][ T8169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  325.308576][ T8169] device batadv_slave_0 entered promiscuous mode
[  325.354466][ T8158] XFS (loop9): Mounting V5 Filesystem
[  325.439941][ T5194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  325.471162][ T5194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  325.521147][ T8158] XFS (loop9): Ending clean mount
[  325.528690][ T8158] XFS (loop9): Quotacheck needed: Please wait.
[  325.600661][ T8155] BTRFS info (device loop7): enabling ssd optimizations
[  325.674176][ T7912] device veth0_vlan entered promiscuous mode
[  325.732594][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  325.767922][   T26] audit: type=1800 audit(1780366617.404:10): pid=8155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1002" name="bus" dev="loop7" ino=263 res=0 errno=0
[  325.792849][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  325.817886][ T8158] XFS (loop9): Quotacheck: Done.
[  325.827842][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  325.842087][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  325.857683][ T7912] device veth1_vlan entered promiscuous mode
[  325.900726][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  325.931270][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  325.965127][ T8158] XFS (loop9): Unmounting Filesystem
[  326.035131][ T7912] device veth0_macvtap entered promiscuous mode
[  326.071366][ T7912] device veth1_macvtap entered promiscuous mode
[  326.108438][ T6543] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  326.130984][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  326.179266][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.216057][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  326.251212][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.272245][ T4280] Bluetooth: hci5: command 0x1003 tx timeout
[  326.281221][ T4288] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  326.346191][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  326.391103][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.462891][ T7912] batman_adv: batadv0: Interface activated: batadv_slave_0
[  326.471778][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  326.490502][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  326.526005][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  326.574367][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  326.623698][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.674734][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.704329][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.717639][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.747827][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.768432][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.779933][ T7912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  326.797747][ T7912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  326.866073][ T7912] batman_adv: batadv0: Interface activated: batadv_slave_1
[  326.885090][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  326.905349][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  327.158120][ T4382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.213055][ T4382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.231124][ T4553] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  327.381212][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.403009][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.425567][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  327.913885][ T8247] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1018'.
[  328.483160][ T8268] loop2: detected capacity change from 0 to 7
[  328.511464][ T8268]  loop2:
[  328.519031][ T8268] loop2: partition table partially beyond EOD, truncated
[  328.529426][ T8270] loop3: detected capacity change from 0 to 512
[  328.615073][ T8270] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c198, mo2=0002]
[  328.688998][ T8270] System zones: 1-12
[  328.780439][ T8270] EXT4-fs error (device loop3): ext4_iget_extra_inode:4763: inode #15: comm syz.3.1023: corrupted in-inode xattr
[  328.807788][ T8270] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.1023: couldn't read orphan inode 15 (err -117)
[  328.845171][ T8284] loop8: detected capacity change from 0 to 512
[  328.881788][ T8284] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  328.896224][ T8270] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  328.963323][ T8284] EXT4-fs (loop8): orphan file too big: 8388608
[  329.002028][ T8284] EXT4-fs (loop8): mount failed
[  329.141917][ T8270] EXT4-fs warning (device loop3): ext4_empty_dir:3147: inode #2: comm syz.3.1023: directory missing '.'
[  329.693647][ T4280] Bluetooth: hci0: command 0x0405 tx timeout
[  329.845686][ T4284] EXT4-fs (loop3): unmounting filesystem.
[  330.183149][ T8314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1033'.
[  330.516167][ T8327] loop5: detected capacity change from 0 to 7
[  330.538287][ T8327] Dev loop5: unable to read RDB block 7
[  330.555485][ T8327]  loop5: unable to read partition table
[  330.565743][ T8327] loop5: partition table beyond EOD, truncated
[  330.612425][ T8327] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  331.597407][ T8346] vcan0: tx drop: invalid da for name 0x0000000000000003
[  331.898597][ T8336] loop7: detected capacity change from 0 to 131072
[  331.911911][ T8336] F2FS-fs (loop7): Wrong CP boundary, start(512) end(1536) blocks(0)
[  331.920070][ T8336] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  331.929377][ T8336] F2FS-fs (loop7): invalid crc value
[  331.960603][ T8353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1042'.
[  332.038491][ T8336] F2FS-fs (loop7): Found nat_bits in checkpoint
[  332.097461][ T8336] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  332.104776][ T8336] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  333.964400][ T8381] overlayfs: missing 'lowerdir'
[  334.110785][ T4606] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  334.142440][ T4606] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  334.294035][ T8384] loop8: detected capacity change from 0 to 4096
[  334.315549][ T8372] loop3: detected capacity change from 0 to 32768
[  334.348665][ T8384] EXT4-fs: Ignoring removed orlov option
[  334.413325][ T8384] EXT4-fs (loop8): Test dummy encryption mode enabled
[  334.542491][ T8372] XFS (loop3): Mounting V5 Filesystem
[  334.571808][ T8384] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  334.750434][ T8372] XFS (loop3): Ending clean mount
[  335.030988][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  335.136978][ T4284] XFS (loop3): Unmounting Filesystem
[  335.384702][ T8414] loop7: detected capacity change from 0 to 164
[  336.917113][ T8451] fuse: Bad value for 'fd'
[  337.223264][ T8453] loop3: detected capacity change from 0 to 32768
[  337.234013][ T8453] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1076 (8453)
[  337.271982][ T8453] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  337.282270][ T8453] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  337.291009][ T8453] BTRFS info (device loop3): turning on sync discard
[  337.297834][ T8453] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  337.307312][ T8453] BTRFS info (device loop3): use zstd compression, level 3
[  337.314653][ T8453] BTRFS info (device loop3): turning on async discard
[  337.321550][ T8453] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  337.332251][ T8453] BTRFS info (device loop3): trying to use backup root at mount time
[  337.340388][ T8453] BTRFS info (device loop3): enabling auto defrag
[  337.346991][ T8453] BTRFS info (device loop3): using free space tree
[  337.554446][ T5228] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  337.614028][ T8453] BTRFS error (device loop3): failed to load root extent
[  337.621639][ T8453] BTRFS warning (device loop3): try to load backup roots slot 1
[  337.630210][ T4553] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  337.684794][ T8453] BTRFS warning (device loop3): couldn't read tree root
[  337.692067][ T8453] BTRFS warning (device loop3): try to load backup roots slot 2
[  337.712491][ T8453] BTRFS error (device loop3): parent transid verify failed on logical 5255168 mirror 1 wanted 5 found 7
[  337.724002][ T8453] BTRFS warning (device loop3): couldn't read tree root
[  337.731031][ T8453] BTRFS warning (device loop3): try to load backup roots slot 3
[  337.766124][ T8453] BTRFS info (device loop3): enabling ssd optimizations
[  337.775358][ T8453] BTRFS info (device loop3): rebuilding free space tree
[  337.802045][ T8453] BTRFS info (device loop3): checking UUID tree
[  338.308925][ T4280] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[  338.989417][ T8508] fuse: Bad value for 'fd'
[  339.216815][ T8484] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  339.415575][ T5228] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.509563][ T8519] overlayfs: failed to get inode (-116)
[  339.554621][ T8519] overlayfs: failed to get inode (-116)
[  339.999645][ T5228] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.021116][ T8526] loop2: detected capacity change from 0 to 7
[  340.029017][ T5247] Dev loop2: unable to read RDB block 7
[  340.041638][ T5247]  loop2: unable to read partition table
[  340.089080][ T5247] loop2: partition table beyond EOD, truncated
[  340.097097][ T8526] Dev loop2: unable to read RDB block 7
[  340.113597][ T8526]  loop2: unable to read partition table
[  340.119707][ T8526] loop2: partition table beyond EOD, truncated
[  340.165283][ T8530] fuse: Bad value for 'fd'
[  340.192717][ T5228] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.215730][ T8526] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  340.339490][ T5228] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.496918][ T8554] netlink: 164 bytes leftover after parsing attributes in process `syz.9.1106'.
[  342.127316][ T4288] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  342.139139][   T48] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  342.148513][ T4288] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  342.161471][ T4288] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  342.170840][ T4288] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  342.178940][ T4288] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  342.976886][ T8587] loop7: detected capacity change from 0 to 512
[  343.098315][ T8594] 9pnet_virtio: no channels available for device syz
[  343.185332][ T8567] chnl_net:caif_netlink_parms(): no params data found
[  343.767122][ T8567] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.779314][ T8567] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.790919][ T8567] device bridge_slave_0 entered promiscuous mode
[  343.880804][ T8618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.058707][ T8567] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.067131][ T8567] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.095190][ T8567] device bridge_slave_1 entered promiscuous mode
[  344.156655][ T8567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  344.186442][ T5228] device hsr_slave_0 left promiscuous mode
[  344.197616][ T5228] device hsr_slave_1 left promiscuous mode
[  344.211283][ T5228] batman_adv: batadv0: Removing interface: batadv_slave_0
[  344.230485][ T5228] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  344.246987][ T5228] batman_adv: batadv0: Removing interface: batadv_slave_1
[  344.253228][ T4288] Bluetooth: hci4: command 0x0409 tx timeout
[  344.294388][ T5228] device bridge_slave_1 left promiscuous mode
[  344.319329][ T5228] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.341989][ T5228] device bridge_slave_0 left promiscuous mode
[  344.348354][ T5228] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.706795][ T5228] device veth1_macvtap left promiscuous mode
[  344.756567][ T5228] device veth0_macvtap left promiscuous mode
[  346.086064][ T5228] team0 (unregistering): Port device team_slave_1 removed
[  346.156920][ T5228] team0 (unregistering): Port device team_slave_0 removed
[  346.221769][ T5228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  346.288168][ T5228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  346.343127][ T4288] Bluetooth: hci4: command 0x041b tx timeout
[  346.860049][ T5228] bond0 (unregistering): Released all slaves
[  346.953331][ T8567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  347.042370][ T8671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1136'.
[  347.116063][ T8567] team0: Port device team_slave_0 added
[  347.134775][ T8567] team0: Port device team_slave_1 added
[  347.281203][ T8567] batman_adv: batadv0: Adding interface: batadv_slave_0
[  347.322387][ T8683] overlayfs: failed to clone lowerpath
[  347.337953][ T8567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  347.383766][ T8689] overlayfs: failed to clone lowerpath
[  347.426560][ T8567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  347.469150][ T8567] batman_adv: batadv0: Adding interface: batadv_slave_1
[  347.491682][ T8567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  347.548717][ T8567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  347.609857][ T8692] block device autoloading is deprecated and will be removed.
[  347.823203][ T8567] device hsr_slave_0 entered promiscuous mode
[  347.837695][ T8567] device hsr_slave_1 entered promiscuous mode
[  348.411685][ T4288] Bluetooth: hci4: command 0x040f tx timeout
[  348.435842][ T8567] 8021q: adding VLAN 0 to HW filter on device bond0
[  348.463903][ T8567] 8021q: adding VLAN 0 to HW filter on device team0
[  348.522394][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  348.562637][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  348.583179][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  348.603576][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  348.618299][ T5228] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.625677][ T5228] bridge0: port 1(bridge_slave_0) entered forwarding state
[  348.661161][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  348.690674][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  348.713858][ T5228] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.721185][ T5228] bridge0: port 2(bridge_slave_1) entered forwarding state
[  348.763139][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  348.813102][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  348.833021][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  348.848850][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  348.888609][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  348.901279][ T8733] overlayfs: failed to clone upperpath
[  348.913150][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  348.932743][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  348.953249][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  348.972976][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  349.012505][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  349.047648][ T8567] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  349.068029][ T8567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  349.092508][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  349.109411][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  349.769252][ T8759] netlink: 'syz.9.1160': attribute type 11 has an invalid length.
[  349.928545][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  349.938398][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  349.963804][ T8567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  350.172110][ T4288] Bluetooth: hci2: command 0x0406 tx timeout
[  350.416584][ T8780] 9pnet_virtio: no channels available for device syz
[  350.492078][ T4280] Bluetooth: hci4: command 0x0419 tx timeout
[  351.452616][ T8786] device syzkaller0 entered promiscuous mode
[  352.199268][ T8814] 9pnet_virtio: no channels available for device syz
[  356.364172][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  356.379069][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  356.467034][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  356.486726][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  356.495285][ T7054] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  356.539554][ T8567] device veth0_vlan entered promiscuous mode
[  356.547499][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  356.563249][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  356.578396][ T8567] device veth1_vlan entered promiscuous mode
[  356.616403][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  356.650813][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  356.671177][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  356.701995][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  356.714079][ T7054] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  356.732836][ T8567] device veth0_macvtap entered promiscuous mode
[  356.754009][ T7054] usb 1-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4
[  356.765798][ T8567] device veth1_macvtap entered promiscuous mode
[  356.779972][ T8841] loop7: detected capacity change from 0 to 256
[  356.782639][ T7054] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.840358][ T8841] FAT-fs (loop7): Directory bread(block 64) failed
[  356.848922][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  356.866644][ T7054] usb 1-1: config 0 descriptor??
[  356.881649][ T8841] FAT-fs (loop7): Directory bread(block 65) failed
[  356.891301][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  356.910969][ T7054] rndis_wlan 1-1:0.0: skipping garbage
[  356.916810][ T7054] usb 1-1: bad CDC descriptors
[  356.923696][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  356.931256][ T8841] FAT-fs (loop7): Directory bread(block 66) failed
[  356.941172][ T7054] rndis_host 1-1:0.0: skipping garbage
[  356.946888][ T7054] usb 1-1: bad CDC descriptors
[  356.952233][ T8841] FAT-fs (loop7): Directory bread(block 67) failed
[  356.958924][ T8841] FAT-fs (loop7): Directory bread(block 68) failed
[  356.993930][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.019789][ T8841] FAT-fs (loop7): Directory bread(block 69) failed
[  357.040100][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  357.060940][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.069826][ T8841] FAT-fs (loop7): Directory bread(block 70) failed
[  357.090556][ T8841] FAT-fs (loop7): Directory bread(block 71) failed
[  357.110103][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  357.112559][ T8841] FAT-fs (loop7): Directory bread(block 72) failed
[  357.146722][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.148170][ T8841] FAT-fs (loop7): Directory bread(block 73) failed
[  357.165681][ T4611] usb 1-1: USB disconnect, device number 20
[  357.207192][ T8567] batman_adv: batadv0: Interface activated: batadv_slave_0
[  357.236614][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  357.254913][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  357.301048][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  357.340354][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  357.364700][   T26] audit: type=1800 audit(1780366649.014:11): pid=8841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1179" name="bus" dev="loop7" ino=1048653 res=0 errno=0
[  357.393482][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.417770][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.448165][ T8853] syz.7.1179: attempt to access beyond end of device
[  357.448165][ T8853] loop7: rw=2049, sector=1224, nr_sectors = 8 limit=256
[  357.463805][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.480962][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.493773][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.517827][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.532958][ T8567] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.560077][ T8567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.592065][ T8567] batman_adv: batadv0: Interface activated: batadv_slave_1
[  357.780242][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  357.809990][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  357.949592][ T5194] kworker/u4:12: attempt to access beyond end of device
[  357.949592][ T5194] loop7: rw=1, sector=1232, nr_sectors = 600 limit=256
[  357.978083][ T4382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  358.003638][ T4382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  358.022206][ T5194] kworker/u4:12: attempt to access beyond end of device
[  358.022206][ T5194] loop7: rw=1, sector=1864, nr_sectors = 944 limit=256
[  358.036445][ T7133] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  358.098624][ T5204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  358.135973][ T5204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  358.154440][ T5228] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  358.989353][ T8880] loop8: detected capacity change from 0 to 4096
[  359.759084][ T8871] loop1: detected capacity change from 0 to 32768
[  360.300436][ T8921] 9pnet_virtio: no channels available for device syz
[  361.255625][ T8930] loop8: detected capacity change from 0 to 512
[  361.399469][ T8930] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  361.431850][ T8930] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.519099][ T8941] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1208'.
[  361.674556][ T8945] 9pnet_virtio: no channels available for device syz
[  362.413416][ T8944] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  362.686767][ T5204] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  362.713381][ T5204] EXT4-fs (loop8): This should not happen!! Data will be lost
[  362.713381][ T5204] 
[  362.736966][ T5204] EXT4-fs (loop8): Total free blocks count 0
[  362.747968][ T5204] EXT4-fs (loop8): Free/Dirty block details
[  362.756126][ T5204] EXT4-fs (loop8): free_blocks=65281
[  362.766467][ T5204] EXT4-fs (loop8): dirty_blocks=1
[  362.773197][ T5204] EXT4-fs (loop8): Block reservation details
[  362.779247][ T5204] EXT4-fs (loop8): i_reserved_data_blocks=1
[  362.785732][ T8957] netlink: 'syz.7.1211': attribute type 11 has an invalid length.
[  362.810111][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  365.134991][ T9016] netlink: 'syz.0.1227': attribute type 11 has an invalid length.
[  365.180957][ T9013] Set syz1 is full, maxelem 14 reached
[  365.649141][ T9036] loop8: detected capacity change from 0 to 4096
[  365.715546][ T9036] NILFS (loop8): invalid segment: Checksum error in segment payload
[  365.764244][ T9036] NILFS (loop8): trying rollback from an earlier position
[  365.836688][ T9036] NILFS (loop8): recovery complete
[  365.885568][ T9051] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  366.519857][ T9067] loop8: detected capacity change from 0 to 128
[  367.125297][ T9088] loop8: detected capacity change from 0 to 16
[  367.169715][ T9088] erofs: (device loop8): mounted with root inode @ nid 36.
[  367.229647][ T9088] erofs: (device loop8): z_erofs_readahead: readahead error at page 3 @ nid 89
[  367.278969][ T9088] syz.8.1246: attempt to access beyond end of device
[  367.278969][ T9088] loop8: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  367.457080][ T9088] erofs: (device loop8): z_erofs_readahead: readahead error at page 4 @ nid 89
[  367.509171][ T9088] syz.8.1246: attempt to access beyond end of device
[  367.509171][ T9088] loop8: rw=524288, sector=16, nr_sectors = 40 limit=16
[  367.602309][ T9088] erofs: (device loop8): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[8192]
[  367.680780][   T26] audit: type=1800 audit(1780366659.324:12): pid=9088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.1246" name="file2" dev="loop8" ino=89 res=0 errno=0
[  368.594682][ T9111] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1251'.
[  369.332629][ T9114] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1251'.
[  371.619453][ T9162] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14
[  371.746326][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1268'.
[  372.912197][ T9225] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  373.421832][ T9248] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  374.874068][ T9300] 9pnet_virtio: no channels available for device syz
[  375.388815][ T9291] loop8: detected capacity change from 0 to 32768
[  375.417564][ T9291] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 scanned by syz.8.1298 (9291)
[  375.472676][ T9291] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  375.504781][ T9291] BTRFS info (device loop8): using sha256 (sha256-avx2) checksum algorithm
[  375.539100][ T9291] BTRFS info (device loop8): setting nodatacow, compression disabled
[  375.580735][ T9291] BTRFS info (device loop8): force clearing of disk cache
[  375.604588][ T9291] BTRFS info (device loop8): enabling ssd optimizations
[  375.630502][ T9291] BTRFS info (device loop8): using spread ssd allocation scheme
[  375.656502][ T9291] BTRFS info (device loop8): turning off barriers
[  375.680188][ T9291] BTRFS info (device loop8): disabling free space tree
[  375.710103][ T9291] BTRFS info (device loop8): not using ssd optimizations
[  375.734750][ T9291] BTRFS info (device loop8): not using spread ssd allocation scheme
[  375.897526][ T9291] BTRFS info (device loop8): rebuilding free space tree
[  375.956479][   T26] audit: type=1800 audit(1780366667.604:13): pid=9318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1304" name="/" dev="fuse" ino=4 res=0 errno=0
[  375.987883][ T9291] BTRFS info (device loop8): disabling free space tree
[  376.004345][ T9291] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  376.051830][ T9291] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  376.323875][ T9358] loop1: detected capacity change from 0 to 256
[  376.410962][ T9358] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d)
[  376.498351][ T9361] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1311'.
[  376.561293][ T9361] device syz_tun entered promiscuous mode
[  376.721264][ T9368] 9pnet_virtio: no channels available for device syz
[  377.475022][ T7912] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  377.929912][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  377.985323][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  378.087847][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  378.254395][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  378.355419][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  378.446194][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  378.542602][ T9381] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  378.820914][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  378.827330][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  380.076083][ T9402] loop8: detected capacity change from 0 to 32768
[  380.219326][ T9423] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  380.666483][ T9438] binder: 9437:9438 ioctl c0306201 2000000001c0 returned -14
[  380.831730][ T7054] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  380.862989][ T9446] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1335'.
[  380.921002][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1335'.
[  380.939272][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1335'.
[  380.958908][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1335'.
[  380.968351][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1335'.
[  381.033910][ T7054] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  381.051575][ T7054] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  381.075928][ T7054] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  381.091574][ T7054] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  381.110087][ T7054] usb 1-1: SerialNumber: syz
[  381.341249][ T7054] usb 1-1: 0:2 : does not exist
[  381.405853][ T7054] usb 1-1: USB disconnect, device number 21
[  381.658406][ T5247] udevd[5247]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.847886][ T9463] loop8: detected capacity change from 0 to 4096
[  381.901280][ T9463] EXT4-fs: inline encryption not supported
[  381.933275][ T9463] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  381.966053][ T9463] EXT4-fs (loop8): Test dummy encryption mode enabled
[  381.996402][ T9463] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003]
[  382.018932][ T9463] System zones: 0-5
[  382.052547][ T9463] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  382.282404][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  382.388092][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  382.446806][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  382.556047][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  382.606557][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  382.677421][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  382.715067][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  382.857416][ T9478] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  383.893526][ T9513] loop8: detected capacity change from 0 to 512
[  383.986906][ T9513] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  384.039616][ T9513] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  384.363821][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  385.396022][ T9561] device geneve2 entered promiscuous mode
[  385.489731][ T9566] binder: 9563:9566 ioctl c0306201 200000000080 returned -14
[  385.543244][ T9566] binder: 9563:9566 ioctl c0306201 2000000003c0 returned -14
[  385.932753][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  385.993691][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  386.103608][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  386.169136][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  386.243437][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  386.322247][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  386.353191][ T9585] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  388.193813][ T9652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.264658][ T9652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  388.343709][ T9652] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  390.105975][ T9701] netlink: 'syz.0.1394': attribute type 1 has an invalid length.
[  390.163415][ T9704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  390.175412][ T9701] device bond2 entered promiscuous mode
[  390.181672][ T9701] 8021q: adding VLAN 0 to HW filter on device bond2
[  390.203958][ T9701] device bridge3 entered promiscuous mode
[  390.210668][ T9701] bond2: (slave bridge3): Enslaving as a backup interface with an up link
[  390.267281][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  390.281725][ T4553] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  390.309032][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  390.365148][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  390.411264][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  390.418915][ T4764] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  390.481632][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  390.523231][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  390.564415][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  390.614313][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  390.664301][ T9706] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  390.716068][ T9704] device gretap0 entered promiscuous mode
[  390.990771][ T7054] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  391.221680][ T7054] usb 2-1: Using ep0 maxpacket: 8
[  391.238360][ T7054] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  391.269315][ T7054] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  391.321993][ T7054] usb 2-1: config 179 has no interface number 0
[  391.329418][ T7054] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  391.371588][ T7054] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.393424][ T9741] loop8: detected capacity change from 0 to 1024
[  391.502613][ T9741] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  391.639194][ T9748] netlink: 'syz.9.1403': attribute type 1 has an invalid length.
[  391.661542][ T7054] usb 2-1: USB disconnect, device number 5
[  391.802475][ T9748] 8021q: adding VLAN 0 to HW filter on device bond1
[  391.819875][ T9751] bond1: (slave geneve2): making interface the new active one
[  391.835851][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  391.857182][ T9751] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  391.931879][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  392.080695][ T9758] loop8: detected capacity change from 0 to 512
[  392.217589][ T9758] EXT4-fs error (device loop8): ext4_quota_enable:7045: comm syz.8.1405: Bad quota inum: 1, type: 2
[  392.238771][ T9758] EXT4-fs warning (device loop8): ext4_enable_quotas:7093: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix.
[  392.257101][ T9758] EXT4-fs (loop8): mount failed
[  392.519889][ T9770] loop7: detected capacity change from 0 to 2048
[  392.566920][ T9770] EXT4-fs: Ignoring removed nobh option
[  392.661874][ T9770] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  393.309660][ T6543] EXT4-fs (loop7): unmounting filesystem.
[  393.572138][ T4600] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  393.610477][ T4600] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  394.355240][ T9813] device syz_tun entered promiscuous mode
[  394.392412][ T9813] device vlan3 entered promiscuous mode
[  394.448308][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.455804][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.462527][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.469177][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.475885][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.482672][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.489299][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.496069][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.502805][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.509453][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.516174][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.522863][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  394.529576][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  395.286241][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888059298800: rx timeout, send abort
[  395.797376][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888059298800: abort rx timeout. Force session deactivation
[  396.381730][ T4600] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  396.589307][ T4600] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  396.613457][ T4600] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  396.652702][ T4600] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  396.696627][ T4600] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.748062][ T9843] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  396.892416][ T5247] udevd[5247]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  396.922276][ T9858] netlink: 'syz.0.1433': attribute type 1 has an invalid length.
[  397.031192][ T4600] usb 2-1: USB disconnect, device number 6
[  397.108396][ T9858] 8021q: adding VLAN 0 to HW filter on device bond3
[  397.187292][ T9862] bond3: (slave geneve2): making interface the new active one
[  397.246760][ T9862] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  397.285792][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  397.538581][ T9871] overlayfs: failed to clone upperpath
[  397.807816][ T9876] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  397.905250][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880597b1400: rx timeout, send abort
[  398.407363][    C0] vcan0: j1939_tp_rxtimer: 0xffff888057ad6000: rx timeout, send abort
[  398.421544][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880597b1400: abort rx timeout. Force session deactivation
[  398.621227][ T9909] binder: 9907:9909 ioctl c0306201 200000000080 returned -14
[  398.670488][ T9909] binder: 9907:9909 ioctl c0306201 2000000003c0 returned -14
[  398.915705][    C0] vcan0: j1939_tp_rxtimer: 0xffff888057ad6000: abort rx timeout. Force session deactivation
[  399.077926][ T9915] serio: Serial port ptm0
[  399.195085][ T9915] serio: Serial port ptm0
[  404.265321][T10079] overlayfs: failed to get index nlink (file0/file2, err=-61)
[  404.456493][T10087] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1472'.
[  404.486192][T10087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1472'.
[  404.522203][T10087] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.529788][T10087] bridge0: port 2(bridge_slave_1) entered listening state
[  404.537409][T10087] bridge0: port 1(bridge_slave_0) entered blocking state
[  404.544626][T10087] bridge0: port 1(bridge_slave_0) entered listening state
[  406.036556][T10117] loop1: detected capacity change from 0 to 32768
[  406.109615][T10136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1484'.
[  406.252244][T10136] bond0: (slave syz_tun): Releasing backup interface
[  406.828799][T10146] input: syz0 as /devices/virtual/input/input15
[  407.164856][   T26] audit: type=1326 audit(1780366698.814:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10150 comm="syz.9.1488" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff7b2f9ce59 code=0x0
[  407.256964][T10158] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1490'.
[  407.811981][ T7316] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  408.010820][ T7316] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  408.038515][ T7316] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.062519][ T7316] usb 9-1: Product: syz
[  408.074828][ T7316] usb 9-1: Manufacturer: syz
[  408.096997][ T7316] usb 9-1: SerialNumber: syz
[  408.114125][ T7316] usb 9-1: config 0 descriptor??
[  408.343566][ T7316] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  409.788785][ T7316] dvb_usb_rtl28xxu: probe of 9-1:0.0 failed with error -71
[  409.816418][ T7316] usb 9-1: USB disconnect, device number 2
[  411.378388][T10262] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1520'.
[  411.471849][ T4606] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  411.703876][ T4606] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  411.737518][ T4606] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  411.789737][ T4606] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  411.820423][ T4606] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.841902][T10252] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  411.965342][ T4351] udevd[4351]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  412.070045][T10252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.120578][T10252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.200455][ T4606] usb 2-1: USB disconnect, device number 7
[  413.840558][ T7054] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  413.989381][T10321] tipc: Started in network mode
[  414.009846][T10321] tipc: Node identity 4, cluster identity 4711
[  414.031574][ T7054] usb 9-1: Using ep0 maxpacket: 8
[  414.037212][T10321] tipc: Node number set to 4
[  414.043414][ T7054] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  414.077173][ T7054] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  414.107656][ T7054] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  414.131417][ T7054] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  414.171529][ T7054] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  414.201911][ T7054] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  414.211134][ T7054] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.238397][T10329] netlink: 'syz.0.1540': attribute type 4 has an invalid length.
[  414.303639][T10331] netlink: 'syz.0.1540': attribute type 4 has an invalid length.
[  414.452188][ T7054] usb 9-1: usb_control_msg returned -32
[  414.457855][ T7054] usbtmc 9-1:16.0: can't read capabilities
[  414.709100][ T7316] usb 9-1: USB disconnect, device number 3
[  414.974561][T10358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1554'.
[  415.603118][T10371] binder_alloc: 10368: binder_alloc_buf size 16384 failed, no address space
[  415.640015][T10371] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 8192 (num: 1 largest: 8192)
[  416.018397][ T4280] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  416.463501][ T7054] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  416.993681][ T7054] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  417.008541][ T7054] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.067243][T10393] loop1: detected capacity change from 0 to 512
[  417.109758][ T7054] usb 9-1: config 0 descriptor??
[  417.144425][T10393] EXT4-fs: Ignoring removed i_version option
[  417.150553][T10393] EXT4-fs: Ignoring removed oldalloc option
[  417.176215][ T7054] cp210x 9-1:0.0: cp210x converter detected
[  417.202632][T10393] EXT4-fs (loop1): Test dummy encryption mode enabled
[  417.248414][T10393] EXT4-fs (loop1): 1 truncate cleaned up
[  417.258111][T10393] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  417.400878][T10393] EXT4-fs error (device loop1): xattr_find_entry:297: inode #15: comm syz.1.1551: corrupted xattr entries
[  417.519405][T10393] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:69: inode #15: comm syz.1.1551: corrupt xattr in inline inode
[  417.577456][ T7054] cp210x 9-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  417.607140][T10393] EXT4-fs error (device loop1): xattr_find_entry:297: inode #15: comm syz.1.1551: corrupted xattr entries
[  417.649676][ T7054] usb 9-1: cp210x converter now attached to ttyUSB0
[  417.803832][ T7317] usb 9-1: USB disconnect, device number 4
[  417.829011][ T7317] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  418.007280][ T8567] EXT4-fs (loop1): unmounting filesystem.
[  418.014657][ T7317] cp210x 9-1:0.0: device disconnected
[  418.200377][T10420] loop7: detected capacity change from 0 to 1024
[  418.283017][T10420] EXT4-fs: Ignoring removed bh option
[  418.310342][T10420] EXT4-fs: Ignoring removed orlov option
[  418.718704][T10430] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1561'.
[  418.859003][T10420] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #3: block 2: comm syz.7.1557: lblock 2 mapped to illegal pblock 2 (length 1)
[  418.953565][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  418.960173][T10420] Quota error (device loop7): qtree_write_dquot: dquota write failed
[  419.032768][T10420] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm syz.7.1557: Invalid inode table block 1 in block_group 0
[  419.110404][T10430] device syz_tun left promiscuous mode
[  419.120296][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  419.165164][T10420] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  419.222032][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  419.251805][T10420] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #3: comm syz.7.1557: mark_inode_dirty error
[  419.312829][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  419.326327][T10420] Quota error (device loop7): v2_write_file_info: Can't write info structure
[  419.367111][T10420] EXT4-fs error (device loop7): ext4_acquire_dquot:6841: comm syz.7.1557: Failed to acquire dquot type 0
[  419.406453][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  419.427062][T10420] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  419.496165][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  419.522543][T10420] EXT4-fs error (device loop7): ext4_evict_inode:281: inode #11: comm syz.7.1557: mark_inode_dirty error
[  419.554603][T10420] EXT4-fs (loop7): Remounting filesystem read-only
[  419.561286][T10420] EXT4-fs warning (device loop7): ext4_evict_inode:284: couldn't mark inode dirty (err -117)
[  419.580080][T10420] EXT4-fs (loop7): 1 orphan inode deleted
[  419.595582][ T5204] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #3: block 1: comm kworker/u4:13: lblock 1 mapped to illegal pblock 1 (length 1)
[  419.618766][T10420] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  419.663185][ T5204] EXT4-fs (loop7): Remounting filesystem read-only
[  419.669912][ T5204] Quota error (device loop7): remove_tree: Can't read quota data block 1
[  419.679328][ T5204] EXT4-fs error (device loop7): ext4_release_dquot:6877: comm kworker/u4:13: Failed to release dquot type 0
[  419.746052][ T5204] EXT4-fs (loop7): Remounting filesystem read-only
[  420.044916][T10431] loop1: detected capacity change from 0 to 32768
[  420.155955][   T26] audit: type=1800 audit(1780366711.804:15): pid=10431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1560" name="bus" dev="loop1" ino=7 res=0 errno=0
[  420.347479][T10431] jfs_unlink: dtDelete returned -116
[  420.359555][T10455] xt_hashlimit: size too large, truncated to 1048576
[  420.404473][T10431] jfs_unlink: dtDelete returned -116
[  420.750776][T10472] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #2: block 16: comm syz.7.1557: lblock 0 mapped to illegal pblock 16 (length 1)
[  420.874596][T10472] EXT4-fs (loop7): Remounting filesystem read-only
[  420.932365][T10419] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #2: block 16: comm syz.7.1557: lblock 0 mapped to illegal pblock 16 (length 1)
[  421.023441][T10419] EXT4-fs (loop7): Remounting filesystem read-only
[  421.068711][T10472] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #2: block 16: comm syz.7.1557: lblock 0 mapped to illegal pblock 16 (length 1)
[  421.222854][T10472] EXT4-fs (loop7): Remounting filesystem read-only
[  421.286690][T10478] netlink: 'syz.1.1568': attribute type 3 has an invalid length.
[  421.314793][T10478] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1568'.
[  421.353362][ T6543] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  421.419706][ T6543] EXT4-fs (loop7): Remounting filesystem read-only
[  421.501608][ T6543] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm syz-executor: Invalid inode table block 1 in block_group 0
[  421.591697][ T6543] EXT4-fs (loop7): Remounting filesystem read-only
[  421.598299][ T6543] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  421.708746][ T6543] EXT4-fs (loop7): Remounting filesystem read-only
[  421.777197][ T6543] EXT4-fs error (device loop7): ext4_dirty_inode:6156: inode #2: comm syz-executor: mark_inode_dirty error
[  421.847957][ T6543] EXT4-fs (loop7): Remounting filesystem read-only
[  421.908419][ T4382] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm kworker/u4:7: Invalid inode table block 1 in block_group 0
[  421.959698][ T6543] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm syz-executor: Invalid inode table block 1 in block_group 0
[  427.309992][T10541] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1582'.
[  427.372447][T10541] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1582'.
[  428.459543][T10541] loop7: detected capacity change from 0 to 40427
[  428.502733][T10541] F2FS-fs (loop7): Invalid SB checksum offset: 0
[  428.532076][T10541] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  428.570095][T10541] F2FS-fs (loop7): invalid crc value
[  428.593330][T10541] F2FS-fs (loop7): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  428.829256][T10541] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0
[  428.845955][T10541] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  428.974876][T10579] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
[  429.035246][T10568] f2fs_ckpt-7:7: attempt to access beyond end of device
[  429.035246][T10568] loop7: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  430.139932][T10615] pit: kvm: requested 181028 ns i8254 timer period limited to 200000 ns
[  430.186454][T10615] pit: kvm: requested 138285 ns i8254 timer period limited to 200000 ns
[  430.216059][T10615] pit: kvm: requested 31847 ns i8254 timer period limited to 200000 ns
[  430.227968][ T4607] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  430.263620][T10615] pit: kvm: requested 117333 ns i8254 timer period limited to 200000 ns
[  430.304081][T10615] pit: kvm: requested 5866 ns i8254 timer period limited to 200000 ns
[  430.333929][T10615] pit: kvm: requested 40228 ns i8254 timer period limited to 200000 ns
[  430.365835][T10615] pit: kvm: requested 125714 ns i8254 timer period limited to 200000 ns
[  430.400524][T10615] pit: kvm: requested 109790 ns i8254 timer period limited to 200000 ns
[  430.442512][T10615] pit: kvm: requested 46933 ns i8254 timer period limited to 200000 ns
[  430.454284][ T4607] usb 2-1: unable to get BOS descriptor or descriptor too short
[  430.471828][ T4607] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  430.482561][T10615] pit: kvm: requested 165942 ns i8254 timer period limited to 200000 ns
[  430.514376][ T4607] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  430.548507][ T4607] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30
[  430.617274][ T4607] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188
[  430.651836][ T4607] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  430.685395][ T4607] usb 2-1: config 1 interface 1 has no altsetting 0
[  430.718710][ T4607] usb 2-1: string descriptor 0 read error: -22
[  430.736336][ T4607] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40
[  430.766861][ T4607] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.880982][ T4607] usb 2-1: 2:0: failed to get current value for ch 1 (-71)
[  431.944992][ T4607] usb 2-1: USB disconnect, device number 8
[  432.019905][T10648] loop8: detected capacity change from 0 to 512
[  432.120734][T10648] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  432.189713][T10648] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  432.233157][ T5247] udevd[5247]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  432.632855][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  432.711703][   T26] audit: type=1326 audit(1780366724.364:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10670 comm="syz.1.1610" exe="/root/ci2-linux-6-1-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdb4a99ce59 code=0x0
[  433.097833][T10683] netlink: 'syz.9.1613': attribute type 1 has an invalid length.
[  433.240191][T10686] bond2: (slave bridge1): making interface the new active one
[  433.275058][T10686] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  433.317765][T10683] netlink: 44 bytes leftover after parsing attributes in process `syz.9.1613'.
[  433.355252][T10683] device bond2 entered promiscuous mode
[  433.375573][T10683] device bridge1 entered promiscuous mode
[  433.432711][T10683] 8021q: adding VLAN 0 to HW filter on device bond2
[  433.765106][T10691] binder: 10690:10691 ioctl c0306201 200000000080 returned -14
[  433.823710][T10695] binder: 10690:10695 ioctl c0306201 2000000003c0 returned -14
[  433.965717][T10698] device wlan1 entered promiscuous mode
[  434.171846][T10608] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  435.136468][    C1] bridge0: port 1(bridge_slave_0) entered learning state
[  435.146791][    C1] bridge0: port 2(bridge_slave_1) entered learning state
[  435.229421][T10705] loop7: detected capacity change from 0 to 32768
[  435.963131][T10742] loop7: detected capacity change from 0 to 1024
[  435.990317][T10742] JBD2: no valid journal superblock found
[  435.996356][T10742] EXT4-fs (loop7): error loading journal
[  437.211615][ T4288] Bluetooth: hci0: command 0x0406 tx timeout
[  438.450869][T10767] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1637'.
[  439.486885][    C0] Unknown status report in ack skb
[  440.257522][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  440.263940][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  441.374327][T10809] loop7: detected capacity change from 0 to 2048
[  441.570512][T10809] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  442.103467][T10809] EXT4-fs error (device loop7): ext4_map_blocks:637: inode #2: block 16: comm syz.7.1651: lblock 0 mapped to illegal pblock 16 (length 1)
[  442.164495][T10809] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm syz.7.1651: Invalid inode table block 0 in block_group 0
[  442.231849][T10809] EXT4-fs error (device loop7) in ext4_reserve_inode_write:5952: Corrupt filesystem
[  442.261273][T10809] EXT4-fs error (device loop7): ext4_setattr:5634: inode #15: comm syz.7.1651: mark_inode_dirty error
[  442.296741][T10809] EXT4-fs error (device loop7) in ext4_setattr:5695: Corrupt filesystem
[  442.354137][T10808] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm syz.7.1651: Invalid inode table block 0 in block_group 0
[  442.425498][T10809] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm syz.7.1651: Invalid inode table block 0 in block_group 0
[  442.568024][T10808] EXT4-fs error (device loop7): ext4_map_blocks:747: inode #15: block 1803188595: comm syz.7.1651: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  442.796971][T10808] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  442.847338][   T26] audit: type=1804 audit(1780366734.494:17): pid=10843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.1659" name="/newroot/122/file1" dev="fuse" ino=1 res=1 errno=0
[  442.914203][T10808] EXT4-fs (loop7): This should not happen!! Data will be lost
[  442.914203][T10808] 
[  443.129415][   T26] audit: type=1800 audit(1780366734.514:18): pid=10843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1659" name="/" dev="fuse" ino=1 res=0 errno=0
[  443.743188][T10607] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm kworker/u4:28: Invalid inode table block 0 in block_group 0
[  443.773836][T10852] loop8: detected capacity change from 0 to 512
[  443.784903][T10852] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  443.837749][T10607] EXT4-fs error (device loop7): __ext4_get_inode_loc:4520: comm kworker/u4:28: Invalid inode table block 0 in block_group 0
[  443.946076][ T6543] EXT4-fs (loop7): Inode 15 (ffff88805506a820): i_reserved_data_blocks (1) not cleared!
[  444.022273][ T6543] EXT4-fs (loop7): unmounting filesystem.
[  444.060754][T10852] EXT4-fs error (device loop8): ext4_orphan_get:1405: inode #15: comm syz.8.1662: inode has both inline data and extents flags
[  444.177731][T10852] EXT4-fs error (device loop8): ext4_orphan_get:1410: comm syz.8.1662: couldn't read orphan inode 15 (err -117)
[  444.247040][T10852] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  444.513779][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  444.941108][T10877] loop8: detected capacity change from 0 to 512
[  444.993066][T10877] EXT4-fs: Ignoring removed i_version option
[  445.079246][T10877] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  445.220657][T10877] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  445.521720][ T7912] EXT4-fs (loop8): unmounting filesystem.
[  447.837807][T10938] binder: 10937:10938 ioctl c0306201 200000000440 returned -14
[  451.295188][T10984] loop8: detected capacity change from 0 to 1024
[  453.018760][ T4288] Bluetooth: hci4: Malformed MSFT vendor event: 0x02
[  455.991059][    C0] ------------[ cut here ]------------
[  455.996623][    C0] WARNING: CPU: 0 PID: 11029 at net/mac80211/tx.c:4946 __ieee80211_beacon_get+0x1233/0x1600
[  456.006899][    C0] Modules linked in:
[  456.010831][    C0] CPU: 0 PID: 11029 Comm: syz.0.1706 Not tainted syzkaller #0
[  456.018381][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  456.028489][    C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  456.034935][    C0] Code: 24 4c 89 e7 e8 6e b6 08 f8 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 59 1a d0 f7 0f 0b e9 f6 f7 ff ff e8 4d 1a d0 f7 <0f> 0b e9 48 fb ff ff e8 41 1a d0 f7 48 c7 c7 b0 24 fb 8d 4c 89 e6
[  456.054627][    C0] RSP: 0018:ffffc90000007a30 EFLAGS: 00010246
[  456.060804][    C0] RAX: ffffffff89b26153 RBX: ffffffff89b24f56 RCX: ffff8880656e3c00
[  456.068830][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  456.076842][    C0] RBP: 0000000000000000 R08: ffff8880656e3c00 R09: 0000000000000003
[  456.084847][    C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88807dcae228
[  456.092849][    C0] R13: dffffc0000000000 R14: ffff88807dcae760 R15: ffff888059464824
[  456.100839][    C0] FS:  00007fe47627a6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  456.109841][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  456.116456][    C0] CR2: 0000200000b7e030 CR3: 0000000041040000 CR4: 00000000003506f0
[  456.124488][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  456.132494][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  456.140475][    C0] Call Trace:
[  456.143849][    C0]  <IRQ>
[  456.146719][    C0]  ? __ieee80211_beacon_get+0x36/0x1600
[  456.152405][    C0]  ieee80211_beacon_get_tim+0x63/0x4e0
[  456.157937][    C0]  mac80211_hwsim_beacon_tx+0x21c/0xae0
[  456.163574][    C0]  ? read_lock_is_recursive+0x10/0x10
[  456.169017][    C0]  __iterate_interfaces+0x243/0x500
[  456.174321][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  456.180667][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x26/0x170
[  456.187921][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  456.194199][    C0]  ieee80211_iterate_active_interfaces_atomic+0xd7/0x170
[  456.201262][    C0]  mac80211_hwsim_beacon+0xb7/0x1b0
[  456.206512][    C0]  __hrtimer_run_queues+0x54a/0xd50
[  456.211851][    C0]  ? hw_scan_work+0xf60/0xf60
[  456.216545][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  456.221739][    C0]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[  456.227855][    C0]  hrtimer_run_softirq+0x183/0x2a0
[  456.233002][    C0]  handle_softirqs+0x2a1/0x930
[  456.237846][    C0]  ? __irq_exit_rcu+0x13b/0x230
[  456.242743][    C0]  ? do_softirq+0x210/0x210
[  456.247302][    C0]  ? irqtime_account_irq+0xb2/0x1b0
[  456.252645][    C0]  __irq_exit_rcu+0x13b/0x230
[  456.257334][    C0]  ? irq_exit_rcu+0x20/0x20
[  456.261876][    C0]  irq_exit_rcu+0x5/0x20
[  456.266129][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  456.271843][    C0]  </IRQ>
[  456.274828][    C0]  <TASK>
[  456.277833][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  456.283918][    C0] RIP: 0010:lock_acquire+0x15f/0x4a0
[  456.289385][    C0] Code: 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 41 83 3e 00 0f 85 18 01 00 00 43 c6 44 3d 08 00 48 c7 84 24 a0 00 00 00 00 00 00 00 9c <8f> 84 24 a0 00 00 00 4c 8b b4 24 a0 00 00 00 43 c6 44 3d 08 f8 fa
[  456.309023][    C0] RSP: 0018:ffffc900052df4b8 EFLAGS: 00000246
[  456.315126][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 3795d27647890900
[  456.323147][    C0] RDX: 0000000000000000 RSI: ffffffff8adf2040 RDI: ffffffff8adf2000
[  456.331143][    C0] RBP: ffffc900052df5c8 R08: ffffffff8e2029ef R09: 1ffffffff1c4053d
[  456.339182][    C0] R10: dffffc0000000000 R11: fffffbfff1c4053e R12: 0000000000000000
[  456.347241][    C0] R13: 1ffff92000a5bea4 R14: ffff8880656e46dc R15: dffffc0000000000
[  456.355294][    C0]  ? __might_sleep+0xd0/0xd0
[  456.359984][    C0]  ? read_lock_is_recursive+0x10/0x10
[  456.365514][    C0]  ? __unix_dgram_recvmsg+0xa23/0xdc0
[  456.371014][    C0]  ? __lock_acquire+0x7d10/0x7d10
[  456.376082][    C0]  __mutex_lock+0x12d/0xaf0
[  456.380629][    C0]  ? __unix_dgram_recvmsg+0x205/0xdc0
[  456.386084][    C0]  ? mark_lock+0x94/0x320
[  456.390452][    C0]  ? __unix_dgram_recvmsg+0x205/0xdc0
[  456.395874][    C0]  ? mutex_lock_nested+0x10/0x10
[  456.400838][    C0]  ? skb_copy_datagram_iter+0x290/0x290
[  456.406510][    C0]  __unix_dgram_recvmsg+0x205/0xdc0
[  456.411790][    C0]  ? exc_page_fault+0x88/0x100
[  456.416582][    C0]  ? unix_unhash+0x10/0x10
[  456.421018][    C0]  ? mark_lock+0x94/0x320
[  456.425392][    C0]  ? unix_dgram_recvmsg+0xa9/0xd0
[  456.430446][    C0]  ? unix_dgram_sendmsg+0x16e0/0x16e0
[  456.435949][    C0]  ____sys_recvmsg+0x2cb/0x5e0
[  456.440755][    C0]  ? __sys_recvmsg_sock+0x40/0x40
[  456.445912][    C0]  ? import_iovec+0x6f/0xa0
[  456.450456][    C0]  ___sys_recvmsg+0x212/0x590
[  456.455211][    C0]  ? __sys_recvmsg+0x290/0x290
[  456.460006][    C0]  ? __lock_acquire+0x7d10/0x7d10
[  456.465077][    C0]  ? __might_fault+0xc2/0x120
[  456.469833][    C0]  ? __might_fault+0xa6/0x120
[  456.474546][    C0]  do_recvmmsg+0x393/0x870
[  456.478990][    C0]  ? __sys_recvmmsg+0x290/0x290
[  456.483883][    C0]  ? __ia32_sys_get_robust_list+0x100/0x100
[  456.489846][    C0]  ? rcu_read_lock_sched_held+0x86/0x110
[  456.495558][    C0]  __x64_sys_recvmmsg+0x195/0x250
[  456.500604][    C0]  ? do_recvmmsg+0x870/0x870
[  456.505233][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  456.510452][    C0]  do_syscall_64+0x4c/0xa0
[  456.514907][    C0]  ? clear_bhb_loop+0x60/0xb0
[  456.519603][    C0]  ? clear_bhb_loop+0x60/0xb0
[  456.524321][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  456.530241][    C0] RIP: 0033:0x7fe47539ce59
[  456.534703][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  456.554454][    C0] RSP: 002b:00007fe47627a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  456.562903][    C0] RAX: ffffffffffffffda RBX: 00007fe475616090 RCX: 00007fe47539ce59
[  456.570892][    C0] RDX: 0000000004000087 RSI: 00002000000000c0 RDI: 0000000000000003
[  456.578980][    C0] RBP: 00007fe475432d6f R08: 0000000000000000 R09: 0000000000000000
[  456.586984][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  456.595002][    C0] R13: 00007fe475616128 R14: 00007fe475616090 R15: 00007ffed5a6dd48
[  456.603036][    C0]  </TASK>
[  456.606340][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  456.613629][    C0] CPU: 0 PID: 11029 Comm: syz.0.1706 Not tainted syzkaller #0
[  456.621101][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  456.631168][    C0] Call Trace:
[  456.634488][    C0]  <IRQ>
[  456.637342][    C0]  dump_stack_lvl+0x188/0x24e
[  456.642039][    C0]  ? memcpy+0x3c/0x60
[  456.646102][    C0]  ? show_regs_print_info+0x12/0x12
[  456.651335][    C0]  ? load_image+0x400/0x400
[  456.655912][    C0]  panic+0x2e5/0x730
[  456.659832][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  456.664382][    C0]  __warn+0x2f8/0x4f0
[  456.668373][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  456.674108][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  456.679927][    C0]  report_bug+0x2ba/0x4f0
[  456.684331][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  456.690071][    C0]  handle_bug+0x3a/0x70
[  456.694251][    C0]  exc_invalid_op+0x16/0x40
[  456.698805][    C0]  asm_exc_invalid_op+0x16/0x20
[  456.703699][    C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  456.710104][    C0] Code: 24 4c 89 e7 e8 6e b6 08 f8 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 59 1a d0 f7 0f 0b e9 f6 f7 ff ff e8 4d 1a d0 f7 <0f> 0b e9 48 fb ff ff e8 41 1a d0 f7 48 c7 c7 b0 24 fb 8d 4c 89 e6
[  456.729777][    C0] RSP: 0018:ffffc90000007a30 EFLAGS: 00010246
[  456.735866][    C0] RAX: ffffffff89b26153 RBX: ffffffff89b24f56 RCX: ffff8880656e3c00
[  456.743848][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  456.751853][    C0] RBP: 0000000000000000 R08: ffff8880656e3c00 R09: 0000000000000003
[  456.759851][    C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88807dcae228
[  456.767843][    C0] R13: dffffc0000000000 R14: ffff88807dcae760 R15: ffff888059464824
[  456.775841][    C0]  ? __ieee80211_beacon_get+0x36/0x1600
[  456.781404][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  456.787162][    C0]  ? __ieee80211_beacon_get+0x36/0x1600
[  456.792781][    C0]  ieee80211_beacon_get_tim+0x63/0x4e0
[  456.798385][    C0]  mac80211_hwsim_beacon_tx+0x21c/0xae0
[  456.803969][    C0]  ? read_lock_is_recursive+0x10/0x10
[  456.809389][    C0]  __iterate_interfaces+0x243/0x500
[  456.814616][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  456.820873][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x26/0x170
[  456.828088][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  456.834358][    C0]  ieee80211_iterate_active_interfaces_atomic+0xd7/0x170
[  456.841466][    C0]  mac80211_hwsim_beacon+0xb7/0x1b0
[  456.846747][    C0]  __hrtimer_run_queues+0x54a/0xd50
[  456.852330][    C0]  ? hw_scan_work+0xf60/0xf60
[  456.857051][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  456.862192][    C0]  ? ktime_get_update_offsets_now+0x3ce/0x3e0
[  456.868293][    C0]  hrtimer_run_softirq+0x183/0x2a0
[  456.873424][    C0]  handle_softirqs+0x2a1/0x930
[  456.878239][    C0]  ? __irq_exit_rcu+0x13b/0x230
[  456.883101][    C0]  ? do_softirq+0x210/0x210
[  456.887617][    C0]  ? irqtime_account_irq+0xb2/0x1b0
[  456.892830][    C0]  __irq_exit_rcu+0x13b/0x230
[  456.897536][    C0]  ? irq_exit_rcu+0x20/0x20
[  456.902052][    C0]  irq_exit_rcu+0x5/0x20
[  456.906316][    C0]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  456.911983][    C0]  </IRQ>
[  456.914959][    C0]  <TASK>
[  456.917902][    C0]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  456.923914][    C0] RIP: 0010:lock_acquire+0x15f/0x4a0
[  456.929230][    C0] Code: 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 41 83 3e 00 0f 85 18 01 00 00 43 c6 44 3d 08 00 48 c7 84 24 a0 00 00 00 00 00 00 00 9c <8f> 84 24 a0 00 00 00 4c 8b b4 24 a0 00 00 00 43 c6 44 3d 08 f8 fa
[  456.948878][    C0] RSP: 0018:ffffc900052df4b8 EFLAGS: 00000246
[  456.955045][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 3795d27647890900
[  456.963026][    C0] RDX: 0000000000000000 RSI: ffffffff8adf2040 RDI: ffffffff8adf2000
[  456.971026][    C0] RBP: ffffc900052df5c8 R08: ffffffff8e2029ef R09: 1ffffffff1c4053d
[  456.979035][    C0] R10: dffffc0000000000 R11: fffffbfff1c4053e R12: 0000000000000000
[  456.987055][    C0] R13: 1ffff92000a5bea4 R14: ffff8880656e46dc R15: dffffc0000000000
[  456.995061][    C0]  ? __might_sleep+0xd0/0xd0
[  456.999667][    C0]  ? read_lock_is_recursive+0x10/0x10
[  457.005083][    C0]  ? __unix_dgram_recvmsg+0xa23/0xdc0
[  457.010477][    C0]  ? __lock_acquire+0x7d10/0x7d10
[  457.015568][    C0]  __mutex_lock+0x12d/0xaf0
[  457.020174][    C0]  ? __unix_dgram_recvmsg+0x205/0xdc0
[  457.025593][    C0]  ? mark_lock+0x94/0x320
[  457.029949][    C0]  ? __unix_dgram_recvmsg+0x205/0xdc0
[  457.035358][    C0]  ? mutex_lock_nested+0x10/0x10
[  457.040328][    C0]  ? skb_copy_datagram_iter+0x290/0x290
[  457.045914][    C0]  __unix_dgram_recvmsg+0x205/0xdc0
[  457.051166][    C0]  ? exc_page_fault+0x88/0x100
[  457.055986][    C0]  ? unix_unhash+0x10/0x10
[  457.060434][    C0]  ? mark_lock+0x94/0x320
[  457.064812][    C0]  ? unix_dgram_recvmsg+0xa9/0xd0
[  457.069858][    C0]  ? unix_dgram_sendmsg+0x16e0/0x16e0
[  457.075263][    C0]  ____sys_recvmsg+0x2cb/0x5e0
[  457.080064][    C0]  ? __sys_recvmsg_sock+0x40/0x40
[  457.085139][    C0]  ? import_iovec+0x6f/0xa0
[  457.089692][    C0]  ___sys_recvmsg+0x212/0x590
[  457.094414][    C0]  ? __sys_recvmsg+0x290/0x290
[  457.099220][    C0]  ? __lock_acquire+0x7d10/0x7d10
[  457.104270][    C0]  ? __might_fault+0xc2/0x120
[  457.108957][    C0]  ? __might_fault+0xa6/0x120
[  457.113655][    C0]  do_recvmmsg+0x393/0x870
[  457.118097][    C0]  ? __sys_recvmmsg+0x290/0x290
[  457.122967][    C0]  ? __ia32_sys_get_robust_list+0x100/0x100
[  457.128881][    C0]  ? rcu_read_lock_sched_held+0x86/0x110
[  457.134582][    C0]  __x64_sys_recvmmsg+0x195/0x250
[  457.139650][    C0]  ? do_recvmmsg+0x870/0x870
[  457.144270][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[  457.149489][    C0]  do_syscall_64+0x4c/0xa0
[  457.153926][    C0]  ? clear_bhb_loop+0x60/0xb0
[  457.158640][    C0]  ? clear_bhb_loop+0x60/0xb0
[  457.163360][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  457.169283][    C0] RIP: 0033:0x7fe47539ce59
[  457.173714][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  457.193367][    C0] RSP: 002b:00007fe47627a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  457.201816][    C0] RAX: ffffffffffffffda RBX: 00007fe475616090 RCX: 00007fe47539ce59
[  457.209817][    C0] RDX: 0000000004000087 RSI: 00002000000000c0 RDI: 0000000000000003
[  457.217818][    C0] RBP: 00007fe475432d6f R08: 0000000000000000 R09: 0000000000000000
[  457.225817][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  457.233825][    C0] R13: 00007fe475616128 R14: 00007fe475616090 R15: 00007ffed5a6dd48
[  457.241833][    C0]  </TASK>
[  457.245465][    C0] Kernel Offset: disabled
[  457.249905][    C0] Rebooting in 86400 seconds..