last executing test programs:

2m25.783505871s ago: executing program 1 (id=188):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@can_newroute={0x150, 0x18, 0x10, 0x70bd2c, 0x25dfdbfd, {0x1d, 0x1, 0x2}, [@CGW_LIM_HOPS={0x5}, @CGW_CS_CRC8={0x11e, 0x6, {0xb, 0x29, 0x70, 0x2, 0x2, "e0a6457bf4fd36971b345066cc309a2059f0de9e7841a402da6bd6685db015155f25b0feb2b0d0fe7c92b03d4e84b0e1ea55b647aed2935d7fdfc2305ec407e95a10f4699939d0c0e5e364767811f3ae1778004f411db65b8175f770e016146aecd7beb795981921824f4e128de08ad9111459adfb3a88c1112d745d10ae421a63204d468dda2bfd647a29407649914bedf45c77b130eb82074f700111eb21bf136b51ca1ff0e117b8770037657db7d9aa54e9804ebb5ca6508f67a9e0b7dd31e5960b3f22f306844a21a28dd8ce6c38c64e346e1910d2a342c775bb169c6e984012b7e398cd145c17fa6b652cf9f1a61cbbaa362860506a2335eb474c561ff6", 0x0, "d008d156edb1367b3ed99b34248420928a4db02f"}}, @CGW_FILTER={0xc, 0xb, {{0x0, 0x0, 0x1}, {0x3, 0x1, 0x0, 0x1}}}, @CGW_LIM_HOPS={0x5, 0xd, 0x8}]}, 0x150}}, 0x0)

2m25.628816022s ago: executing program 1 (id=189):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x6, 0x5004, 0x7, 0x1}, 0x50)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x42, 0x100)
pwrite64(r0, &(0x7f00000002c0)='2', 0x1, 0x8080c61)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x04\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}h\xc6\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\a\x00\x00\x00\xb6\x9b\xdb\xdc\xf3\xb9\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
setrlimit(0x8, &(0x7f0000000100)={0x4, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fallocate(r0, 0x3, 0x400002, 0x8000c62)
sendmmsg(0xffffffffffffffff, &(0x7f00000009c0)=[{{&(0x7f0000000180)=@hci={0x1f, 0x0, 0x1}, 0x80, 0x0, 0x0, 0x0, 0xf}}], 0x1, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r4, 0x8028640c, &(0x7f0000000000)={0xe000003, 0x3ffffddc, &(0x7f0000000180), 0x9, 0x5000004})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r5, 0x6c, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)=[0x0], &(0x7f00000005c0), 0x0, 0x64, &(0x7f0000000600), 0x0, 0x10, &(0x7f0000000640), &(0x7f0000000880), 0x8, 0xa8, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)

2m24.244354364s ago: executing program 1 (id=191):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000140)=0x6, 0x4) (async)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000140)=0x6, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x2, @mcast1, 0xb9}, @in6={0xa, 0x4e23, 0x54e, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x2}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}, @in6={0xa, 0x4e24, 0x3ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x5}], 0x84) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x2, @mcast1, 0xb9}, @in6={0xa, 0x4e23, 0x54e, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x2}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2c}}, @in6={0xa, 0x4e24, 0x3ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x5}], 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
pwrite64(r0, &(0x7f0000000000)="94778d83480f2fa6a3e0b8dc56213902e0af0148745207c8b14cf18bf3ebc50b5390a1b089f35dde0d82b87c46424528cbd867ec1ce5ca294078", 0x3a, 0x83b7)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="120100000000001000000000000000000001090224000100000000090400"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)

2m21.570722518s ago: executing program 1 (id=196):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000001c0)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6865617274626561743d6e6f6e652c6c6f63616c666c6f636b732c696e6f646536342c6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f61636c2c6e6f61636c2c6572726f72733d636f6e74696e75652c00edc97523793b5022d016bb24c65ba594abbd38fd9c301bfa101e61d574eb5cc84215aa20846b6f33df6281eaedb4b4afaaacd321e4df0d16b4f5a8a992efe2554b52ec9c980e5544cd4b8df3e1ba594d07e0bfe3471c164430a36b7ebddc35caf2959224d8330f1807117fc520d8ff5660c5691afd66a8e397bb802ed69df198008fb799cc37"], 0x1, 0x470e, &(0x7f0000008f40)="$eJzs222IHGcBB/BnNqe5pMn1XtImafqySQQPLceln6r1QzyrNpo2L9pWU+Xcu1wvp3u7592uFgxSgyAKghIEFV+oCqVfakEM9EstQsEXpFUoFUXrF5FCFfxg0AZ6srszuZ3Zvc7mNmlp+/tBOzfPzPPMs/e/eebl2RRitVMLK8WFlWKpUqzO3r9yS/Fz1XJ9cS4UXiWv9fHpzZXISfavnSPv+8BH7rklhD8c+9qHVldXV0PDcOjqQNvP5/99erZ9mShk6jTa7d5ayx/rj7z087e80h55ToQQdnT0q2FTCOFjvwhhcwhhJC4bjZdbQgjbQghRCOHR3/zrx4P9dKHN2XtfeO7YmcP7zkw9/tgzF+aPrrtjFMJ3y7tvnl98cf+m255/x2U6PAAAvKIPHj9y99HJA+HJKAydG+i8X98ZL5P74zvf9qm7Hh5Y275Kbza9iqECAABAxtrz/3D0cpf5umRmLZkSfOKBE3c/Fa1t92D7+nboriO3v3/yQDz/G3VsvzUu+ud7NzXnULPzvtn535FM/e7zv2vHefirz/6y8taN9z/pX3Lc4RAVJlLrhcLERAjHplrru6KthXJ1pfbO+6v1ysmNH/eNIp1/dvZ+bUK/1/xHM9Xz5v93f+LzP9sy0M8nGAvZv9rGerHzT5ku0vmvP5b/5EtRT/mPZerl5X/H09vP/2pzP58ge0QuRTr/1om4r32HYmsAaOT/zYH8/Hdk2s/L//tT5x49sYHv/zTGmeGo0dfB1Ajwcly+zleYyEjn3woiNXTGv8j1zv//ZfK/JtN+Xv53Vv/xu7/1cf1fb/wfn+qnzTePdP6tIIqpPdbO/5FC/vl/bab9vPx/e+rPz36yr2t1Z/6N/o+7/vcknX98IU4Pns3fZK/j/85M+3n57xq776GFDfT7w1vifg5FYaztW6fnGpewobX56uYjTWPz0gYO8iaQzr/1W0udOkOtRfP8H84f/3dl2s/L/6E9X3/P6b6+/9t9/J80/vcknf+WZtml5P9SJv/dmfbz8v/h6b//5b7LPP431g/Kvyfp/Ld2bF97/1Po6fnvukz9vPc/+0afeuSvfTz/J/1Ljpu8/0neQ4xHrfc/dJfO/6p19+v1+r8nUy/v/P/Wf55/en8/43802PEGwK1f79L5b2sVdnkA7DX/6zPt5+X/hXu+/PE/beD5r3nHN5jk3/b8v7lVftT435N0/ttbhal/DPVg8//N63/Umft/M/nfkGk/L/8LhyYGvnKZr/+N/o93eZVNp3T+Q+vu18j/9z1c/2/M1MvL/4t7f/rizX3d/4cwacDfsHT+V6+7X/P8H8zP/6ZMvbz8v/ONXz/xYB/9f3sfdcnm37rWp06n+N681+f/Yqb9vPx/NH7+7P4r8Px3q+t/T9L5t2bNLyX/7PP/3kz7efl/78gPlgeuwPufO+QPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwIaPxcjhEhYnUeqEwMRHCWLy+K2yNZkonp2fK1dnPrISwIy4vhtFovlydKZWnFyrVk3PTpXK5OhvCNfH2HWEwWilXa9OLpaVrL7a1JTo1V1quzcyVaiGEnXH59WF70tbMQm2xtNTcN6lzVVT6bL1aK03UV+aWw+6L5duS8vnlan3puottXV2oLi+dKlWmTy4sv3tycnIy7LnY55Fo7oHaXKXW6m1ra6NOUnc4avswzc03tB3v09X6cqVUbpbf2FanXJ0tldvq3NR2vNpyvTJbqs1Nl6vzyfGKbXXbPltz895423gYSX2+pG7WwXh5+6HjHz1++EDH9mKUzrtSX5yb3N79bwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAN64nb3vXt0MIA621QgjhYPJDFP+XcvbeF547dubwvjNTjz/2zIX5o932AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPg/O3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi5n5cowjgOwO+MbRZIKV2EPAaGiOhNwoJ+EUnlGtmxS+egTgkZFAWGER0LgiCoW1QQdAoq/4Kog8dO1aUOHQwiqBidSdld2HKh13aeB4Z3htF3vjCwO/N+3n0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYP87uWOzK2ku7Ni9t3f0hdObnNoYQRpPl/c97O0JPCOHrl5nToUFb6Knp/83k3Hj9VZPfe/vHH14fTdZef/G/xXW7Q5IOrTremaTp0NDa+29XdwafTQ8mIaSxCyGKhbEnZyohhI7YhRDFz4/zF7PP9w2xCyGK/g93u7L7X4ldCFFs3f2pr5I/49EOOv/qr89XLwyu/u5v9gjewiM669Dbk1fepW5q6b3M3/+TfPM+WA6zJ468fx67CKKZnZs6GrsGAADg3zrXJP8PW5b3719OQk93fe7/rSb/763pv3H+v+Le9htjMy2FENvqxiaz4+F9rfTZ/k4NXL39umK8p6zk/+Um/y83+X+5yf/LTf5fbvJ/Mq/k/6X0+OaexRexiyAa+T8AAJTPoeMTU9Xhkezlf9OPzvq8vi9vq3me/uDW9MCjVeNG8sP/2+FjEwcODo/k971+QHBl/Yd06ez3fL5HbVuYrJl30Wz9h96nC/PXGvx0rfqH8zeK+orrWv8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/szrEJg2AQgNH/kioTZI1kikCaRME9nMHSARzF2hmcw8oFtBDRxtJG3mvu4IPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi+T/4r/q936iLdpojUZ/V335/rUi5jaKp2vG89Du4+TvoXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmduBABgAAAECYv3Ue7QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpwAAAP//6bfLTA==")
openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x81) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x81)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000940))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$setregset(0x4205, r2, 0x3, 0xfffffffffffffffe)
ioctl$FITRIM(r0, 0x40046f01, &(0x7f0000000000)={0x1, 0x100000002})

2m17.898358786s ago: executing program 1 (id=204):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@mcast2={0xff, 0x5}, @private0, @loopback, 0x800000, 0xa, 0x0, 0x500, 0x7fffffff, 0x140192})
r1 = io_uring_setup(0xbbf, &(0x7f00000000c0)={0x0, 0xd52b, 0x10, 0x0, 0x158})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61125100000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560702000f02000067060000200000007a0a00ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5d0e14c6c946eeb44fe63275c00000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r3 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r3, 0x1000)
timer_create(0x0, 0x0, &(0x7f0000001800)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000001840)={{}, {0x77359400}}, &(0x7f0000001880))
ioctl$KDSETMODE(r2, 0x4b3a, 0x1)
ioctl$TCXONC(r2, 0x4b3a, 0x3)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xd, 0x0, &(0x7f0000000000)="259a53f271a76d2688f54c6588", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
io_uring_enter(r1, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18)

2m16.39725714s ago: executing program 1 (id=209):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000040)={0x28, r1, 0x3, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x848}, 0x2004000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x9066, 0x0, 0x3, 0x180000}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000100)=@IORING_OP_READV=@pass_iovec={0x1, 0x30, 0x2007, @fd_index=0x5, 0x0, &(0x7f0000000900)=[{&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000000240)=""/126, 0x7e}, {&(0x7f00000003c0)=""/213, 0xd5}, {&(0x7f0000000500)=""/207, 0xcf}, {&(0x7f0000000600)=""/231, 0xe7}, {&(0x7f0000000700)=""/221, 0xdd}, {&(0x7f0000000880)=""/97, 0x61}, {&(0x7f0000002100)=""/4096, 0x1000}], 0x9, 0x8, 0x0, {0x0, r8}})
io_uring_enter(r5, 0x3517, 0x0, 0x0, 0x0, 0x0)

2m15.650725981s ago: executing program 32 (id=209):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000040)={0x28, r1, 0x3, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x848}, 0x2004000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x9066, 0x0, 0x3, 0x180000}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000100)=@IORING_OP_READV=@pass_iovec={0x1, 0x30, 0x2007, @fd_index=0x5, 0x0, &(0x7f0000000900)=[{&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000000240)=""/126, 0x7e}, {&(0x7f00000003c0)=""/213, 0xd5}, {&(0x7f0000000500)=""/207, 0xcf}, {&(0x7f0000000600)=""/231, 0xe7}, {&(0x7f0000000700)=""/221, 0xdd}, {&(0x7f0000000880)=""/97, 0x61}, {&(0x7f0000002100)=""/4096, 0x1000}], 0x9, 0x8, 0x0, {0x0, r8}})
io_uring_enter(r5, 0x3517, 0x0, 0x0, 0x0, 0x0)

37.937840194s ago: executing program 4 (id=461):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0x1, 0x1, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0x5e2e80c9, 0x0, 0x0, 0x2d3e}, 0x4}}, @TCA_MPLS_LABEL={0x8, 0x5, 0x9cd2e}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}}, 0x0)

37.599623578s ago: executing program 4 (id=463):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES64=r0, @ANYRES8=r0, @ANYRES32=0x0, @ANYRESDEC=r0], 0x24}}, 0x4800)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0)
syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0xc0d0}, 0x20000811)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x1, 0x1, 0x2, 0x3, {0xa, 0x4e24, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x3}}}, 0x32)
sendmmsg$inet(r4, &(0x7f0000005f80), 0x0, 0x8040)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000040)='./bus\x00', 0x34)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
symlink(&(0x7f0000000100)='./file2\x00', &(0x7f00000001c0)='./file0/file0\x00')
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)

35.843524845s ago: executing program 4 (id=465):
r0 = inotify_init()
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x2)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006840)={0x2020, 0x0, <r3=>0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r3}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0xfffffffffffffff5, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x8, 0x80002, 0x5, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x4, 0x0, 0x6000, 0xd, 0x0, 0x0, 0x800000, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x3, {0x5, 0xfffffffffffffffc, 0xd04, 0xfffffffffffffffc, 0x0, 0x100000, {0x0, 0x8, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x4, 0x4, 0x4, 0x2000, 0x101, r4, r5, 0xf0ee, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
open(&(0x7f00000001c0)='./file0/file0\x00', 0x1802, 0x40)
close_range(r0, 0xffffffffffffffff, 0x0)

35.383477611s ago: executing program 4 (id=468):
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
sched_setaffinity(0x0, 0x6, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010)
sendmsg$NFQNL_MSG_VERDICT(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x20, 0x1, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFQA_VERDICT_HDR={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x10)
r4 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r4, 0x0)
readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000)

34.273155019s ago: executing program 4 (id=473):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x901)

33.793030053s ago: executing program 4 (id=477):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x38, 0xd, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)

17.98646526s ago: executing program 33 (id=477):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x38, 0xd, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)

9.488753248s ago: executing program 3 (id=527):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

9.257131139s ago: executing program 3 (id=528):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket(0x10, 0x800, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000007a200000900010073797a300000000009006d030073797a3200000000"], 0x7c}}, 0x6682dad6279e7a13)
syz_emit_ethernet(0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="910418166421b54fa0aaaa050004424203"], 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r4 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff)
r5 = add_key$user(&(0x7f0000000140), &(0x7f0000002840)={'syz', 0x0}, &(0x7f0000002880)="f40fc24077021c9b084c60ffc26f26db12b9e78d629870bb26edb4a5e1cc0942ed8c58ca4fe84b94a0e31ea64089ee9ca1efb52945ffebbfea11dd3d0df936a10285eccab940ab5c96cb5d81dac1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b3494250b9557f5b606a43e50874c90143034142cd5f7bd9b4dd876b97b7feb75b9138dde818a3c6b96dd80", 0xc0, 0xfffffffffffffffb)
keyctl$dh_compute(0x17, &(0x7f0000000500)={r5, r5, r4}, &(0x7f0000000b40)=""/4111, 0x100f, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000000)={{@my=0x1, 0xffffffff}, @any, 0x0, 0x0, 0x8000000, 0x0, 0x6})
close(r6)

7.709097636s ago: executing program 5 (id=531):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x1})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x62d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000100)={0xa00, 0xa00})

5.905286631s ago: executing program 0 (id=535):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)

5.896078913s ago: executing program 3 (id=536):
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00')
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r2, 0x0, 0x0, 0xfffffe04, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010725bd7000fcdbdfb3030000"], 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x24048880)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18)
r6 = syz_io_uring_setup(0x2b51, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0xfffffffc}, 0x0, &(0x7f0000000140))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r6, 0x7, &(0x7f0000000300), 0x1)
io_uring_enter(r6, 0x2d3e, 0x1, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
gettid()
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg0\x00', <r7=>0x0})
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000001c0)={0x1, 0x1, 0x40, r7, 0x2}, 0xc)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
socket(0x29, 0x80805, 0x0)

5.785955959s ago: executing program 2 (id=537):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x1, 0x123, 0x25dfdbfc, {}, [@NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x34}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

5.629046015s ago: executing program 0 (id=538):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000020c0)="2c60173382f7b0f15fe634366eb3dbdc0ed73b58f7c41d8c5cd8fce1fad3da09840bfbedf05e72f8805578d4fb4392520d5296edfa270d29a220d1d05a077bc0e48e5a4f13c0245b61f8ab1705d5fb338b0e4b9f259028615002db842fe9308888b93973e1d5fb6c09ff2a0774ff9091254aaee5000e9d94bde95d262bdc4900976a0e1917add0427d6f618d6b10c09fc9299c13f3c93856a3abb0b1413b5ef8767fc1394b157a297ad940907f33f793535dcbfa9761a0137a382fce98f9bc12cb75066f0effeb4c7c6a9a14bcac5b297710a35cb92a82a78c39daa2cdb85d89dc08da3063ce19c684dbd57607cb74173263cad59e8ec15ef9533d31373d67991a9e3c78569e6f16384b3328440ffb60281cb93ce2666870e90f54c6db37b35a64bd35705feb0e41434e869061695b668364843904944708c0ef11948f76a5970126a8fe597da9860e69e0e0f767dbd0d1d9452432d4deaad08d47867d462cabdb6b17a2d96c1c27d2b9b21076bfd3a660532173a68e4d03dad06147ac2b7c33a44796e59f66312e89ba3aa00731182431ad8f00b7896403832c6e89c53d58eff7068206cc4dddf08b865f7f20cb4138c29820604dcdb987030f8e434c3c34264ba2bc698e7ea09f582e4356e45c8e5eb13f134a548e59deb29f6e9302b82fe78109eadf5be02b9c6ed4f39fa987379de4afd59c1211cfe8453dbc137d0f58ecf99faa9b6482367eccb646d9b1717abcad6791db1450e683bc3304646ff18b3f2bcf6f4e4ec1856b9664a078ef0ef5ff402492dd0001377a3bad5b8bc05cad7da4756bc0ea71e9fe7ee8fe86c257d1d4e1b592a56aaf0a798cc366e94239d00831e80cc81ce2c53e9104c4b53a59223a8216c30e66f7f97800ce9aade450c858b25c4112d11886cd5952a45c8a3e7e89853a35900dad8fd44f5b8b94a883f2fdb38cfca2c0dbe5c5fb2e43745ec070e3fd42a6a896f5af2df3660a8f685154caf1fc0b01364939c2862e170343dccd5a71fa87bd782b125e89b5556f322d5c26c9c0582bf824d0d64e132cdaa4c358f9111e1cdea89436cf481e8634da0780ad1ca6e820b18c3a4ac286cd3b4674a2ac4ac49942fc0495b1b7fb84ded26e844631b3d6a0dbff9d62ed5748c011cb1a0250ce2b2979d16812a471076d314d98d1071b54f6ab1ac8bb55102462573574e0e16f4a094faccfe352bc1936c429f1ec721d2de843d9c643c5bfecabf93d9af825ea24ef2e8452af4ee6caa0eceeb386f8b88622f975393cc7865ffc163fb74bbc369546a6182147bd6ae733d230d57fb02e398e0eb7339e3e2f3c82fb8453c3d6f8b02e779f86b55343b5c1ba8a6c4c4f14e48014b21d81e7a577814e3bf8b41e136fb18f834c1393e776c32ec01072a207e02723aa5a9c18c3565ca14b528dd358c00fb45c275303bd9df218fcb24f009324e92b8584c156a79ea7001c4042453d0636ee", 0x415}], 0x1}}], 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

5.182973363s ago: executing program 5 (id=539):
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='0'], 0x30, 0x2001c0c0}], 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x17, 0xfa00, {0xfffffffffffffffc, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = socket(0x2, 0x80805, 0x0)
socket(0x40000000015, 0x5, 0x0)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000440)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xfffffffb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x11, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffff963}, [@call={0x85, 0x0, 0x0, 0x41}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0xe, 0x0, &(0x7f0000000300)="d2dc49aafbaf7f46cb519c2ec180", 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r4}, &(0x7f0000000200), &(0x7f00000003c0)=r5}, 0x20)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@allocspi={0x100, 0x16, 0x1, 0x0, 0x0, {{{@in6=@loopback, @in=@broadcast}, {@in=@dev, 0x0, 0x6c}, @in6=@mcast2}, 0x0, 0x7fff}, [@proto={0x5, 0x1b}]}, 0x100}}, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000400), r1, 0x0, 0x3, 0x1}}, 0x20)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c9, &(0x7f0000000100))

5.156575711s ago: executing program 2 (id=540):
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca)
sendmsg$kcm(r0, 0x0, 0x4000800)
close(r0)

5.037065861s ago: executing program 5 (id=541):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
socket$netlink(0x10, 0x3, 0xf)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000002c0)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x101000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0x40045542, &(0x7f00000001c0))

4.730146439s ago: executing program 2 (id=542):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0106000000000000000009000000240004801300010062726f6164636173742d6c696e6b00000c0007"], 0x38}}, 0x0)

3.840434807s ago: executing program 5 (id=543):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xc}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.649030511s ago: executing program 0 (id=544):
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@mcast1, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x100000000000000, 0x5}, {}, 0x0, 0x0, 0x3, 0x0, 0x2, 0x3}, {{@in=@dev, 0x0, 0x33}, 0x2, @in6=@local, 0x0, 0x4, 0x1, 0x0, 0x0, 0xfffffffe}}, 0xe4)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, &(0x7f00000000c0), 0x0)
close(0xffffffffffffffff)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)

3.535144577s ago: executing program 2 (id=545):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2}}}, 0xd)

3.314345172s ago: executing program 2 (id=546):
socket$nl_route(0x10, 0x3, 0x0)
socket$rds(0x15, 0x5, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r3, 0x84, 0x17, &(0x7f0000000000), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), r4)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
unshare(0x40400)
r9 = syz_io_uring_setup(0x31c7, &(0x7f0000000140)={0x0, 0x0, 0x80, 0x1, 0xfffdfffc}, &(0x7f0000000000), &(0x7f00000005c0))
syz_io_uring_setup(0x3c5f, &(0x7f0000000240)={0x0, 0x100081, 0x27, 0x2, 0x0, 0x0, r9}, 0x0, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b04000000000000000002000000580004802400076e3cc2186cc67f636b65740001140002800800024000000003080001400000000230000180080001006e61740024000280084eba424e4a4ffa8700024000000002080001400000000108000740000000580900010073797a30cc396dbc4b64efd9000000000900020073797a3200000000140000001100010000000000000000000000000acc36a6601dd484fe33115b445015e6e6508e9d43746918e6e809000000000000006743e6"], 0xac}}, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001480)={0x1064, r11, 0x4, 0x2, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1030, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x1004, 0x5, "8de6edcbc40d2e5bab19d4ec0a4ae8d28a96bf750fbe76e7c078ef75d7e9f9284156858e441a70452170d2f079b6504ced59b24db2ac004ef0a240728902481a5c7707cf0b77fa99f4a098987954c8794c8a9f937bbf3163a12556f5d55b565af7e1de7158246cefb734436780d4e523072fcdf0ae5004a7eb32c2bf66a74b9663f508a04c598e240870a1f172e7a30d6468119294c622ea80d2a955f3cb544da492c4beb0095c2ce87a8284a4f039724ea3bec39227da3a04fd5f9abcdbc2feb86e7e4c3a14fd30a72ec7ff3eb956de3d3bdd4f55286ae66001402f00f49931454a09c522b48f3113e96bd3a38bb85749f76a45fe745eae0a77448ff15eb5cc120a1e71ccb2080c7b44d3c408f59ff5746b3e41da3112b82036bcbe161fbeb264778ff8e9cdb85be185f1e49d83d04bd568046ca3d8e98115b3ecad4662a76f62d33e896d8503b6b472450aeb9c66cae455749827d9a3fb61c5a29db1d6e04854579b265ffbb1dffbcc003f20514d387e33cff53b523dee5b1ae29e1c55c03f383de48e2ee0a234182836156560f12d894b7f54dd118e2de6b2100ab2df002e73bd5c3f0475dcc28ecd5363af3cb020401302fadc0251bfac9e9cc38332570a65c286a76848455d16630546cbe08d31df63b00e778f8004ed78f8c070fa0ae3f209071ecbef8d9b41dd84b56fdc67175ed7498ae8071fec388cee4ecaeea6b7b551de31a8ad0ef360f4d633891b4d2fb042ade79992fe415fb9101996ecd7b8f355af8aea1695420b5fc318ee9e345fd71ff93546f3d3001e4c354e0dcab047ca6551567d0115b9b47cda2e92ea971299554454cf1fd53f0608286dde0b6ff3b1d22038a555354f1435b1ade79aa86bde13cdabe5d5e27258eb42d8291a798f8f04c1130fac985e5e2e0b5c556ca2ad99eb8b963a2f2e93d6589abf18ad7a4ea4911b8accd7aa83ce7e4b895e7b584db81350d7ff36d87de7e4c228bf0597a8011e855a1e48f108f3ef051d9768555f3932b335f76cef318fd8226ced1677f026e804fd6705b488748f6a6aa813086f4b049c9be5edda0e6dea337780c3290baa2395fa9444340867ba11933e0360f45a7314715883e812f0c08e920f4b1a069e2e8fe7fc97c3a66f27b84fd3edca15f4d1a404b355fdf6434c8ec30d88d07aa9e0e41ce9d625e7e98a1fd8d9c521fa3e34aa50cadcaf2030f80ccc8d47b7a91cb8c61106d82c5083d9cc31627e01e35fef14fb6ab70e5585d1f3c8cca64c0ce36e0cb6789d31c3f74acfdf5bf9654ff7937064ecf92ead124bdb51bffcdc0480d774f91c3ee5e2051c62865c7e785fa4182942646fd20b48711cfd5f3fc4ada45439afd2b115d449e824e37a0d3d15dbd014c1ad5c364d23d68e217257a88e9c1dc1e2159aa00759c6ee88ccdf43003ca53de20ef6339b3b84991d4aa8427c2ca743a111c1af68dbc14ee3b431e3691fac1d72fde503e1a6047e94c5960ec5b7e11b7cb99ee0fe75f60659739c7dfa694e3d06777d9bb11e68e7294aded0bd1ffbf06ff440f13ed3c801fe9f75a02e51f36bcd2309c35e74d8d9eac67f7dd74b1d6652fed8d00f14062c96e7db7768ebc9a05fa304198c0993f3621d3a37f4380f7aff12fffa19b548eae2660105232cdca453aa4c9d50102c98dca90c412fb448eaee6501b2e22aed7a6e3c560e7659c42b4419f17debea2d8a4191cb722931c451cf9899bee741f91e049708aaa3c172ff1e85b4236ec08bc04dfdf49ccc1a9de4246d45bb957c2f33e48e1505417927b4fb11442d7760f4850736472de792573009b9b9790119860ef799a2f5fa8f7d7e43d7ea3f974d9eea0ee84bd9e588a5073bbbeeedf7d1ac2215fd1bf547f86b1612e9a9cf70d79762f370eb8da4e26e4ba50c2b05104089d38f3d524d1cc1bb97d55cce4e5e29074081c1c9814b52e7edff1258112b19856b18ee2774d84b608ebed5e6ebc0cfa2993be202e115977bb19cf767aa89b3c2e2c650e74f2bc6dd142d5410f63e66440cf86b377baf0411f88e29d03387da2f0471a1cb067f645f99b5cb1521e2da37b907b6f4ff2b2e1fd5321c454201c5b75eecbf92afd21946c0bc87a7ee44b835c1eaaae3148d11cd2877bbb6781ab88f6a1c47624393608a02d01e9bf3cde05881f2e16a198518ee21d03af6263394c37be286aea6d100bc9a94798cc5c27236846d375d4f9a4ec82d51f4edbf88807181641b2661b5b69d66b497f23c11ce60cd956da5aa9165b94d2cac8ab12936c61f2ed2b4ecc94a20505a9b3fc64095daa61d387fce7ac4055ca9970c37292078eaf5b2a533a1f76f59eae41639b830971931aefced2bb966dc485cb6e560b6d5fc0cd85ffc4b64d48228199219c9f19aeb2da521a46e27b64c086d454fc9066742ac6d0b65cca270df1c98ed2ea760b419cbf11ea2529ccab1978e9b2535e807cda1e32e5cebf4ce7f793636d14b94b81a7c27f687e8e29345d3bc81c0a38da21728ebaf07416ab621d3c359068846506c14288892f8dc4a7968d1d07d1dba5ac6bd49f0e1724a44323ac1b8e211601e040cadf8d8d896528b322e387306bb903a1b76e100100d4ee7b205175b7f1441bf7e58b7f37b539ac2d4f95287b84001445caa73e724b919b55e70da02111ebccd5675ff9c7e217a2a0a131541e0c7a3d13fc02e7a5ef843483493d6a484c80a86d3408c8bbc47ffab15d9d20d0a6452ad174da344e696d079c6f12c26bcf819c96cf76603dfbaaf7a8e541fa25a53c42a297ff33d662abe8ca9d7bca478d146e90376ef56b8b39070f175aa18482ccbcc07f365f6eeb22b89877d795cf5d88143afa3c544f367a66a76e1e1bf850e777f6a6376214dc5f6c09ae3b2bf27e89a9a835f665f0c5363454ba3f7e1e1b84bc20edf2e08f7577500447df3b3585574627db2481b0f911f764f8004b9a8c8bf0bc39f5dcbf11e570e12da1c7c2c3c7d7ae4ff8a6e12de35c5a3687e32130f7f5d06e19c4b5306556ae06fec206810c1f425c7c3f80013daeaf055970d96d4999e53041cd19c3abb0fa396d9d7b3174b11099d0fc8c92725943c21525e24f6496ea1f9a2414159adb3430716e3dc6b32e81bbdf835a9a0e4fc2650a2565d8318479b20e4304dff0a0a16ce1b603734fae262a84e6d026b876723b50ee6c5f1bb3b9ca9aa914e270d7b5407af6248df46fd7b04e091b0548f73e63d63d913cad48e1c0f9f11a8c8e9cf8409faabb11ffaa4248c08e5480411ff2edf327cc58e2a47088ec533027c3280dd38d29e4195d217b32d8281a5c2090d8ee0a2299b5f221546ab0e3410dd1199ad8552504e60e33c32b92645ad84642aca939ac009cf53a6669406ccd9c8000989fd6e0779647b93858f7494279e80bd3cb0ed0adbc3d77f3d15a83642444615aca838a96eb5d8a64c4cddf567efc5ee3edc0ae09343516787ea9d20d6170ed799547dd17365b5c7c759ec1d95dc1b82ad968fcf24deaf8f928ea41deec355436d0052b47419506ebd9bbc6251c829141e2b10fc28db0639a29022ad6645b3bbfbf95a93aecf778e7c283466d84ed222552715bac79b8c5d4a1e48c62880cd556513641fd22c94408682127ecb58427823a3ab54fe754a232417c96e0f0790bad6ea84ab4d0c772ebdf8e57de692ec23f587511acb0d61da0a19247033d04b918a073c97011da2d2b80cef029bb648877b8e45d75ec5df4da0a9db740ba345fe0e7c52c2a8a369d705ccf3121f3c0d4bac80de4fc0c4268973b4976bec9d9fc53b2f63455f4f2555318631b7c762ba9695b061e0712ec19b45a917cf13befdd8c85a58361c11be35661259afff0cdcb140188791e1f2c2bca963a54024ea46fbf19ab6f7e0e5d2d5565686a431c9ae4699040ee9880eb7a473da6c599d0dd8cdabf703c31374ec0fd7b259ecd48bd9f0dd4e587e8af73e19881e6a76c0860115296b0bf225fa83a81b4354f1660c7df3a60769c1a2ea7430616ab3607dd56258473f03e388f858accc7385cbda976fb470e5d0499c084814d7678934a5f40e412ba4e999f9110adddeeaaad4c5c34332ceeee14f62d5acbfe1571d98cb8485cd90763af6f7586a03d9a88f24791ca373de40f81850d3ea7266cb00f58e51bcea847f1e20e492dbd9b7f5353c2df5aa2da5dd58ffa482646c0040bb4195d8fc681be800af41556af3556cefc45378e9c86c631b620570b724ca6dde3277001565afae1f00f55c86484b1df8ccdfa4a783acdea592bab76410eafe8cc8e977de5aeed1ad7d9f60b404f050cfd44863fc16a9b6d7960764db74f974d32f03e26373455b20cce43fbf0573743cff52dc08afacb83b2fd0d4891636bf6042b5bc4feaf4f9bbdedaf35831cc1ecd0529a7ea8084573b2cbe8e32fa3def20eb108d536baeca797f181497c43c0cce628377166368415fb135866f55fc26b1d2559319a845330db37cf7163241f3d6e8f00efda9703cca396c417c8f1aa3179f2c0ad7795d62ec4525c801a86a4b48e6887b75b271d599e92d466de6f2db66690c79863535e2755a1d47541c78f04356f7dd6077f760bf5f7521a30a9d30e0fa689876f745bf25c4066f47bdf1bd7ffe6f854bc2e68dfedfc51be6f9fce288e46a7e69e2b20f2405e1e00d96971cb6542ba40e740a4fb21fac60fcf9ae081fe393463bc47102ecf4a7c69a41865323d23be094a38bccec01bfa7fb686918b561e999d8fa4962b01b15a3a9df6dbd64920c6302e8ef03e344ec9297cb0b39776b1201759578871a4ea0ab9e09ac96dbf577ea7e31b906490376572e1fe3a7828ee8858d40cf743384abb92f8a98501817dfd386c0b0aef4b09df027789df55454be526744e9741f5331c4ee48039f6ff2369bbe485f2eac894e6ddcd810f480eeda96bca1575b6f93fb37244bd09db02b2d50ab55231632d830c907357496880edb7daaf1ed3157b6b7e0247cb32c555a170b0c55383ed77697f1e2ad88f1b30e502c6fcf4104aee372a1f59eef311fb6da14ac0fc00b0fc987464c0dd6525d4b2d270c295c0bfff474165352659ecc735b7c0ea8288d65f2645eeb64af65869bd350464352abcce15e45ef478661e59506911c84d9eef46ad37ab394def9864d09eabef0ba9c8082a5a197881bdb0dc0ce0e181e4b4f1d22b37b1f977e7fc6ded8db5dc38cd9d32e43365ca29420a7d46af13439f90aa4035934d0654af992ced32ebd7bb96c8ccfa4f622f3966bfa7dfba9d3eb9b24a0dee264be2b37238b807f89066c13d9adc59ee53219e4de570365f1f925e2b60ca4196a8d2072826f05be46f8f08831caaed046fb49294b7f781cd8271b2db86ac3f8346f3f20cbcb8164ef8569b72484fc3e999a4df9d1d83c89c6dee1a5daeedb2adf87e779559b2c306049e1f136652c11dc62c5fd19a955298d9e038a1c6a74151721f1824698350cd27453674d516c62ab1bdc222e64f5201e132cd1518b91fc443feb290e464f146f74cf94fdf3d64be0114bb0944eb1f1175fc8406cbb2ce2a29a45903bbea0070ad389213843c5e84ebda5eba15201be6c7fe88f78da92d53f9fc6bb4a82906e42eb7d9ca925baa603143d23ae8b9f32d617ac7f9cb079623bc12e2c0ed60d7f703f4b73b6734189806e6bc21218026afebac0735cdd241ccd0516c0676c3f88f331c89a153bb75e48f525708a994ed84506a99f7de2689ff7bf993e7e9f3dcb831c10904d0c9c87e67d72df90bd021c2237e59764aed26a1a71aa427abfb3d24667363d146dea134e2b58842981c87c"}, @ETHTOOL_A_BITSET_BITS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}]}]}]}, @ETHTOOL_A_LINKMODES_OURS={0x20, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x32}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '@{/.-\x00'}]}]}]}]}, 0x1064}, 0x1, 0x0, 0x0, 0xc0}, 0x8040)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYRES8=r11], 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
write$snapshot(0xffffffffffffffff, 0x0, 0x0)
ioctl$SCSI_IOCTL_DOORLOCK(0xffffffffffffffff, 0x5380)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

2.844674691s ago: executing program 0 (id=547):
r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000500)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2400000000002020207b1af8ff00000000bfa10000000000f8ffffffb702000008000000b7000000850000007000000095c24ab63b6e53c8f537dd5cd3d605ca8291d395d2c0fda5607dffbb466c39c74c20cc93b4c2c61adc21579279e8e9306bd37836858c5544ae0d564889440f312cf208cccd16b30b443209cdec216b022f7f1ab4c3f640627ca97b427b75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
accept4$unix(r5, 0x0, 0x0, 0x80800)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000004000000040000000800000000000000", @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000380)='sched_kthread_work_execute_start\x00', r1}, 0x58)
r6 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=ANY=[@ANYBLOB="02030003200000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400030c0000000005000500000000000a000000000000"], 0x100}, 0x1, 0x7}, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
syncfs(0xffffffffffffffff)
close(r0)

2.565403163s ago: executing program 5 (id=548):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
epoll_create(0x6)
socket(0x28, 0x5, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2.204596087s ago: executing program 3 (id=549):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000180))
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
sendfile(r2, r2, 0x0, 0x40000f63c)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_io_uring_setup(0x49f, &(0x7f0000000080)={0x0, 0xe7a8, 0x1, 0x7ffc, 0x8040024e}, &(0x7f0000000140)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r4, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r4, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r7, 0x104, 0x4b264316b88a3841, 0x0, 0x0)

1.576851535s ago: executing program 0 (id=550):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x1a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x3a)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r3, 0x2)

1.480285693s ago: executing program 5 (id=551):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
r5 = syz_io_uring_setup(0x24f7, &(0x7f0000000b80)={0x0, 0x7687, 0x10100, 0x3, 0x33a}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xd23}, 0x18}}, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=':'], 0x38}, 0x1, 0x0, 0x0, 0xc1}, 0x1)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r5, 0x22d3e, 0x0, 0x20, 0x0, 0x58)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x100000000)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
r9 = syz_open_dev$dri(&(0x7f0000000340), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
socket$netlink(0x10, 0x3, 0x12)
lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00')

936.811722ms ago: executing program 2 (id=552):
syz_io_uring_setup(0x4aec, &(0x7f0000000180)={0x0, 0x834b, 0x100, 0x3, 0xfffffffe}, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
getsockopt(0xffffffffffffffff, 0x111, 0x1, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000240)={0x2})
r2 = gettid()
clock_nanosleep(0x0, 0x0, &(0x7f0000000140)={0x77359400}, &(0x7f0000000040))
rt_sigqueueinfo(r2, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xfffffffe})
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9cb63bfb3b767327689aff5c000000052dd9153c444b546d981f50d55e2eba0667be1faf0af7e772f6f06236e08695e86814b0e8f63beb4699d67e603a3b193ca821e56e40f3db5c3dcd1ac9c4cf61438b2ac81d1598f4fe7d84b644c781082bf8b24325b51d0252ad90071220886dfdd08c84a65c6987c371a8e3ae6845c2cc68421011d8344e1fb0d8301e258558e1c4fd18e9ad9a5aee1bfaaa9a62c159e100da4d67cc1be11eaa29fa9ba3aec25bc5c7b86c87aebfd9", @ANYRES16=0x0, @ANYBLOB="04002cbd7000fddbdf25000000000800090004000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x14, 0x4, &(0x7f0000000080)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x4000000000000f3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}}, 0x0, 0x0, 0x0, 0x0, "a0aad30a8b1350f2461250f9e5b2fc536fd0861c38349b6f6ad8c6f78a18d8576ba9bcd139acd078c1207e7b717cd1c8e723c17364efbae56931f838ecf65aba7e990fe8a4a01b3302b27fe7c991a9cb"}, 0xd8)
getpid()
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000030000000000000000000000850000009b0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x20}, 0x94)
r6 = syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r6, 0xc0305710, &(0x7f0000000040)={0x0, 0x7ff, 0x41})
syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0xfdcd, 0x0, @wg=@data}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$kcm(r0, &(0x7f00000017c0)={&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x3f}, 0xa, 0x2}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000004c0)="7f", 0x1}], 0x1, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000084000000070000007ffffffff5000000b8"], 0xd0}, 0x480c4)

393.329031ms ago: executing program 3 (id=553):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x8, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
readv(r0, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xff1}], 0x1)

305.541948ms ago: executing program 3 (id=554):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8002, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48})
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0)
ioctl$FBIOBLANK(r3, 0x4611, 0x3)
ioctl$FBIO_WAITFORVSYNC(r3, 0x40044620, 0x0)

0s ago: executing program 0 (id=555):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRESDEC], 0x14}, 0x1, 0x8000000000000, 0x0, 0x8040}, 0x8004)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r4, 0x5608, 0x3)
r5 = socket(0x28, 0x5, 0x0)
r6 = socket$inet(0xa, 0x801, 0x84)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0x8)
r8 = accept4(r6, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r5)
sendmsg$NL80211_CMD_ASSOCIATE(r5, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r9, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_USE_MFP={0x8, 0x42, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x4}, 0x8)
setrlimit(0x8, 0x0)
listen(r5, 0x8b)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x8, 0x32, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

w USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  163.085181][ T6812] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  163.110110][ T6812] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  163.144076][ T5946] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.174136][ T6838] loop1: detected capacity change from 0 to 16
[  163.198450][ T6838] erofs (device loop1): mounted with root inode @ nid 36.
[  163.223547][ T5946] usb 3-1: config 0 descriptor??
[  163.268946][ T5946] ums-realtek 3-1:0.255: USB Mass Storage device detected
[  163.294630][ T6838] erofs (device loop1): xattr_isize 12 of nid 46 is not supported yet
[  163.521032][ T5982] usb 3-1: USB disconnect, device number 6
[  163.649017][ T6845] sp0: Synchronizing with TNC
[  163.787999][ T6845] loop0: detected capacity change from 0 to 4096
[  163.829144][ T6845] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  163.949176][ T6845] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  164.440904][ T5930] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  164.500636][ T6855] loop1: detected capacity change from 0 to 512
[  164.610354][ T5930] usb 3-1: Using ep0 maxpacket: 16
[  164.627883][ T5930] usb 3-1: config 0 interface 0 has no altsetting 0
[  164.645016][ T6855] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.180: corrupted in-inode xattr: invalid ea_ino
[  164.645148][ T5930] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  164.688286][ T5930] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  164.697476][ T5930] usb 3-1: Product: syz
[  164.718829][ T5930] usb 3-1: SerialNumber: syz
[  164.739727][ T5930] usb 3-1: config 0 descriptor??
[  164.746339][ T6862] loop4: detected capacity change from 0 to 2048
[  164.774265][ T5930] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  164.790693][ T6855] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.180: couldn't read orphan inode 15 (err -117)
[  164.801673][ T5930] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  164.850968][ T5930] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  164.872728][ T5930] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  164.958795][ T6855] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.016261][ T5930] usb 3-1: USB disconnect, device number 7
[  165.042117][ T6865] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  165.115416][ T6862] NILFS error (device loop4): nilfs_check_folio: bad entry in directory #12: rec_len is smaller than minimal - offset=1024, inode=0, rec_len=0, name_len=0
[  165.149412][ T6870] EXT4-fs (loop1): shut down requested (1)
[  165.187192][ T6862] Remounting filesystem read-only
[  165.312285][ T6856] NILFS (loop4): bad btree root (ino=16): level = 164, flags = 0x1, nchildren = 1
[  165.385358][ T6873] netlink: 277 bytes leftover after parsing attributes in process `syz.0.182'.
[  165.409786][ T5868] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.905842][ T6877] loop4: detected capacity change from 0 to 65536
[  165.963473][ T6877] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  165.974151][   T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  166.005676][ T6877] XFS (loop4): Ending clean mount
[  166.157244][   T43] usb 1-1: Using ep0 maxpacket: 8
[  166.299126][   T43] usb 1-1: config 0 has an invalid interface number: 199 but max is 0
[  166.405101][   T43] usb 1-1: config 0 has no interface number 0
[  166.443660][ T5930] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  166.454532][   T43] usb 1-1: config 0 interface 199 has no altsetting 0
[  166.568644][   T43] usb 1-1: New USB device found, idVendor=0458, idProduct=7005, bcdDevice=83.a1
[  166.658235][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.710644][ T5930] usb 2-1: Using ep0 maxpacket: 8
[  166.714436][   T43] usb 1-1: Product: syz
[  166.720721][   T43] usb 1-1: Manufacturer: syz
[  166.729649][ T5930] usb 2-1: unable to get BOS descriptor or descriptor too short
[  166.740390][   T43] usb 1-1: SerialNumber: syz
[  166.768437][ T5930] usb 2-1: unable to read config index 0 descriptor/start: -71
[  166.773282][   T43] usb 1-1: config 0 descriptor??
[  166.800435][ T5930] usb 2-1: can't read configurations, error -71
[  166.811349][ T5867] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  166.950880][ T6890] loop2: detected capacity change from 0 to 4096
[  167.005903][ T6890] ntfs3: Unknown parameter '
Ž`;|vq˜ÐpL«•̨Ӫ‡„p|ÉúU†äÕo0‹°aEŠ'
[  167.032748][   T43] gspca_main: sn9c2028-2.14.0 probing 0458:7005
[  167.086003][   T43] gspca_sn9c2028: read1 error -71
[  167.120453][   T43] gspca_sn9c2028: read1 error -71
[  167.140373][   T43] gspca_sn9c2028: read1 error -71
[  167.155862][   T43] sn9c2028 1-1:0.199: probe with driver sn9c2028 failed with error -71
[  167.190773][   T43] usb 1-1: USB disconnect, device number 15
[  167.647050][ T6896] loop2: detected capacity change from 0 to 4096
[  167.751476][ T6896] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  167.837902][ T6896] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.530472][ T5994] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  169.596069][ T6916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'.
[  169.635694][ T6916] netlink: 20 bytes leftover after parsing attributes in process `syz.2.187'.
[  169.722596][ T5994] usb 2-1: Using ep0 maxpacket: 16
[  169.775642][ T5994] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.817357][ T5994] usb 2-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00
[  169.870537][ T5994] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.975979][ T5994] usb 2-1: config 0 descriptor??
[  170.015517][ T5994] gspca_main: spca501-2.14.0 probing 0000:0000
[  170.033347][ T5860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.229224][ T6900] loop0: detected capacity change from 0 to 32768
[  170.419705][ T5994] gspca_spca501: reg write: error -71
[  170.465677][ T5994] spca501 2-1:0.0: Reg write failed for 0x02,0xa048,0x00
[  170.507598][ T5994] spca501 2-1:0.0: probe with driver spca501 failed with error -22
[  170.606278][ T5994] usb 2-1: USB disconnect, device number 12
[  170.771516][ T6900] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  170.771546][ T6900]   allowing incompatible features above 0.0: (unknown version)
[  170.771559][ T6900]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  170.907726][ T6900] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  170.935206][ T6900] bcachefs (loop0): initializing new filesystem
[  170.977457][ T6900] syz.0.190: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  171.035030][ T6900] CPU: 1 UID: 0 PID: 6900 Comm: syz.0.190 Not tainted syzkaller #0 PREEMPT(full) 
[  171.035060][ T6900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  171.035072][ T6900] Call Trace:
[  171.035080][ T6900]  <TASK>
[  171.035090][ T6900]  dump_stack_lvl+0x189/0x250
[  171.035124][ T6900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.035149][ T6900]  ? __pfx__printk+0x10/0x10
[  171.035178][ T6900]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  171.035200][ T6900]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  171.035223][ T6900]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  171.035247][ T6900]  warn_alloc+0x214/0x310
[  171.035285][ T6900]  ? __pfx_warn_alloc+0x10/0x10
[  171.035337][ T6900]  ? __get_vm_area_node+0x28f/0x300
[  171.035365][ T6900]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  171.035391][ T6900]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  171.035455][ T6900]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  171.035483][ T6900]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  171.035507][ T6900]  ? rcu_is_watching+0x15/0xb0
[  171.035537][ T6900]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  171.035556][ T6900]  __kvmalloc_node_noprof+0x674/0x910
[  171.035586][ T6900]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  171.035607][ T6900]  ? bch2_trans_put+0x961/0x1220
[  171.035643][ T6900]  bch2_fs_journal_start+0x2b9/0x12c0
[  171.035690][ T6900]  ? __pfx_bch2_fs_journal_start+0x10/0x10
[  171.035710][ T6900]  ? bch2_fs_journal_alloc+0x69/0x4e0
[  171.035746][ T6900]  ? bch2_fs_journal_alloc+0x4ac/0x4e0
[  171.035776][ T6900]  ? bch2_fs_journal_alloc+0x69/0x4e0
[  171.035811][ T6900]  bch2_fs_initialize+0xac7/0x1550
[  171.035848][ T6900]  ? _prb_read_valid+0xa07/0xa90
[  171.035878][ T6900]  ? __pfx_bch2_fs_initialize+0x10/0x10
[  171.035929][ T6900]  ? __pfx___console_unlock+0x10/0x10
[  171.035979][ T6900]  ? __mutex_trylock_common+0x153/0x260
[  171.036059][ T6900]  ? bch2_fs_start+0xa0f/0xda0
[  171.036091][ T6900]  ? up_write+0x1c4/0x420
[  171.036108][ T6900]  ? bch2_fs_start+0x5e7/0xda0
[  171.036139][ T6900]  bch2_fs_start+0xaa0/0xda0
[  171.036169][ T6900]  ? bch2_fs_start+0x5e7/0xda0
[  171.036198][ T6900]  ? __pfx_bch2_fs_start+0x10/0x10
[  171.036250][ T6900]  ? sget+0x267/0x620
[  171.036283][ T6900]  bch2_fs_get_tree+0xb39/0x1520
[  171.036350][ T6900]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  171.036411][ T6900]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  171.036453][ T6900]  vfs_get_tree+0x92/0x2b0
[  171.036484][ T6900]  do_new_mount+0x302/0xa10
[  171.036512][ T6900]  ? apparmor_capable+0x137/0x1b0
[  171.036545][ T6900]  ? __pfx_do_new_mount+0x10/0x10
[  171.036574][ T6900]  ? ns_capable+0x8a/0xf0
[  171.036607][ T6900]  ? kmem_cache_free+0x19a/0x690
[  171.036647][ T6900]  __se_sys_mount+0x313/0x410
[  171.036683][ T6900]  ? __pfx___se_sys_mount+0x10/0x10
[  171.036719][ T6900]  ? do_syscall_64+0xbe/0xfa0
[  171.036740][ T6900]  ? __x64_sys_mount+0x20/0xc0
[  171.036773][ T6900]  do_syscall_64+0xfa/0xfa0
[  171.036793][ T6900]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.036815][ T6900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.036835][ T6900]  ? clear_bhb_loop+0x60/0xb0
[  171.036860][ T6900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.036879][ T6900] RIP: 0033:0x7f689d59034a
[  171.036899][ T6900] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.036915][ T6900] RSP: 002b:00007f689e44fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  171.036937][ T6900] RAX: ffffffffffffffda RBX: 00007f689e44fef0 RCX: 00007f689d59034a
[  171.036952][ T6900] RDX: 0000200000000140 RSI: 00002000000000c0 RDI: 00007f689e44feb0
[  171.036965][ T6900] RBP: 0000200000000140 R08: 00007f689e44fef0 R09: 0000000003000094
[  171.036978][ T6900] R10: 0000000003000094 R11: 0000000000000246 R12: 00002000000000c0
[  171.036991][ T6900] R13: 00007f689e44feb0 R14: 0000000000005a84 R15: 0000200000000000
[  171.037026][ T6900]  </TASK>
[  171.037210][ T6900] Mem-Info:
[  171.578929][ T6911] loop4: detected capacity change from 0 to 262144
[  171.589894][ T6900] active_anon:46572 inactive_anon:0 isolated_anon:0
[  171.589894][ T6900]  active_file:3340 inactive_file:40030 isolated_file:0
[  171.589894][ T6900]  unevictable:768 dirty:213 writeback:0
[  171.589894][ T6900]  slab_reclaimable:11219 slab_unreclaimable:97344
[  171.589894][ T6900]  mapped:30194 shmem:41716 pagetables:1273
[  171.589894][ T6900]  sec_pagetables:0 bounce:0
[  171.589894][ T6900]  kernel_misc_reclaimable:0
[  171.589894][ T6900]  free:1276835 free_pcp:18306 free_cma:0
[  171.701944][ T6920] loop3: detected capacity change from 0 to 32768
[  171.709468][ T6920] btrfs: Deprecated parameter 'usebackuproot'
[  171.715911][ T6900] Node 0 active_anon:190988kB inactive_anon:0kB active_file:13360kB inactive_file:159916kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120776kB dirty:852kB writeback:0kB shmem:169728kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12340kB pagetables:4720kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  171.716085][ T6920] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  171.772056][ T6900] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  171.803715][ T6920] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.195 (6920)
[  171.826335][ T6900] Node 0 DMA free:15344kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  171.886866][ T6900] lowmem_reserve[]: 0 2497 2498 2498 2498
[  171.900816][ T6911] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  171.917627][ T6920] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  171.928139][ T6911] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  171.946170][ T6920] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  171.966658][ T6900] Node 0 DMA32 free:1200948kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:189536kB inactive_anon:0kB active_file:13360kB inactive_file:158596kB unevictable:1536kB writepending:852kB zspages:0kB present:3129332kB managed:2556948kB mlocked:0kB bounce:0kB free_pcp:49636kB local_pcp:39292kB free_cma:0kB
[  172.105196][ T6900] lowmem_reserve[]: 0 0 1 1 1
[  172.209770][ T6900] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  172.391633][ T6900] lowmem_reserve[]: 0 0 0 0 0
[  172.410345][ T6936] loop2: detected capacity change from 0 to 32768
[  172.464289][ T6900] Node 1 Normal free:3890784kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19936kB local_pcp:11776kB free_cma:0kB
[  172.526898][ T6936] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  172.635172][ T6900] lowmem_reserve[]: 0 0 0 0 0
[  172.670365][ T6900] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  172.698041][ T6920] BTRFS info (device loop3): allowing degraded mounts
[  172.740352][ T6920] BTRFS info (device loop3): enabling ssd optimizations
[  172.753885][ T6920] BTRFS info (device loop3): turning on sync discard
[  172.759822][ T6936] XFS (loop2): Ending clean mount
[  172.768972][ T6900] Node 0 DMA32: 2*4kB (ME) 2*8kB (UE) 2*16kB (UE) 45*32kB (UME) 40*64kB (UM) 3*128kB (UM) 9*256kB (UM) 4*512kB (UE) 7*1024kB (UE) 13*2048kB (UM) 280*4096kB (M) = 1189464kB
[  172.772824][ T6920] BTRFS info (device loop3): force clearing of disk cache
[  172.812235][ T6936] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xe0, xfs_rmapbt block 0x14 
[  172.823669][ T6936] XFS (loop2): Unmount and run xfs_repair
[  172.824545][ T6920] BTRFS info (device loop3): trying to use backup root at mount time
[  172.830592][ T6936] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  172.830633][ T6936] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  172.857489][ T6936] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80  ................
[  172.866637][ T6936] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  172.875558][ T6936] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  172.884516][ T6936] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  172.893625][ T6936] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  172.902593][ T6936] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  172.910338][ T6900] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 
[  172.911989][ T6936] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  172.911994][ T6900] 0*64kB 
[  172.912215][ T6936] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x14 len 4 error 74
[  172.918403][ T6900] 0*128kB 
[  172.960502][ T6936] XFS (loop2): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  172.978541][ T6936] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  173.009077][ T6900] 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  173.015852][ T6900] Node 1 Normal: 176*4kB (U) 58*8kB (UME) 51*16kB (UME) 51*32kB (UME) 15*64kB (UME) 7*128kB (UME) 3*256kB (ME) 5*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3890784kB
[  173.037874][ T5860] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  173.060289][ T6900] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  173.094260][ T5863] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  173.103342][ T6900] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  173.121098][ T6900] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  173.173382][ T6900] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  173.237940][ T6900] 92473 total pagecache pages
[  173.247341][ T6900] 0 pages in swap cache
[  173.272555][ T6900] Free swap  = 124996kB
[  173.287233][ T6900] Total swap = 124996kB
[  173.300483][ T6900] 2097051 pages RAM
[  173.304335][ T6900] 0 pages HighMem/MovableOnly
[  173.359887][ T6900] 425852 pages reserved
[  173.380180][ T6900] 0 pages cma reserved
[  173.393885][ T6932] loop1: detected capacity change from 0 to 32768
[  173.460125][ T6900] bcachefs (loop0): error reallocating journal fifo (32768 open entries)
[  173.474565][ T6965] netlink: 'syz.3.199': attribute type 21 has an invalid length.
[  173.497072][ T6932] (syz.1.196,6932,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  173.533280][ T6900] bcachefs (loop0): bch2_fs_initialize(): error ENOMEM_journal_pin_fifo
[  173.543978][ T6932] (syz.1.196,6932,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  173.558686][ T6966] netlink: 'syz.3.199': attribute type 21 has an invalid length.
[  173.580309][ T6900] bcachefs (loop0): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo
[  173.589992][ T6900] bcachefs (loop0): shutting down
[  173.600452][ T6966] netlink: 128 bytes leftover after parsing attributes in process `syz.3.199'.
[  173.600844][ T6965] netlink: 128 bytes leftover after parsing attributes in process `syz.3.199'.
[  173.609493][ T6966] netlink: 'syz.3.199': attribute type 4 has an invalid length.
[  173.702442][ T6966] netlink: 'syz.3.199': attribute type 5 has an invalid length.
[  173.762446][ T6932] (syz.1.196,6932,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  173.792779][ T6900] bcachefs (loop0): shutdown complete
[  173.824010][ T6966] netlink: 3 bytes leftover after parsing attributes in process `syz.3.199'.
[  173.874082][ T6932] JBD2: Ignoring recovery information on journal
[  173.913744][ T6965] netlink: 'syz.3.199': attribute type 4 has an invalid length.
[  173.936876][ T6965] netlink: 'syz.3.199': attribute type 3 has an invalid length.
[  173.984166][ T6965] netlink: 3 bytes leftover after parsing attributes in process `syz.3.199'.
[  174.098474][ T6932] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  174.590429][ T6932] (syz.1.196,6932,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb68296ec, computed 0xec517776. Applying ECC.
[  175.072124][ T6932] (syz.1.196,6932,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xb68296ec, computed 0xccb4c126
[  175.171394][ T6932] (syz.1.196,6932,0):ocfs2_group_extend:326 ERROR: status = -5
[  175.394719][ T5868] (syz-executor,5868,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC.
[  175.429887][ T5868] (syz-executor,5868,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae
[  175.463851][ T5868] (syz-executor,5868,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[  175.494539][ T5868] (syz-executor,5868,0):ocfs2_quota_read:201 ERROR: status = -5
[  175.855173][ T5868] Quota error (device loop1): find_tree_dqentry: Can't read quota tree block 5
[  176.011247][ T5868] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  176.030519][ T5868] (syz-executor,5868,0):ocfs2_acquire_dquot:890 ERROR: status = -5
[  176.537655][ T6982] ocfs2: Unmounting device (7,1) on (node local)
[  176.731886][ T1005] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.085764][ T1005] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.296303][ T1005] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.308609][ T7001] loop2: detected capacity change from 0 to 32768
[  177.352341][ T7001] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.206 (7001)
[  177.410338][ T7001] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  177.440393][ T7001] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  177.493866][ T1005] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.650787][ T7001] BTRFS info (device loop2): rebuilding free space tree
[  177.794230][ T7001] BTRFS info (device loop2): allowing degraded mounts
[  177.840628][ T7001] BTRFS info (device loop2): enabling ssd optimizations
[  177.849758][ T7001] BTRFS info (device loop2): enabling free space tree
[  177.937151][ T7001] BTRFS info (device loop2): force clearing of disk cache
[  177.983797][ T7001] BTRFS info (device loop2): use zstd compression, level 3
[  178.062714][ T7001] BTRFS info (device loop2): max_inline set to 0
[  178.260905][ T1005] bridge_slave_1: left allmulticast mode
[  178.285893][ T1005] bridge_slave_1: left promiscuous mode
[  178.323036][ T1005] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.453510][ T1005] bridge_slave_0: left allmulticast mode
[  178.492413][ T1005] bridge_slave_0: left promiscuous mode
[  178.499444][ T1005] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.508810][ T5982] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  178.597522][ T5860] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.743534][ T7028] loop3: detected capacity change from 0 to 131072
[  178.765545][ T7028] F2FS-fs (loop3): Segment count (31) mismatch with total segments from devices (0)
[  178.767310][ T6900] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo
[  178.775179][ T7028] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  178.787839][ T7028] F2FS-fs (loop3): invalid crc value
[  178.844653][ T5982] usb 5-1: Using ep0 maxpacket: 32
[  178.880013][ T5982] usb 5-1: config 0 interface 0 has no altsetting 0
[  178.995538][ T5982] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  179.010295][ T5982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.025180][ T7028] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  179.041169][ T5982] usb 5-1: Product: syz
[  179.045388][ T5982] usb 5-1: Manufacturer: syz
[  179.050003][ T5982] usb 5-1: SerialNumber: syz
[  179.058123][ T5982] usb 5-1: config 0 descriptor??
[  179.068513][ T7028] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  179.077096][ T7028] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  179.415831][ T5982] gs_usb 5-1:0.0: Couldn't send data format (err=-71)
[  179.433117][ T5982] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[  179.511506][   T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  179.521757][ T5982] usb 5-1: USB disconnect, device number 6
[  179.531096][   T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  179.539124][   T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  179.548168][   T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  179.556146][   T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  179.613374][ T7042] F2FS-fs (loop3): f2fs_fill_dentries: corrupted namelen=24152, run fsck to fix.
[  180.336798][ T7055] loop4: detected capacity change from 0 to 256
[  180.381933][ T7055] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  181.740372][   T52] Bluetooth: hci3: command tx timeout
[  182.832181][ T1005] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  182.869955][ T1005] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  183.100016][ T1005] bond0 (unregistering): Released all slaves
[  183.792398][   T52] Bluetooth: hci3: command tx timeout
[  184.413961][ T7097] loop3: detected capacity change from 0 to 512
[  184.486495][ T7097] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.642531][   T43] libceph: connect (1)[c::]:6789 error -101
[  184.649044][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  184.850340][ T5862] libceph: connect (1)[c::]:6789 error -101
[  184.856504][ T5862] libceph: mon0 (1)[c::]:6789 connect error
[  184.932835][   T43] libceph: connect (1)[c::]:6789 error -101
[  184.950634][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  185.155355][ T7117] netlink: 44 bytes leftover after parsing attributes in process `syz.0.227'.
[  185.162313][ T5946] libceph: connect (1)[c::]:6789 error -101
[  185.221541][ T5946] libceph: mon0 (1)[c::]:6789 connect error
[  185.244735][ T1005] hsr_slave_0: left promiscuous mode
[  185.265122][ T1005] hsr_slave_1: left promiscuous mode
[  185.275503][ T1005] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.287472][ T7103] ceph: No mds server is up or the cluster is laggy
[  185.316452][ T1005] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.342169][ T7106] ceph: No mds server is up or the cluster is laggy
[  185.354706][ T7117] loop0: detected capacity change from 0 to 1024
[  185.375730][ T1005] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.419073][ T7117] EXT4-fs: test_dummy_encryption requires encrypt feature
[  185.436798][ T1005] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.504777][ T7117] overlayfs: failed to resolve './bus': -2
[  185.700564][ T1005] veth1_macvtap: left promiscuous mode
[  185.706562][ T1005] veth0_macvtap: left promiscuous mode
[  185.754814][ T1005] veth1_vlan: left promiscuous mode
[  185.791247][ T1005] veth0_vlan: left promiscuous mode
[  185.870588][   T52] Bluetooth: hci3: command tx timeout
[  186.753711][ T5863] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.863257][ T7113] loop2: detected capacity change from 0 to 32768
[  186.949006][ T7113] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  187.102684][ T7113] XFS (loop2): Ending clean mount
[  187.176401][ T7113] XFS (loop2): Quotacheck needed: Please wait.
[  187.251758][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  187.362743][ T7113] XFS (loop2): Quotacheck: Done.
[  187.421613][   T43] usb 4-1: Using ep0 maxpacket: 32
[  187.428182][ T5994] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  187.443897][ T5860] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  187.444821][   T43] usb 4-1: config 0 has an invalid interface number: 35 but max is 0
[  187.464047][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  187.475349][   T43] usb 4-1: config 0 has no interface number 0
[  187.481758][   T43] usb 4-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  187.498214][   T43] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  187.508000][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.516155][   T43] usb 4-1: Product: syz
[  187.520766][   T43] usb 4-1: Manufacturer: syz
[  187.525633][   T43] usb 4-1: SerialNumber: syz
[  187.558640][   T43] usb 4-1: config 0 descriptor??
[  187.606147][   T43] radio-si470x 4-1:0.35: could not find interrupt in endpoint
[  187.622988][ T5994] usb 1-1: Using ep0 maxpacket: 16
[  187.631527][ T5994] usb 1-1: unable to get BOS descriptor or descriptor too short
[  187.639385][   T43] radio-si470x 4-1:0.35: probe with driver radio-si470x failed with error -5
[  187.658668][ T5994] usb 1-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.681302][ T5994] usb 1-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024
[  187.710968][ T5994] usb 1-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  187.728645][ T5994] usb 1-1: config 1 interface 0 has no altsetting 0
[  187.739808][ T5994] usb 1-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  187.758642][ T5994] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.775034][ T5994] usb 1-1: Product: syz
[  187.780077][ T5994] usb 1-1: Manufacturer: syz
[  187.794233][   T43] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  187.802417][ T5994] usb 1-1: SerialNumber: syz
[  187.821011][ T7146] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  187.911962][ T7155] loop2: detected capacity change from 0 to 2048
[  187.950813][   T52] Bluetooth: hci3: command tx timeout
[  187.978289][ T7155] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.999229][ T7138] loop3: detected capacity change from 0 to 256
[  188.047483][ T5994] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input6
[  188.148523][ T7138] FAT-fs (loop3): Directory bread(block 64) failed
[  188.155814][ T7138] FAT-fs (loop3): Directory bread(block 65) failed
[  188.164211][ T7138] FAT-fs (loop3): Directory bread(block 66) failed
[  188.171581][ T7138] FAT-fs (loop3): Directory bread(block 67) failed
[  188.179474][ T7138] FAT-fs (loop3): Directory bread(block 68) failed
[  188.190062][ T7138] FAT-fs (loop3): Directory bread(block 69) failed
[  188.207269][ T7138] FAT-fs (loop3): Directory bread(block 70) failed
[  188.216042][ T7138] FAT-fs (loop3): Directory bread(block 71) failed
[  188.226387][ T7138] FAT-fs (loop3): Directory bread(block 72) failed
[  188.234375][ T7138] FAT-fs (loop3): Directory bread(block 73) failed
[  188.499425][ T7138] syz.3.230: attempt to access beyond end of device
[  188.499425][ T7138] loop3: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  188.612048][ T7138] syz.3.230: attempt to access beyond end of device
[  188.612048][ T7138] loop3: rw=0, sector=1160, nr_sectors = 4 limit=256
[  188.723230][   T30] audit: type=1800 audit(1757904697.775:84): pid=7138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.230" name="file0" dev="loop3" ino=1048607 res=0 errno=0
[  188.743376][    C1] vkms_vblank_simulate: vblank timer overrun
[  188.835485][   T43] radio-raremono 4-1:0.35: V4L2 device registered as radio48
[  188.846885][ T1005] team0 (unregistering): Port device team_slave_1 removed
[  189.027085][   T43] usb 4-1: USB disconnect, device number 6
[  189.057886][ T1005] team0 (unregistering): Port device team_slave_0 removed
[  189.069547][   T43] radio-raremono 4-1:0.35: Thanko's Raremono disconnected
[  189.866521][   T43] usb 1-1: USB disconnect, device number 16
[  189.872640][    C1] bcm5974 1-1:1.0: trackpad urb failed: -19
[  189.885916][ T7160] bcm5974 1-1:1.0: could not read from device
[  190.711258][ T7166] loop3: detected capacity change from 0 to 32768
[  190.739085][ T7166] (syz.3.235,7166,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  190.779330][ T7166] (syz.3.235,7166,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  190.877464][ T7166] JBD2: Ignoring recovery information on journal
[  191.355522][ T7166] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  191.640811][ T5994] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  191.786903][   T30] audit: type=1800 audit(1757904700.835:85): pid=7166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.235" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=16978 res=0 errno=0
[  191.866660][ T5994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  191.909472][ T7040] chnl_net:caif_netlink_parms(): no params data found
[  191.909574][ T5994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 238, changing to 7
[  191.959494][ T7166] syz.3.235 (7166) used greatest stack depth: 18328 bytes left
[  191.980893][ T5994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 50512, setting to 1024
[  192.059127][ T5994] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  192.101393][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.110651][ T5994] usb 5-1: Product: syz
[  192.116091][ T5994] usb 5-1: Manufacturer: syz
[  192.118356][ T5863] ocfs2: Unmounting device (7,3) on (node local)
[  192.127979][ T5994] usb 5-1: SerialNumber: syz
[  192.172481][ T5994] usb 5-1: config 0 descriptor??
[  192.233061][ T5994] usb 5-1: 0:0 : invalid sync pipe. bmAttributes e5, bLength 9, bSynchAddress d7
[  192.393090][ T5860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.658894][ T5994] usb 5-1: USB disconnect, device number 7
[  192.770484][ T7040] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.777679][ T7040] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.838252][ T7040] bridge_slave_0: entered allmulticast mode
[  192.866314][ T7040] bridge_slave_0: entered promiscuous mode
[  192.909538][ T7040] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.939890][ T7040] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.973473][ T7040] bridge_slave_1: entered allmulticast mode
[  193.022711][ T7040] bridge_slave_1: entered promiscuous mode
[  193.158676][ T7205] loop3: detected capacity change from 0 to 64
[  193.696067][ T5946] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  193.699700][ T7040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  193.912483][ T7040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  194.020465][ T5946] usb 1-1: Using ep0 maxpacket: 8
[  194.039302][ T5946] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  194.091083][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.099149][ T5946] usb 1-1: Product: syz
[  194.114228][ T5946] usb 1-1: Manufacturer: syz
[  194.118878][ T5946] usb 1-1: SerialNumber: syz
[  194.148648][ T7040] team0: Port device team_slave_0 added
[  194.149915][ T5946] usb 1-1: config 0 descriptor??
[  194.174502][ T7040] team0: Port device team_slave_1 added
[  194.219714][ T7212] loop6: detected capacity change from 0 to 1
[  194.259339][ T7212] Dev loop6: unable to read RDB block 1
[  194.290480][ T7212]  loop6: unable to read partition table
[  194.296429][ T7212] loop6: partition table beyond EOD, truncated
[  194.337833][ T7199] loop2: detected capacity change from 0 to 32768
[  194.350428][ T7212] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  194.366382][ T5946] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  194.405697][ T7040] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.413173][ T7040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.445736][ T7040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  194.449096][ T7199] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  194.459243][ T7040] batman_adv: batadv0: Adding interface: batadv_slave_1
[  194.482841][ T7040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.510617][ T7040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  194.534500][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.544025][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  194.607451][ T7203] trusted_key: encrypted_key: master key parameter 'MSÁÖ†ü‹Fáû0‘HŠÁÊÿÌc' is invalid
[  194.679915][ T7199] XFS (loop2): Ending clean mount
[  194.711597][ T7199] XFS (loop2): Quotacheck needed: Please wait.
[  194.819342][ T7199] XFS (loop2): Quotacheck: Done.
[  194.999302][ T5860] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  195.051297][ T7040] hsr_slave_0: entered promiscuous mode
[  195.061674][ T7040] hsr_slave_1: entered promiscuous mode
[  195.068185][ T7040] debugfs: 'hsr0' already exists in 'hsr'
[  195.130499][ T7040] Cannot create hsr debugfs directory
[  195.479235][ T5946] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  195.579889][ T5946] usb 1-1: USB disconnect, device number 17
[  195.931547][ T7225] loop4: detected capacity change from 0 to 40427
[  195.942643][ T7240] loop3: detected capacity change from 0 to 8
[  195.970022][ T7240] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  196.003413][ T7225] F2FS-fs (loop4): invalid crc value
[  196.035918][ T6255] udevd[6255]: incorrect cramfs checksum on /dev/loop3
[  196.084411][ T7240] netlink: 'syz.3.246': attribute type 20 has an invalid length.
[  196.168757][ T6255] udevd[6255]: incorrect cramfs checksum on /dev/loop3
[  196.191755][ T7240] cramfs: Error -5 while decompressing!
[  196.214277][ T7240] cramfs: ffffffff99e1f858(16)->ffff888055bdb000(4096)
[  196.295045][ T7240] cramfs: Error -5 while decompressing!
[  196.326519][ T7240] cramfs: ffffffff99e1f858(16)->ffff888055bdb000(4096)
[  196.535451][ T7225] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  196.579533][ T7225] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  196.602267][   T30] audit: type=1800 audit(1757904705.615:86): pid=7240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.246" name="file0" dev="loop3" ino=244 res=0 errno=0
[  196.672143][ T7255] bridge0: port 3(netdevsim0) entered blocking state
[  196.679716][ T7255] bridge0: port 3(netdevsim0) entered disabled state
[  196.690872][ T7255] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  196.811696][ T7255] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  196.824077][ T7255] bridge0: port 3(netdevsim0) entered blocking state
[  196.831137][ T7255] bridge0: port 3(netdevsim0) entered forwarding state
[  196.890276][ T7255] vxcan1: tx address claim with different name
[  197.523141][ T5867] syz-executor: attempt to access beyond end of device
[  197.523141][ T5867] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  197.611006][ T5867] CPU: 1 UID: 0 PID: 5867 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  197.611036][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  197.611048][ T5867] Call Trace:
[  197.611056][ T5867]  <TASK>
[  197.611065][ T5867]  dump_stack_lvl+0x189/0x250
[  197.611106][ T5867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.611132][ T5867]  ? __pfx_queue_work_on+0x10/0x10
[  197.611160][ T5867]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  197.611191][ T5867]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  197.611226][ T5867]  f2fs_handle_critical_error+0x37c/0x540
[  197.611266][ T5867]  f2fs_write_end_io+0x886/0xb60
[  197.611310][ T5867]  __submit_merged_bio+0x27a/0x6a0
[  197.611348][ T5867]  __submit_merged_write_cond+0x255/0x530
[  197.611386][ T5867]  f2fs_write_data_pages+0x261d/0x3000
[  197.611449][ T5867]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  197.611486][ T5867]  ? __lock_acquire+0xab9/0xd20
[  197.611543][ T5867]  ? __mod_zone_page_state+0xd7/0x140
[  197.611585][ T5867]  ? folios_put_refs+0x58b/0x670
[  197.611625][ T5867]  ? __lock_acquire+0xab9/0xd20
[  197.611662][ T5867]  ? do_raw_spin_lock+0x121/0x290
[  197.611697][ T5867]  ? do_raw_spin_unlock+0x122/0x240
[  197.611720][ T5867]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  197.611742][ T5867]  do_writepages+0x32e/0x550
[  197.611783][ T5867]  ? do_raw_spin_unlock+0x122/0x240
[  197.611811][ T5867]  filemap_fdatawrite+0x199/0x240
[  197.611839][ T5867]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  197.611925][ T5867]  ? do_raw_spin_unlock+0x122/0x240
[  197.611953][ T5867]  f2fs_sync_dirty_inodes+0x31f/0x830
[  197.611994][ T5867]  f2fs_write_checkpoint+0x93e/0x2440
[  197.612016][ T5867]  ? __lock_acquire+0xab9/0xd20
[  197.612077][ T5867]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  197.612169][ T5867]  kill_f2fs_super+0x2cc/0x6d0
[  197.612211][ T5867]  ? __pfx_kill_f2fs_super+0x10/0x10
[  197.612256][ T5867]  ? shrinker_free+0x2ce/0x3e0
[  197.612283][ T5867]  deactivate_locked_super+0xbc/0x130
[  197.612312][ T5867]  cleanup_mnt+0x425/0x4c0
[  197.612335][ T5867]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.612361][ T5867]  task_work_run+0x1d4/0x260
[  197.612390][ T5867]  ? __pfx_task_work_run+0x10/0x10
[  197.612412][ T5867]  ? __x64_sys_umount+0x122/0x160
[  197.612443][ T5867]  ? exit_to_user_mode_loop+0x40/0x130
[  197.612475][ T5867]  exit_to_user_mode_loop+0xec/0x130
[  197.612502][ T5867]  do_syscall_64+0x2bd/0xfa0
[  197.612523][ T5867]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.612544][ T5867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.612565][ T5867]  ? clear_bhb_loop+0x60/0xb0
[  197.612590][ T5867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.612609][ T5867] RIP: 0033:0x7f9cf0b8fed7
[  197.612628][ T5867] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  197.612644][ T5867] RSP: 002b:00007ffe8acd4688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  197.612666][ T5867] RAX: 0000000000000000 RBX: 00007f9cf0c11c05 RCX: 00007f9cf0b8fed7
[  197.612680][ T5867] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8acd4740
[  197.612692][ T5867] RBP: 00007ffe8acd4740 R08: 0000000000000000 R09: 0000000000000000
[  197.612704][ T5867] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe8acd57d0
[  197.612718][ T5867] R13: 00007f9cf0c11c05 R14: 0000000000030350 R15: 00007ffe8acd5810
[  197.612756][ T5867]  </TASK>
[  197.612765][ T5867] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  197.821425][ T7040] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  197.972719][ T5946] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  197.997370][ T7040] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  198.051826][ T7040] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  198.088333][ T7234] loop0: detected capacity change from 0 to 32768
[  198.090436][ T7040] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  198.155231][ T5946] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.177844][ T5946] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  198.224310][ T5946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.270710][ T5946] usb 4-1: config 0 descriptor??
[  198.289328][ T5946] pwc: Askey VC010 type 2 USB webcam detected.
[  198.422296][ T7040] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.469040][ T7040] 8021q: adding VLAN 0 to HW filter on device team0
[  198.544857][ T7234] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  198.544886][ T7234]   allowing incompatible features above 0.0: (unknown version)
[  198.544899][ T7234]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  198.598751][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.598904][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  198.602558][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.602693][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.685131][ T5946] pwc: recv_control_msg error -32 req 02 val 2b00
[  198.687397][ T5946] pwc: recv_control_msg error -32 req 02 val 2700
[  198.695830][ T5946] pwc: recv_control_msg error -32 req 02 val 2c00
[  198.707415][ T5946] pwc: recv_control_msg error -32 req 04 val 1000
[  198.708391][ T5946] pwc: recv_control_msg error -32 req 04 val 1300
[  198.709116][ T5946] pwc: recv_control_msg error -32 req 04 val 1400
[  198.710030][ T5946] pwc: recv_control_msg error -32 req 02 val 2000
[  198.712308][ T5946] pwc: recv_control_msg error -32 req 02 val 2100
[  198.713197][ T5946] pwc: recv_control_msg error -32 req 04 val 1500
[  198.985471][ T5946] pwc: recv_control_msg error -71 req 02 val 2400
[  198.988046][ T5946] pwc: recv_control_msg error -71 req 02 val 2600
[  198.988575][ T5946] pwc: recv_control_msg error -71 req 02 val 2900
[  198.989056][ T5946] pwc: recv_control_msg error -71 req 02 val 2800
[  198.989751][ T5946] pwc: recv_control_msg error -71 req 04 val 1100
[  198.990372][ T5946] pwc: recv_control_msg error -71 req 04 val 1200
[  198.993659][ T5946] pwc: Registered as video103.
[  198.996353][ T5946] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8
[  199.022553][ T5946] usb 4-1: USB disconnect, device number 7
[  199.415835][ T7295] loop4: detected capacity change from 0 to 128
[  199.459589][ T7295] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  199.553041][ T7234] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  199.592274][ T7234] bcachefs (loop0): initializing new filesystem
[  199.628569][ T7295] hpfs: filesystem error: improperly stopped
[  199.660321][ T7295] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  199.665979][ T7234] warn_alloc: 1 callbacks suppressed
[  199.665996][ T7234] syz.0.245: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null)
[  199.668100][ T7295] hpfs: You really don't want any checks? You are crazy...
[  199.726461][ T7234] ,cpuset=/,mems_allowed=0-1
[  199.751967][ T7040] 8021q: adding VLAN 0 to HW filter on device batadv0
[  199.758657][ T7234] CPU: 0 UID: 0 PID: 7234 Comm: syz.0.245 Not tainted syzkaller #0 PREEMPT(full) 
[  199.758685][ T7234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  199.758696][ T7234] Call Trace:
[  199.758703][ T7234]  <TASK>
[  199.758712][ T7234]  dump_stack_lvl+0x189/0x250
[  199.758744][ T7234]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.758765][ T7234]  ? __pfx__printk+0x10/0x10
[  199.758792][ T7234]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  199.758812][ T7234]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  199.758834][ T7234]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  199.758857][ T7234]  warn_alloc+0x214/0x310
[  199.758894][ T7234]  ? __pfx_warn_alloc+0x10/0x10
[  199.758934][ T7234]  ? __get_vm_area_node+0x28f/0x300
[  199.758962][ T7234]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  199.758986][ T7234]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  199.759048][ T7234]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  199.759081][ T7234]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  199.759106][ T7234]  ? rcu_is_watching+0x15/0xb0
[  199.759136][ T7234]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  199.759156][ T7234]  __kvmalloc_node_noprof+0x674/0x910
[  199.759185][ T7234]  ? bch2_fs_journal_start+0x2b9/0x12c0
[  199.759206][ T7234]  ? bch2_trans_put+0x961/0x1220
[  199.759242][ T7234]  bch2_fs_journal_start+0x2b9/0x12c0
[  199.759288][ T7234]  ? __pfx_bch2_fs_journal_start+0x10/0x10
[  199.759308][ T7234]  ? bch2_fs_journal_alloc+0x69/0x4e0
[  199.759352][ T7234]  ? bch2_fs_journal_alloc+0x4ac/0x4e0
[  199.759380][ T7234]  ? bch2_fs_journal_alloc+0x69/0x4e0
[  199.759411][ T7234]  bch2_fs_initialize+0xac7/0x1550
[  199.759444][ T7234]  ? _prb_read_valid+0xa07/0xa90
[  199.759469][ T7234]  ? __pfx_bch2_fs_initialize+0x10/0x10
[  199.759514][ T7234]  ? __pfx___console_unlock+0x10/0x10
[  199.759558][ T7234]  ? __mutex_trylock_common+0x153/0x260
[  199.759624][ T7234]  ? bch2_fs_start+0xa0f/0xda0
[  199.759652][ T7234]  ? up_write+0x1c4/0x420
[  199.759668][ T7234]  ? bch2_fs_start+0x5e7/0xda0
[  199.759695][ T7234]  bch2_fs_start+0xaa0/0xda0
[  199.759721][ T7234]  ? bch2_fs_start+0x5e7/0xda0
[  199.759747][ T7234]  ? __pfx_bch2_fs_start+0x10/0x10
[  199.759793][ T7234]  ? sget+0x267/0x620
[  199.759822][ T7234]  bch2_fs_get_tree+0xb39/0x1520
[  199.759874][ T7234]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  199.759917][ T7234]  ? kfree+0x4d/0x6d0
[  199.759945][ T7234]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  199.759980][ T7234]  vfs_get_tree+0x92/0x2b0
[  199.760008][ T7234]  do_new_mount+0x302/0xa10
[  199.760032][ T7234]  ? apparmor_capable+0x137/0x1b0
[  199.760060][ T7234]  ? __pfx_do_new_mount+0x10/0x10
[  199.760087][ T7234]  ? ns_capable+0x8a/0xf0
[  199.760115][ T7234]  ? kmem_cache_free+0x19a/0x690
[  199.760152][ T7234]  __se_sys_mount+0x313/0x410
[  199.760191][ T7234]  ? __pfx___se_sys_mount+0x10/0x10
[  199.760222][ T7234]  ? do_syscall_64+0xbe/0xfa0
[  199.760241][ T7234]  ? __x64_sys_mount+0x20/0xc0
[  199.760270][ T7234]  do_syscall_64+0xfa/0xfa0
[  199.760288][ T7234]  ? lockdep_hardirqs_on+0x9c/0x150
[  199.760307][ T7234]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.760331][ T7234]  ? clear_bhb_loop+0x60/0xb0
[  199.760354][ T7234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.760371][ T7234] RIP: 0033:0x7f689d59034a
[  199.760389][ T7234] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.760404][ T7234] RSP: 002b:00007f689e44fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  199.760425][ T7234] RAX: ffffffffffffffda RBX: 00007f689e44fef0 RCX: 00007f689d59034a
[  199.760438][ T7234] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 00007f689e44feb0
[  199.760450][ T7234] RBP: 0000200000000140 R08: 00007f689e44fef0 R09: 0000000002800000
[  199.760463][ T7234] R10: 0000000002800000 R11: 0000000000000246 R12: 0000200000000100
[  199.760475][ T7234] R13: 00007f689e44feb0 R14: 0000000000005a7a R15: 0000200000000000
[  199.760507][ T7234]  </TASK>
[  199.779517][ T7234] Mem-Info:
[  199.779536][ T7234] active_anon:17478 inactive_anon:0 isolated_anon:0
[  199.779536][ T7234]  active_file:3405 inactive_file:40013 isolated_file:0
[  199.779536][ T7234]  unevictable:768 dirty:127 writeback:0
[  199.779536][ T7234]  slab_reclaimable:11206 slab_unreclaimable:96564
[  199.779536][ T7234]  mapped:33233 shmem:12457 pagetables:1266
[  199.779536][ T7234]  sec_pagetables:0 bounce:0
[  199.779536][ T7234]  kernel_misc_reclaimable:0
[  199.779536][ T7234]  free:1312519 free_pcp:13729 free_cma:0
[  199.779591][ T7234] Node 0 active_anon:69912kB inactive_anon:0kB active_file:13620kB inactive_file:159848kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132932kB dirty:508kB writeback:0kB shmem:48292kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12336kB pagetables:4892kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  199.779645][ T7234] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  199.779695][ T7234] Node 0 DMA free:15344kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  199.779758][ T7234] lowmem_reserve[]: 0 2497 2498 2498 2498
[  199.779810][ T7234] Node 0 DMA32 free:1343940kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:69860kB inactive_anon:0kB active_file:13620kB inactive_file:158528kB unevictable:1536kB writepending:504kB zspages:0kB present:3129332kB managed:2556948kB mlocked:0kB bounce:0kB free_pcp:34972kB local_pcp:8784kB free_cma:0kB
[  200.050921][ T7295] hpfs: hpfs_map_sector(): read error
[  200.083852][ T7234] lowmem_reserve[]:
[  200.260272][ T7295] hpfs: code page support is disabled
[  200.263596][ T7234]  0
[  200.350667][ T7295] hpfs: hpfs_map_4sectors(): unaligned read
[  200.359362][ T7295] hpfs: hpfs_map_4sectors(): unaligned read
[  200.387754][ T7295] hpfs: filesystem error: unable to find root dir
[  200.670903][ T7234]  0 1 1 1
[  200.674252][ T7234] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:4kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  200.949475][   T43] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  201.032237][ T7234] lowmem_reserve[]: 0 0 0 0 0
[  201.037040][ T7234] Node 1 Normal free:3890784kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19936kB local_pcp:8160kB free_cma:0kB
[  201.058146][ T7289] hpfs: hpfs_map_4sectors(): unaligned read
[  201.113470][ T7234] lowmem_reserve[]: 0 0 0 0 0
[  201.118274][ T7234] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  201.158923][ T7234] Node 0 DMA32: 9*4kB (UME) 98*8kB (UM) 57*16kB (ME) 130*32kB (UM) 241*64kB (UME) 247*128kB (UME) 145*256kB (UME) 90*512kB (UM) 31*1024kB (UME) 13*2048kB (UM) 280*4096kB (M) = 1341380kB
[  201.184409][ T7234] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  201.200131][ T7234] Node 1 Normal: 176*4kB (U) 58*8kB (UME) 51*16kB (UME) 51*32kB (UME) 15*64kB (UME) 7*128kB (UME) 3*256kB (ME) 5*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3890784kB
[  201.248400][   T43] usb 4-1: Using ep0 maxpacket: 16
[  201.257357][   T43] usb 4-1: too many configurations: 21, using maximum allowed: 8
[  201.266478][ T7234] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  201.278721][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.303910][   T43] usb 4-1: config 0 has no interface number 0
[  201.322009][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.329666][ T7234] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  201.354539][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.385409][ T7234] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  201.398355][   T43] usb 4-1: config 0 has no interface number 0
[  201.422192][ T7234] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  201.440777][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.461472][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.469610][   T43] usb 4-1: config 0 has no interface number 0
[  201.481921][ T7234] 56231 total pagecache pages
[  201.486634][ T7234] 0 pages in swap cache
[  201.498389][ T7234] Free swap  = 124996kB
[  201.503231][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.510078][ T7234] Total swap = 124996kB
[  201.516261][ T7234] 2097051 pages RAM
[  201.520110][ T7234] 0 pages HighMem/MovableOnly
[  201.526592][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.536699][ T7234] 425852 pages reserved
[  201.542112][   T43] usb 4-1: config 0 has no interface number 0
[  201.548536][ T7234] 0 pages cma reserved
[  201.570359][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.588954][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.602511][ T7234] bcachefs (loop0): error reallocating journal fifo (32768 open entries)
[  201.620625][   T43] usb 4-1: config 0 has no interface number 0
[  201.627005][ T7234] bcachefs (loop0): bch2_fs_initialize(): error ENOMEM_journal_pin_fifo
[  201.635813][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.649392][ T7234] bcachefs (loop0): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo
[  201.662849][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.685223][   T43] usb 4-1: config 0 has no interface number 0
[  201.701149][ T7234] bcachefs (loop0): shutting down
[  201.718095][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.753747][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.774010][   T43] usb 4-1: config 0 has no interface number 0
[  201.780148][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.809840][ T7234] bcachefs (loop0): shutdown complete
[  201.822932][ T7040] veth0_vlan: entered promiscuous mode
[  201.832583][   T43] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.842667][   T43] usb 4-1: config 0 has no interface number 0
[  201.848807][   T43] usb 4-1: config 0 interface 51 has no altsetting 0
[  201.886583][ T7040] veth1_vlan: entered promiscuous mode
[  201.895689][   T43] usb 4-1: New USB device found, idVendor=1004, idProduct=f4aa, bcdDevice=4f.d5
[  201.908685][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.932358][   T43] usb 4-1: Product: syz
[  201.939442][   T43] usb 4-1: Manufacturer: syz
[  201.958919][ T7320] tmpfs: Bad value for 'mpol'
[  201.963935][   T43] usb 4-1: SerialNumber: syz
[  201.978526][   T43] usb 4-1: config 0 descriptor??
[  202.003304][   T43] usb 4-1: bad CDC descriptors
[  202.017902][ T7040] veth0_macvtap: entered promiscuous mode
[  202.090456][ T7040] veth1_macvtap: entered promiscuous mode
[  202.127076][ T7040] batman_adv: batadv0: Interface activated: batadv_slave_0
[  202.147537][ T7040] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.182403][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.199690][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.239298][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.266822][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.456042][ T1005] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.472147][ T1005] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.568061][  T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.599222][  T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.734966][ T7315] loop4: detected capacity change from 0 to 40427
[  202.779982][ T7315] F2FS-fs (loop4): invalid crc value
[  203.816559][ T5982] usb 4-1: USB disconnect, device number 8
[  203.873593][ T7338] loop5: detected capacity change from 0 to 16
[  203.923490][ T7338] erofs (device loop5): mounted with root inode @ nid 36.
[  204.023788][ T7315] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  204.089432][ T7315] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  204.176607][ T7315] overlay: Unknown parameter 'defcontext'
[  204.194718][ T7315] syz.4.252: attempt to access beyond end of device
[  204.194718][ T7315] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  204.210069][ T5982] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  204.253546][ T5867] syz-executor: attempt to access beyond end of device
[  204.253546][ T5867] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  204.278877][ T5867] CPU: 1 UID: 0 PID: 5867 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  204.278910][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  204.278926][ T5867] Call Trace:
[  204.278935][ T5867]  <TASK>
[  204.278945][ T5867]  dump_stack_lvl+0x189/0x250
[  204.278984][ T5867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.279010][ T5867]  ? __pfx_queue_work_on+0x10/0x10
[  204.279039][ T5867]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  204.279062][ T5867]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  204.279104][ T5867]  f2fs_handle_critical_error+0x37c/0x540
[  204.279147][ T5867]  f2fs_write_end_io+0x886/0xb60
[  204.279197][ T5867]  __submit_merged_bio+0x27a/0x6a0
[  204.279226][ T5867]  ? up_write+0x1c4/0x420
[  204.279257][ T5867]  __submit_merged_write_cond+0x44c/0x530
[  204.279300][ T5867]  f2fs_sync_node_pages+0x1479/0x15e0
[  204.279361][ T5867]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  204.279445][ T5867]  ? f2fs_write_checkpoint+0xdad/0x2440
[  204.279477][ T5867]  ? up_write+0x1c4/0x420
[  204.279507][ T5867]  f2fs_write_checkpoint+0xdde/0x2440
[  204.279529][ T5867]  ? __lock_acquire+0xab9/0xd20
[  204.279603][ T5867]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  204.279716][ T5867]  kill_f2fs_super+0x2cc/0x6d0
[  204.279750][ T5867]  ? __pfx_kill_f2fs_super+0x10/0x10
[  204.279803][ T5867]  ? shrinker_free+0x2ce/0x3e0
[  204.279832][ T5867]  deactivate_locked_super+0xbc/0x130
[  204.279863][ T5867]  cleanup_mnt+0x425/0x4c0
[  204.279889][ T5867]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.279917][ T5867]  task_work_run+0x1d4/0x260
[  204.279948][ T5867]  ? __pfx_task_work_run+0x10/0x10
[  204.279971][ T5867]  ? __x64_sys_umount+0x122/0x160
[  204.280006][ T5867]  ? exit_to_user_mode_loop+0x40/0x130
[  204.280040][ T5867]  exit_to_user_mode_loop+0xec/0x130
[  204.280069][ T5867]  do_syscall_64+0x2bd/0xfa0
[  204.280090][ T5867]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.280113][ T5867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.280133][ T5867]  ? clear_bhb_loop+0x60/0xb0
[  204.280161][ T5867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.280186][ T5867] RIP: 0033:0x7f9cf0b8fed7
[  204.280206][ T5867] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  204.280224][ T5867] RSP: 002b:00007ffe8acd4688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  204.280247][ T5867] RAX: 0000000000000000 RBX: 00007f9cf0c11c05 RCX: 00007f9cf0b8fed7
[  204.280262][ T5867] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8acd4740
[  204.280275][ T5867] RBP: 00007ffe8acd4740 R08: 0000000000000000 R09: 0000000000000000
[  204.280287][ T5867] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe8acd57d0
[  204.280300][ T5867] R13: 00007f9cf0c11c05 R14: 0000000000031da5 R15: 00007ffe8acd5810
[  204.280346][ T5867]  </TASK>
[  204.553162][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.587937][ T5867] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  204.595918][ T5867] CPU: 0 UID: 0 PID: 5867 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  204.595946][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  204.595957][ T5867] Call Trace:
[  204.595966][ T5867]  <TASK>
[  204.595974][ T5867]  dump_stack_lvl+0x189/0x250
[  204.596010][ T5867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.596036][ T5867]  ? __pfx_queue_work_on+0x10/0x10
[  204.596065][ T5867]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  204.596088][ T5867]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  204.596125][ T5867]  f2fs_handle_critical_error+0x37c/0x540
[  204.596175][ T5867]  f2fs_write_end_io+0x886/0xb60
[  204.596221][ T5867]  __submit_merged_bio+0x27a/0x6a0
[  204.596249][ T5867]  ? up_write+0x1c4/0x420
[  204.596278][ T5867]  __submit_merged_write_cond+0x44c/0x530
[  204.596318][ T5867]  f2fs_sync_node_pages+0x1479/0x15e0
[  204.596373][ T5867]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  204.596439][ T5867]  ? f2fs_write_checkpoint+0xdad/0x2440
[  204.596469][ T5867]  ? up_write+0x1c4/0x420
[  204.596497][ T5867]  f2fs_write_checkpoint+0xdde/0x2440
[  204.596519][ T5867]  ? __lock_acquire+0xab9/0xd20
[  204.596584][ T5867]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  204.596682][ T5867]  kill_f2fs_super+0x2cc/0x6d0
[  204.596714][ T5867]  ? __pfx_kill_f2fs_super+0x10/0x10
[  204.596761][ T5867]  ? shrinker_free+0x2ce/0x3e0
[  204.596790][ T5867]  deactivate_locked_super+0xbc/0x130
[  204.596819][ T5867]  cleanup_mnt+0x425/0x4c0
[  204.596843][ T5867]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.596870][ T5867]  task_work_run+0x1d4/0x260
[  204.596900][ T5867]  ? __pfx_task_work_run+0x10/0x10
[  204.596922][ T5867]  ? __x64_sys_umount+0x122/0x160
[  204.596955][ T5867]  ? exit_to_user_mode_loop+0x40/0x130
[  204.596987][ T5867]  exit_to_user_mode_loop+0xec/0x130
[  204.597014][ T5867]  do_syscall_64+0x2bd/0xfa0
[  204.597036][ T5867]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.597057][ T5867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.597077][ T5867]  ? clear_bhb_loop+0x60/0xb0
[  204.597104][ T5867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.597123][ T5867] RIP: 0033:0x7f9cf0b8fed7
[  204.597144][ T5867] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  204.597173][ T5867] RSP: 002b:00007ffe8acd4688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  204.597197][ T5867] RAX: 0000000000000000 RBX: 00007f9cf0c11c05 RCX: 00007f9cf0b8fed7
[  204.597212][ T5867] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8acd4740
[  204.597224][ T5867] RBP: 00007ffe8acd4740 R08: 0000000000000000 R09: 0000000000000000
[  204.597238][ T5867] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe8acd57d0
[  204.597252][ T5867] R13: 00007f9cf0c11c05 R14: 0000000000031da5 R15: 00007ffe8acd5810
[  204.597293][ T5867]  </TASK>
[  204.597302][ T5867] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  204.780284][ T5982] usb 4-1: Using ep0 maxpacket: 16
[  204.802156][ T5862] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  204.847595][ T7344] netlink: 104 bytes leftover after parsing attributes in process `syz.2.257'.
[  204.919524][ T5982] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  204.946705][ T5982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.954939][ T5982] usb 4-1: Product: syz
[  204.959407][ T5982] usb 4-1: Manufacturer: syz
[  204.965402][ T5982] usb 4-1: SerialNumber: syz
[  204.974373][ T5982] usb 4-1: config 0 descriptor??
[  205.027644][ T5862] usb 6-1: No LPM exit latency info found, disabling LPM.
[  205.036767][ T5862] usb 6-1: config 1 interface 0 altsetting 60 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  205.070292][ T5862] usb 6-1: config 1 interface 0 has no altsetting 0
[  205.107810][ T5862] usb 6-1: string descriptor 0 read error: -22
[  205.121534][ T5862] usb 6-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40
[  205.148246][ T5862] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.403938][ T7351] binder: 7347:7351 ioctl c018620c 200000000240 returned -1
[  205.802892][ T5982] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  206.060574][ T7234] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo
[  206.133431][ T7340] loop3: detected capacity change from 0 to 40427
[  206.160665][ T7340] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  206.176351][ T7340] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  206.277290][ T7340] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  206.474164][ T5862] usbhid 6-1:1.0: can't add hid device: -71
[  206.539706][ T5862] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  206.588664][ T7340] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  206.588883][ T5862] usb 6-1: USB disconnect, device number 2
[  206.664542][ T7340] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  206.697137][ T7340] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  206.956328][ T7369] syz_tun: entered promiscuous mode
[  206.962684][ T7369] macvlan2: entered promiscuous mode
[  206.968371][ T7369] macvlan2: entered allmulticast mode
[  206.977298][ T7369] syz_tun: entered allmulticast mode
[  207.003187][ T7369] team0: Device macvlan2 is up. Set it down before adding it as a team port
[  207.055138][ T7369] syz_tun: left allmulticast mode
[  207.063802][ T7369] syz_tun: left promiscuous mode
[  207.200818][   T10] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  207.620624][ T5982] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  207.690393][   T43] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  207.912979][   T43] usb 3-1: device descriptor read/64, error -71
[  208.231620][ T5982] usb 1-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 96, changing to 10
[  208.274612][ T5982] usb 1-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 1024
[  208.291516][ T5982] usb 1-1: config 1 interface 0 altsetting 6 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  208.309858][ T5982] usb 1-1: config 1 interface 0 has no altsetting 0
[  208.336541][ T5982] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  208.355478][ T5982] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.373299][ T5982] usb 1-1: Product: syz
[  208.377527][   T10] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  208.377556][   T10] usb 5-1: config 179 has no interface number 0
[  208.377602][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  208.389213][ T5982] usb 1-1: Manufacturer: syz
[  208.410264][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  208.431160][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  208.450738][ T5982] usb 1-1: SerialNumber: syz
[  208.458177][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8
[  208.478941][ T7364] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  208.495226][   T10] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  208.501525][   T43] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  208.529018][   T10] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  208.569514][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.629227][ T7368] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  208.640509][ T7368] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  208.652023][   T43] usb 3-1: device descriptor read/64, error -71
[  208.718541][ T5862] usb 4-1: USB disconnect, device number 9
[  208.778418][   T43] usb usb3-port1: attempt power cycle
[  208.923676][ T5982] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  209.028573][ T5982] usb 1-1: USB disconnect, device number 18
[  209.072713][ T7385] input: syz1 as /devices/virtual/input/input9
[  209.140511][   T43] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  209.151494][ T7368] loop4: detected capacity change from 0 to 2048
[  209.229806][   T43] usb 3-1: device descriptor read/8, error -71
[  209.287698][ T7368] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  209.437992][   T30] audit: type=1800 audit(1757904718.475:87): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.259" name="file1" dev="loop4" ino=1368 res=0 errno=0
[  209.500399][   T43] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  209.517566][ T5982] usb 5-1: USB disconnect, device number 8
[  209.517575][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  209.532659][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  209.591093][   T43] usb 3-1: device descriptor read/8, error -71
[  209.737378][ T7392] loop3: detected capacity change from 0 to 512
[  209.898560][ T7392] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.940679][   T43] usb usb3-port1: unable to enumerate USB device
[  209.953642][ T7392] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  211.051141][ T7409] loop5: detected capacity change from 0 to 16
[  211.296947][ T7409] erofs (device loop5): mounted with root inode @ nid 36.
[  211.305178][ T7410] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  211.400933][ T7403] syz.5.273: attempt to access beyond end of device
[  211.400933][ T7403] loop5: rw=0, sector=103079215104, nr_sectors = 8 limit=16
[  211.705218][ T7403] syz.5.273: attempt to access beyond end of device
[  211.705218][ T7403] loop5: rw=0, sector=103079215104, nr_sectors = 8 limit=16
[  211.991157][ T7420] 9pnet: Unknown protocol version 9
[  212.028744][ T5880] Bluetooth: hci1: command 0x0406 tx timeout
[  212.030863][ T5879] Bluetooth: hci2: command 0x0406 tx timeout
[  212.034972][ T5880] Bluetooth: hci0: command 0x0406 tx timeout
[  212.046586][ T5879] Bluetooth: hci4: command 0x0406 tx timeout
[  212.121709][ T7392] EXT4-fs error (device loop3): ext4_get_first_dir_block:3529: inode #12: comm syz.3.267: Attempting to read directory block (0) that is past i_size (3)
[  212.152870][ T7392] EXT4-fs (loop3): Remounting filesystem read-only
[  212.495909][  T149] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  212.496110][ T5863] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.520816][  T149] Quota error (device loop3): write_blk: dquota write failed
[  212.529309][  T149] Quota error (device loop3): free_dqentry: Can't write quota data block 5
[  212.691748][ T7431] loop4: detected capacity change from 0 to 64
[  212.848215][   T30] audit: type=1800 audit(1757904721.885:88): pid=7431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.280" name="file1" dev="loop4" ino=21 res=0 errno=0
[  212.950410][   T30] audit: type=1326 audit(1757904721.995:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7427 comm="syz.4.280" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9cf0b8eba9 code=0x0
[  214.551349][ T3551] Bluetooth: hci5: Frame reassembly failed (-84)
[  214.692819][ T5937] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  214.866207][ T5937] usb 4-1: Using ep0 maxpacket: 32
[  214.897649][ T5937] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.971053][ T5937] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  214.988607][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.036925][ T5937] usb 4-1: Product: syz
[  215.036952][ T5937] usb 4-1: Manufacturer: syz
[  215.036969][ T5937] usb 4-1: SerialNumber: syz
[  215.042399][ T5937] usb 4-1: config 0 descriptor??
[  215.107040][ T7423] loop0: detected capacity change from 0 to 32768
[  215.108640][ T5937] cdc_ether 4-1:0.0: skipping garbage
[  215.180112][ T5937] usb 4-1: bad CDC descriptors
[  215.222219][ T5937] usb 4-1: unsupported MDLM descriptors
[  216.382196][ T7474] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  216.430408][   T43] usb 4-1: USB disconnect, device number 10
[  216.510558][   T52] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  218.318852][ T7512] tty tty28: ldisc open failed (-12), clearing slot 27
[  219.469704][ T7528] loop0: detected capacity change from 0 to 32768
[  220.191498][ T7528] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,background_compression=lz4,wide_macs,no_splitbrain_check,recovery_pass_last=accounting_read,nojournal_transaction_names,read_only,version_upgrade=incompatible,no_data_io
[  220.191562][ T7528]   allowing incompatible features above 0.0: (unknown version)
[  220.191608][ T7528]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  220.637360][ T7528] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  220.651812][ T7528] bcachefs (loop0): invalid bkey in superblock btree=lru level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 131072 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0
[  220.652340][ T7528]   size != 0, deleting
[  220.672418][    C1] vkms_vblank_simulate: vblank timer overrun
[  220.815071][ T7528] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  220.823815][ T7528] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[  220.823815][ T7528] 
[  221.393398][ T7552] netlink: 4696 bytes leftover after parsing attributes in process `syz.5.304'.
[  221.454516][ T7552] netlink: 4696 bytes leftover after parsing attributes in process `syz.5.304'.
[  221.468150][ T7523] loop3: detected capacity change from 0 to 40427
[  221.563267][ T7528] bcachefs (loop0): btree node read error at btree alloc level 0/0
[  221.563340][ T7528]   u64s 11 type btree_ptr_v2 283673999966207:U64_MAX:U32_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  221.563358][ T7528]   loop0 node offset 0/24 bset u64s 0: incorrect max key SPOS_MAX
[  221.563371][ T7528]   loop0 btree validate error
[  221.563383][ T7528]   flagging btree alloc lost data
[  221.563394][ T7528]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  221.563408][ T7528]   running recovery pass check_allocations (8), currently at recovery_pass_empty (0)
[  221.563422][ T7528]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  221.563435][ T7528]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  221.563449][ T7528]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  221.563463][ T7528]   ret btree_node_read_err_bad_node
[  221.686347][ T7523] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-4)
[  221.969279][ T7559] netlink: 8 bytes leftover after parsing attributes in process `syz.2.305'.
[  222.059291][ T7528] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  223.030704][ T7528] bcachefs (loop0): check_topology... done
[  223.063890][ T7528] bcachefs (loop0): accounting_read... done
[  223.106044][ T7528] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[  223.168034][ T7528] bcachefs (loop0): done starting filesystem
[  223.277529][ T7545] loop4: detected capacity change from 0 to 32768
[  223.362231][ T7545] OCFS2: ERROR (device loop4): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #65: OCFS2_VALID_FL not set
[  223.439272][ T7545] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  223.476849][ T5859] bcachefs (loop0): shutting down
[  223.488480][ T7545] OCFS2: File system is now read-only.
[  223.508118][ T7545] (syz.4.302,7545,1):ocfs2_read_locked_inode:597 ERROR: status = -30
[  223.550544][ T7545] (syz.4.302,7545,1):ocfs2_init_global_system_inodes:444 ERROR: status = -30
[  223.559412][ T7545] (syz.4.302,7545,1):ocfs2_init_global_system_inodes:476 ERROR: status = -30
[  223.617996][ T7545] (syz.4.302,7545,1):ocfs2_initialize_super:2196 ERROR: status = -30
[  223.644895][ T7545] (syz.4.302,7545,1):ocfs2_fill_super:1177 ERROR: status = -30
[  223.763680][ T5859] bcachefs (loop0): shutdown complete
[  223.940466][ T5994] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  224.026321][ T7566] netlink: 'syz.5.308': attribute type 29 has an invalid length.
[  224.073520][ T7566] netlink: 'syz.5.308': attribute type 29 has an invalid length.
[  224.106258][ T7566] netlink: 500 bytes leftover after parsing attributes in process `syz.5.308'.
[  224.128213][ T5994] usb 5-1: Using ep0 maxpacket: 16
[  224.146558][ T5994] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  224.174632][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  224.200368][ T5994] usb 5-1: Product: syz
[  224.218909][ T5994] usb 5-1: Manufacturer: syz
[  224.235929][ T5994] usb 5-1: SerialNumber: syz
[  224.263419][ T5994] usb 5-1: config 0 descriptor??
[  224.536000][   T10] usb 5-1: USB disconnect, device number 9
[  224.760351][ T7578] loop3: detected capacity change from 0 to 32768
[  224.810359][ T7578] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  224.841416][ T7578] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  224.995501][ T7578] XFS (loop3): Ending clean mount
[  225.019044][ T7605] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  225.026906][ T7578] XFS (loop3): Quotacheck needed: Please wait.
[  225.106849][ T7605] bridge_slave_0: left allmulticast mode
[  225.128878][ T7605] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.218341][ T7578] XFS (loop3): Quotacheck: Done.
[  225.678320][ T5863] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  225.762871][ T7622] process 'syz.5.314' launched './file0' with NULL argv: empty string added
[  226.419484][ T7623] loop4: detected capacity change from 0 to 8
[  226.490611][ T5994] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  226.700405][ T5994] usb 3-1: Using ep0 maxpacket: 8
[  226.749989][ T5994] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  226.810274][ T5994] usb 3-1: config 1 interface 0 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0
[  226.850614][ T5994] usb 3-1: config 1 interface 0 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0
[  226.881382][ T5994] usb 3-1: config 1 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  226.930245][ T5994] usb 3-1: config 1 interface 0 has no altsetting 0
[  226.960371][ T5994] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  226.989945][ T5994] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.030309][ T5994] usb 3-1: Product: syz
[  227.040530][ T5994] usb 3-1: Manufacturer: syz
[  227.055374][ T5994] usb 3-1: SerialNumber: syz
[  227.085841][ T5994] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  227.123341][ T5994] usbtest 3-1:1.0: couldn't get endpoints, -22
[  227.150052][ T5994] usbtest 3-1:1.0: probe with driver usbtest failed with error -22
[  227.186451][ T7635] loop0: detected capacity change from 0 to 2048
[  227.229062][ T7635] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  227.271827][ T7635] NILFS (loop0): too large filesystem blocksize: 2 ^ 347668480 KiB
[  227.373498][ T6300] udevd[6300]: incorrect nilfs2 checksum on /dev/loop0
[  227.569412][ T5862] usb 3-1: USB disconnect, device number 12
[  227.931627][ T5862] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  228.004088][ T7645] loop3: detected capacity change from 0 to 2048
[  228.066161][ T7645] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  228.094063][ T7651] loop4: detected capacity change from 0 to 256
[  228.110664][ T5862] usb 3-1: Using ep0 maxpacket: 8
[  228.134918][ T5862] usb 3-1: unable to get BOS descriptor or descriptor too short
[  228.167113][ T5862] usb 3-1: config 2 has an invalid interface number: 194 but max is 0
[  228.197495][ T5862] usb 3-1: config 2 has no interface number 0
[  228.214334][ T5862] usb 3-1: config 2 interface 194 has no altsetting 0
[  228.248024][ T5862] usb 3-1: New USB device found, idVendor=06cb, idProduct=0002, bcdDevice=22.b9
[  228.277119][ T5862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.299221][ T7651] FAT-fs (loop4): Directory bread(block 64) failed
[  228.320338][ T7651] FAT-fs (loop4): Directory bread(block 65) failed
[  228.357303][ T5862] usb 3-1: Product: syz
[  228.357556][ T7651] FAT-fs (loop4): Directory bread(block 66) failed
[  228.377318][ T7651] FAT-fs (loop4): Directory bread(block 67) failed
[  228.384162][ T5862] usb 3-1: Manufacturer: syz
[  228.387595][ T7651] FAT-fs (loop4): Directory bread(block 68) failed
[  228.388791][ T5862] usb 3-1: SerialNumber: syz
[  228.399564][ T7651] FAT-fs (loop4): Directory bread(block 69) failed
[  228.407823][ T7651] FAT-fs (loop4): Directory bread(block 70) failed
[  228.429456][ T7651] FAT-fs (loop4): Directory bread(block 71) failed
[  228.458693][ T7651] FAT-fs (loop4): Directory bread(block 72) failed
[  228.512142][ T7651] FAT-fs (loop4): Directory bread(block 73) failed
[  228.588124][ T5982] IPVS: starting estimator thread 0...
[  228.757012][ T7659] IPVS: using max 27 ests per chain, 64800 per kthread
[  230.682972][   T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  230.902841][   T10] usb 5-1: Using ep0 maxpacket: 32
[  230.907205][ T7675] netlink: 36 bytes leftover after parsing attributes in process `syz.5.329'.
[  231.009019][ T5862] usb 3-1: selecting invalid altsetting 1
[  231.026016][ T5862] usb 3-1: Can not set alternate setting to 1, error: -22
[  231.029346][ T7658] loop0: detected capacity change from 0 to 32768
[  231.033855][ T5862] synaptics_usb 3-1:2.194: probe with driver synaptics_usb failed with error -22
[  231.049984][   T10] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  231.058338][   T10] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  231.072599][ T5862] usb 3-1: USB disconnect, device number 13
[  231.079582][   T10] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  231.139224][   T10] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  231.183019][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  231.239234][   T10] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  231.277112][   T10] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  231.425995][ T7658] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  231.480239][   T10] usb 5-1: Product: syz
[  231.506495][ T7688] fuse: Bad value for 'fd'
[  231.523874][   T10] usb 5-1: Manufacturer: syz
[  231.554088][   T10] usb 5-1: SerialNumber: syz
[  231.577601][   T10] usb 5-1: config 0 descriptor??
[  231.612943][   T10] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  231.692159][ T7658] XFS (loop0): Ending clean mount
[  231.739785][ T7658] XFS (loop0): Quotacheck needed: Please wait.
[  231.762393][   T10] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  232.679335][ T7658] XFS (loop0): Quotacheck: Done.
[  232.845797][ T5859] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  232.846410][ T5937] usb 5-1: USB disconnect, device number 10
[  232.855145][    C0] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[  232.885743][ T7668] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  232.947367][ T5937] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  233.488111][ T7709] FAULT_INJECTION: forcing a failure.
[  233.488111][ T7709] name failslab, interval 1, probability 0, space 0, times 1
[  233.505645][ T7709] CPU: 0 UID: 0 PID: 7709 Comm: syz.0.336 Not tainted syzkaller #0 PREEMPT(full) 
[  233.505674][ T7709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  233.505686][ T7709] Call Trace:
[  233.505695][ T7709]  <TASK>
[  233.505704][ T7709]  dump_stack_lvl+0x189/0x250
[  233.505734][ T7709]  ? __pfx____ratelimit+0x10/0x10
[  233.505757][ T7709]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.505782][ T7709]  ? __pfx__printk+0x10/0x10
[  233.505806][ T7709]  ? rcu_is_watching+0x15/0xb0
[  233.505836][ T7709]  ? trace_contention_end+0x39/0x120
[  233.505868][ T7709]  should_fail_ex+0x414/0x560
[  233.505895][ T7709]  should_failslab+0xa8/0x100
[  233.505916][ T7709]  kmem_cache_alloc_noprof+0x74/0x6e0
[  233.505942][ T7709]  ? skb_clone+0x212/0x3a0
[  233.505973][ T7709]  skb_clone+0x212/0x3a0
[  233.506002][ T7709]  __netlink_deliver_tap+0x404/0x850
[  233.506039][ T7709]  ? netlink_deliver_tap+0x2e/0x1b0
[  233.506061][ T7709]  netlink_deliver_tap+0x19c/0x1b0
[  233.506085][ T7709]  netlink_dump+0x92b/0xe90
[  233.506118][ T7709]  ? __pfx_netlink_dump+0x10/0x10
[  233.506159][ T7709]  ? netlink_recvmsg+0x5b2/0xa30
[  233.506189][ T7709]  ? kmem_cache_free+0x19a/0x690
[  233.506225][ T7709]  netlink_recvmsg+0x676/0xa30
[  233.506260][ T7709]  ? __pfx_netlink_recvmsg+0x10/0x10
[  233.506287][ T7709]  ? aa_sock_msg_perm+0xf1/0x1d0
[  233.506310][ T7709]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  233.506329][ T7709]  ? security_socket_recvmsg+0x7e/0x2e0
[  233.506354][ T7709]  ? __pfx_netlink_recvmsg+0x10/0x10
[  233.506376][ T7709]  sock_recvmsg+0x22c/0x270
[  233.506406][ T7709]  ____sys_recvmsg+0x1c9/0x460
[  233.506442][ T7709]  ? __pfx_____sys_recvmsg+0x10/0x10
[  233.506489][ T7709]  ? import_iovec+0x74/0xa0
[  233.506522][ T7709]  ___sys_recvmsg+0x1b5/0x510
[  233.506554][ T7709]  ? __pfx____sys_recvmsg+0x10/0x10
[  233.506609][ T7709]  ? __fget_files+0x3a0/0x420
[  233.506643][ T7709]  do_recvmmsg+0x307/0x770
[  233.506680][ T7709]  ? __pfx_do_recvmmsg+0x10/0x10
[  233.506718][ T7709]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  233.506765][ T7709]  __x64_sys_recvmmsg+0x190/0x240
[  233.506795][ T7709]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  233.506826][ T7709]  ? do_syscall_64+0xbe/0xfa0
[  233.506854][ T7709]  do_syscall_64+0xfa/0xfa0
[  233.506873][ T7709]  ? lockdep_hardirqs_on+0x9c/0x150
[  233.506895][ T7709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.506915][ T7709]  ? clear_bhb_loop+0x60/0xb0
[  233.506939][ T7709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.506958][ T7709] RIP: 0033:0x7f689d58eba9
[  233.506978][ T7709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.506995][ T7709] RSP: 002b:00007f689e450038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  233.507018][ T7709] RAX: ffffffffffffffda RBX: 00007f689d7d5fa0 RCX: 00007f689d58eba9
[  233.507032][ T7709] RDX: 0000000000000004 RSI: 00002000000004c0 RDI: 0000000000000003
[  233.507044][ T7709] RBP: 00007f689e450090 R08: 0000000000000000 R09: 0000000000000000
[  233.507057][ T7709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  233.507068][ T7709] R13: 00007f689d7d6038 R14: 00007f689d7d5fa0 R15: 00007ffc8659fa48
[  233.507102][ T7709]  </TASK>
[  234.275198][ T7714] tty tty20: ldisc open failed (-12), clearing slot 19
[  234.285013][ T7720] overlay: Unknown parameter 'euid>00000000000000000000'
[  234.392004][ T7720] overlayfs: failed to clone lowerpath
[  234.790622][   T30] audit: type=1326 audit(1757904743.835:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7710 comm="syz.2.338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ab758eba9 code=0x7fc00000
[  234.929244][ T7731] loop4: detected capacity change from 0 to 2048
[  235.321800][ T7728] input: syz1 as /devices/virtual/input/input10
[  236.434012][ T7742] overlayfs: conflicting lowerdir path
[  236.525085][ T7744] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  236.660307][ T5937] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  236.745796][ T7749] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2644373649 (5288747298 ns) > initial count (3236094574 ns). Using initial count to start timer.
[  236.800552][ T5994] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  236.823600][ T5937] usb 3-1: config 9 has an invalid interface number: 32 but max is 0
[  236.843525][ T5937] usb 3-1: config 9 has no interface number 0
[  236.859853][ T5937] usb 3-1: config 9 interface 32 altsetting 9 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  236.880262][ T5937] usb 3-1: config 9 interface 32 has no altsetting 0
[  236.900545][ T5937] usb 3-1: New USB device found, idVendor=0421, idProduct=01d0, bcdDevice=44.b3
[  236.910144][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.944002][ T5937] usb 3-1: Product: syz
[  236.948321][ T5937] usb 3-1: Manufacturer: syz
[  236.963396][ T5937] usb 3-1: SerialNumber: syz
[  237.005901][ T5994] usb 5-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  237.043653][ T5994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.079068][ T5994] usb 5-1: config 0 descriptor??
[  237.112641][ T5994] gspca_main: sunplus-2.14.0 probing 055f:c420
[  237.233156][ T7745] loop0: detected capacity change from 0 to 32768
[  237.252852][ T5937] usb 3-1: USB disconnect, device number 14
[  237.279568][ T7745] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.348 (7745)
[  237.339916][ T7745] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  237.375126][ T7745] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  237.568287][ T7745] BTRFS info (device loop0): enabling ssd optimizations
[  237.602587][ T7745] BTRFS info (device loop0): enabling free space tree
[  237.673317][ T7770] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  238.262019][ T5994] gspca_sunplus: reg_w_riv err -110
[  238.472209][ T5994] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[  238.625880][ T5859] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  238.688762][ T7781] netlink: 100 bytes leftover after parsing attributes in process `syz.3.356'.
[  238.705361][ T7781] netlink: 100 bytes leftover after parsing attributes in process `syz.3.356'.
[  238.734671][ T7782] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  238.761159][ T5994] usb 5-1: USB disconnect, device number 11
[  238.787037][ T7782] overlayfs: missing 'lowerdir'
[  239.515807][ T7797] netdevsim netdevsim4: Firmware load for '/../file0' refused, path contains '..' component
[  239.539992][ T7797] netlink: 4 bytes leftover after parsing attributes in process `syz.4.361'.
[  240.067348][ T7805] netlink: 'syz.3.364': attribute type 39 has an invalid length.
[  240.197825][ T7810] loop0: detected capacity change from 0 to 64
[  240.227358][   T30] audit: type=1800 audit(1757904749.275:91): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.365" name="file1" dev="tmpfs" ino=450 res=0 errno=0
[  240.381209][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  240.560308][   T10] usb 4-1: Using ep0 maxpacket: 8
[  240.572844][   T10] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  240.592396][   T10] usb 4-1: config 0 has no interface number 0
[  240.598545][   T10] usb 4-1: too many endpoints for config 0 interface 2 altsetting 234: 246, using maximum allowed: 30
[  240.640330][   T10] usb 4-1: config 0 interface 2 altsetting 234 has 0 endpoint descriptors, different from the interface descriptor's value: 246
[  240.674415][   T10] usb 4-1: config 0 interface 2 has no altsetting 0
[  240.694687][   T10] usb 4-1: New USB device found, idVendor=06cd, idProduct=011a, bcdDevice=39.7d
[  240.725041][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.753084][ T5994] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  240.761398][   T10] usb 4-1: config 0 descriptor??
[  240.791508][   T10] keyspan 4-1:0.2: Keyspan - (without firmware) converter detected
[  240.995450][   T10] usb 4-1: USB disconnect, device number 11
[  241.012607][   T10] keyspan 4-1:0.2: device disconnected
[  241.385755][ T5994] usb 5-1: Using ep0 maxpacket: 16
[  241.399697][ T5994] usb 5-1: config 6 has too many interfaces: 251, using maximum allowed: 32
[  241.464237][ T5994] usb 5-1: config 6 has an invalid descriptor of length 135, skipping remainder of the config
[  241.585744][ T5994] usb 5-1: config 6 has 0 interfaces, different from the descriptor's value: 251
[  241.691365][ T5994] usb 5-1: config 6 has too many interfaces: 251, using maximum allowed: 32
[  241.708211][ T5994] usb 5-1: config 6 has an invalid descriptor of length 135, skipping remainder of the config
[  241.719783][ T5994] usb 5-1: config 6 has 0 interfaces, different from the descriptor's value: 251
[  241.736019][ T5994] usb 5-1: config 6 has too many interfaces: 251, using maximum allowed: 32
[  241.814368][ T5994] usb 5-1: config 6 has an invalid descriptor of length 135, skipping remainder of the config
[  242.044441][ T5994] usb 5-1: config 6 has 0 interfaces, different from the descriptor's value: 251
[  242.124815][ T5994] usb 5-1: New USB device found, idVendor=03f0, idProduct=2101, bcdDevice=f2.6a
[  242.164875][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.180487][ T5994] usb 5-1: Product: syz
[  242.184718][ T5994] usb 5-1: Manufacturer: syz
[  242.184733][ T5937] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  242.189464][ T5994] usb 5-1: SerialNumber: syz
[  242.218791][ T5994] usb 5-1: rejected 3 configurations due to insufficient available bus power
[  242.229934][ T5994] usb 5-1: no configuration chosen from 3 choices
[  242.350088][ T7831] kvm: kvm [7830]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  242.360366][ T5937] usb 1-1: Using ep0 maxpacket: 16
[  242.368944][ T5937] usb 1-1: unable to get BOS descriptor or descriptor too short
[  242.375308][ T7831] kvm: kvm [7830]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  242.392758][ T7831] kvm: kvm [7830]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  242.393447][ T5937] usb 1-1: config 1 has an invalid interface number: 206 but max is 0
[  242.418670][ T7831] kvm: kvm [7830]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  242.421510][ T5937] usb 1-1: config 1 has no interface number 0
[  242.590801][ T5937] usb 1-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[  242.604534][ T5937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.613198][ T5937] usb 1-1: Product: syz
[  242.617405][ T5937] usb 1-1: Manufacturer: syz
[  242.637012][ T5937] usb 1-1: SerialNumber: syz
[  243.480355][   T43] usb 5-1: USB disconnect, device number 12
[  243.557967][ T5937] uvcvideo 1-1:1.206: probe with driver uvcvideo failed with error -22
[  243.624358][ T5937] usb 1-1: USB disconnect, device number 19
[  244.967812][ T7863] loop3: detected capacity change from 0 to 128
[  245.063810][   T30] audit: type=1800 audit(1757904754.115:92): pid=7863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.378" name="file2" dev="loop3" ino=1048614 res=0 errno=0
[  245.071380][ T7865] loop0: detected capacity change from 0 to 128
[  246.906717][ T7862] loop4: detected capacity change from 0 to 40427
[  246.945016][ T7862] F2FS-fs (loop4): build fault injection rate: 14
[  246.971241][ T7862] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  247.001118][ T7862] F2FS-fs (loop4): invalid crc value
[  247.048362][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  247.084979][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  247.727352][ T7880] loop3: detected capacity change from 0 to 32768
[  248.299259][ T7862] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  249.222255][ T7862] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  249.526083][ T7862] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  249.545005][ T7880] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  249.691739][ T7880] XFS (loop3): Ending clean mount
[  249.712322][ T7880] XFS (loop3): Quotacheck needed: Please wait.
[  249.831518][ T7880] XFS (loop3): Quotacheck: Done.
[  249.882860][ T5863] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  250.120992][ T5937] usb 1-1: new low-speed USB device number 20 using dummy_hcd
[  250.286398][ T5937] usb 1-1: Invalid ep0 maxpacket: 16
[  250.351282][ T7917] loop3: detected capacity change from 0 to 4096
[  250.366049][ T7917] ntfs3: Unknown parameter 'kocharset'
[  250.381193][ T7918] loop4: detected capacity change from 0 to 4096
[  250.407880][ T7918] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  250.415756][ T7918] IPv6: NLM_F_CREATE should be set when creating new route
[  250.423065][ T7918] IPv6: NLM_F_CREATE should be set when creating new route
[  250.430341][ T5937] usb 1-1: new low-speed USB device number 21 using dummy_hcd
[  250.436302][ T7918] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  250.519844][ T7921] netlink: 'syz.3.394': attribute type 1 has an invalid length.
[  250.636405][ T5937] usb 1-1: Invalid ep0 maxpacket: 16
[  250.658795][ T5937] usb usb1-port1: attempt power cycle
[  250.716230][ T7924] loop3: detected capacity change from 0 to 256
[  250.758089][ T7924] exfat: Bad value for 'errors'
[  251.033176][ T5937] usb 1-1: new low-speed USB device number 22 using dummy_hcd
[  251.091443][ T5937] usb 1-1: Invalid ep0 maxpacket: 16
[  251.155212][ T7942] netlink: 'syz.5.398': attribute type 33 has an invalid length.
[  251.165806][ T7942] netlink: 152 bytes leftover after parsing attributes in process `syz.5.398'.
[  251.240625][ T5937] usb 1-1: new low-speed USB device number 23 using dummy_hcd
[  251.284426][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  251.323435][ T5937] usb 1-1: Invalid ep0 maxpacket: 16
[  251.338498][ T5937] usb usb1-port1: unable to enumerate USB device
[  251.486796][   T10] usb 4-1: Using ep0 maxpacket: 8
[  251.511860][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 215, changing to 11
[  251.580606][   T10] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  251.630910][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.680932][   T10] usb 4-1: config 0 descriptor??
[  252.144781][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  252.178764][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  252.251395][   T10] usb 4-1: USB disconnect, device number 12
[  252.508011][ T7945] loop4: detected capacity change from 0 to 131072
[  252.517098][ T7945] F2FS-fs (loop4): Segment count (31) mismatch with total segments from devices (0)
[  252.526883][ T7945] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  252.542108][ T7945] F2FS-fs (loop4): invalid crc value
[  252.658556][ T7945] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  252.680540][ T7945] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  252.687630][ T7945] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  252.827187][ T7957] F2FS-fs (loop4): f2fs_fill_dentries: corrupted namelen=24152, run fsck to fix.
[  253.335774][ T7965] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  254.220599][ T7963] loop3: detected capacity change from 0 to 32768
[  254.239762][ T7966] loop0: detected capacity change from 0 to 32768
[  254.288478][ T7966] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  254.516696][ T7966] XFS (loop0): Ending clean mount
[  254.549125][ T7987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.411'.
[  254.562087][ T7966] XFS (loop0): Quotacheck needed: Please wait.
[  254.687051][ T7966] XFS (loop0): Quotacheck: Done.
[  254.907015][ T5859] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  255.411722][ T7992] FAULT_INJECTION: forcing a failure.
[  255.411722][ T7992] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  255.448916][ T7992] CPU: 0 UID: 0 PID: 7992 Comm: syz.2.413 Not tainted syzkaller #0 PREEMPT(full) 
[  255.448946][ T7992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  255.448959][ T7992] Call Trace:
[  255.448967][ T7992]  <TASK>
[  255.448975][ T7992]  dump_stack_lvl+0x189/0x250
[  255.449006][ T7992]  ? __pfx____ratelimit+0x10/0x10
[  255.449027][ T7992]  ? __pfx_dump_stack_lvl+0x10/0x10
[  255.449050][ T7992]  ? __pfx__printk+0x10/0x10
[  255.449080][ T7992]  ? fs_reclaim_acquire+0x7d/0x100
[  255.449121][ T7992]  should_fail_ex+0x414/0x560
[  255.449150][ T7992]  prepare_alloc_pages+0x213/0x610
[  255.449181][ T7992]  __alloc_frozen_pages_noprof+0x123/0x370
[  255.449206][ T7992]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  255.449241][ T7992]  ? policy_nodemask+0x27c/0x720
[  255.449279][ T7992]  alloc_pages_mpol+0x232/0x4a0
[  255.449317][ T7992]  alloc_pages_noprof+0xa9/0x190
[  255.449350][ T7992]  pte_alloc_one+0x23/0x310
[  255.449370][ T7992]  ? __pte_alloc+0x1d/0x1a0
[  255.449393][ T7992]  __pte_alloc+0x25/0x1a0
[  255.449420][ T7992]  __handle_mm_fault+0x49cc/0x5440
[  255.449469][ T7992]  ? __pfx___handle_mm_fault+0x10/0x10
[  255.449521][ T7992]  ? __pfx___might_resched+0x10/0x10
[  255.449555][ T7992]  handle_mm_fault+0x40a/0x8e0
[  255.449597][ T7992]  __get_user_pages+0x165c/0x2a00
[  255.449667][ T7992]  __gup_longterm_locked+0xde9/0x1660
[  255.449712][ T7992]  ? sanity_check_pinned_pages+0x1241/0x1300
[  255.449740][ T7992]  ? gup_fast_fallback+0x1b86/0x22d0
[  255.449768][ T7992]  gup_fast_fallback+0x1d65/0x22d0
[  255.449792][ T7992]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  255.449856][ T7992]  ? wp512_process_buffer+0x1cf0/0x2260
[  255.449888][ T7992]  ? __pfx_gup_fast_fallback+0x10/0x10
[  255.449943][ T7992]  ? pin_user_pages_fast+0x4d/0xb0
[  255.449972][ T7992]  iov_iter_extract_pages+0x35f/0x5e0
[  255.450011][ T7992]  extract_iter_to_sg+0xe46/0x24e0
[  255.450044][ T7992]  ? sanity_check_pinned_pages+0x123a/0x1300
[  255.450075][ T7992]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  255.450101][ T7992]  ? unpin_user_page+0xc9/0x1d0
[  255.450122][ T7992]  ? __pfx_unpin_user_page+0x10/0x10
[  255.450159][ T7992]  ? __asan_memset+0x22/0x50
[  255.450187][ T7992]  hash_sendmsg+0x4f4/0x11d0
[  255.450242][ T7992]  ? __pfx_hash_sendmsg+0x10/0x10
[  255.450272][ T7992]  __sock_sendmsg+0x21c/0x270
[  255.450308][ T7992]  __sys_sendto+0x3bd/0x520
[  255.450335][ T7992]  ? __pfx___sys_sendto+0x10/0x10
[  255.450355][ T7992]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  255.450395][ T7992]  ? __fget_files+0x3a0/0x420
[  255.450429][ T7992]  ? ksys_write+0x22a/0x250
[  255.450460][ T7992]  ? __pfx_ksys_write+0x10/0x10
[  255.450493][ T7992]  __x64_sys_sendto+0xde/0x100
[  255.450522][ T7992]  do_syscall_64+0xfa/0xfa0
[  255.450543][ T7992]  ? lockdep_hardirqs_on+0x9c/0x150
[  255.450564][ T7992]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.450584][ T7992]  ? clear_bhb_loop+0x60/0xb0
[  255.450610][ T7992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.450630][ T7992] RIP: 0033:0x7f7ab758eba9
[  255.450649][ T7992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.450684][ T7992] RSP: 002b:00007f7ab83c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  255.450709][ T7992] RAX: ffffffffffffffda RBX: 00007f7ab77d5fa0 RCX: 00007f7ab758eba9
[  255.450724][ T7992] RDX: fffffffffffffd2e RSI: 0000200000000000 RDI: 0000000000000007
[  255.450738][ T7992] RBP: 00007f7ab83c5090 R08: 0000000000000000 R09: 0000000000000000
[  255.450751][ T7992] R10: 0000000020044801 R11: 0000000000000246 R12: 0000000000000001
[  255.450764][ T7992] R13: 00007f7ab77d6038 R14: 00007f7ab77d5fa0 R15: 00007ffef1adc468
[  255.450804][ T7992]  </TASK>
[  255.878962][  T930] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  255.967346][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.975313][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  256.060301][  T930] usb 5-1: Using ep0 maxpacket: 32
[  256.080961][ T7997] loop3: detected capacity change from 0 to 32768
[  256.098927][  T930] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.156287][  T930] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  256.208020][ T7997] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  256.251554][  T930] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  256.312893][  T930] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.395968][ T8004] loop0: detected capacity change from 0 to 32768
[  256.407977][  T930] usb 5-1: config 0 descriptor??
[  256.458890][  T930] hub 5-1:0.0: USB hub found
[  256.483143][ T7997] XFS (loop3): Ending clean mount
[  256.497527][ T7997] XFS (loop3): Quotacheck needed: Please wait.
[  256.523912][ T8004] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  256.619845][ T8004] XFS (loop0): Ending clean mount
[  256.647557][ T8004] XFS (loop0): Quotacheck needed: Please wait.
[  256.664007][  T930] hub 5-1:0.0: 1 port detected
[  256.718655][ T7997] XFS (loop3): Quotacheck: Done.
[  256.719970][ T8025] loop6: detected capacity change from 0 to 7
[  256.761062][ T8004] XFS (loop0): Quotacheck: Done.
[  257.183044][ T5863] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  257.732609][ T8035] loop4: detected capacity change from 0 to 4096
[  257.808909][  T930] hub 5-1:0.0: hub_hub_status failed (err = -32)
[  257.862893][ T8035] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  257.927113][  T930] hub 5-1:0.0: config failed, can't get hub status (err -32)
[  258.620026][ T8046] netlink: 'syz.2.421': attribute type 1 has an invalid length.
[  258.832636][ T5859] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  259.629489][  T930] usbhid 5-1:0.0: can't add hid device: -71
[  259.643547][  T930] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  259.679038][   T10] IPVS: starting estimator thread 0...
[  259.700777][  T930] usb 5-1: USB disconnect, device number 13
[  259.800616][ T8053] IPVS: using max 23 ests per chain, 55200 per kthread
[  259.853153][ T8052] loop4: detected capacity change from 0 to 2048
[  259.915394][ T8052] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  259.987740][ T8052] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  260.207994][ T8060] Bluetooth: MGMT ver 1.23
[  260.484619][ T8038] loop3: detected capacity change from 0 to 32768
[  260.640939][ T5232] udevd[5232]: worker [6255] terminated by signal 33 (Unknown signal 33)
[  260.661887][ T5232] udevd[5232]: worker [6255] failed while handling '/devices/virtual/block/loop3'
[  260.720478][ T8038] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  260.966422][ T8068] 
: renamed from bridge_slave_0 (while UP)
[  261.112826][ T8038] XFS (loop3): Ending clean mount
[  261.900741][ T8038] XFS (loop3): Quotacheck needed: Please wait.
[  261.986045][ T8038] XFS (loop3): Quotacheck: Done.
[  262.100619][ T5863] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  262.153975][ T8092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.432'.
[  264.019774][ T8100] loop4: detected capacity change from 0 to 131072
[  264.105444][ T8100] F2FS-fs (loop4): invalid crc value
[  265.042406][   T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  266.028481][ T8100] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4)
[  266.551590][ T8114] loop0: detected capacity change from 0 to 4096
[  266.695523][ T8114] ntfs3(loop0): Primary boot: invalid index size -57.
[  267.303311][ T8114] ntfs3(loop0): try to read out of volume at offset 0x1ffe00
[  268.319290][   T30] audit: type=1326 audit(1757904777.365:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f689d58eba9 code=0x7ffc0000
[  268.366939][ T8140] netlink: 20 bytes leftover after parsing attributes in process `syz.0.447'.
[  268.452714][   T30] audit: type=1326 audit(1757904777.365:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f689d58eba9 code=0x7ffc0000
[  268.481215][ T8140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.447'.
[  268.591069][   T30] audit: type=1326 audit(1757904777.365:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f689d590ac7 code=0x7ffc0000
[  268.690291][   T30] audit: type=1326 audit(1757904777.365:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f689d590a3c code=0x7ffc0000
[  268.787293][   T30] audit: type=1326 audit(1757904777.365:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f689d590974 code=0x7ffc0000
[  268.910724][   T30] audit: type=1326 audit(1757904777.365:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f689d590974 code=0x7ffc0000
[  269.024065][   T30] audit: type=1326 audit(1757904777.365:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f689d58d80a code=0x7ffc0000
[  269.122074][   T30] audit: type=1326 audit(1757904777.365:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f689d58eba9 code=0x7ffc0000
[  269.180267][   T30] audit: type=1326 audit(1757904777.365:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f689d58eba9 code=0x7ffc0000
[  269.244855][   T30] audit: type=1326 audit(1757904777.365:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8138 comm="syz.0.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f689d58eba9 code=0x7ffc0000
[  269.410369][ T5930] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  269.649263][ T8143] loop4: detected capacity change from 0 to 32768
[  269.748348][ T5930] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  269.866074][ T5930] usb 4-1: config 0 has no interface number 0
[  269.958400][ T8143] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.448 (8143)
[  269.998177][ T5930] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  270.129848][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.461137][ T8143] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  270.473132][ T5930] usb 4-1: config 0 descriptor??
[  270.514010][ T8163] loop0: detected capacity change from 0 to 8
[  270.795860][ T8143] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  271.068962][ T5930] usb 4-1: selecting invalid altsetting 1
[  271.123422][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  271.126063][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  271.152007][ T8163] unable to read inode lookup table
[  271.330697][ T5930] dvb_ttusb_budget: ttusb_init_controller: error
[  271.526420][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  271.555478][ T5930] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  271.604942][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  271.636506][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  272.071772][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  272.181834][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  272.253525][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  272.306785][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  272.395386][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  272.589915][ T5930] DVB: Unable to find symbol cx22700_attach()
[  274.082842][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  274.083210][ T8143] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  274.180766][ T8143] BTRFS error (device loop4): open_ctree failed: -12
[  274.927759][ T5930] DVB: Unable to find symbol tda10046_attach()
[  274.969459][ T5930] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  275.053602][ T5930] usb 4-1: USB disconnect, device number 14
[  277.150408][   T10] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  277.325759][   T10] usb 3-1: config 15 has an invalid interface number: 192 but max is 0
[  277.367647][   T10] usb 3-1: config 15 has no interface number 0
[  277.384358][   T10] usb 3-1: config 15 interface 192 altsetting 3 bulk endpoint 0x7 has invalid maxpacket 1024
[  277.523339][   T10] usb 3-1: config 15 interface 192 has no altsetting 0
[  277.543050][   T10] usb 3-1: New USB device found, idVendor=0763, idProduct=1011, bcdDevice=72.a7
[  277.552271][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.582414][   T10] usb 3-1: Product: syz
[  277.590291][   T10] usb 3-1: Manufacturer: syz
[  277.595025][   T10] usb 3-1: SerialNumber: syz
[  277.615560][ T8207] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  278.564097][ T8231] kvm: pic: non byte write
[  279.001864][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  279.089024][   T10] snd-usb-audio 3-1:15.192: probe with driver snd-usb-audio failed with error -2
[  279.150850][   T10] usb 3-1: USB disconnect, device number 15
[  279.400314][ T6297] udevd[6297]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:15.192/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  281.872808][ T8263] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  281.872808][ T8263]    program syz.3.482 not setting count and/or reply_len properly
[  296.024703][ T8373] overlayfs: failed to clone upperpath
[  298.718416][ T8378] syz.3.514 (8378): drop_caches: 2
[  300.193356][   T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  300.208962][   T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  301.160257][   T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  301.171532][   T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  301.182387][   T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  301.397436][ T8396] netlink: 28 bytes leftover after parsing attributes in process `syz.3.516'.
[  301.952341][ T8399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.516'.
[  303.073619][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.230597][   T52] Bluetooth: hci4: command tx timeout
[  303.549851][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.680602][ T5930] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  303.776941][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.841739][ T5930] usb 1-1: Using ep0 maxpacket: 32
[  303.871370][ T5930] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.914970][ T5930] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.937715][ T5930] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  303.965178][ T5930] usb 1-1: config 0 interface 0 has no altsetting 0
[  303.985461][ T5930] usb 1-1: New USB device found, idVendor=04b3, idProduct=3109, bcdDevice= 0.00
[  303.996666][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.012221][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.037768][ T5930] usb 1-1: config 0 descriptor??
[  304.111141][   T52] Bluetooth: hci3: command 0x0406 tx timeout
[  305.249038][ T5930] lenovo 0003:04B3:3109.0002: unknown main item tag 0x4
[  305.256650][ T5930] lenovo 0003:04B3:3109.0002: unknown main item tag 0x1
[  305.289115][ T5930] lenovo 0003:04B3:3109.0002: hidraw0: USB HID v5f.b2 Device [HID 04b3:3109] on usb-dummy_hcd.0-1/input0
[  305.310281][ T5875] Bluetooth: hci4: command tx timeout
[  305.451188][ T5994] usb 1-1: USB disconnect, device number 24
[  305.934517][ T8443] fido_id[8443]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  306.264837][ T8403] chnl_net:caif_netlink_parms(): no params data found
[  306.314918][   T13] bridge_slave_1: left allmulticast mode
[  306.330576][   T13] bridge_slave_1: left promiscuous mode
[  306.346807][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.385800][   T13] bridge_slave_0: left allmulticast mode
[  306.399123][   T13] bridge_slave_0: left promiscuous mode
[  306.419271][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.390269][ T5875] Bluetooth: hci4: command tx timeout
[  309.408503][ T8497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.542'.
[  309.471216][ T5875] Bluetooth: hci4: command tx timeout
[  309.959258][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  309.985534][ T8509] netlink: 32 bytes leftover after parsing attributes in process `syz.2.546'.
[  309.995527][ T8509] netlink: 12 bytes leftover after parsing attributes in process `syz.2.546'.
[  310.014360][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  310.025881][   T13] bond0 (unregistering): Released all slaves
[  310.054160][   T13] bond1 (unregistering): Released all slaves
[  310.122659][ T8474] pim6reg: entered allmulticast mode
[  310.166356][ T8500] netlink: 8 bytes leftover after parsing attributes in process `syz.5.543'.
[  310.183904][ T8509] tipc: Started in network mode
[  310.188836][ T8509] tipc: Node identity 22c37bc6b0a8, cluster identity 4711
[  310.188895][ T8500] netlink: 'syz.5.543': attribute type 30 has an invalid length.
[  310.213501][ T8509] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  310.274909][   T13] tipc: Left network mode
[  310.412278][ T8313] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  310.434754][ T8313] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  311.391906][ T5981] tipc: Node number set to 2456517574
[  311.589358][ T8509] tipc: Disabling bearer <eth:syzkaller0>
[  312.209868][ T8313] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  312.246536][ T8313] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  312.512910][ T8403] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.520895][ T8403] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.528127][ T8403] bridge_slave_0: entered allmulticast mode
[  312.536183][ T8403] bridge_slave_0: entered promiscuous mode
[  312.544364][ T8403] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.552331][ T8403] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.559692][ T8403] bridge_slave_1: entered allmulticast mode
[  312.567401][ T8403] bridge_slave_1: entered promiscuous mode
[  312.610476][ T8403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  312.625353][ T8403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  312.821080][ T8403] team0: Port device team_slave_0 added
[  312.855907][ T8403] team0: Port device team_slave_1 added
[  314.115702][ T8557] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000b2: 0000 [#1] SMP KASAN PTI
[  314.115732][ T8557] KASAN: null-ptr-deref in range [0x0000000000000590-0x0000000000000597]
[  314.115755][ T8557] CPU: 0 UID: 0 PID: 8557 Comm: syz.0.555 Not tainted syzkaller #0 PREEMPT(full) 
[  314.115779][ T8557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  314.115792][ T8557] RIP: 0010:vc_deallocate+0x303/0x3e0
[  314.115819][ T8557] Code: e8 22 74 d6 fc 49 c7 07 00 00 00 00 eb 0e e8 14 f1 71 fc eb 05 e8 0d f1 71 fc 31 db 4c 8d b3 90 05 00 00 4d 89 f4 49 c1 ec 03 <43> 80 3c 2c 00 74 08 4c 89 f7 e8 fe 72 d6 fc 4d 8b 3e 4d 85 ff 74
[  314.115838][ T8557] RSP: 0018:ffffc90003c7fbe0 EFLAGS: 00010206
[  314.115861][ T8557] RAX: ffffffff854dca63 RBX: 0000000000000000 RCX: 0000000000080000
[  314.115876][ T8557] RDX: ffffc9000e311000 RSI: 000000000000097a RDI: 000000000000097b
[  314.115891][ T8557] RBP: ffffc90003c7fc90 R08: ffffffff8fc3f3cf R09: 1ffffffff1f87e79
[  314.115907][ T8557] R10: dffffc0000000000 R11: fffffbfff1f87e7a R12: 00000000000000b2
[  314.115922][ T8557] R13: dffffc0000000000 R14: 0000000000000590 R15: ffffffff9a01fb60
[  314.115939][ T8557] FS:  00007f689e40e6c0(0000) GS:ffff8881259e8000(0000) knlGS:0000000000000000
[  314.115958][ T8557] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  314.115973][ T8557] CR2: 000000110c421f94 CR3: 000000002909e000 CR4: 00000000003526f0
[  314.115994][ T8557] DR0: 0000000002000000 DR1: 0000000000000003 DR2: 0000000000000000
[  314.116008][ T8557] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  314.116023][ T8557] Call Trace:
[  314.116032][ T8557]  <TASK>
[  314.116044][ T8557]  ? __pfx_vc_deallocate+0x10/0x10
[  314.116068][ T8557]  ? is_console_locked+0x9/0x20
[  314.116091][ T8557]  vt_disallocate+0x49/0xa0
[  314.116113][ T8557]  vt_ioctl+0x13f5/0x1f20
[  314.116135][ T8557]  ? __pfx_vt_ioctl+0x10/0x10
[  314.116154][ T8557]  ? irqentry_exit+0x74/0x90
[  314.116178][ T8557]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.116206][ T8557]  ? tty_jobctrl_ioctl+0x33/0xb70
[  314.116229][ T8557]  ? tty_jobctrl_ioctl+0x364/0xb70
[  314.116250][ T8557]  ? tty_jobctrl_ioctl+0x369/0xb70
[  314.116271][ T8557]  ? __fget_files+0x3a0/0x420
[  314.116291][ T8557]  ? __fget_files+0x2a/0x420
[  314.116311][ T8557]  tty_ioctl+0x929/0xde0
[  314.116336][ T8557]  ? __pfx_tty_ioctl+0x10/0x10
[  314.116360][ T8557]  __se_sys_ioctl+0xfc/0x170
[  314.116388][ T8557]  do_syscall_64+0xfa/0xfa0
[  314.116411][ T8557]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.116432][ T8557]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  314.116452][ T8557]  ? clear_bhb_loop+0x60/0xb0
[  314.116475][ T8557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.116495][ T8557] RIP: 0033:0x7f689d58eba9
[  314.116514][ T8557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  314.116532][ T8557] RSP: 002b:00007f689e40e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  314.116565][ T8557] RAX: ffffffffffffffda RBX: 00007f689d7d6180 RCX: 00007f689d58eba9
[  314.116581][ T8557] RDX: 0000000000000003 RSI: 0000000000005608 RDI: 0000000000000006
[  314.116595][ T8557] RBP: 00007f689d611e19 R08: 0000000000000000 R09: 0000000000000000
[  314.116609][ T8557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.116623][ T8557] R13: 00007f689d7d6218 R14: 00007f689d7d6180 R15: 00007ffc8659fa48
[  314.116648][ T8557]  </TASK>
[  314.116656][ T8557] Modules linked in:
[  314.116673][ T8557] ---[ end trace 0000000000000000 ]---
[  314.116703][ T8557] RIP: 0010:vc_deallocate+0x303/0x3e0
[  314.116742][ T8557] Code: e8 22 74 d6 fc 49 c7 07 00 00 00 00 eb 0e e8 14 f1 71 fc eb 05 e8 0d f1 71 fc 31 db 4c 8d b3 90 05 00 00 4d 89 f4 49 c1 ec 03 <43> 80 3c 2c 00 74 08 4c 89 f7 e8 fe 72 d6 fc 4d 8b 3e 4d 85 ff 74
[  314.116776][ T8557] RSP: 0018:ffffc90003c7fbe0 EFLAGS: 00010206
[  314.116825][ T8557] RAX: ffffffff854dca63 RBX: 0000000000000000 RCX: 0000000000080000
[  314.116856][ T8557] RDX: ffffc9000e311000 RSI: 000000000000097a RDI: 000000000000097b
[  314.116886][ T8557] RBP: ffffc90003c7fc90 R08: ffffffff8fc3f3cf R09: 1ffffffff1f87e79
[  314.116917][ T8557] R10: dffffc0000000000 R11: fffffbfff1f87e7a R12: 00000000000000b2
[  314.116954][ T8557] R13: dffffc0000000000 R14: 0000000000000590 R15: ffffffff9a01fb60
[  314.116990][ T8557] FS:  00007f689e40e6c0(0000) GS:ffff8881259e8000(0000) knlGS:0000000000000000
[  314.117025][ T8557] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  314.117057][ T8557] CR2: 000000110c421f94 CR3: 000000002909e000 CR4: 00000000003526f0
[  314.117107][ T8557] DR0: 0000000002000000 DR1: 0000000000000003 DR2: 0000000000000000
[  314.117137][ T8557] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  314.117168][ T8557] Kernel panic - not syncing: Fatal exception
[  314.117431][ T8557] Kernel Offset: disabled