last executing test programs:

7.163129283s ago: executing program 3 (id=1443):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
r1 = socket(0x0, 0x0, 0x0)
bind$inet(r1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, 0x19, 0xa, 0x201}, 0x14}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x4}}, 0x9c}}, 0x0)
recvmmsg(r0, &(0x7f000000c2c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

6.638275844s ago: executing program 3 (id=1449):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0xc04, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x100000}, 0x48)

5.895316331s ago: executing program 3 (id=1452):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x7fdf, 0x1}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000711221000000000095000000000000000842d6873aada8afa8bbff1b39bd9b5476967f0c9fb5793fb31816ba9188aafce5d922e6349b93f7cea6021bd547458a342f3ea33381e7c688faa78eec7fbf0bb25c21f3864a90469bef1c3e0a1f9f578cac1aa56eaca5ccf44a793de21f40cdfb21bcdaf792f93049e2fbe72412699c7e1ffa692a21e2a0576504aea34e7279d723b32a153cd46d9009a887079925f1e6a24355b59cd9870b389b9ba593ea7680bb37284d46ca4abac7281a81852e50ec6f0905040a478890f596041eb68066d1"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="80fd", @ANYRES64=r1], 0x9)

5.560081923s ago: executing program 3 (id=1458):
r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f00000000c0)={0x4})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0)
fallocate(r1, 0x0, 0x0, 0x1001f0)
syz_mount_image$iso9660(&(0x7f0000000580), &(0x7f0000000040)='./file0\x00', 0x21488b, &(0x7f0000000200)=ANY=[@ANYBLOB='map=acorn,sbsector=0x0000000000000000,uid=', @ANYRES32, @ANYBLOB="0000b18eb0ea96e8437d91edf772ce16e8f4545927e1936433740c5b1ea10b839e273fa468d364205a63adda5262cda8e690c1049c88d615fd8362cd464a35e122aeffc2000000000000000c1f09a8a7f572f5036561690a9ca3018a35bd7074bca343d909e720fdc2da8c998a8706232e5263a00000", @ANYRESOCT=r0, @ANYRES64=0x0, @ANYRES32=r1], 0x1, 0x65c, &(0x7f0000002280)="$eJzs3V1rG+n5x/HfyLKs+A/hT1uWEPJwJ+mCQ1NFkjcOIoV2OhrZs5U0YkZubSgs6cZeQuRsm6TQ+GTJSR9g+wb2bE+W0hdR6HHfRQ8LS3tW6MmUebJsS7LkRLF3t9+PiXVr5pq5r3tGmYuxpBkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABZTrNarVlqe93NLTOZ0wz8zgnz07Ut6nbauD2mqy+O9CtZ8T+Vy7qUTrr0neHsd+JfN3UlfXZF5fihrP3/e+f/H3y7WMiXPyGh16FImmGdpSxJY56/3H/ycDDYeTbnRL4CVJghaN3teqHvdex113ihbxpra9W7G63QtLySwu2w73aME7iFvh+YFee2qTUaq8atbPub3fWm3Xbzife/X69W18z7S9mWvft+JXQ2vHbb664nMfHsOOa++fTnaYhrd4zZfTzYWZ2WZBxUmyWoPi2oXq3Xa7V6vbZ2r3HvfrVaHJlQPUYjEXN/0eJrZn4Hb+ANFeL6/3dLaqusrja1JTP2x1FTgXx1JszP5PX/3bvuif0erv95lb80nH1ZSf2/lj67Nqn+T8jFyCQLjJtjTZj+ej/P9VL7eqKHGmigHT2bz3qvzy/Dt/uzLhUlT6F8eerI1rpcmWyKUUNrWlNVH2hDLYUyaslTW65CbStUX646yT4J5MpOWrEVOboto5oaamhVRq4q2pavTXW1rqZs/TuKol09Trb76gk5Kg+qzRJUPyFoUv3/xSdp1lPrvyXq/zdafvyaJQY4d1F2/n9K199ONgAAAAAA4G2wkr++W8l791clRWp5bbd63mkBAAAAAIA5St75vxI/LMatq7ImnP9HZ58bAAAAAACYDyv5jp0laTn5UL81/CbULB8CWDiDFAEAAAAAwBtK3v+/VpKi5Npr12Wd6vwfAAAAAAB8Dfz+0DX2i/k1dqP8bf2CpLC3ZP3ln0sKFq1Xva3vWnt2PMfey2JGPgHQb122LmYX6k0eSpKSZ457xbqaBmUXwbTSC/tKX+5Ou9a/FRxLoLSQ//liWgJrxeyZPtWNNOZG1u+j/YKSOWkvyy2v7VYcv/2gJtu+WOi7W/1fP338Gyk4GOfu48FO5cOPB4+SXF7Fk17txXl8ciSdwrRcXijbFlfHjviCWnmXf+h2lq2k32o+/gXZe4XDHc02/t/qZhpzczl9XN7P90Ay/nI8/lol2WXD0cej+uxPw9HXjo983I6YkEU5yeJWGnNr5Vb6kOeXZfG9BaleOb4PSvFLcLgt6oezmL4trH+NbIspWcTbYjXO4q/xioavhCNZrJ4ui5E9AgDnZXdYhZKLmI9eY/943X2do9z06v6jo728+CxKv3C4IBWz9yZO7KWs+Ii+kqxbJSUH1uLlg6Ps3o38iF7N6kpZE47o1TeobnFffx7eAylLe6Su/CeKoge1pN8/HvSbVtXP4wU+n9hv2K4vxCO8+2Lvl8kF8GMf7Xy087ReX12rvlet3qtrMRlG9kDtAQCMMf0eO1MjrPcOzqof/ePdtHWk4n3r4CMFFX2ojzXQI93JbyFwffxalw99DOHO6FlrHHtBOh5b052JZ3VJLU1jf7Zd+mEalPxeVL7I0Uo9XO/qW90HAACctZuNrDGhDs9S/+8k592SVi4fOu8+OGc/VsuP3yF4Us2tndk2AADgf40bfGkt939nBYHX+6DWaNTs/oZrAt/5iQm85rprvG7fDZwNu7vuml7g933Hb5teoCWv6YYm3Oz1/KBvWn5gen7obZmW13ZNduv30O3Y3b7nhL22a4eucfxu33b6pumFjult/rjthRtukCwc9lzHa3mO3ff8rgn9zcBxK8aErnso0Gu63b7X8uJm1/QCr2MH2+anfnuz45qmGzqB1+v76Qrzvrxuyw86yWorik59o0MAAL6Jnr/cf/JwMNh5NqmRnNFPiRk2SuNWmPfFO84AAHw1jFbpicpnkhAAAAAAAAAAAAAAAAAAAAAAABgx/St9p2wsjvuyoHQw5VcXZ1qPpXkndppG4fUX/9sJMRcOpuSb/3DMq3MYqdJGcf5rvnCar43OofGD3XSLToyJZ46dtXSwL4rz/+8QN55+MWFWFEXRyYsvHd2GpZMGeLRRlPSs9Aa74HyORwDOzn8DAAD//+I0QI0=")
r2 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
fallocate(r2, 0x0, 0x0, 0x10000)

5.279588005s ago: executing program 4 (id=1460):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x7ff, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'lo\x00'})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r0, 0xe0, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000580)=[0x0, 0x0], 0x0, 0x78, &(0x7f0000000680)=[{}, {}], 0x10, 0x10, &(0x7f00000006c0), 0x0, 0x0, 0x15, 0x8, 0x8, &(0x7f0000000740)}}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
writev(r2, &(0x7f00000028c0)=[{&(0x7f0000000080)=' ', 0x1}, {&(0x7f00000008c0)="cda480c6d16296663526d8b96c373acefe16b5df668dd3e6641e956e346e5237d8647f2cb3328e957035c3b42bc4d582d38f082468c2da076d58e7e05c4e185eb1a4f476debbc74b7aa81ca772f31f5174d456b7338e7aa986756aa926eea22dc3541bd61d7c59bc0f709da42ab5345721f005fe152c191d23834ac9423892627dcdd5bdb6d4d0f85aa235c0fa515d19b0605937ff3f65ceaa8dd87c74ccf0678d62e4473f8ff6280c2759032bcc728ce971b6b845fce6b67f82360fbe839302f19c395ae006b899602ac5882ee07eb0bfd83fa031ef816677114df8dd5eabfc83981516e25a7f3efde3504a02b0e7bfded5edc0bd494e2dc5cbaaf49b1d511e5434cd9575c4cf677c107c7f113c1f39138d7a0859510caae0e82afd0229736933103be5a6bda2a929fa9b906f033246512ecd1579a6a82d8b655a48da6b14ca8bcba41e4230ce61e7097409a9007d7628569498785e10209e5b52199cb42d90dacde712b28a6e9149173c3617333c9fee764701dde6a96e3e4627a1f04c9609efe8752c16bca88d3a1a504cc86badc92e07c1b7147e75a39b0b2895b35d3e08867b6ba742110d4c42436b8464a97f7c8f680d5660a11df670e79f08cd99c8a64b44c230777e37c394156f1445f465118c0b18b01f7e6c502ab96bbdeb9f9c5b0f76023643d9edb9982724186b34ee7b8b6ff716bb3f512a41bbf9482dc1eb510747ee1736d4b484eba9bacdc40b7b9f07c0b031b57ef3bdbc94eb33f7a514eda3016d10274f0f65159c0c252720b72aab2b144ac015db232008011e236df4f8e787d52889d5d48c41ac24baf1e7e35f3640ac566305c39194f4d2bf3b173b4b1aa81d65fb0ec445467614be50d7832ba690ac4ea08670d2b0df8670a46a6a14036da3fb336c7b19a401fa5366c6cf6999f80cddeff0c315e521faad9be1c95f6e237d9f73dccaef4bb8b39a88d2aeb2dcdc339f35bcba94c1acec927307d643d1aa3f2ad3ba5e2c660e8ccabd02f1ea975143d75d919c5b47dedeb24dd757e2df61c8cf84ef76c7f3607a660e49b94cbc68ad0275a9a7974671a399e55c9c7cdd70b736a6b2685e529abf2414a04dd5c3bdff34131c8a330721b97950580d6c3b411b91376d1853e8821d19137556d4c5e2a19fffa8b687776295e983d31d3bc2c042f7a43f54d906705304ce0b2cd3ced5479271d7029a57eba1bfd74305389404d5211a326c40a11174e4fb5b504fd895b176b708b9a52d707417e7c440b63ce276530b423099cd4b70f574d7b1bb42d0821ca1dc99077eff4ad4bf7a915b343d164f0dbd51aa1e592aa4ad1857f1b602bcf6fe83fc684b9ed24f4fb5638980c3eee52aa44e04acfde304c5afa6c4ba18ac1c107d289d738eaf7d17530be1d20c7d5993051ed675972ba71dfba186e9a019dd4efa9212d21bf52dc44d513fc82810ef1483f5e9dab2f6084365d82be4eac717d8c3a9d845f2a38dbedd46991985ee77b24be01f497736fe6db66a997854f13a0fa4be420d533f08b9b0d1654bc818e578ec624fae9c7b001d724ea9aabad7fd36f66a969500b981c5ba5c341bbdec7d67265bed4411b866ca53e20df944358b9f0eef29d48c446b891048f45146a5d9c5c66dce4139969c389feeebe2502c3669e76550a2ce69946369d0994218f90bf17668dab4a3b93bbca3dac79be1937954d04fe69ff11966bbe964729ad368b705c2c843df5f5c2326d2e0091a2c118e6c9a76ffe3326e886f30c4aa325d13df888c96cd9f6de21643e6bca4d9dfe96d4a571a04f77044c688e65a0fa967408cba18eadecb86b67d0072002e1bfbc845accf17b796c744690f19a8a9d623159ad136f00fe7d2bc608fafc7deea5c5d4b094ea627fe282983d6c59849fa4123762a866bb2a287ba4e5272fc8ecef8cb8e8e2084a9c05235605dbaee2c1961f17daf9f54bd315424ce2113901ff21bf1009af25a630ffd8a09bed8bf1e4f14d66cf9b762d8abf1a657e1dfe50ed6f2e6a5817c4ee431d723197055dab1ab2448d176bec06cc0f6d3389f8f3d9e6e8aaa6ae2f411bfc55562917fc2db6fcc7102aeacc111f0f714d515c10c393c074c491fbfbe67f6b4547744e766881cec90801dd19c34434b5328e35f20ec077bb47ab5bc229415cce942a190d541f1e2f02ef72b9c02395e2214f2dedfd81012655e3e10b681357c9dd5053263fc80f20ae1f2e9fbd3c3b479cb0a19b6de63c1823f2517fad4639e964fd4b39b9099ea68b6f15127251bbf29cf467f784b82ea141e7271bc983ecd97b57e9ba3b2c5b6dee8df11830a5f5bb65b78c635e5d217e079c94058779aafd4e1e2ab68ada9a5e192a44c7b11a3db46fcf8bf28713873404fe510b7fa6f2ceafa5f07b24530d6efd75e92e4cbfd80acd8418bbffe856c82217fc7e154556d7a7899f3fcc4585c5b0712913ee255d17ebb2ce462d0d5b401fda2bd9ceae57d3b7f5f250a008a83ad250fe62c8da9304af1afe4d6526a6d19c6ea0437ecd712b5e78b4c30b92f1f74c06c2b25fc48b88625ff446b9cddd2766a83c87a82a22a7788d0dc425173e47b1c6301d9fa6195d9c0fbd7136d16ad04984d8d60fab7f623013a3bde6110c0d462c8b2aec873d180ad92ba6f406979d4d600486c2b1c8b04ef572dd988f5ea2aa0d88a5b9b63c48415b6f19cd2cec07f2395ae293aa026a0206a926fdebcf52c7a4b0030685e6c6c34719272469706032d9bf3f2a310cb04cad3bd58726c7997b77a6b7c6a9df7e6394cd204401329a17e667f168d8b4fb60d35fb7aec18e75d00d11e1c9e85a991489aac831cb7734d5ca204eba2f2525b887a05a4801fea8a6df65a1f7495d72393603f0b18d77d6952a68b3411bf8053636104be88fd8fb6ea3da8c5a4adcee6ee871b89cf28b9cadfa3613ce5c29d1b18a4c120da684fd5241644d96a79b6ff8c4adc157f59bf2d9bdc2269d0aeb50c1da862603059a72e216ae9c2a4460a1f06615b27e5dcc53a891fea46c4955c13213e67fc602259a7cb019c4ba5893fa0f6ce3605ea9a5a4869b18f0b9017019a8a4719ed1cc4d8a1710d9082edef1af1ab392171d2a03e35529146d49407f5bb40e80c220c3100bdf57ec3180e62399b4b494b09db5c809809283703ba3735ad65d4f084c9f7f1118090ea8976e941aa2fd36ae14c03f86127412a96b64e5a8b74f302592dc19806f2a81d158e7d384e5447a376dcf4603a6f7eae548ea080d2839b13843beec754c7e58b5631926b5994ef210344f480b135b21efc1a1127467fe183e0e22b84c1dc70e14392b6415948fc0691f68e6a4c77e1b22ebee7b4355fb254dda00206e43c8109b01200f8a6bb017eb4cb9e726e1826a1d69ab7fbf2aa53921457055185a7b544e78f7d1b821266a904da3398c32a937b1eedcf01c870d3118878ce1577ac6a8a896c25f1c296615b8704cac971efff6e8b39e4121c2ce61882829274a1fd05400e486587a24efb584c8c8505d6bd3eeaef359a6629f27823d3fec68621709483d2677fbc4a635670c3528a7615a72fb9242a9c8a6115c242499d423073ad277293f423ba8ffd076649f134c5c5a1e59ac0265a82022111a015e3568b17b4dafb18f28686b91f559f5498649045ba47fb18e18148798e906a0d1b2c52818353cebc82c4a36fe02c659f975579e063e05b8436e412c9d34da087b1e018d842d20126c4960b47969ebd6db51d6b598bc7b61a6f93545c08bfc007b25a545dabc0ec4583689de979c6dd613d10cf312908f229aa2c983326d487846d2908bdda6f6ce697a3cf8d124ce991e137fcb053ced45a3822310e6af8c28ce1acf8eadbd9c112d24403197d870efe5f48cdfec0e84c04a4a578a9e0b6f7b86fe62dd1d759899079743a5df7297e0d6d590ff0d2009f14ea681946927d448d872a2ce82337b2a714448e359b373314e9dc778205f3fc069beadefb770929737af1f1ba4465fda9235ff5cd4b6d1b7c7164ee9540ebdeb6502734ec8e0fd9694c897611d5a4d07202232c774cf871b710148d79c2aee9850adc501763e3859361305b6b8881f6ea016e33661176c47d7b111a8756f12790c645688ee2a922f85c7d72333e161ee8acdbede84c29c305fb330b890fc9bd0756abaf1ccbfca6bf8dc1d2aca20a4b84e0ec85e1302d667d12d776809f8c9e2bcd4cd92e3f672a8993e71c38325c7fe65a31c9ec10e9ad8d2a531a10117daf5cc9cd37ad6c0f9c6503b1ce74b405d0db81bf278b108abbd2ec07aa5865527876607a3caa3109b2f6dc83d0bb5b5d8a0c3adb2aafa8ed044957509c1be791c3eb8b2760ba1cb4bab6a75e7d75874502446b228d2df6cf56b5f980c8aff82e5433438a88e8466f401942f8865f29c4be46350c719742ffd22cf4c29f1d418fc9fa0e8c8542398f420ef940873aa13441dea8c56b4d1eca2d77c726f5fd5123421c4583715578b28ba8d40729cf62510919164dff88e382feba5decc22d7a3a2fff6af5547b79b636df314eb48edddd853fcbf91b9048309c3d1507a2358cfe8f8269f2b6592ed1b4175e2bb0b953a0b262c2d9936fcdfcd4e0a7ff40a700e977ee7aae8ed1acd0f060e87fb1c5d0fdc233c466b7b1744971d976d3e3f77ca72f7b0819f34e60980e28fbf5c584c7d2380f1a2f084ff71a9a932ed834248a2fb8c22f6bea95a86a79e5f54f3b77f4a9a495308e40de412ab21afe745d3e5ed349a6e9e4cc6ee3ed88c59c26519f0881bfcda77de88012c47cae7252e8595fc9d8a8ae4f520315878c5a5620abc255f336de3f9cc120796da42beb71c38c2e9e3bdcc987c0e257483da869b9e13a634ecc667c3a51bdc2932efd0cc29d6aba410859404a398d98bdec4a44d3fe98d14bac3123966da174ea6d47f4bec7773cc663901c1c117e73cec3fd6e71732ab783e890f09d59c7cff24f302979b306aa7a3079a82b677619eff5305d19337fbe1fd124c96897dbfb70d5ec93f408c08f8e0419de738382ae1a09fe9b487f8501c82b0f678dfa247bc61620007276641065fd065bf45e47b621a42d7b4a1167810a1612f4f858fa7e56f8a439105f4df5a4056d63673cadedde90b5cbcce811442fafca661070ddf89ebf74cd467fb7f280f81f48e4271989c4bb5932430d43b6e9d61284d9fffaf119d0e3abf33c935419dec2059f57ddd433234b8969e74bd130e2a6ff56b5b6b2aefe37283168d969b7810ff00523972c03ac71f69221c62e78873d65b2e27c8c6be9e00de3f13f279b45babda8d8a730b6f967887bf969ac7ea50b55886a3049a0458b24636ec44ef99f2d1462f3d1795b9b233753481558b39347c6a7b34bf918aa521d1f46aeb9ed1e3c191ee310923250073a4882e59e15cdd013f903cbb34a581e063d7e0b83914a95021de729f52fde744cb02bc905c3c8c0e0ef642c448b014b2dbcf21250f8f891c182ca05cb6eb6e023ead5304bb8d7cad41a18b0f75fb80688aec364b873aab7e45a5fd07507c7bb6a93cb46892b90134f50331e332458ea32666898736eac057e6e6ea8656bffc633e76b313df8af0f51467d9907874d22c0e6a7461e1ad7cc8bccc598a43a749a5d7ad1705b2885298cd985365ca9b11fc3dfec81900621368db8b6f70319c54001b8a646325e7984577ec85114d5e2e4d94b082707e75b6e93156bc1788748af", 0xfbe}], 0x2)
r3 = socket$inet(0x2, 0x3, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x1c0, 0xe138, 0x198, 0x1c0, 0x198, 0x358, 0x358, 0x358, 0x358, 0x358, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0005000000000000000404fff0cf81dfd28c89544e14cd3e01dd24289831867846c88621039b284c3ff45c42995560a99952bed40cf5a8b9fb6133db7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a7dbaae5592e8b15900000100", 0x8}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:system_cron_spool_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x450)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='mm_page_alloc\x00'}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000500)={'pim6reg0\x00', 0x232})
ioctl$TUNSETTXFILTER(r4, 0x400454d1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x28011, 0xffffffffffffffff, 0x0)

4.978485534s ago: executing program 1 (id=1463):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
ftruncate(r3, 0x8001)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r4, 0x0, 0x4, &(0x7f0000000040)="9f", 0x1)
getsockopt$inet_opts(r4, 0x0, 0x4, 0x0, &(0x7f0000000240))
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

4.936220592s ago: executing program 4 (id=1464):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
prctl$PR_PAC_RESET_KEYS(0x36, 0x0)

4.904838413s ago: executing program 2 (id=1465):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r0, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000140)="dc", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000000)=[@in], 0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, r2}, 0x10)

4.880299768s ago: executing program 4 (id=1466):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)

4.568075978s ago: executing program 0 (id=1467):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_TARGET={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

4.375465105s ago: executing program 4 (id=1468):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x58, 0x2, 0x6, 0x301, 0x6c, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x58}}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
lseek(r2, 0xd7, 0x0)
syz_emit_ethernet(0x168, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd687c6c9e01322ffdfc010000000000000000000000000000000000000000000000ffff7f000001211004083f680700ff020000000000000000000000000001ff010000000000000000000000000001fc020000000000000000000000000001fe880000000000000000000000000001fe80000000000000000000000000007ffc00000000000000000000000000000000000000000000000000ffffac1414aaff0100000000000000000000000000012b0006506500000033020000000000000401090502000801050000000000c20400000008000000002f0c04060640000000000000000000000000000000000000fc00000000000000000000000000000100000000000000000000ffff640101010000000000000000000000000000000100000000000000000000ffffe0000002fe8000000000000000000000000000aa16000649670000006d9b0068a4220c4a06619e191cabd29adf3a00"], 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r3, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800b00010067656e6576650000280002800000000000000000000000000000060005000000000008000b400000001f"], 0x58}}, 0x0)
r7 = open_tree(r4, &(0x7f0000000240)='\x00', 0x89901)
fchdir(r7)
close(r7)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x6, 0x8001, 0x0, 0x400, 0x35ec, 0x1000, 0x6}, 0x1c)
open$dir(&(0x7f0000000000)='./file0/../file0/file0\x00', 0x0, 0x0)
r8 = getpid()
r9 = syz_pidfd_open(r8, 0x0)
r10 = pidfd_getfd(r9, r9, 0x0)
setns(r10, 0x66020000)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@fadd={0x58, 0x114, 0x6, {{}, &(0x7f0000001480), 0x0}}], 0x58}, 0x0)
ioctl$AUTOFS_IOC_FAIL(r0, 0x80044941, 0x100000000000000)

3.721466752s ago: executing program 1 (id=1469):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000002c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x2081, 0x10000002})

3.653928708s ago: executing program 1 (id=1470):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x25)
close_range(r3, 0xffffffffffffffff, 0x2)
sendmsg$nl_generic(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x24008000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f00000002c0), 0x3, 0x4000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x1a8, 0xffffffff, 0xffffffff, 0x1a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'sit0\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xf0, 0x0, {}, [@common=@ttl={{0x28}}, @common=@icmp={{0x28}, {0x0, "fe00"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'ipvlan1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)

3.480523036s ago: executing program 0 (id=1471):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0xd, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000d40)={r1}, 0xc)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4)
sendto$packet(r2, &(0x7f00000000c0)="3f030278a8900100db901e0089e9aaa911d7c2290f2b86dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x10048, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

3.479792535s ago: executing program 2 (id=1472):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0xd)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0xffffffffffffffff, 0x12)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r7, &(0x7f0000000300), 0x10)
listen(r7, 0x0)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
close_range(r6, 0xffffffffffffffff, 0x0)

3.350621146s ago: executing program 4 (id=1473):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket(0x0, 0x2, 0x6)
creat(0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001d00)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720a23fe000000008500000012000000b70000000000000095000000000000004e6258941c823b7505608556ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd42abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ef88bc333fbcec0ea4334844d232279ae95a90fd41d528f58d305000000435883df6c10ce86188c92292b2d0226082960be682836bdff8b0971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da000ef78df03000000d19913a5fb03c79dac2e489f68127892658115e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517000026637b4c34bf2d0aa304ed42bf70480e9e97203fd169411f37fddd1f7fbe16dbbc0f307bceb5064f388a0350c3dc928b0e638b1e2b2a9d25264233e5d45eb377f56b95241024dbe30f67191c2b56b70328d6d3215dfffe5d89af1d10599bd494d921d1fb2db99b6aba0fa978f41eb1d4c553e5a9326ed550c13f8dd36716a899a1e79234294707c5312b924d142c17b20bb80ee202222c03fa84ccc374e717f694018630366397266090a82343aedfbf7afe892390c2eb775b0d16073da2229958db05de7df6ab7600004000010000006d8081cb3bf251d906c00da0e23b50465f8394820be571e3592d0000c7ef10fdc462e7040e7074ec43aa461fc54401a76406db718d4efd6c1bd10ce1d087cf9bba461162555a95524c84df0952d32093082b7aa71304e0d2d9ec310d1b676b378a5879e47941de1a28c3a8f400000000000000000e032b7d2badd0bc6617a859b7ac273b6304555f664469cec152030f06cc0ca1765838eb5590264736fbccfc3a8f4e3b10daf6a275daf5db2dac7096fe8ac8876acaad043663b3b0fedb05e6d31408fa20140c9d2db1c59ac8a3ce28e489d67d87d3a107ccea3007f58f2c5017e8807107f79ac50cc1d4f546b4443d137eb706b71b1767a10cca7a7c82b76c96e874aff249f36329a6526b354b6e674b08f7ef492b804c4b08fb10de807d79fd782027318cd7632e22d2faa16209272b39b5ec8d239832ea02cc88e249a2e77753a58987547571fbc8de747faab724bebb6401412b496e078fcb6c78ab447e871b76a8b0506f49594aa1d610567e14d739a60ff3ce04d0d2e5681e787c7e1ad25467bb81f2f448128207fe07a83759ec30cf9e0a3fd3f2fcee97fe8d273f8e712a8a64eaf2d89a1fa44554357fcd7ab531ff7a41c27164fca430a62d015b477de61853f5ee2e25b00a63642ec32ece2ff3bb5883deb895f52a923b5c744d8dccdd6a09ded8b90f1eeda8e6e884a4f090edb6ab9fc8107846508d51f3735493d5860cf80200ce31b92eb3563d485b5a7d192092d7a9fd2bc67d305d1d4573aad5f6501d1cd27657ce17330402dacb78d72d776330711645eed7d4c292f4448733c0826c4eb950f3d40457f82d7f792d106518f6bde874aff9e2bea7d73f74bebeeacfc700"/1267], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x300f000, 0xb, 0x0, &(0x7f0000000080)="0069c2704ade28eddb0000", 0x0, 0x48b8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="3800000012002102000000000000000007000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x38}}, 0x0)
lseek(r2, 0x7ff, 0x0)
getdents64(r2, 0x0, 0x10)

3.29216564s ago: executing program 0 (id=1474):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.642220395s ago: executing program 1 (id=1475):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = eventfd(0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78)
write$cgroup_devices(r2, &(0x7f0000002240)=ANY=[@ANYRES16, @ANYRESOCT], 0x8)
close(r2)
socket$inet_udp(0x2, 0x2, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
rt_sigreturn()
poll(0x0, 0x0, 0x64)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
dup(0xffffffffffffffff)
r3 = socket(0x1, 0x2, 0x0)
recvmsg$inet_nvme(r3, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0)
r5 = eventfd(0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002e40)='/sys/kernel/address_bits', 0x0, 0x0)
dup3(r5, r6, 0x0)
read$FUSE(r6, &(0x7f0000000140)={0x2020}, 0x2020)
close(r4)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x1c9c380}}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

2.577833297s ago: executing program 2 (id=1476):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
prctl$PR_PAC_RESET_KEYS(0x36, 0x0)

2.460237795s ago: executing program 0 (id=1477):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080))
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)

2.452684899s ago: executing program 2 (id=1478):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, 0x0, 0x0)

2.393421099s ago: executing program 0 (id=1479):
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000001900)=ANY=[], 0xfd, 0x22e, &(0x7f0000000c00)="$eJzs2k+LW1UYwOH3dkZap0wT8R8tiAfd6ObSZOXCRQdpQQwo2ggqSG+dGw3JJENuGIhIOzu3fgTX4tKdIP0Cs/ETdOFuNrPsQrzSptiZEsFabNQ8zyYvnPzgXE4IZ3EP3/xmZ9Cr8l4xjVNZFuuXYj/uZNGMU7EWc/vx+o03br/0wUcfv7PV6Vx+P6UrW1db7ZTSuZd/+uSr71+5NT374Q/nfjwdB81PD4/avxy8cHD+8LerX/Sr1K/SaDxNRbo+Hk+L68MybferQZ7Se8OyqMrUH1Xl5MR6bzje3Z2lYrS9ubE7KasqFaNZGpSzNB2n6WSWis+L/ijleZ42N4LH0f3uTl3HUf3Utajr+ulv4+yt2LwdjcieSdmzl7Lnr2Uv7mfnj+q6seyt8o9w/qvN+a8257/ajl3qzkTsfL3X3evOP+frW73oxzDKuBiN+DXu/kzum89X3u5cvpjuaUbauXm/v7nXXTvZt6IRzcV9a96nk/3p2Djet6MRzy3u2wv7M/Haq8f6PBrx82cxjmFsx932QX+jldJb73Ye6i/c+x4AwP9Nnv6w8P6W53+2Pu8f4X740P1qPS6sL/fZiahmXw6K4bCcGP7qkP2Nai3+JZs3rM5QZ4+TL/ufiSfhwaEveycAAAAAAAAAAAA8iifxNuKynxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+G/4PQAA//9R0vDu")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000b00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

2.391588268s ago: executing program 3 (id=1480):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
ftruncate(r3, 0x8001)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r4, 0x0, 0x4, &(0x7f0000000040)="9f", 0x1)
getsockopt$inet_opts(r4, 0x0, 0x4, 0x0, &(0x7f0000000240))
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.341069711s ago: executing program 4 (id=1481):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x7fdf, 0x1}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000711221000000000095000000000000000842d6873aada8afa8bbff1b39bd9b5476967f0c9fb5793fb31816ba9188aafce5d922e6349b93f7cea6021bd547458a342f3ea33381e7c688faa78eec7fbf0bb25c21f3864a90469bef1c3e0a1f9f578cac1aa56eaca5ccf44a793de21f40cdfb21bcdaf792f93049e2fbe72412699c7e1ffa692a21e2a0576504aea34e7279d723b32a153cd46d9009a887079925f1e6a24355b59cd9870b389b9ba593ea7680bb37284d46ca4abac7281a81852e50ec6f0905040a478890f596041eb68066d1"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r2)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
write$cgroup_subtree(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="80fd", @ANYRES64=r1], 0x9)

2.339237734s ago: executing program 2 (id=1482):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_TARGET={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

1.849874774s ago: executing program 0 (id=1484):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
read(r1, &(0x7f0000001600)=""/233, 0xe9)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000040), 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000080), 0x0, 0x4)
ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa08, &(0x7f0000000180)={&(0x7f000063c000/0x4000)=nil, 0x4000})

1.651878491s ago: executing program 1 (id=1485):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000b80)={0x3f, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_COPY$syz(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x10000, 0x0, r1, 0x0, 0xffffffffffffffff})

1.384165185s ago: executing program 1 (id=1486):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x25)
close_range(r3, 0xffffffffffffffff, 0x2)
sendmsg$nl_generic(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x24008000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f00000002c0), 0x3, 0x4000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x240, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x1a8, 0xffffffff, 0xffffffff, 0x1a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'sit0\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xf0, 0x0, {}, [@common=@ttl={{0x28}}, @common=@icmp={{0x28}, {0x0, "fe00"}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'ipvlan1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0)

1.360298567s ago: executing program 2 (id=1487):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

0s ago: executing program 3 (id=1488):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
prctl$PR_PAC_RESET_KEYS(0x36, 0x0)

kernel console output (not intermixed with test programs):

(loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  280.361161][ T8009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.479749][ T8009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.622506][ T8274] loop0: detected capacity change from 0 to 1024
[  280.798166][ T2853] bridge_slave_1: left allmulticast mode
[  280.807812][ T2853] bridge_slave_1: left promiscuous mode
[  280.819071][ T2853] bridge0: port 2(bridge_slave_1) entered disabled state
[  280.841695][ T2853] bridge_slave_0: left allmulticast mode
[  280.852883][ T2853] bridge_slave_0: left promiscuous mode
[  280.857165][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.872466][ T2853] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.877777][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.895752][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.903287][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.915971][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.923449][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.935728][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.943291][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.951469][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.959316][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.969740][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.987437][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  280.995427][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.013636][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.021806][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.030074][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.043455][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.051773][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.060850][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.069125][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.076709][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.084655][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.093858][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.102286][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.111154][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.168910][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.177410][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.256713][   T29] audit: type=1326 audit(1721290494.778:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8281 comm="syz.0.807" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x0
[  281.290717][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.298603][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.991546][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  281.999107][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.006647][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.014070][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.029866][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.037553][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.045007][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.056023][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.063567][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.071187][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.078776][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.086285][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.094096][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.104362][ T5156] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  282.117089][ T5156] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  282.589885][ T2853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  282.602447][ T2853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  282.618290][ T2853] bond0 (unregistering): Released all slaves
[  282.635566][ T8278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.806'.
[  282.858606][ T8304] netlink: 16 bytes leftover after parsing attributes in process `syz.0.812'.
[  282.988319][ T8310] loop0: detected capacity change from 0 to 128
[  283.011202][ T8310] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  283.025206][ T8310] ext4 filesystem being mounted at /132/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  283.167039][ T8310] syz.0.815 (pid 8310) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  283.279932][ T5956] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  284.610683][   T54] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  284.625727][   T54] Bluetooth: hci3: Injecting HCI hardware error event
[  284.643942][ T5111] Bluetooth: hci3: hardware error 0x00
[  285.148369][ T8009] hsr_slave_0: entered promiscuous mode
[  285.154784][ T8009] hsr_slave_1: entered promiscuous mode
[  285.177781][ T8009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  285.192102][ T8009] Cannot create hsr debugfs directory
[  285.522801][ T8322] loop3: detected capacity change from 0 to 764
[  285.548874][ T8322] iso9660: Bad value for 'mode'
[  285.828329][ T8340] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.822'.
[  285.988992][ T2853] hsr_slave_0: left promiscuous mode
[  286.005476][ T2853] hsr_slave_1: left promiscuous mode
[  286.020472][ T2853] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  286.049406][ T2853] batman_adv: batadv0: Removing interface: batadv_slave_0
[  286.066150][ T2853] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  286.073603][ T2853] batman_adv: batadv0: Removing interface: batadv_slave_1
[  286.137319][ T2853] veth1_macvtap: left promiscuous mode
[  286.143186][ T2853] veth0_macvtap: left promiscuous mode
[  286.153561][ T2853] veth1_vlan: left promiscuous mode
[  286.161443][ T2853] veth0_vlan: left promiscuous mode
[  286.759241][ T5111] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  287.036200][ T2853] team0 (unregistering): Port device team_slave_1 removed
[  287.091384][ T2853] team0 (unregistering): Port device team_slave_0 removed
[  287.584477][ T8344] netlink: 260 bytes leftover after parsing attributes in process `syz.3.824'.
[  288.386803][ T7952] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  288.650681][ T7952] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  288.664990][ T8367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.828'.
[  288.678066][ T5111] Bluetooth: hci2: command 0x0406 tx timeout
[  288.742754][ T7952] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  288.776080][   T29] audit: type=1326 audit(1721290502.358:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8366 comm="syz.2.828" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d77775a99 code=0x0
[  288.893268][ T7952] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  289.012101][ T8378] netlink: 24 bytes leftover after parsing attributes in process `syz.3.832'.
[  289.368720][ T8384] netlink: 260 bytes leftover after parsing attributes in process `syz.0.834'.
[  289.679514][ T8390] loop2: detected capacity change from 0 to 8
[  289.689506][ T8390] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  289.716604][ T8389] block nbd2: shutting down sockets
[  289.848355][ T8388] cramfs: bad data blocksize 4294966936
[  289.855113][ T8388] cramfs: bad data blocksize 524460
[  289.860577][ T8388] cramfs: bad data blocksize 4294966936
[  289.986382][   T29] audit: type=1800 audit(1721290503.458:25): pid=8388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.833" name="file2" dev="loop2" ino=348 res=0 errno=0
[  290.394430][ T7952] 8021q: adding VLAN 0 to HW filter on device bond0
[  290.418770][ T7952] 8021q: adding VLAN 0 to HW filter on device team0
[  290.645167][  T927] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.652406][  T927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.569820][ T8009] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  291.587830][ T8009] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  291.693420][ T8415] loop2: detected capacity change from 0 to 512
[  291.704314][ T8415] EXT4-fs: Ignoring removed nomblk_io_submit option
[  291.714792][ T8415] EXT4-fs: Ignoring removed oldalloc option
[  291.783774][ T8415] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.843: invalid indirect mapped block 11 (level 0)
[  291.804277][ T8415] EXT4-fs (loop2): Remounting filesystem read-only
[  291.864280][ T8415] EXT4-fs (loop2): 1 truncate cleaned up
[  291.884142][ T8415] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  292.000379][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.745207][  T927] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.752527][  T927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.763437][ T8009] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  293.778707][ T8009] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  294.040463][ T8430] loop2: detected capacity change from 0 to 1024
[  294.076048][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.847'.
[  294.179206][ T8430] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.265140][ T8430] VFS: Lookup of 'file0' in ext4 loop2 would have caused loop
[  294.331065][ T8009] 8021q: adding VLAN 0 to HW filter on device bond0
[  294.427825][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.489645][ T8009] 8021q: adding VLAN 0 to HW filter on device team0
[  294.523010][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.530689][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  295.349312][ T8447] netlink: 'syz.2.851': attribute type 1 has an invalid length.
[  295.404698][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.411986][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  295.421657][ T8447] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.851'.
[  295.463542][ T8447] netlink: 'syz.2.851': attribute type 1 has an invalid length.
[  295.866605][ T7952] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.174642][ T7952] veth0_vlan: entered promiscuous mode
[  296.297108][ T7952] veth1_vlan: entered promiscuous mode
[  296.432587][ T8482] loop3: detected capacity change from 0 to 512
[  296.453710][ T7952] veth0_macvtap: entered promiscuous mode
[  296.484452][ T8482] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  296.503728][ T7952] veth1_macvtap: entered promiscuous mode
[  296.574627][ T8482] EXT4-fs (loop3): 1 orphan inode deleted
[  296.596010][ T8482] EXT4-fs (loop3): 1 truncate cleaned up
[  296.602591][ T8482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  296.682162][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.724139][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.775573][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.803814][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.842465][ T8482] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  296.866970][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.888876][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.911398][ T8479] loop2: detected capacity change from 0 to 4096
[  296.931670][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  296.942497][ T8482] EXT4-fs (loop3): Remounting filesystem read-only
[  296.962644][ T8482] EXT4-fs (loop3): error restoring inline_data for inode -- potential data loss! (inode 12, error -5)
[  296.976831][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  296.987120][ T8479] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  297.018010][ T7952] batman_adv: batadv0: Interface activated: batadv_slave_0
[  297.093424][ T8009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  297.128910][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.176206][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.207119][ T8500] loop0: detected capacity change from 0 to 1024
[  297.215792][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.256507][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.317527][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.343531][ T8500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.371914][ T8479] ntfs3: loop2: failed to convert "c46c" to iso8859-14
[  297.382076][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.392882][ T7952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  297.404398][ T7952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  297.427450][ T8500] VFS: Lookup of 'file0' in ext4 loop0 would have caused loop
[  297.530963][ T7952] batman_adv: batadv0: Interface activated: batadv_slave_1
[  297.547778][ T7395] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.577553][ T7952] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  297.588939][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.599139][ T7952] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  297.635969][   T54] Bluetooth: hci4: command tx timeout
[  297.636376][ T7952] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  297.664776][ T7952] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  298.137034][ T8520] netlink: 'syz.0.862': attribute type 1 has an invalid length.
[  298.151935][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.180569][ T8520] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.862'.
[  298.196556][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.222892][ T8520] netlink: 'syz.0.862': attribute type 1 has an invalid length.
[  298.428976][ T2853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.449877][ T8009] veth0_vlan: entered promiscuous mode
[  298.489022][ T2853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.533944][ T8009] veth1_vlan: entered promiscuous mode
[  298.712457][ T8009] veth0_macvtap: entered promiscuous mode
[  298.763387][ T8009] veth1_macvtap: entered promiscuous mode
[  298.861519][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  298.896017][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  298.925706][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  298.975728][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.021323][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.055793][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.089505][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.139031][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.165817][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.194250][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.217798][ T8009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  299.271954][ T8544] loop2: detected capacity change from 0 to 4096
[  299.284899][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  299.335800][ T8544] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  299.351416][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.397069][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  299.441012][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.465795][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  299.510234][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.521662][ T8544] ntfs3: loop2: failed to convert "076c" to cp932
[  299.528503][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  299.559391][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.585757][ T8009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  299.609840][ T8009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.645523][ T8009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  299.701872][ T8009] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  299.931574][ T8009] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  299.974236][ T8009] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  299.983230][ T8009] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.530930][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  300.991507][ T2802] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.041887][ T2802] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.212392][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.254176][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.532916][ T8607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.885'.
[  302.633173][   T29] audit: type=1326 audit(1721290516.198:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8606 comm="syz.0.885" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x0
[  302.776153][   T46] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  302.985882][   T46] usb 5-1: Using ep0 maxpacket: 8
[  302.986955][ T8628] netlink: 180 bytes leftover after parsing attributes in process `syz.2.891'.
[  303.004435][   T46] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  303.027141][ T8628] netlink: 'syz.2.891': attribute type 1 has an invalid length.
[  303.047549][   T46] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.059779][   T46] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  303.071546][   T46] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  303.087627][   T46] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  303.117928][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  303.148418][   T46] usb 5-1: SerialNumber: syz
[  303.180820][   T46] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  303.200797][   T46] usb-storage 5-1:1.0: USB Mass Storage device detected
[  303.233349][   T46] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  303.362844][ T8645] netlink: 40 bytes leftover after parsing attributes in process `syz.2.895'.
[  303.514703][ T8649] loop1: detected capacity change from 0 to 16
[  303.531076][ T8649] cramfs: Unknown parameter '/dev/input/mice'
[  304.152627][ T8649] loop1: detected capacity change from 0 to 4096
[  304.278233][ T8667] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  304.384913][ T8603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.423985][ T8603] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.625894][ T8680] netlink: 180 bytes leftover after parsing attributes in process `syz.0.904'.
[  304.637743][ T8680] netlink: 'syz.0.904': attribute type 1 has an invalid length.
[  304.852403][ T5158] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  304.865990][ T8686] netlink: 'syz.0.907': attribute type 1 has an invalid length.
[  304.889336][ T8686] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.907'.
[  304.929250][ T8686] netlink: 'syz.0.907': attribute type 1 has an invalid length.
[  305.065976][ T5158] usb 4-1: Using ep0 maxpacket: 16
[  305.117284][ T5158] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  305.162068][ T5158] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.211625][ T5158] usb 4-1: Product: syz
[  305.221021][ T5158] usb 4-1: Manufacturer: syz
[  305.238263][ T5158] usb 4-1: SerialNumber: syz
[  305.287771][ T5158] usb 4-1: config 0 descriptor??
[  305.932875][ T5158] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  306.423863][ T8706] loop1: detected capacity change from 0 to 2048
[  306.466718][ T5158] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  306.500859][ T5158] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  306.534866][ T8712] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  306.545763][ T5158] usb 4-1: media controller created
[  306.645009][ T5158] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  306.818649][ T5158] zl10353_read_register: readreg error (reg=127, ret==0)
[  306.866160][ T5158] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  307.103059][ T5158] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  307.132215][ T5158] usb 4-1: USB disconnect, device number 3
[  307.155851][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  307.402712][ T8732] loop2: detected capacity change from 0 to 8
[  307.412769][ T8732] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  307.520808][ T8732] cramfs: bad data blocksize 4294966936
[  307.526701][ T8732] cramfs: bad data blocksize 524460
[  307.532070][ T8732] cramfs: bad data blocksize 4294966936
[  307.640127][   T54] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  307.649471][   T54] Bluetooth: hci1: Injecting HCI hardware error event
[  307.661593][   T54] Bluetooth: hci1: hardware error 0x00
[  307.676865][   T29] audit: type=1800 audit(2000000002.530:27): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.916" name="file2" dev="loop2" ino=348 res=0 errno=0
[  307.944728][ T5158] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  307.969124][ T8731] block nbd2: shutting down sockets
[  308.193082][ T8733] input: syz1 as /devices/virtual/input/input25
[  308.260752][ T8736] netlink: 180 bytes leftover after parsing attributes in process `syz.3.917'.
[  308.322533][ T8736] netlink: 'syz.3.917': attribute type 1 has an invalid length.
[  308.417987][ T8741] loop2: detected capacity change from 0 to 512
[  308.460871][ T8741] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #12: comm syz.2.919: corrupted in-inode xattr: invalid ea_ino
[  308.474677][ T8741] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.919: couldn't read orphan inode 12 (err -117)
[  308.644200][   T29] audit: type=1326 audit(2000000003.630:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8717 comm="syz.0.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x7fc00000
[  308.701629][ T8741] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  309.021150][ T8759] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.919: Directory hole found for htree leaf block 0
[  310.629875][   T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  310.787430][ T5110] usb 5-1: USB disconnect, device number 6
[  311.042715][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.319403][ T8769] loop3: detected capacity change from 0 to 1024
[  311.747999][ T8769] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  311.759070][ T8769] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  311.768958][ T8769] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32907!=20869)
[  311.779067][ T8769] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  311.789608][ T8769] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal
[  312.138683][ T8774] Bluetooth: MGMT ver 1.23
[  312.469850][   T25] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  312.546943][ T8792] loop2: detected capacity change from 0 to 164
[  312.574478][ T8792] iso9660: Unknown parameter 'moje'
[  312.632864][ T8786] loop1: detected capacity change from 0 to 4096
[  312.643302][ T8795] netlink: 40 bytes leftover after parsing attributes in process `syz.0.933'.
[  312.711334][ T8786] ntfs3: Unknown parameter '0x0000000000000000017777777777777777777770xffffffffffffffff0xffffffffffffffff'
[  312.932659][   T25] usb 4-1: Using ep0 maxpacket: 16
[  313.100274][ T8799] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! 
[  313.100274][ T8799] cct.usage_percpu_sys'
[  313.195628][   T25] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  313.350114][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.439813][   T25] usb 4-1: Product: syz
[  313.617936][   T25] usb 4-1: Manufacturer: syz
[  313.630585][   T25] usb 4-1: SerialNumber: syz
[  313.688628][   T25] usb 4-1: config 0 descriptor??
[  313.736611][ T8800] input: syz0 as /devices/virtual/input/input26
[  314.200900][ T8808] random: crng reseeded on system resumption
[  315.078865][   T25] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  315.103555][   T25] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  315.116432][   T25] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  315.135809][   T25] usb 4-1: media controller created
[  315.183256][ T8814] loop0: detected capacity change from 0 to 256
[  315.484480][ T8814] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  315.890537][ T5110] kernel write not supported for file /dsp (pid: 5110 comm: kworker/0:3)
[  316.007698][   T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  316.072636][   T25] zl10353_read_register: readreg error (reg=127, ret==0)
[  316.082444][   T25] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  316.116311][   T25] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  316.161453][   T25] usb 4-1: USB disconnect, device number 4
[  316.388783][   T25] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  316.794242][ T8827] loop0: detected capacity change from 0 to 1024
[  316.827435][ T8827] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  316.838661][ T8827] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  316.848506][ T8827] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32907!=20869)
[  316.861072][ T8827] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  316.871279][ T8827] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal
[  317.326240][ T1246] ieee802154 phy0 wpan0: encryption failed: -22
[  317.332767][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
[  317.601591][ T8837] loop3: detected capacity change from 0 to 1024
[  317.707680][ T8837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  317.739315][ T8842] binder: 8839:8842 ioctl c018620c 20000200 returned -22
[  317.773214][ T8844] netlink: 596 bytes leftover after parsing attributes in process `syz.2.948'.
[  317.947107][   T25] kernel write not supported for file /dsp (pid: 25 comm: kworker/1:0)
[  318.069630][ T8850] loop4: detected capacity change from 0 to 64
[  318.364782][ T8837] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  318.426234][ T8837] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  318.472933][ T8850] loop4: detected capacity change from 0 to 4096
[  318.497547][ T8837] EXT4-fs (loop3): This should not happen!! Data will be lost
[  318.497547][ T8837] 
[  318.513949][ T8850] ntfs3: Unknown parameter 'iochars;��\W|��set'
[  318.524894][ T8837] EXT4-fs (loop3): Total free blocks count 0
[  318.545557][ T8837] EXT4-fs (loop3): Free/Dirty block details
[  318.614358][ T8821] loop1: detected capacity change from 0 to 40427
[  318.622566][ T8837] EXT4-fs (loop3): free_blocks=68451041280
[  318.632378][ T8850] syz.4.951[8850] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  318.632520][ T8850] syz.4.951[8850] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  318.655502][ T8821] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288)
[  318.661459][ T8837] EXT4-fs (loop3): dirty_blocks=16
[  318.699973][ T8821] F2FS-fs (loop1): heap/no_heap options were deprecated
[  318.712052][ T8831] loop0: detected capacity change from 0 to 32768
[  318.720889][ T8821] F2FS-fs (loop1): invalid crc value
[  318.728998][ T8837] EXT4-fs (loop3): Block reservation details
[  318.743022][ T8821] F2FS-fs (loop1): invalid crc value
[  318.753426][ T8850] hub 6-0:1.0: USB hub found
[  318.759482][ T8821] F2FS-fs (loop1): Failed to get valid F2FS checkpoint
[  318.769941][ T5110] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  318.788295][ T8850] hub 6-0:1.0: 1 port detected
[  318.830227][ T8831] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  318.856720][ T8837] EXT4-fs (loop3): i_reserved_data_blocks=1
[  318.930940][ T8865] loop1: detected capacity change from 0 to 256
[  318.972025][ T8831] XFS (loop0): Ending clean mount
[  318.998217][ T5110] usb 3-1: Using ep0 maxpacket: 8
[  319.026208][ T5110] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  319.068148][ T5110] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.104939][ T8865] FAT-fs (loop1): Directory bread(block 64) failed
[  319.122086][ T5110] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  319.145318][ T8865] FAT-fs (loop1): Directory bread(block 65) failed
[  319.154512][ T8868] loop4: detected capacity change from 0 to 4096
[  319.161859][ T5110] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  319.185372][ T8865] FAT-fs (loop1): Directory bread(block 66) failed
[  319.203164][ T8865] FAT-fs (loop1): Directory bread(block 67) failed
[  319.215385][ T5110] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  319.224876][ T8868] NILFS (loop4): invalid segment: Checksum error in segment payload
[  319.243272][ T8865] FAT-fs (loop1): Directory bread(block 68) failed
[  319.246946][ T8868] NILFS (loop4): trying rollback from an earlier position
[  319.261228][ T5110] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  319.285128][ T5956] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  319.295582][ T8865] FAT-fs (loop1): Directory bread(block 69) failed
[  319.302319][ T5110] usb 3-1: SerialNumber: syz
[  319.308479][ T8865] FAT-fs (loop1): Directory bread(block 70) failed
[  319.315056][ T8865] FAT-fs (loop1): Directory bread(block 71) failed
[  319.324247][ T8868] NILFS (loop4): recovery complete
[  319.333755][ T5110] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  319.367585][ T5110] usb-storage 3-1:1.0: USB Mass Storage device detected
[  319.375219][ T8865] FAT-fs (loop1): Directory bread(block 72) failed
[  319.386139][ T8865] FAT-fs (loop1): Directory bread(block 73) failed
[  319.392886][ T8870] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  319.407967][ T5110] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  319.438385][ T7395] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  319.503284][ T8865] syz.1.954: attempt to access beyond end of device
[  319.503284][ T8865] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  319.517814][ T8865] syz.1.954: attempt to access beyond end of device
[  319.517814][ T8865] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256
[  319.555678][   T29] audit: type=1800 audit(2000000010.480:29): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.954" name="file0" dev="loop1" ino=1048640 res=0 errno=0
[  319.602950][ T8872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.603417][ T8872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  319.871523][ T8878] binder: 8877:8878 ioctl c018620c 20000200 returned -22
[  320.000670][   T35] kworker/u8:2: attempt to access beyond end of device
[  320.000670][   T35] loop1: rw=1, sector=1224, nr_sectors = 32 limit=256
[  320.014133][ T8881] netlink: 596 bytes leftover after parsing attributes in process `syz.4.960'.
[  320.048573][   T35] kworker/u8:2: attempt to access beyond end of device
[  320.048573][   T35] loop1: rw=1, sector=1352, nr_sectors = 96 limit=256
[  320.262773][ T8891] loop3: detected capacity change from 0 to 64
[  320.344886][ T8888] evm: overlay not supported
[  320.438244][ T8888] syz.1.962[8888] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  320.438421][ T8888] syz.1.962[8888] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  320.584808][ T8891] loop3: detected capacity change from 0 to 4096
[  320.638998][ T8891] ntfs3: Unknown parameter 'iochars;��\W|��set'
[  320.758908][ T8891] syz.3.965[8891] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  320.759071][ T8891] syz.3.965[8891] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  320.869283][ T8891] hub 6-0:1.0: USB hub found
[  320.916044][ T5110] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  320.938825][ T8891] hub 6-0:1.0: 1 port detected
[  320.939515][ T8904] binder: 8903:8904 ioctl c018620c 20000200 returned -22
[  321.020461][ T8900] loop1: detected capacity change from 0 to 8192
[  321.103310][   T25] usb 3-1: USB disconnect, device number 6
[  321.116611][ T5110] usb 1-1: Using ep0 maxpacket: 16
[  321.132437][ T5110] usb 1-1: config 0 has an invalid interface number: 35 but max is 0
[  321.165348][ T5110] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.184244][ T8909] input: syz1 as /devices/virtual/input/input27
[  321.203471][ T5110] usb 1-1: config 0 has no interface number 0
[  321.257646][ T5110] usb 1-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  321.308329][ T8913] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.973'.
[  321.341447][ T5110] usb 1-1: New USB device found, idVendor=046d, idProduct=c291, bcdDevice=e2.9b
[  321.376317][ T5110] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.385544][ T5110] usb 1-1: Product: syz
[  321.411604][ T5110] usb 1-1: Manufacturer: syz
[  321.432603][ T5110] usb 1-1: SerialNumber: syz
[  321.456496][ T5110] usb 1-1: config 0 descriptor??
[  321.507778][ T8917] loop3: detected capacity change from 0 to 2048
[  321.586123][ T8920] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  322.235121][ T8928] xt_NFQUEUE: number of total queues is 0
[  322.939715][ T8899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  323.022518][ T8899] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  323.219180][ T8937] netem: unknown loss type 0
[  323.246287][ T8937] netem: change failed
[  323.267807][   T46] usb 1-1: USB disconnect, device number 9
[  323.289388][ T8939] loop3: detected capacity change from 0 to 64
[  323.407224][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  323.606855][ T8939] loop3: detected capacity change from 0 to 4096
[  323.637461][ T8939] ntfs3: Unknown parameter 'iochars;��\W|��set'
[  323.707101][ T8949] netlink: 596 bytes leftover after parsing attributes in process `syz.4.987'.
[  323.805348][ T8939] syz.3.983[8939] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  323.805625][ T8939] syz.3.983[8939] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  323.909412][ T8939] hub 6-0:1.0: USB hub found
[  323.951288][ T8939] hub 6-0:1.0: 1 port detected
[  323.954212][ T8956] loop1: detected capacity change from 0 to 164
[  323.988245][ T8956] iso9660: Unknown parameter 'moje'
[  324.476522][ T8967] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! 
[  324.476522][ T8967] cct.usage_percpu_sys'
[  324.590759][    C0] eth0: bad gso: type: 1, size: 1408
[  324.996313][ T8969] netem: unknown loss type 0
[  325.044029][ T8969] netem: change failed
[  325.288887][   T46] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  325.479444][ T8979] random: crng reseeded on system resumption
[  326.095867][   T46] usb 1-1: Using ep0 maxpacket: 8
[  326.123341][   T46] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  326.141596][   T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  326.188280][   T46] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.235932][   T46] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  326.261077][ T8981] syz.3.999[8981] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  326.261251][ T8981] syz.3.999[8981] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  326.273491][   T46] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  326.331042][   T46] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  326.348036][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  326.360859][   T46] usb 1-1: SerialNumber: syz
[  326.380244][   T46] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  326.380689][   T46] usb-storage 1-1:1.0: USB Mass Storage device detected
[  326.409371][   T46] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  326.418415][   T25] usb 3-1: Using ep0 maxpacket: 16
[  326.500705][   T25] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  326.526994][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.545917][   T25] usb 3-1: Product: syz
[  326.560450][   T25] usb 3-1: Manufacturer: syz
[  326.565121][   T25] usb 3-1: SerialNumber: syz
[  326.613307][   T25] usb 3-1: config 0 descriptor??
[  326.630165][   T25] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  326.650921][ T8995] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  326.660434][ T8995] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  326.669285][ T8995] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  326.678082][ T8995] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  326.888856][ T8998] netlink: 'syz.3.1005': attribute type 29 has an invalid length.
[  326.927254][ T5187] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  326.958719][ T8998] netlink: 'syz.3.1005': attribute type 29 has an invalid length.
[  326.979889][ T8999] input: syz0 as /devices/virtual/input/input28
[  327.141615][ T8965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  327.156176][ T5187] usb 2-1: Using ep0 maxpacket: 16
[  327.194307][ T5187] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  327.223704][ T5187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.233161][ T9003] netlink: 12 bytes leftover after parsing attributes in process `syz.2.998'.
[  327.246286][ T8965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.262903][ T5187] usb 2-1: Product: syz
[  327.273217][ T5187] usb 2-1: Manufacturer: syz
[  327.283653][ T5187] usb 2-1: SerialNumber: syz
[  327.326152][ T5187] usb 2-1: config 0 descriptor??
[  327.627045][ T9004] loop3: detected capacity change from 0 to 4096
[  327.682972][ T9004] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  327.804617][ T5187] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  327.854864][ T5187] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  327.897591][ T5187] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  327.920868][ T5187] usb 2-1: media controller created
[  328.011356][   T29] audit: type=1800 audit(2000000018.950:30): pid=9004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1006" name="bus" dev="loop3" ino=33 res=0 errno=0
[  328.038534][ T5187] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  328.107776][   T29] audit: type=1800 audit(2000000018.950:31): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1006" name="bus" dev="loop3" ino=33 res=0 errno=0
[  328.157199][ T5187] zl10353_read_register: readreg error (reg=127, ret==0)
[  328.192360][ T5187] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  328.250512][ T5187] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  328.334026][ T5187] usb 2-1: USB disconnect, device number 7
[  328.489656][ T9011] netem: unknown loss type 0
[  328.533544][ T9011] netem: change failed
[  328.587498][ T9013] dlm: Unknown command passed to DLM device : 0
[  328.587498][ T9013] 
[  328.606692][ T5187] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  328.757207][   T25] gp8psk: usb in 128 operation failed.
[  328.764242][   T25] gp8psk: usb in 137 operation failed.
[  328.781375][   T25] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver error while loading driver (-22)
[  328.834598][   T25] dvb_usb_gp8psk 3-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22
[  328.898926][   T25] usb 3-1: USB disconnect, device number 7
[  328.922852][ T9015] loop4: detected capacity change from 0 to 764
[  329.052442][ T9015] Symlink component flag not implemented
[  329.059204][ T5187] usb 1-1: USB disconnect, device number 10
[  329.082666][ T9015] Symlink component flag not implemented (129)
[  329.252670][ T9025] loop1: detected capacity change from 0 to 1024
[  329.308140][ T9025] ext4: Unknown parameter 'nouser_xattr'
[  329.701174][ T9032] loop1: detected capacity change from 0 to 256
[  330.353261][ T9031] netlink: 'syz.4.1016': attribute type 29 has an invalid length.
[  330.451272][ T9034] netlink: 'syz.4.1016': attribute type 29 has an invalid length.
[  332.905823][ T5156] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  333.150724][ T9042] loop4: detected capacity change from 0 to 4096
[  333.212194][ T9042] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  333.255964][ T5156] usb 4-1: Using ep0 maxpacket: 16
[  333.275979][ T5156] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  333.285081][ T5156] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.305928][ T5156] usb 4-1: Product: syz
[  333.310457][ T5156] usb 4-1: Manufacturer: syz
[  333.315101][ T5156] usb 4-1: SerialNumber: syz
[  333.339415][ T5156] usb 4-1: config 0 descriptor??
[  333.392443][ T9055] loop2: detected capacity change from 0 to 4096
[  333.475200][   T29] audit: type=1800 audit(2000000024.410:32): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1019" name="bus" dev="loop4" ino=33 res=0 errno=0
[  333.564704][   T29] audit: type=1800 audit(2000000024.440:33): pid=9042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1019" name="bus" dev="loop4" ino=33 res=0 errno=0
[  333.585020][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.627166][ T9055] ntfs3: loop2: ino=21, The size of extended attributes must not exceed 64KiB
[  334.022410][ T5156] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  334.037045][ T5156] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  334.051361][ T5156] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  334.060587][ T5156] usb 4-1: media controller created
[  334.094667][ T5156] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  334.115812][ T5110] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  334.154092][ T9064] random: crng reseeded on system resumption
[  334.842352][ T5156] zl10353_read_register: readreg error (reg=127, ret==0)
[  334.876305][ T5156] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  334.905986][ T5156] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  334.942633][ T5156] usb 4-1: USB disconnect, device number 5
[  335.035813][ T5110] usb 1-1: Using ep0 maxpacket: 8
[  335.047625][ T5110] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  335.059444][ T5156] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  335.086596][ T5110] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.134811][ T5110] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  335.166155][ T5110] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  335.198884][ T5110] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  335.215767][ T5110] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  335.223856][ T5110] usb 1-1: SerialNumber: syz
[  335.259486][ T5110] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  335.308772][ T5110] usb-storage 1-1:1.0: USB Mass Storage device detected
[  335.341101][ T5110] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  335.572378][ T9075] syz.1.1030[9075] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  335.572547][ T9075] syz.1.1030[9075] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  335.873811][ T9063] loop2: detected capacity change from 0 to 32768
[  335.941054][ T9063] XFS: attr2 mount option is deprecated.
[  336.061456][ T9087] loop3: detected capacity change from 0 to 4096
[  336.068961][ T9060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  336.095754][ T9087] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  336.114150][ T9086] loop4: detected capacity change from 0 to 4096
[  336.122541][ T9086] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  336.131973][ T9063] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  336.151608][ T9060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.365094][ T9087] ntfs3: loop3: failed to convert "c46c" to iso8859-14
[  336.400781][   T29] audit: type=1800 audit(2000000027.340:34): pid=9086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1036" name="bus" dev="loop4" ino=33 res=0 errno=0
[  336.485184][   T29] audit: type=1800 audit(2000000027.340:35): pid=9098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1036" name="bus" dev="loop4" ino=33 res=0 errno=0
[  336.645592][ T9063] XFS (loop2): Ending clean mount
[  336.719678][ T9063] XFS (loop2): Quotacheck needed: Please wait.
[  336.826740][ T9063] XFS (loop2): Quotacheck: Done.
[  337.280490][ T7584] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  337.393843][ T9108] loop3: detected capacity change from 0 to 164
[  337.421229][ T9108] iso9660: Bad value for 'mode'
[  337.557662][ T9112] loop3: detected capacity change from 0 to 1024
[  337.615808][ T9112] hfsplus: request for non-existent node 3 in B*Tree
[  337.647359][ T9112] hfsplus: request for non-existent node 3 in B*Tree
[  337.842873][ T9101] loop1: detected capacity change from 0 to 40427
[  337.862184][ T9101] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288)
[  337.879544][ T9101] F2FS-fs (loop1): heap/no_heap options were deprecated
[  338.253422][ T5187] usb 1-1: USB disconnect, device number 11
[  338.976393][ T9137] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1042'.
[  338.989129][ T9119] loop4: detected capacity change from 0 to 32768
[  339.013955][ T9119] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  339.013955][ T9119] clean (size 2912):
[  339.013955][ T9119] flags:          0
[  339.013955][ T9119] journal_seq:    8
[  339.013955][ T9119] prio_ptrs: 
[  339.013955][ T9119] usage: type=key_version v=0
[  339.013955][ T9119] usage: type=reserved v=0
[  339.013955][ T9119] usage: type=reserved v=0
[  339.013955][ T9119] usage: type=reserved v=0
[  339.013955][ T9119] usage: type=reserved v=0
[  339.013955][ T9119] data_usage: btree: 1/1 [0]=2816
[  339.013955][ T9119] data_usage: journal: 1/1 [0]=0
[  339.013955][ T9119] data_usage: user: 1/1 [0]=32
[  339.013955][ T9119] dev_usage: dev=0  
[  339.013955][ T9119]   free: buckets=83 sectors=0 fragmented=0
[  339.013955][ T9119]   sb: buckets=25 sectors=6152 fragmented=248
[  339.013955][ T9119]   journal: buckets=8 sectors=2048 fragmented=0
[  339.013955][ T9119]   btree: buckets=11 sectors=2816 fragmented=0
[  339.013955][ T9119]   user: buckets=1 sectors=32 fragmented=224
[  339.013955][ T9119]   cached: buckets=0 sectors=0 fragmented=0
[  339.013955][ T9119]   parity: buckets=0 sectors=0 fragmented=0
[  339.013955][ T9119]   stripe: buckets=0 sectors=0 fragmented=0
[  339.013955][ T9119]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  339.013955][ T9119]   need_discard: buckets=0 sectors=0 fragmented=0
[  339.013955][ T9119] clock: read=0
[  339.013955][ T9119] clock: write=1288
[  339.013955][ T9119] btree_root: btree=extents l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 w
[  339.014239][ T9119] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  339.785806][ T5149] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  339.801073][ T9130] loop3: detected capacity change from 0 to 32768
[  339.816539][ T9130] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1051 (9130)
[  339.846905][ T9130] BTRFS info (device loop3): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  339.860653][ T9130] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  339.881011][ T9152] loop2: detected capacity change from 0 to 512
[  339.892784][ T9130] BTRFS info (device loop3): using free-space-tree
[  339.933219][ T9152] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal
[  339.985852][ T5149] usb 1-1: Using ep0 maxpacket: 8
[  339.991898][ T9152]  nullb0: [POWERTEC] p1 p2 p3 p4
[  340.012725][ T5149] usb 1-1: New USB device found, idVendor=07c4, idProduct=a109, bcdDevice= f.59
[  340.024199][ T9152] nullb0: p1 start 1986356271 is beyond EOD, truncated
[  340.031682][ T5149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.063355][ T5149] usb 1-1: Product: syz
[  340.080422][ T5149] usb 1-1: Manufacturer: syz
[  340.089842][ T5149] usb 1-1: SerialNumber: syz
[  340.109890][ T5149] usb 1-1: config 0 descriptor??
[  340.111478][ T9152] nullb0: p2 start 1068017860 is beyond EOD, 
[  340.127201][ T5149] ums-datafab 1-1:0.0: USB Mass Storage device detected
[  340.143069][ T9152] truncated
[  340.163369][ T9152] nullb0: p3 start 2952576660 is beyond EOD, truncated
[  340.216033][   T29] audit: type=1800 audit(2000000031.150:36): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1051" name="file1" dev="loop3" ino=260 res=0 errno=0
[  340.336320][ T5149] ums-sddr55 1-1:0.0: USB Mass Storage device detected
[  340.446912][ T9148] loop1: detected capacity change from 0 to 32768
[  340.490654][ T9148] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1058 (9148)
[  340.530908][ T5149] usb 1-1: USB disconnect, device number 12
[  340.547725][ T7395] BTRFS info (device loop3): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  340.571082][ T9148] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  340.617957][ T9148] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  340.666682][ T9148] BTRFS info (device loop1): using free-space-tree
[  340.811747][ T9181] loop2: detected capacity change from 0 to 4096
[  342.154357][ T9224] loop3: detected capacity change from 0 to 512
[  342.214754][ T9224] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal
[  342.336362][ T9224]  nullb0: [POWERTEC] p1 p2 p3 p4
[  342.346119][ T9224] nullb0: p1 start 1986356271 is beyond EOD, truncated
[  342.353053][ T9224] nullb0: p2 start 1068017860 is beyond EOD, truncated
[  342.395612][ T9224] nullb0: p3 start 2952576660 is beyond EOD, truncated
[  348.598497][   T12] bridge_slave_1: left allmulticast mode
[  348.635734][   T12] bridge_slave_1: left promiscuous mode
[  348.641575][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.730066][   T12] bridge_slave_0: left allmulticast mode
[  348.763980][   T12] bridge_slave_0: left promiscuous mode
[  348.800790][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  349.090795][ T9237] loop3: detected capacity change from 0 to 4096
[  349.707386][ T7952] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  350.024525][ T9257] loop4: detected capacity change from 0 to 128
[  350.292910][ T5111] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  350.307004][ T5111] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  350.325337][ T5111] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  350.350807][ T5111] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  350.372820][ T5111] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  350.388865][ T5111] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  350.691681][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  350.708295][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  350.719944][   T12] bond0 (unregistering): Released all slaves
[  350.737910][ T9271] program syz.4.1091 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  351.645402][ T9291] loop4: detected capacity change from 0 to 128
[  351.784418][ T9279] loop0: detected capacity change from 0 to 32768
[  351.808501][ T9279] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1094 (9279)
[  351.845228][ T9279] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  351.882595][ T9279] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  351.937688][ T9279] BTRFS info (device loop0): using free-space-tree
[  351.990063][   T12] hsr_slave_0: left promiscuous mode
[  352.013040][   T12] hsr_slave_1: left promiscuous mode
[  352.166346][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  352.224941][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  352.253674][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  352.274072][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  352.342689][ T9320] loop3: detected capacity change from 0 to 512
[  352.354906][   T12] veth1_macvtap: left promiscuous mode
[  352.363028][   T12] veth0_macvtap: left promiscuous mode
[  352.388911][   T12] veth1_vlan: left promiscuous mode
[  352.424060][ T9320] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1104: corrupted in-inode xattr: invalid ea_ino
[  352.444477][   T12] veth0_vlan: left promiscuous mode
[  352.446227][   T54] Bluetooth: hci5: command tx timeout
[  352.508066][ T9320] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1104: couldn't read orphan inode 15 (err -117)
[  352.550086][ T9320] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  353.059606][   T46] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  353.281755][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.293612][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.304092][   T46] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  353.323879][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.363232][   T46] usb 4-1: config 0 descriptor??
[  353.530499][ T9331] loop2: detected capacity change from 0 to 256
[  353.859555][   T46] uclogic 0003:5543:0522.0008: No inputs registered, leaving
[  353.894545][   T46] uclogic 0003:5543:0522.0008: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.3-1/input0
[  354.094116][ T9334] loop2: detected capacity change from 0 to 1024
[  354.196539][ T9334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  354.399180][   T12] team0 (unregistering): Port device team_slave_1 removed
[  354.415062][ T5956] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  354.492496][   T12] team0 (unregistering): Port device team_slave_0 removed
[  354.526802][   T54] Bluetooth: hci5: command tx timeout
[  354.798099][ T9338] loop0: detected capacity change from 0 to 512
[  354.823275][ T9338] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  354.834414][ T9338] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 2)!
[  354.838324][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.856557][ T9338] EXT4-fs (loop0): group descriptors corrupted!
[  354.944577][ T9340] loop2: detected capacity change from 0 to 128
[  355.387139][ T9343] No such timeout policy "syz0"
[  355.963130][ T9346] loop2: detected capacity change from 0 to 512
[  356.030822][ T9346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 ro without journal. Quota mode: writeback.
[  356.152636][ T9346] EXT4-fs: Ignoring sb option on remount
[  356.171457][ T9346] ext4: Unknown parameter 'obj_type'
[  356.201962][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  356.310165][ T9354] loop2: detected capacity change from 0 to 512
[  356.337891][ T9354] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal
[  356.367634][ T9354]  nullb0: [POWERTEC] p1 p2 p3 p4
[  356.387123][ T9354] nullb0: p1 start 1986356271 is beyond EOD, truncated
[  356.394005][ T9354] nullb0: p2 start 1068017860 is beyond EOD, truncated
[  356.428290][ T9354] nullb0: p3 start 2952576660 is beyond EOD, truncated
[  356.595963][   T54] Bluetooth: hci5: command tx timeout
[  356.627431][ T9325] batadv0: mtu less than device minimum
[  356.663900][ T5160] usb 4-1: USB disconnect, device number 6
[  356.814901][ T9261] chnl_net:caif_netlink_parms(): no params data found
[  356.854697][ T7395] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.910401][ T9363] loop4: detected capacity change from 0 to 8
[  356.921433][ T9363] squashfs: Unknown parameter '{PL'
[  356.997457][ T9365] loop2: detected capacity change from 0 to 128
[  357.365205][ T9261] bridge0: port 1(bridge_slave_0) entered blocking state
[  357.389841][ T9261] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.419243][ T9261] bridge_slave_0: entered allmulticast mode
[  357.443262][ T9261] bridge_slave_0: entered promiscuous mode
[  357.501109][ T9261] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.531863][ T9261] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.559933][ T9261] bridge_slave_1: entered allmulticast mode
[  357.599182][ T9261] bridge_slave_1: entered promiscuous mode
[  357.642389][ T9382] loop0: detected capacity change from 0 to 2048
[  357.756908][ T9261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  357.774588][ T9382] hpfs: filesystem error: improperly stopped; already mounted read-only
[  357.810100][ T9261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  357.835717][ T9382] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  357.883426][ T9382] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  358.036440][ T9397] batadv0: mtu less than device minimum
[  358.081198][ T9261] team0: Port device team_slave_0 added
[  358.139288][ T9261] team0: Port device team_slave_1 added
[  358.384762][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.818204][   T54] Bluetooth: hci5: command tx timeout
[  359.387295][ T9404] loop3: detected capacity change from 0 to 8
[  359.476751][ T9404] squashfs: Unknown parameter '{PL'
[  359.531241][ T9410] loop0: detected capacity change from 0 to 512
[  359.571442][ T9410] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  359.618299][ T9410] EXT4-fs (loop0): orphan cleanup on readonly fs
[  359.659472][ T9410] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz.0.1132: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0)
[  359.695836][ T5187] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  359.718134][ T9410] EXT4-fs error (device loop0): ext4_quota_enable:7025: comm syz.0.1132: Bad quota inode: 3, type: 0
[  359.772943][ T9417] loop3: detected capacity change from 0 to 128
[  359.799808][ T9410] EXT4-fs warning (device loop0): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  359.813570][ T9415] loop2: detected capacity change from 0 to 4096
[  359.828855][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.858447][ T9261] batman_adv: batadv0: Adding interface: batadv_slave_0
[  359.859717][ T9410] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  359.884707][ T9261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.934390][ T9410] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  359.950460][ T9261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  359.955977][ T5187] usb 5-1: Using ep0 maxpacket: 8
[  359.978644][ T5187] usb 5-1: New USB device found, idVendor=07c4, idProduct=a109, bcdDevice= f.59
[  359.995421][ T5187] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.013613][ T5187] usb 5-1: Product: syz
[  360.023929][ T5187] usb 5-1: Manufacturer: syz
[  360.031245][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.049368][ T5187] usb 5-1: SerialNumber: syz
[  360.068867][ T5187] usb 5-1: config 0 descriptor??
[  360.076269][ T5187] ums-datafab 5-1:0.0: USB Mass Storage device detected
[  360.078872][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.123651][ T9422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1134'.
[  360.164423][ T5187] ums-sddr55 5-1:0.0: USB Mass Storage device detected
[  360.209050][ T9261] batman_adv: batadv0: Adding interface: batadv_slave_1
[  360.256675][ T9261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.359698][ T9426] loop2: detected capacity change from 0 to 2048
[  360.363763][ T5187] usb 5-1: USB disconnect, device number 7
[  360.372444][ T9261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  360.425408][ T9426] hpfs: filesystem error: improperly stopped; already mounted read-only
[  360.440554][ T9426] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  360.451848][ T9426] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  360.458023][ T9432] loop0: detected capacity change from 0 to 256
[  360.512675][ T9432] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  360.554334][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.724179][ T9436] loop2: detected capacity change from 0 to 512
[  360.759792][ T9436] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  360.792808][ T9261] hsr_slave_0: entered promiscuous mode
[  360.814971][ T9436] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 2)!
[  360.827810][ T9436] EXT4-fs (loop2): group descriptors corrupted!
[  360.840583][ T9261] hsr_slave_1: entered promiscuous mode
[  361.252051][ T9446] No such timeout policy "syz0"
[  361.399332][   T46] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  361.925911][   T12] bridge_slave_1: left allmulticast mode
[  361.928240][   T46] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  361.931595][   T12] bridge_slave_1: left promiscuous mode
[  361.931877][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.971389][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.018219][   T46] usb 4-1: config 0 descriptor??
[  362.036042][   T12] bridge_slave_0: left allmulticast mode
[  362.041748][   T12] bridge_slave_0: left promiscuous mode
[  362.052405][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.221656][ T9453] loop0: detected capacity change from 0 to 512
[  362.279498][ T9453] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  362.316950][ T9453] EXT4-fs (loop0): orphan cleanup on readonly fs
[  362.324147][ T9447] loop4: detected capacity change from 0 to 4096
[  362.337498][ T9453] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz.0.1145: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0)
[  362.352130][ T9447] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  362.370556][ T9453] EXT4-fs error (device loop0): ext4_quota_enable:7025: comm syz.0.1145: Bad quota inode: 3, type: 0
[  362.392241][ T9453] EXT4-fs warning (device loop0): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  362.407478][ T9453] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  362.415580][ T9453] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  362.541790][   T46] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  362.544466][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.558948][   T46] [drm] Initialized udl on minor 2
[  362.575059][ T5160] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  362.731705][ T9435] loop3: detected capacity change from 0 to 512
[  362.738662][ T9447] ntfs3: loop4: failed to convert "c46c" to iso8859-14
[  362.785485][ T9435] ext3: Bad value for 'max_dir_size_kb'
[  362.808669][ T5160] usb 3-1: Using ep0 maxpacket: 16
[  362.813800][   T46] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  362.824672][   T46] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  362.835224][   T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  362.876156][   T46] usb 4-1: USB disconnect, device number 7
[  362.889893][ T5160] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  362.891139][   T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  362.934362][   T25] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  362.956606][ T5160] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  363.011201][ T5160] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  363.058863][ T5160] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.099535][ T5160] usb 3-1: config 0 descriptor??
[  363.259408][ T9474] loop0: detected capacity change from 0 to 128
[  363.550274][ T5160] microsoft 0003:045E:07DA.0009: No inputs registered, leaving
[  363.580461][ T5160] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  363.599628][ T5160] microsoft 0003:045E:07DA.0009: no inputs found
[  363.608651][ T5160] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway
[  363.657904][ T9480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1149'.
[  363.712973][    C0] eth0: bad gso: type: 1, size: 1408
[  363.814818][ T9484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  363.843955][ T9484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  363.904161][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  363.926664][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  363.946760][   T12] bond0 (unregistering): Released all slaves
[  364.281807][ T9491] loop4: detected capacity change from 0 to 512
[  364.315187][ T5187] usb 3-1: USB disconnect, device number 8
[  364.341100][ T9491] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  364.379118][ T9491] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 not in group (block 2)!
[  364.413484][ T9491] EXT4-fs (loop4): group descriptors corrupted!
[  364.775181][ T9498] loop0: detected capacity change from 0 to 764
[  364.925754][ T9501] No such timeout policy "syz0"
[  365.475950][ T5111] Bluetooth: hci4: command 0x0406 tx timeout
[  365.851194][ T9513] loop0: detected capacity change from 0 to 256
[  365.866032][   T12] hsr_slave_0: left promiscuous mode
[  365.872356][ T9513] vfat: Bad value for 'fmask'
[  365.892058][   T12] hsr_slave_1: left promiscuous mode
[  365.922303][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  365.930750][ T9513] loop0: detected capacity change from 0 to 256
[  365.942901][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.965957][ T9513] vfat: Unknown parameter 'n'
[  365.972921][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  365.999168][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  366.125278][   T12] veth1_macvtap: left promiscuous mode
[  366.135142][   T12] veth0_macvtap: left promiscuous mode
[  366.143088][   T12] veth1_vlan: left promiscuous mode
[  366.156695][   T12] veth0_vlan: left promiscuous mode
[  366.463291][ T9495] loop3: detected capacity change from 0 to 32768
[  366.497766][ T9495] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1156 (9495)
[  366.565332][ T9495] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  366.606023][ T9495] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  366.628558][ T9495] BTRFS info (device loop3): using free-space-tree
[  367.499695][ T9529] loop2: detected capacity change from 0 to 32768
[  367.588684][ T9529] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  367.623143][ T9529] XFS (loop2): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent.
[  367.725373][ T9529] XFS (loop2): Quotacheck needed: Please wait.
[  367.818023][ T9529] XFS (loop2): Quotacheck: Done.
[  367.964500][   T12] team0 (unregistering): Port device team_slave_1 removed
[  368.010713][ T7584] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  368.122198][   T12] team0 (unregistering): Port device team_slave_0 removed
[  369.576104][ T7395] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  370.584570][ T9562] Falling back ldisc for ptm0.
[  370.614887][   T54] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  370.625803][   T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.10.0-next-20240718-syzkaller #0
[  370.635662][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  370.645925][   T54] Workqueue: hci0 hci_rx_work
[  370.650637][   T54] Call Trace:
[  370.653920][   T54]  <TASK>
[  370.656852][   T54]  dump_stack_lvl+0x241/0x360
[  370.661553][   T54]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.666765][   T54]  ? __pfx__printk+0x10/0x10
[  370.671375][   T54]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  370.676678][   T54]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  370.682246][   T54]  sysfs_create_dir_ns+0x2ce/0x3a0
[  370.687372][   T54]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  370.693029][   T54]  kobject_add_internal+0x435/0x8d0
[  370.698258][   T54]  kobject_add+0x152/0x220
[  370.702688][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  370.707906][   T54]  ? device_add+0x3e7/0xbf0
[  370.712459][   T54]  ? __pfx_kobject_add+0x10/0x10
[  370.717407][   T54]  ? _raw_spin_unlock+0x28/0x50
[  370.722269][   T54]  ? get_device_parent+0x165/0x410
[  370.727393][   T54]  device_add+0x4e5/0xbf0
[  370.731744][   T54]  hci_conn_add_sysfs+0xe8/0x200
[  370.736717][   T54]  le_conn_complete_evt+0xc9f/0x12e0
[  370.742035][   T54]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  370.747767][   T54]  ? __mutex_unlock_slowpath+0x21d/0x750
[  370.753483][   T54]  ? __copy_skb_header+0x437/0x5b0
[  370.758649][   T54]  ? skb_pull_data+0x112/0x230
[  370.763433][   T54]  hci_le_enh_conn_complete_evt+0x185/0x420
[  370.769349][   T54]  hci_event_packet+0xa55/0x1540
[  370.774306][   T54]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  370.779610][   T54]  ? __pfx_hci_event_packet+0x10/0x10
[  370.784992][   T54]  ? do_raw_spin_unlock+0x13c/0x8b0
[  370.790207][   T54]  ? hci_send_to_monitor+0xd8/0x7f0
[  370.795509][   T54]  ? kcov_remote_start+0x9e/0x7e0
[  370.800577][   T54]  hci_rx_work+0x3e8/0xca0
[  370.805025][   T54]  ? process_scheduled_works+0x945/0x1830
[  370.810936][   T54]  process_scheduled_works+0xa2c/0x1830
[  370.816525][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  370.822528][   T54]  ? assign_work+0x364/0x3d0
[  370.827148][   T54]  worker_thread+0x86d/0xd40
[  370.831865][   T54]  ? __kthread_parkme+0x169/0x1d0
[  370.836911][   T54]  ? __pfx_worker_thread+0x10/0x10
[  370.842053][   T54]  kthread+0x2f0/0x390
[  370.846131][   T54]  ? __pfx_worker_thread+0x10/0x10
[  370.851265][   T54]  ? __pfx_kthread+0x10/0x10
[  370.855864][   T54]  ret_from_fork+0x4b/0x80
[  370.860330][   T54]  ? __pfx_kthread+0x10/0x10
[  370.864939][   T54]  ret_from_fork_asm+0x1a/0x30
[  370.869831][   T54]  </TASK>
[  370.882341][   T54] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  370.896891][   T54] Bluetooth: hci0: failed to register connection device
[  370.910556][ T9566] loop0: detected capacity change from 0 to 512
[  370.946031][ T9566] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  371.003454][ T9566] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 2)!
[  371.014636][ T9566] EXT4-fs (loop0): group descriptors corrupted!
[  371.399714][ T9576] No such timeout policy "syz0"
[  372.966469][   T46] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  373.230944][   T46] usb 4-1: Using ep0 maxpacket: 16
[  373.278307][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  373.388371][   T46] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  373.416781][   T46] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  373.456127][ T9588] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1173'.
[  373.556463][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.646952][   T46] usb 4-1: config 0 descriptor??
[  373.906550][ T9261] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  374.035496][ T9261] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  374.125035][ T9261] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  374.144988][   T46] microsoft 0003:045E:07DA.000A: No inputs registered, leaving
[  374.209810][   T46] microsoft 0003:045E:07DA.000A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  374.230904][ T9261] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  374.244152][   T46] microsoft 0003:045E:07DA.000A: no inputs found
[  375.010392][   T46] microsoft 0003:045E:07DA.000A: could not initialize ff, continuing anyway
[  375.245117][ T9583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.254040][ T9583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.454951][ T9611] loop2: detected capacity change from 0 to 2048
[  377.594816][ T9611] EXT4-fs: Ignoring removed bh option
[  378.772979][ T1246] ieee802154 phy0 wpan0: encryption failed: -22
[  378.779436][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
[  379.708223][ T9611] EXT4-fs warning (device loop2): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop2.
[  379.814974][ T5110] usb 4-1: USB disconnect, device number 8
[  379.845483][ T9261] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.960483][ T9261] 8021q: adding VLAN 0 to HW filter on device team0
[  380.078707][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.085982][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.143868][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.151113][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.479795][ T5111] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  380.490207][ T5111] CPU: 0 UID: 0 PID: 5111 Comm: kworker/u9:2 Not tainted 6.10.0-next-20240718-syzkaller #0
[  380.500341][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  380.510445][ T5111] Workqueue: hci2 hci_rx_work
[  380.515181][ T5111] Call Trace:
[  380.518493][ T5111]  <TASK>
[  380.521460][ T5111]  dump_stack_lvl+0x241/0x360
[  380.526204][ T5111]  ? __pfx_dump_stack_lvl+0x10/0x10
[  380.531515][ T5111]  ? __pfx__printk+0x10/0x10
[  380.536129][ T5111]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  380.541431][ T5111]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  380.546999][ T5111]  sysfs_create_dir_ns+0x2ce/0x3a0
[  380.552131][ T5111]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  380.557782][ T5111]  kobject_add_internal+0x435/0x8d0
[  380.562989][ T5111]  kobject_add+0x152/0x220
[  380.567421][ T5111]  ? do_raw_spin_unlock+0x13c/0x8b0
[  380.572646][ T5111]  ? device_add+0x3e7/0xbf0
[  380.577174][ T5111]  ? __pfx_kobject_add+0x10/0x10
[  380.582123][ T5111]  ? _raw_spin_unlock+0x28/0x50
[  380.586987][ T5111]  ? get_device_parent+0x165/0x410
[  380.592117][ T5111]  device_add+0x4e5/0xbf0
[  380.596468][ T5111]  hci_conn_add_sysfs+0xe8/0x200
[  380.601427][ T5111]  le_conn_complete_evt+0xc9f/0x12e0
[  380.606768][ T5111]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  380.612506][ T5111]  ? __mutex_unlock_slowpath+0x21d/0x750
[  380.618173][ T5111]  ? __copy_skb_header+0x437/0x5b0
[  380.623293][ T5111]  ? skb_pull_data+0x112/0x230
[  380.628074][ T5111]  hci_le_enh_conn_complete_evt+0x185/0x420
[  380.634332][ T5111]  hci_event_packet+0xa55/0x1540
[  380.639283][ T5111]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  380.644585][ T5111]  ? __pfx_hci_event_packet+0x10/0x10
[  380.649989][ T5111]  ? do_raw_spin_unlock+0x13c/0x8b0
[  380.655209][ T5111]  ? hci_send_to_monitor+0xd8/0x7f0
[  380.660425][ T5111]  ? kcov_remote_start+0x9e/0x7e0
[  380.665477][ T5111]  hci_rx_work+0x3e8/0xca0
[  380.669926][ T5111]  ? process_scheduled_works+0x945/0x1830
[  380.675707][ T5111]  process_scheduled_works+0xa2c/0x1830
[  380.681329][ T5111]  ? __pfx_process_scheduled_works+0x10/0x10
[  380.687333][ T5111]  ? assign_work+0x364/0x3d0
[  380.691941][ T5111]  worker_thread+0x86d/0xd40
[  380.696563][ T5111]  ? __kthread_parkme+0x169/0x1d0
[  380.701602][ T5111]  ? __pfx_worker_thread+0x10/0x10
[  380.706725][ T5111]  kthread+0x2f0/0x390
[  380.710797][ T5111]  ? __pfx_worker_thread+0x10/0x10
[  380.715949][ T5111]  ? __pfx_kthread+0x10/0x10
[  380.720557][ T5111]  ret_from_fork+0x4b/0x80
[  380.724987][ T5111]  ? __pfx_kthread+0x10/0x10
[  380.729580][ T5111]  ret_from_fork_asm+0x1a/0x30
[  380.734370][ T5111]  </TASK>
[  380.749454][ T5111] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  380.770576][ T5111] Bluetooth: hci2: failed to register connection device
[  380.846651][ T9633] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1185'.
[  381.464950][ T9261] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  381.549878][ T9261] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  381.620915][ T9643] batadv0: mtu less than device minimum
[  381.743434][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  381.756170][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  381.774562][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  381.786897][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  381.808104][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  381.815718][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  382.129880][ T9659] loop4: detected capacity change from 0 to 1024
[  382.180396][ T9659] EXT4-fs: Ignoring removed oldalloc option
[  382.226662][ T9659] ext4: Unknown parameter 'fsuuid'
[  383.768055][ T9261] 8021q: adding VLAN 0 to HW filter on device batadv0
[  384.018820][ T5111] Bluetooth: hci1: command tx timeout
[  384.078890][ T9693] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1194'.
[  384.663824][ T5156] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  384.820051][ T5111] Bluetooth: hci4: unexpected event for opcode 0x0c46
[  384.833940][ T5111] Bluetooth: hci4: Malformed HCI Event: 0x22
[  384.877765][ T5156] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  384.898770][ T9261] veth0_vlan: entered promiscuous mode
[  384.955868][ T5156] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  384.965194][ T9645] chnl_net:caif_netlink_parms(): no params data found
[  384.987393][ T5156] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.007598][ T9705] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  385.009401][ T9261] veth1_vlan: entered promiscuous mode
[  385.020676][ T5156] usb 1-1: Product: syz
[  385.033782][ T5156] usb 1-1: Manufacturer: syz
[  385.052130][ T5156] usb 1-1: SerialNumber: syz
[  385.144949][ T9701] input: syz1 as /devices/virtual/input/input31
[  385.291907][ T9645] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.308021][ T9645] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.315422][ T9645] bridge_slave_0: entered allmulticast mode
[  385.341381][ T9645] bridge_slave_0: entered promiscuous mode
[  385.371314][ T9645] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.393935][ T9645] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.435964][ T9645] bridge_slave_1: entered allmulticast mode
[  385.468124][ T9645] bridge_slave_1: entered promiscuous mode
[  385.486452][ T5158] usb 1-1: USB disconnect, device number 13
[  385.661418][ T9645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.708912][ T9645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  385.776040][ T9261] veth0_macvtap: entered promiscuous mode
[  385.822495][ T9645] team0: Port device team_slave_0 added
[  385.860568][ T9261] veth1_macvtap: entered promiscuous mode
[  385.881027][ T9645] team0: Port device team_slave_1 added
[  386.023474][ T9645] batman_adv: batadv0: Adding interface: batadv_slave_0
[  386.038641][ T9645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.065053][ T5111] Bluetooth: hci1: command tx timeout
[  386.072183][ T9645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  386.095450][ T9645] batman_adv: batadv0: Adding interface: batadv_slave_1
[  386.117403][ T9645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  386.144356][ T9645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  386.197735][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.241423][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.262943][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.275364][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.305450][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.361797][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.391257][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.432864][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.507639][ T9261] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.512252][ T9715] loop4: detected capacity change from 0 to 32768
[  386.640520][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.693646][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.703878][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.715741][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.726362][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.736954][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.747777][ T9261] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.782388][ T9261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.805038][ T9715] syz.4.1197: attempt to access beyond end of device
[  386.805038][ T9715] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[  386.823413][ T9261] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.833861][ T9715] lbmIODone: I/O error in JFS log
[  386.843042][ T9645] hsr_slave_0: entered promiscuous mode
[  386.855232][ T9715] *** Log Format Error ! ***
[  386.863647][ T9715] lmLogInit: exit(-22)
[  386.867922][ T9715] lmLogOpen: exit(-22)
[  386.882360][ T9645] hsr_slave_1: entered promiscuous mode
[  386.889769][ T9729] jfs: Unrecognized mount option "����00000000000000000000000�c�X�c�v�:�Q���"��C���o��"���'ή���_��0��-�%��+�t��6P���'�k�;/|�%�T�9i�(��%Z��@�G~��ͱ�\�����������%S:U�VT����OvO7MfO�Jj�N��"��Bn�]��XZ
[  386.889769][ T9729] ���հ8���4�b��L����*�" or missing value
[  386.945874][ T9645] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  386.954376][ T9645] Cannot create hsr debugfs directory
[  387.083106][ T9261] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  387.105325][ T9261] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  387.117049][ T9261] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  387.126968][ T9261] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  387.757923][ T9645] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  387.774558][ T9645] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.861681][  T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.935777][  T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.120263][ T5111] Bluetooth: hci1: command tx timeout
[  388.133198][ T9645] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  388.346466][ T9645] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.640353][ T9741] loop0: detected capacity change from 0 to 1024
[  388.720640][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.784219][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.890927][ T9645] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  388.936551][ T9645] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.953799][ T9749] loop4: detected capacity change from 0 to 256
[  388.968522][ T9749] vfat: Bad value for 'fmask'
[  389.027640][ T9749] loop4: detected capacity change from 0 to 256
[  389.034875][ T9749] vfat: Unknown parameter 'n'
[  389.290974][ T9755] loop2: detected capacity change from 0 to 1024
[  389.301217][ T9645] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  389.340352][ T9645] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.196028][   T54] Bluetooth: hci1: command tx timeout
[  390.645194][   T35] hfsplus: b-tree write err: -5, ino 4
[  390.740658][ T9645] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  390.745195][ T9762] loop2: detected capacity change from 0 to 2048
[  390.804936][ T9762] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  390.816697][ T9645] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  390.857293][ T9496] udevd[9496]: incorrect nilfs2 checksum on /dev/loop2
[  390.903259][ T9767] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  390.922898][ T9645] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  390.931231][ T9762] NILFS (loop2): corrupt root inode
[  390.968108][ T9430] udevd[9430]: incorrect nilfs2 checksum on /dev/loop2
[  391.160229][ T9645] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  391.167848][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  392.258178][ T9762] loop2: detected capacity change from 0 to 1024
[  392.295984][ T5111] Bluetooth: hci1: command tx timeout
[  392.311422][ T9762] hfsplus: part requires an argument
[  392.352253][ T9762] hfsplus: unable to parse mount options
[  392.417925][ T9783] loop2: detected capacity change from 0 to 1024
[  392.686622][ T9645] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.727906][ T5111] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  392.738631][ T5111] CPU: 0 UID: 0 PID: 5111 Comm: kworker/u9:2 Not tainted 6.10.0-next-20240718-syzkaller #0
[  392.748641][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  392.758794][ T5111] Workqueue: hci5 hci_rx_work
[  392.763491][ T5111] Call Trace:
[  392.766783][ T5111]  <TASK>
[  392.769721][ T5111]  dump_stack_lvl+0x241/0x360
[  392.774423][ T5111]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.779641][ T5111]  ? __pfx__printk+0x10/0x10
[  392.784244][ T5111]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  392.789543][ T5111]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  392.795110][ T5111]  sysfs_create_dir_ns+0x2ce/0x3a0
[  392.800239][ T5111]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  392.805906][ T5111]  kobject_add_internal+0x435/0x8d0
[  392.811123][ T5111]  kobject_add+0x152/0x220
[  392.815559][ T5111]  ? do_raw_spin_unlock+0x13c/0x8b0
[  392.820768][ T5111]  ? device_add+0x3e7/0xbf0
[  392.825300][ T5111]  ? __pfx_kobject_add+0x10/0x10
[  392.830275][ T5111]  ? _raw_spin_unlock+0x28/0x50
[  392.835159][ T5111]  ? get_device_parent+0x165/0x410
[  392.840299][ T5111]  device_add+0x4e5/0xbf0
[  392.844664][ T5111]  hci_conn_add_sysfs+0xe8/0x200
[  392.849636][ T5111]  le_conn_complete_evt+0xc9f/0x12e0
[  392.854956][ T5111]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  392.860697][ T5111]  ? __mutex_unlock_slowpath+0x21d/0x750
[  392.866360][ T5111]  ? __copy_skb_header+0x437/0x5b0
[  392.871496][ T5111]  ? skb_pull_data+0x112/0x230
[  392.876280][ T5111]  hci_le_enh_conn_complete_evt+0x185/0x420
[  392.882202][ T5111]  hci_event_packet+0xa55/0x1540
[  392.887168][ T5111]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  392.892566][ T5111]  ? __pfx_hci_event_packet+0x10/0x10
[  392.897949][ T5111]  ? do_raw_spin_unlock+0x13c/0x8b0
[  392.903165][ T5111]  ? hci_send_to_monitor+0xd8/0x7f0
[  392.908374][ T5111]  ? kcov_remote_start+0x9e/0x7e0
[  392.913418][ T5111]  hci_rx_work+0x3e8/0xca0
[  392.917845][ T5111]  ? process_scheduled_works+0x945/0x1830
[  392.923569][ T5111]  process_scheduled_works+0xa2c/0x1830
[  392.929153][ T5111]  ? __pfx_process_scheduled_works+0x10/0x10
[  392.935153][ T5111]  ? assign_work+0x364/0x3d0
[  392.939757][ T5111]  worker_thread+0x86d/0xd40
[  392.944366][ T5111]  ? __kthread_parkme+0x169/0x1d0
[  392.949406][ T5111]  ? __pfx_worker_thread+0x10/0x10
[  392.954530][ T5111]  kthread+0x2f0/0x390
[  392.958598][ T5111]  ? __pfx_worker_thread+0x10/0x10
[  392.963717][ T5111]  ? __pfx_kthread+0x10/0x10
[  392.968398][ T5111]  ret_from_fork+0x4b/0x80
[  392.972829][ T5111]  ? __pfx_kthread+0x10/0x10
[  392.977421][ T5111]  ret_from_fork_asm+0x1a/0x30
[  392.982204][ T5111]  </TASK>
[  392.997316][ T5111] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  393.011453][ T5111] Bluetooth: hci5: failed to register connection device
[  393.148923][ T9645] 8021q: adding VLAN 0 to HW filter on device team0
[  393.392187][ T9796] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  393.393197][ T5113] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.406736][ T5113] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.460923][ T5113] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.468250][ T5113] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.207053][ T9645] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.392347][ T9789] loop4: detected capacity change from 0 to 32768
[  394.424490][ T9789] XFS: ikeep mount option is deprecated.
[  394.425454][ T9645] veth0_vlan: entered promiscuous mode
[  394.453135][ T9789] XFS: noikeep mount option is deprecated.
[  394.493932][ T9645] veth1_vlan: entered promiscuous mode
[  394.533043][ T9789] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  394.643383][ T9645] veth0_macvtap: entered promiscuous mode
[  394.647490][ T9789] XFS (loop4): Ending clean mount
[  394.684410][ T9645] veth1_macvtap: entered promiscuous mode
[  394.700849][ T9789] XFS (loop4): Quotacheck needed: Please wait.
[  394.753074][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.785691][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.805726][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.834147][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.875682][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.896921][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.917201][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  394.936078][ T9789] XFS (loop4): Quotacheck: Done.
[  394.961414][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  394.985687][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  395.018734][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.068390][ T9645] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.108245][ T8009] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  395.164019][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.185807][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.221795][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.264799][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.301040][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.355748][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.396146][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.407629][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.417535][ T9645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.428395][ T9645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.440156][ T9645] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.453186][ T9645] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.461984][ T9645] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.470833][ T9645] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.481297][ T9645] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.615895][ T9823] loop1: detected capacity change from 0 to 32768
[  395.659491][ T9823] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1235 (9823)
[  395.785808][ T9823] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  395.818073][ T9823] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  395.823467][ T9822] loop2: detected capacity change from 0 to 32768
[  395.848304][  T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.865369][ T9823] BTRFS info (device loop1): using free-space-tree
[  395.874385][  T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.945037][ T9840] loop4: detected capacity change from 0 to 512
[  395.976947][ T9822] syz.2.1234: attempt to access beyond end of device
[  395.976947][ T9822] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[  395.999125][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.003844][ T9822] lbmIODone: I/O error in JFS log
[  396.014140][ T9822] *** Log Format Error ! ***
[  396.019283][ T9822] lmLogInit: exit(-22)
[  396.023415][ T9822] lmLogOpen: exit(-22)
[  396.069111][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.078422][ T9847] jfs: Unrecognized mount option "����00000000000000000000000�c�X�c�v�:�Q���"��C���o��"���'ή���_��0��-�%��+�t��6P���'�k�;/|�%�T�9i�(��%Z��@�G~��ͱ�\�����������%S:U�VT����OvO7MfO�Jj�N��"��Bn�]��XZ
[  396.078422][ T9847] ���հ8���4�b��L����*�" or missing value
[  396.112277][ T9840] loop4: detected capacity change from 0 to 512
[  396.242252][ T9840] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  396.307914][ T9840] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[  396.352353][ T9840] EXT4-fs (loop4): 1 truncate cleaned up
[  396.397878][ T9840] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.466489][  T927] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.545216][ T9840] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  396.556681][ T9261] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  396.844709][ T8009] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.870247][ T9897] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1251'.
[  398.351576][ T9898] loop0: detected capacity change from 0 to 256
[  398.475333][ T9898] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  398.666394][ T9900] loop1: detected capacity change from 0 to 512
[  398.783382][ T9900] loop1: detected capacity change from 0 to 512
[  398.859283][ T9900] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  398.887931][ T9900] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  398.968181][ T9898] syz.0.1254 (9898) used greatest stack depth: 18736 bytes left
[  398.993760][ T9900] EXT4-fs (loop1): 1 truncate cleaned up
[  399.019562][ T9900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.037222][ T9888] loop2: detected capacity change from 0 to 32768
[  399.067627][ T9884] loop3: detected capacity change from 0 to 32768
[  399.095159][ T9900] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  399.144289][ T9888] syz.2.1250: attempt to access beyond end of device
[  399.144289][ T9888] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[  399.147204][ T9884] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  399.147204][ T9884] clean (size 2912):
[  399.147204][ T9884] flags:          0
[  399.147204][ T9884] journal_seq:    8
[  399.147204][ T9884] usage: type=inodes v=8
[  399.147204][ T9884] usage: type=key_version v=0
[  399.147204][ T9884] usage: type=reserved v=0
[  399.147204][ T9884] usage: type=reserved v=0
[  399.147204][ T9884] usage: type=reserved v=0
[  399.147204][ T9884] usage: type=reserved v=0
[  399.147204][ T9884] data_usage: btree: 1/1 [0]=2816
[  399.147204][ T9884] data_usage: journal: 1/1 [0]=0
[  399.147204][ T9884] btree_keys: btree=extents l=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: 
[  399.147204][ T9884] btree_keys: btree=extents l=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: 
[  399.147204][ T9884] btree_keys: btree=extents l=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: 
[  399.147204][ T9884] clock: read=0
[  399.147204][ T9884] clock: write=1288
[  399.147204][ T9884] btree_root: btree=extents l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0
[  399.147204][ T9884] btree_root: btree=inodes l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0
[  399.147204][ T9884] btree_root: btree=dirents l=0 u64s 11 type btre
[  399.161412][ T9888] lbmIODone: I/O error in JFS log
[  399.202946][ T9884] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  399.321874][ T9888] *** Log Format Error ! ***
[  399.386217][ T9888] lmLogInit: exit(-22)
[  399.390394][ T9888] lmLogOpen: exit(-22)
[  399.428594][ T9909] jfs: Unrecognized mount option "����00000000000000000000000�c�X�c�v�:�Q���"��C���o��"���'ή���_��0��-�%��+�t��6P���'�k�;/|�%�T�9i�(��%Z��@�G~��ͱ�\�����������%S:U�VT����OvO7MfO�Jj�N��"��Bn�]��XZ
[  399.428594][ T9909] ���հ8���4�b��L����*�" or missing value
[  399.468394][ T9261] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.238497][ T9926] loop1: detected capacity change from 0 to 2048
[  400.395529][ T9934] loop0: detected capacity change from 0 to 256
[  400.412038][ T9930] loop3: detected capacity change from 0 to 512
[  400.434692][ T9926] loop1: detected capacity change from 0 to 256
[  400.452435][ T9934] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  400.484495][ T9935] batadv0: mtu less than device minimum
[  400.526752][ T9930] EXT4-fs (loop3): blocks per group (33) and clusters per group (32768) inconsistent
[  400.618790][ T9926] loop1: detected capacity change from 0 to 1764
[  401.321509][ T9945] loop2: detected capacity change from 0 to 512
[  401.498979][ T9945] loop2: detected capacity change from 0 to 512
[  401.564036][ T9945] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  401.587267][ T9945] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  401.658911][ T9956] netlink: 'syz.3.1274': attribute type 1 has an invalid length.
[  401.709752][ T9945] EXT4-fs (loop2): 1 truncate cleaned up
[  401.724074][ T9956] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1274'.
[  401.749206][ T9945] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.926473][ T9943] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  401.936279][ T9940] loop4: detected capacity change from 0 to 40427
[  401.970528][ T9940] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  401.993318][ T9940] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  402.081637][ T9940] F2FS-fs (loop4): Found nat_bits in checkpoint
[  402.173481][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.312679][ T9940] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  402.344007][ T9940] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  402.407767][ T9976] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  402.442934][ T5111] Bluetooth: hci4: unexpected event for opcode 0x0c56
[  402.639437][ T9981] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only
[  402.672869][ T9981] overlayfs: failed to set uuid (/file1, err=-28); falling back to uuid=null.
[  403.280860][ T9993] netlink: 'syz.3.1288': attribute type 1 has an invalid length.
[  403.315201][ T9993] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1288'.
[  403.316916][ T9978] could not allocate digest TFM handle rmd256-generic
[  403.764210][ T5111] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  403.812108][T10009] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  403.833878][ T5111] Bluetooth: hci2: Malformed HCI Event: 0x22
[  404.047750][T10013] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  404.170145][T10013] input: syz1 as /devices/virtual/input/input32
[  404.277994][ T5111] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  404.288619][ T5111] Bluetooth: hci1: Injecting HCI hardware error event
[  404.300364][   T54] Bluetooth: hci1: hardware error 0x00
[  404.661412][T10015] loop4: detected capacity change from 0 to 32768
[  404.671302][T10015] btrfs: Deprecated parameter 'usebackuproot'
[  404.682100][T10015] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  404.703564][T10015] btrfs: Unknown parameter 'noinode_cache'
[  404.756462][ T5111] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  404.767645][ T5111] Bluetooth: hci5: Injecting HCI hardware error event
[  404.777486][ T5122] Bluetooth: hci5: hardware error 0x00
[  404.843258][ T9996] loop3: detected capacity change from 0 to 32768
[  404.882675][ T9996] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1290 (9996)
[  404.968246][ T9996] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  404.986765][ T9996] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  405.096747][ T9996] BTRFS info (device loop3): using free-space-tree
[  405.440003][T10028] loop4: detected capacity change from 0 to 512
[  405.501895][T10028] EXT4-fs (loop4): can't mount with data=, fs mounted w/o journal
[  405.699309][T10030] kvm: emulating exchange as write
[  405.723455][T10059] batadv0: mtu less than device minimum
[  405.784748][T10061] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only
[  405.831795][T10061] overlayfs: failed to set uuid (/file1, err=-28); falling back to uuid=null.
[  406.072543][T10065] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  406.263246][   T29] audit: type=1326 audit(2000000097.200:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10072 comm="syz.0.1311" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc048d75a99 code=0x0
[  406.461579][ T9645] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  406.776095][ T5113] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  406.998307][ T5113] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  407.053175][ T5113] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  407.085660][ T5113] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  407.098860][ T5113] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  407.133530][ T5113] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  407.161448][ T5113] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.206826][ T5113] usb 1-1: config 0 descriptor??
[  407.212609][T10074] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  407.235978][ T5122] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  407.236142][   T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  407.651951][T10102] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  407.769666][ T5113] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd
[  407.791949][ T5113] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  407.846445][ T5113] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  408.018204][T10090] loop3: detected capacity change from 0 to 32768
[  408.065440][T10090] btrfs: Deprecated parameter 'usebackuproot'
[  408.073908][T10110] x_tables: duplicate underflow at hook 4
[  408.085463][T10090] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  408.130527][T10090] btrfs: Unknown parameter 'noinode_cache'
[  408.633294][T10098] loop2: detected capacity change from 0 to 32768
[  408.662755][T10098] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1322 (10098)
[  408.677344][T10121] loop4: detected capacity change from 0 to 256
[  408.700359][T10121] exfat: Deprecated parameter 'namecase'
[  408.723507][T10121] exfat: Deprecated parameter 'utf8'
[  408.743861][T10121] exfat: Deprecated parameter 'namecase'
[  408.755303][T10098] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  408.795291][T10121] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  408.815728][T10098] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  408.835218][T10098] BTRFS info (device loop2): using free-space-tree
[  409.189677][   T54] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  409.256823][ T5110] usb 1-1: reset high-speed USB device number 14 using dummy_hcd
[  409.643718][T10150] input: syz0 as /devices/virtual/input/input34
[  409.667470][ T7584] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  410.415899][T10154] x_tables: duplicate underflow at hook 4
[  410.638881][ T5113] usb 1-1: USB disconnect, device number 14
[  411.092911][    C0] eth0: bad gso: type: 1, size: 1408
[  411.193212][T10176] loop2: detected capacity change from 0 to 512
[  411.240409][T10176] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  411.299819][T10176] EXT4-fs (loop2): orphan cleanup on readonly fs
[  411.309955][T10174] loop4: detected capacity change from 0 to 8192
[  411.337527][T10185] loop0: detected capacity change from 0 to 524288000
[  411.351731][T10176] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[  411.366871][T10176] EXT4-fs warning (device loop2): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  411.392655][T10176] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  411.424027][T10176] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #16: comm syz.2.1337: iget: immutable or append flags not allowed on symlinks
[  411.480372][T10187] loop1: detected capacity change from 0 to 256
[  411.496948][T10176] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1337: couldn't read orphan inode 16 (err -117)
[  411.543787][T10187] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x6842f4db, utbl_chksum : 0xe619d30d)
[  411.577317][T10176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  411.669653][T10193] loop3: detected capacity change from 0 to 256
[  411.684932][T10195] loop4: detected capacity change from 0 to 256
[  412.220730][T10203] 9pnet_fd: Insufficient options for proto=fd
[  412.259613][T10204] loop0: detected capacity change from 0 to 1024
[  413.341956][T10204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  413.514524][ T7584] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.585967][T10193] FAT-fs (loop3): Directory bread(block 64) failed
[  413.738439][T10193] FAT-fs (loop3): Directory bread(block 65) failed
[  413.745158][T10193] FAT-fs (loop3): Directory bread(block 66) failed
[  413.803019][T10193] FAT-fs (loop3): Directory bread(block 67) failed
[  413.813779][T10193] FAT-fs (loop3): Directory bread(block 68) failed
[  413.820790][T10193] FAT-fs (loop3): Directory bread(block 69) failed
[  413.876575][T10193] FAT-fs (loop3): Directory bread(block 70) failed
[  413.884029][T10193] FAT-fs (loop3): Directory bread(block 71) failed
[  413.905891][ T5956] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.985548][T10193] FAT-fs (loop3): Directory bread(block 72) failed
[  413.993603][T10193] FAT-fs (loop3): Directory bread(block 73) failed
[  414.066049][T10211] blktrace: Concurrent blktraces are not allowed on sg0
[  414.291403][T10219] loop0: detected capacity change from 0 to 524288000
[  414.653867][T10218] loop2: detected capacity change from 0 to 8192
[  414.790659][    C0] eth0: bad gso: type: 1, size: 1408
[  415.027339][T10241] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1375'.
[  415.084174][T10244] loop3: detected capacity change from 0 to 128
[  415.167361][T10244] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  415.212615][T10244] ext4 filesystem being mounted at /30/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  415.475548][T10250] netlink: 'syz.1.1378': attribute type 1 has an invalid length.
[  415.504689][T10250] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1378'.
[  416.219846][T10258] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  416.282301][ T9645] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  416.757823][T10276] netlink: 'syz.0.1389': attribute type 1 has an invalid length.
[  416.767178][T10276] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1389'.
[  416.794312][T10248] loop2: detected capacity change from 0 to 32768
[  416.948781][T10278] bridge_slave_1: left allmulticast mode
[  416.954726][T10278] bridge_slave_1: left promiscuous mode
[  416.961794][T10278] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.201548][T10248] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  417.201548][T10248] clean (size 2912):
[  417.201548][T10248] flags:          0
[  417.201548][T10248] journal_seq:    8
[  417.201548][T10248] usage: type=inodes v=8
[  417.201548][T10248] usage: type=key_version v=0
[  417.201548][T10248] usage: type=reserved v=0
[  417.201548][T10248] usage: type=reserved v=0
[  417.201548][T10248] usage: type=reserved v=0
[  417.201548][T10248] usage: type=reserved v=0
[  417.201548][T10248] data_usage: btree: 1/1 [0]=2816
[  417.201548][T10248] data_usage: journal: 1/1 [0]=0
[  417.201548][T10248] btree_keys: btree=extents l=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: 
[  417.201548][T10248] btree_keys: btree=extents l=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: 
[  417.201548][T10248] btree_keys: btree=extents l=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: 
[  417.201548][T10248] clock: read=0
[  417.201548][T10248] clock: write=1288
[  417.201548][T10248] btree_root: btree=extents l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0
[  417.201548][T10248] btree_root: btree=inodes l=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0
[  417.201548][T10248] btree_root: btree=dirents l=0 u64s 11 type btre
[  417.204250][T10248] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  417.607695][    C0] eth0: bad gso: type: 1, size: 1408
[  418.841519][T10303] blktrace: Concurrent blktraces are not allowed on sg0
[  419.353358][T10317] bridge_slave_1: left allmulticast mode
[  419.359230][T10317] bridge_slave_1: left promiscuous mode
[  419.365803][T10317] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.158677][T10327] loop1: detected capacity change from 0 to 64
[  420.624862][T10332] loop3: detected capacity change from 0 to 32768
[  420.635367][T10332] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1410 (10332)
[  420.673348][T10332] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  420.683702][T10332] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  420.692459][T10332] BTRFS info (device loop3): using free-space-tree
[  424.094088][ T9645] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  424.414503][T10387] ieee802154 phy0 wpan0: encryption failed: -22
[  424.617983][T10389] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.1425'.
[  424.704630][T10393] loop4: detected capacity change from 0 to 1024
[  424.943960][T10393] EXT4-fs: Ignoring removed orlov option
[  424.961861][T10393] EXT4-fs (loop4): Test dummy encryption mode enabled
[  424.984720][T10393] EXT4-fs (loop4): Encoding requested by superblock is unknown
[  426.229031][T10398] syz.3.1418 (10398) used greatest stack depth: 18680 bytes left
[  426.268903][T10417] loop0: detected capacity change from 0 to 256
[  426.321244][T10417] FAT-fs (loop0): Directory bread(block 64) failed
[  426.345844][T10417] FAT-fs (loop0): Directory bread(block 65) failed
[  426.361332][T10423] loop1: detected capacity change from 0 to 1024
[  426.365067][T10417] FAT-fs (loop0): Directory bread(block 66) failed
[  426.416087][T10417] FAT-fs (loop0): Directory bread(block 67) failed
[  426.427501][T10417] FAT-fs (loop0): Directory bread(block 68) failed
[  426.437063][T10417] FAT-fs (loop0): Directory bread(block 69) failed
[  426.446647][T10417] FAT-fs (loop0): Directory bread(block 70) failed
[  426.463431][T10417] FAT-fs (loop0): Directory bread(block 71) failed
[  426.496022][T10417] FAT-fs (loop0): Directory bread(block 72) failed
[  426.535084][T10417] FAT-fs (loop0): Directory bread(block 73) failed
[  429.139710][T10478] loop3: detected capacity change from 0 to 32768
[  429.150340][T10478] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1458 (10478)
[  429.191556][T10478] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  429.204224][T10478] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  429.215672][T10478] BTRFS info (device loop3): using free-space-tree
[  429.248362][T10502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1467'.
[  429.820534][T10502] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  429.830051][T10502] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  429.838860][T10502] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  429.847750][T10502] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  429.994653][T10502] vxlan0: entered promiscuous mode
[  430.089579][T10516] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1468'.
[  431.129035][T10478] BTRFS info (device loop3): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  431.408233][T10549] loop0: detected capacity change from 0 to 128
[  431.519024][ T9645] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  431.569267][T10206] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.719725][T10552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1482'.
[  431.778152][T10552] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  431.787257][T10552] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  431.796131][T10552] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  431.805083][T10552] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  431.850186][T10552] vxlan0: entered promiscuous mode
[  431.986116][T10206] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.152490][T10206] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.426453][ T5122] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  432.447124][ T5122] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  432.468357][ T5122] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  433.546913][ T5122] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  433.554969][ T5122] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  433.564738][ T5122] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  433.760535][T10570] netlink: 'syz.2.1487': attribute type 4 has an invalid length.
[  433.821488][T10555] ==================================================================
[  433.829618][T10555] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0
[  433.837556][T10555] Read of size 8 at addr ffff88802baac118 by task syz.0.1484/10555
[  433.845560][T10555] 
[  433.847899][T10555] CPU: 1 UID: 0 PID: 10555 Comm: syz.0.1484 Not tainted 6.10.0-next-20240718-syzkaller #0
[  433.857928][T10555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  433.867997][T10555] Call Trace:
[  433.871304][T10555]  <TASK>
[  433.874252][T10555]  dump_stack_lvl+0x241/0x360
[  433.879064][T10555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.884473][T10555]  ? __pfx__printk+0x10/0x10
[  433.889094][T10555]  ? _printk+0xd5/0x120
[  433.893274][T10555]  ? __virt_addr_valid+0x183/0x530
[  433.898399][T10555]  ? __virt_addr_valid+0x183/0x530
[  433.903526][T10555]  print_report+0x169/0x550
[  433.908052][T10555]  ? __virt_addr_valid+0x183/0x530
[  433.913179][T10555]  ? __virt_addr_valid+0x183/0x530
[  433.918306][T10555]  ? __virt_addr_valid+0x45f/0x530
[  433.923439][T10555]  ? __phys_addr+0xba/0x170
[  433.927959][T10555]  ? handle_mm_fault+0x14f0/0x19a0
[  433.933098][T10555]  kasan_report+0x143/0x180
[  433.937625][T10555]  ? handle_mm_fault+0x14f0/0x19a0
[  433.942767][T10555]  handle_mm_fault+0x14f0/0x19a0
[  433.947831][T10555]  ? __pfx_handle_mm_fault+0x10/0x10
[  433.953151][T10555]  ? lock_vma_under_rcu+0x592/0x6e0
[  433.958377][T10555]  ? exc_page_fault+0x113/0x8c0
[  433.963247][T10555]  exc_page_fault+0x459/0x8c0
[  433.967959][T10555]  asm_exc_page_fault+0x26/0x30
[  433.972853][T10555] RIP: 0033:0x7fc048d3d5ab
[  433.977283][T10555] Code: fa 10 73 2d 83 fa 08 73 46 83 fa 04 73 16 83 fa 01 7c 10 8a 0e 74 0a 0f b7 74 16 fe 66 89 74 17 fe 88 0f c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5
[  433.996952][T10555] RSP: 002b:00007fc049aef038 EFLAGS: 00010246
[  434.003040][T10555] RAX: 0000000020400000 RBX: 00007fc048f03f60 RCX: 0000000000000000
[  434.011021][T10555] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000020400000
[  434.019091][T10555] RBP: 00007fc048de4e5d R08: 0000000000000004 R09: 0000000000000000
[  434.027081][T10555] R10: 0000000020400000 R11: 0000000020000080 R12: 0000000000000000
[  434.035069][T10555] R13: 000000000000000b R14: 00007fc048f03f60 R15: 00007fff94a032e8
[  434.043066][T10555]  </TASK>
[  434.046096][T10555] 
[  434.048427][T10555] Allocated by task 10555:
[  434.052856][T10555]  kasan_save_track+0x3f/0x80
[  434.057571][T10555]  __kasan_slab_alloc+0x66/0x80
[  434.062435][T10555]  kmem_cache_alloc_noprof+0x135/0x2a0
[  434.067913][T10555]  vm_area_alloc+0x24/0x1d0
[  434.072540][T10555]  mmap_region+0xc3d/0x2090
[  434.077070][T10555]  do_mmap+0x8f9/0x1010
[  434.081248][T10555]  vm_mmap_pgoff+0x1dd/0x3d0
[  434.085852][T10555]  do_syscall_64+0xf3/0x230
[  434.090380][T10555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.096291][T10555] 
[  434.098720][T10555] Freed by task 5111:
[  434.102712][T10555]  kasan_save_track+0x3f/0x80
[  434.107418][T10555]  kasan_save_free_info+0x40/0x50
[  434.112466][T10555]  poison_slab_object+0xe0/0x150
[  434.117418][T10555]  __kasan_slab_free+0x37/0x60
[  434.122194][T10555]  kmem_cache_free+0x145/0x350
[  434.126982][T10555]  rcu_core+0xafd/0x1830
[  434.131258][T10555]  handle_softirqs+0x2c4/0x970
[  434.136045][T10555]  __irq_exit_rcu+0xf4/0x1c0
[  434.140661][T10555]  irq_exit_rcu+0x9/0x30
[  434.144925][T10555]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  434.150601][T10555]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  434.156604][T10555] 
[  434.158963][T10555] Last potentially related work creation:
[  434.164681][T10555]  kasan_save_stack+0x3f/0x60
[  434.169393][T10555]  __kasan_record_aux_stack+0xac/0xc0
[  434.174788][T10555]  call_rcu+0x167/0xa70
[  434.178978][T10555]  vma_complete+0x98a/0xb60
[  434.183494][T10555]  vma_merge+0x1d9b/0x2690
[  434.187927][T10555]  vma_modify+0xb8/0x350
[  434.192189][T10555]  userfaultfd_release+0x413/0x900
[  434.197327][T10555]  __fput+0x24a/0x8a0
[  434.201337][T10555]  task_work_run+0x24f/0x310
[  434.205962][T10555]  syscall_exit_to_user_mode+0x168/0x370
[  434.211709][T10555]  do_syscall_64+0x100/0x230
[  434.216336][T10555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.222277][T10555] 
[  434.224643][T10555] The buggy address belongs to the object at ffff88802baac0f8
[  434.224643][T10555]  which belongs to the cache vm_area_struct of size 184
[  434.238982][T10555] The buggy address is located 32 bytes inside of
[  434.238982][T10555]  freed 184-byte region [ffff88802baac0f8, ffff88802baac1b0)
[  434.252719][T10555] 
[  434.255062][T10555] The buggy address belongs to the physical page:
[  434.261495][T10555] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2baac
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  434.270276][T10555] memcg:ffff88807b9af001
[  434.274535][T10555] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  434.281676][T10555] page_type: 0xfdffffff(slab)
[  434.286381][T10555] raw: 00fff00000000000 ffff888015eefb40 ffffea0001f46f00 dead000000000008
[  434.294991][T10555] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88807b9af001
[  434.303606][T10555] page dumped because: kasan: bad access detected
[  434.310036][T10555] page_owner tracks the page as allocated
[  434.315765][T10555] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5106, tgid 5106 (syz-executor), ts 95500353579, free_ts 95451347470
[  434.335001][T10555]  post_alloc_hook+0x1f3/0x230
[  434.339799][T10555]  get_page_from_freelist+0x2ccb/0x2d80
[  434.345373][T10555]  __alloc_pages_noprof+0x256/0x6c0
[  434.350630][T10555]  alloc_slab_page+0x5f/0x120
[  434.355341][T10555]  allocate_slab+0x5a/0x2f0
[  434.359912][T10555]  ___slab_alloc+0xcd1/0x14b0
[  434.364619][T10555]  __slab_alloc+0x58/0xa0
[  434.368976][T10555]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  434.374454][T10555]  vm_area_dup+0x27/0x290
[  434.378819][T10555]  copy_mm+0xc7b/0x1f30
[  434.383007][T10555]  copy_process+0x186b/0x3d90
[  434.387711][T10555]  kernel_clone+0x226/0x8f0
[  434.392244][T10555]  __x64_sys_clone+0x258/0x2a0
[  434.397215][T10555]  do_syscall_64+0xf3/0x230
[  434.401754][T10555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.407671][T10555] page last free pid 5352 tgid 5350 stack trace:
[  434.414016][T10555]  free_unref_folios+0x103a/0x1b00
[  434.419162][T10555]  folios_put_refs+0x76e/0x860
[  434.423955][T10555]  free_pages_and_swap_cache+0x5c8/0x690
[  434.429627][T10555]  tlb_flush_mmu+0x3a3/0x680
[  434.434248][T10555]  tlb_finish_mmu+0xd4/0x200
[  434.438878][T10555]  exit_mmap+0x44f/0xc80
[  434.443152][T10555]  __mmput+0x115/0x390
[  434.447255][T10555]  exit_mm+0x220/0x310
[  434.451349][T10555]  do_exit+0x9b2/0x27f0
[  434.455541][T10555]  do_group_exit+0x207/0x2c0
[  434.460639][T10555]  get_signal+0x16a1/0x1740
[  434.465174][T10555]  arch_do_signal_or_restart+0x96/0x830
[  434.470749][T10555]  syscall_exit_to_user_mode+0xc9/0x370
[  434.476330][T10555]  do_syscall_64+0x100/0x230
[  434.480953][T10555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.486868][T10555] 
[  434.489303][T10555] Memory state around the buggy address:
[  434.494942][T10555]  ffff88802baac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.503023][T10555]  ffff88802baac080: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa
[  434.511100][T10555] >ffff88802baac100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.519172][T10555]                             ^
[  434.524030][T10555]  ffff88802baac180: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb
[  434.532120][T10555]  ffff88802baac200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  434.540227][T10555] ==================================================================
[  434.574239][T10555] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  434.581489][T10555] CPU: 1 UID: 0 PID: 10555 Comm: syz.0.1484 Not tainted 6.10.0-next-20240718-syzkaller #0
[  434.591507][T10555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  434.601592][T10555] Call Trace:
[  434.604912][T10555]  <TASK>
[  434.607895][T10555]  dump_stack_lvl+0x241/0x360
[  434.612791][T10555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.618030][T10555]  ? __pfx__printk+0x10/0x10
[  434.622667][T10555]  ? preempt_schedule+0xe1/0xf0
[  434.627555][T10555]  ? vscnprintf+0x5d/0x90
[  434.631918][T10555]  panic+0x349/0x870
[  434.635850][T10555]  ? check_panic_on_warn+0x21/0xb0
[  434.641004][T10555]  ? __pfx_panic+0x10/0x10
[  434.645459][T10555]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  434.651470][T10555]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  434.657827][T10555]  ? print_report+0x502/0x550
[  434.662529][T10555]  check_panic_on_warn+0x86/0xb0
[  434.667492][T10555]  ? handle_mm_fault+0x14f0/0x19a0
[  434.672654][T10555]  end_report+0x77/0x160
[  434.676925][T10555]  kasan_report+0x154/0x180
[  434.681541][T10555]  ? handle_mm_fault+0x14f0/0x19a0
[  434.686698][T10555]  handle_mm_fault+0x14f0/0x19a0
[  434.691694][T10555]  ? __pfx_handle_mm_fault+0x10/0x10
[  434.697019][T10555]  ? lock_vma_under_rcu+0x592/0x6e0
[  434.702257][T10555]  ? exc_page_fault+0x113/0x8c0
[  434.707140][T10555]  exc_page_fault+0x459/0x8c0
[  434.711856][T10555]  asm_exc_page_fault+0x26/0x30
[  434.716737][T10555] RIP: 0033:0x7fc048d3d5ab
[  434.721176][T10555] Code: fa 10 73 2d 83 fa 08 73 46 83 fa 04 73 16 83 fa 01 7c 10 8a 0e 74 0a 0f b7 74 16 fe 66 89 74 17 fe 88 0f c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5
[  434.740814][T10555] RSP: 002b:00007fc049aef038 EFLAGS: 00010246
[  434.746922][T10555] RAX: 0000000020400000 RBX: 00007fc048f03f60 RCX: 0000000000000000
[  434.754931][T10555] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000020400000
[  434.762895][T10555] RBP: 00007fc048de4e5d R08: 0000000000000004 R09: 0000000000000000
[  434.770867][T10555] R10: 0000000020400000 R11: 0000000020000080 R12: 0000000000000000
[  434.778844][T10555] R13: 000000000000000b R14: 00007fc048f03f60 R15: 00007fff94a032e8
[  434.786935][T10555]  </TASK>
[  434.790284][T10555] Kernel Offset: disabled
[  434.794629][T10555] Rebooting in 86400 seconds..