last executing test programs:

3m23.197880912s ago: executing program 1 (id=62):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r3, 0x0, 0x1000, 0x10000, 0x3, [<r4=>0x0, 0x0, 0x0, <r5=>0x0], [0x800000, 0x800, 0xfffffffd], [0x0, 0x1001000, 0xfffffffc], [0x0, 0x0, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x3, [r4, 0x0, 0x0, r5], [0x2b8], [0x0, 0x0, 0x0, 0x1]})

3m23.021789325s ago: executing program 1 (id=63):
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f00000001c0)=0x1fff)

3m22.808773208s ago: executing program 1 (id=65):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
r1 = socket(0x15, 0x5, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt(r1, 0x200000000114, 0x2715, 0x0, &(0x7f00000000c0))

3m22.648888841s ago: executing program 1 (id=67):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x4080, &(0x7f0000000540)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000002,nostrict,uid=', @ANYRESOCT=0x0, @ANYRESDEC], 0x2, 0xc36, &(0x7f0000002540)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb13Z19b/a9eeMZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr56+qz7PwA8Vq75/38AAAAAAAAAAAAAADjoUhTxZKSYvbKaxqr3HfXL7b7bd0aHhreudiRVNQ9V5cuf+pmz585/6YXBC9283J7+gPp77bPx2si1S42XZ27Nzk3Oz09ONEan2+MzE5M73sNu6292sjoAjVuv3564cWO+cfb5cxs+vjPwfv8TxwcuDj576plu2dGh4eGR9SL13vK1+25Ix3YzPA5HEacixXPf+2lqRUQRuz8W9Qc79psdqTpxsurE6NBw1ZGpdmt6ofzwavdAFBGNnkrN7jHaeiyi1vdA+7C9ZsRi2fyywSfL7o3MtuZa16cmG1dbcwvthfbM9NXUaW3Zn0YUcSFFLEXESv+9u+uLImqR4jvHVtP1iDjUPQ5frCYGb9+OYh/7uANlOxt9EUvFIzBmB1h/FPFqpPjZOydiPF9nqmvNFyJeLfMHEW+V+VJEKk+M8xHvbXEe8WiqRRF/WY7/xdU0UV0PuteVy19rfGX6xkxP2e515SPeH+65Ujyk+8ORTflgHPBrUz2KaFVX/NV0/7/ZAQAAAAAAAAAAAAAAAGCvHYkiPhMpXvmPP6nmFUc1L/3YxcE/HPjV3jnjT3/Ifsqyz0fEYrGzObmH88TAq+lqSg95LvHjrB5F/Gme//eth90YAAAAAAAAAAAAAAAAAACAx1oRP4kUL757Ii1F75ri7embjWut61OdVWG7a/9210xfW1tba6RONnOO5VzMuZRzOedKzihy/ZzNnGM5F3Mu5VzOuZIzDuX6OZs5x3Iu5lzKuZxzJWfUcv2czZxjORfLrK93dDlvX8kZB2TtXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj5MiivhFpPj2N1ZTpIhoRoxFJ5f7H3brAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBSfyri+5Gi8UfNu9tqEZGqfztOlL+cj+bhMj8ZzcEyX4rmpZytKmvNbz2E9rM7famIH0eK/vrbdwc8j39f593d0yDe+ub6u8/WOnmo++HA+/1PHD92cXD4N57e7nXaqgEnL7enb99pjA4ND4/0bK7lb/9kz7aB/L3F3nSdiJh/483XW1NTk3P3/6I8BXZR/RF6kWqPS08f1ovFvTgh9+5F1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xc072uH9v7a5Xr7/l/f0re7/T/ZsezH/bqSvFlFfuDXbdzyiPv/Gm6fat1o3J29OTp8/ffrLg4NfPne673BE/UZ7arLn1Z4cLgAAAAAAAAAAAAAAAIAHJxXx+5Gi9ePV1IiIO9V8rYGLg8+eeuZQHKrmW22Yt/3ayLVLjZdnbs3OTc7PT040Rqfb4zMTkzv9uno13Wt0aHhfOvOhjuxz+4/UX56ZfWOuffOPF7b8/Gj90vX5hbnW+NYfx5EoIpq9W05WDR4dGq4aPdVuTVdVr245mf6j60tF/FekGD/fSJ/P2/L8/80z/DfM/1/cvKN9mv//iZ5t5XemVMTPI8Xv/NXT8fmqnUfjnmOWy/1dpDh54XO5XBwuy3Xb0HmuQGdmYFn2/yLFP/1iY9nufMgn18ue2fGBfUSU438sUnz/L74bv5m3bXz+w9bjf3TzjvZp/J/q2XZ0w/MKdt118vifihQvPfl2/Fbe9kHP/+g+e+NELnz3+Rz7NP6f6tk2kL/3t/em6wAAAAAAAAAAAI+0vlTE30eKHw7X0gt5207+/t/E5h3t09//+nTPtom9Wa/oQ1/s+qACAAAAwAHRl4r4SaS4ufD23TnUG+d/98z//L31+Z9DadOn1Z/z/Vr13IC9/PO/XgP5e8d2320AAAAAAAAAAAAAAAAAAAA4UFIq4oW8nvpYNZ9/Ytv11JcjxSv/81wul46X5brrwA9Uv9avzEyfujQ1NTPeWmhdn5psjMy2xifLuk9FitW//VyuW1Trq3fXm++s8b6+FvtcpBj+h27Zzlrs3bXJn1ove6Ys+4lI8d//uLFsdx3rT62XPVuW/ZtI8fV/2brs8fWy58qy340UP/p6o1v2aFm2+3zUT6+XfX58ptiHUQEAAAAAAAAAAAAAAAAAAOBx05eK+PNI8b+3lu7O5c/r//f1vK289c2e9f43uVOt8z9Qrf+/3ev7Wf+/eq7A4nbfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH08pingzUsxeWU3L/eX7jvrl9vTtO6NDw1tXO5Kqmoeq8uVP/czZc+e/9MLghW5+cP299pl4beTapcbLM7dm5ybn5ycnGqPT7fGZickd72G39Tc7WR2Axq3Xb0/cuDHfOPv8uQ0f3xl4v/+J4wMXB5899Uy37OjQ8PBIT5la331/+z3SNtsPRxF/HSme+95P0w/7I4rY/bH4kHNnvx2pOnGy6sTo0HDVkal2a3qh/PBq90AUEY2eSs3uMXoAY7ErzYjFsvllg0+W3RuZbc21rk9NNq625hbaC+2Z6aup09qyP40o4kKKWIqIlf57d9cXRbweKb5zbDX9a3/Eoe5x+OKVka+ePrt9O4p97OMOlO1s9EUsFY/AmB1g/VHEP0eKn71zIv6tP6IWnZ/4QsSrZf4g4q3ojHcqT4zzEe9tcR7xaKpFEf9fjv/F1fROf3k96F5XLn+t8ZXpGzM9ZbvXlUf+/vAgHfBrUz2K+FF1xV9N/+6/awAAAAAAAAAAAAAAAIADpIhfjxQvvnsiVfOD784pbk/fbFxrXZ/qTOvrzv3rzpleW1tba6RONnOO5VzMuZRzOedKzihy/ZzNMutra2P5/WLOpZzLOVdyxqFcP2cz51jOxZxLOZdzruSMWq6fs5lzLOdizqWcyzlXcsYBmbsHAAAAAAAAAAAAAAAAAAB8vBTVPym+/Y3VtNbfWV96LDq5bD3Qj71fBgAA//8dq/O8")
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000002c0)='./bus\x00', 0x4010, &(0x7f0000000d80)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e009881e945c9147b9bbd20ad4bf0663600000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfaf2316d9244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000d7ff1091b48818e9157b120449e7c384c3c12ffd6aab2a45ca1c34df7ea59c3e1177622cd05bd030d5d5505743a5f54e154618eb8ea7559169e556779af59c89a79259cd7be4f2b8293eb9f0a75412d2159384e03776075e2decea5f63449350d3ff29eeaf72d141e39739e204de9ebfdea4fceb28d7a72a4c45d3aacfdeefceb735bd421583781bc762e3b4eac921", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97)
getdents(r1, &(0x7f0000001140)=""/186, 0x3b)

3m21.887531684s ago: executing program 1 (id=75):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x1, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000014d564b0000000001"])
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m21.362550193s ago: executing program 1 (id=80):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)

3m21.099161158s ago: executing program 32 (id=80):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000019600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x28}, 0x0)

2m34.602366729s ago: executing program 0 (id=409):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xb1ea, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r5 = eventfd2(0x0, 0x0)
read$eventfd(r5, &(0x7f0000000040), 0x8)

2m33.636844855s ago: executing program 0 (id=414):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x3}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x22044028}, 0x800)

2m33.502222657s ago: executing program 0 (id=415):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000380)=0x200000000)
r1 = dup2(r0, r0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x5)
read$FUSE(r1, &(0x7f0000000500)={0x2020}, 0x2020)

2m33.259941512s ago: executing program 0 (id=416):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x200000, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000280)='binfmt_misc\x00', 0x800, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00')
chdir(&(0x7f0000000140)='./file0\x00')
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0\x00')

2m33.125387664s ago: executing program 0 (id=417):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000008704"])

2m32.590657983s ago: executing program 0 (id=420):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r1 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMON(r0, 0xc0405626, &(0x7f0000000040)=0x1)

2m32.327211627s ago: executing program 33 (id=420):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r1 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMON(r0, 0xc0405626, &(0x7f0000000040)=0x1)

2m3.99271816s ago: executing program 5 (id=557):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x5, 0x2, 0x3000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000340)=[@text64={0x40, 0x0}], 0x1, 0x54, &(0x7f00000000c0)=[@cr4={0x1, 0x110428}], 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000380)="66b8d1c400000f23c00f21f86635020004000f23f80fe98a00000f23cf0f019d16000fc798f8de66b9800000c00f326635000400000f3066b9800000c00f326635004000000f30363f0f300f01c2", 0x4e}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
personality(0x400000)

2m2.886295059s ago: executing program 5 (id=565):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4, 0x5}}}}]}, 0x44}}, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@getchain={0x24, 0x66, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xa, 0xfff1}}}, 0x24}}, 0x0)

2m2.563579504s ago: executing program 5 (id=566):
creat(&(0x7f0000000040)='./file1\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x8800, 0x8)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(r0, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r1, &(0x7f0000000040)='./file1\x00', 0x2)

2m2.378476537s ago: executing program 5 (id=569):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000300)='./file2\x00', 0x8c80, &(0x7f0000000440)={[{@fmask={'fmask', 0x3d, 0x1}}, {@umask={'umask', 0x3d, 0x80000002}}, {@utf8}, {@keep_last_dots}, {@allow_utime={'allow_utime', 0x3d, 0x801}}, {@errors_continue}, {@discard}, {}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}]}, 0x3, 0x1510, &(0x7f0000003640)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1edc01, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020)

2m2.24260686s ago: executing program 5 (id=572):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f0000000980)=0x9)

2m1.862954436s ago: executing program 5 (id=579):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000080)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000200)={0x20, 0x5, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2m1.563588541s ago: executing program 34 (id=579):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000080)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000200)={0x20, 0x5, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2m1.03030537s ago: executing program 4 (id=586):
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket(0x1e, 0x4, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2m0.022288878s ago: executing program 4 (id=590):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc298, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0xf, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffa, 0x9, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xc9, 0xff}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x101)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_012={0x1, 0x0, 0xa, '\x00'}, @global=@item_4={0x3, 0x1, 0x7}]}}, 0x0}, 0x0)

1m58.12381558s ago: executing program 4 (id=597):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000100)=ANY=[])

1m57.713760096s ago: executing program 4 (id=598):
syz_mount_image$udf(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x210048, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0000005733010312bb6086da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f0000001100)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
rmdir(&(0x7f0000000100)='./control\x00')
socket$igmp6(0xa, 0x3, 0x2)
pipe2$9p(0x0, 0x80000)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
mkdir(&(0x7f0000000000)='./control\x00', 0x0)

1m57.384874312s ago: executing program 4 (id=600):
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r0, 0x0, 0x0, 0xfe44, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
pread64(0xffffffffffffffff, &(0x7f0000000500)=""/31, 0x1f, 0x40000000009)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x9}}, 0x18)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_SET_PIN_FILE(r1, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)

1m56.179544923s ago: executing program 4 (id=605):
creat(&(0x7f0000000140)='./file0\x00', 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000640)='pipefs\x00', 0x1)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x2a)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r1, @ANYRES64=r0], 0x0)

1m55.878942168s ago: executing program 35 (id=605):
creat(&(0x7f0000000140)='./file0\x00', 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000640)='pipefs\x00', 0x1)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x2a)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r1, @ANYRES64=r0], 0x0)

1m48.803553259s ago: executing program 6 (id=580):
getpid()
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB="696f636861727365743d170ddbbba28854f76e642c756d61736b3d30303030303030303030303030303030303030303030362c696f636861727365743d63703934392c6572726f72733d72656d6f756e742d726f2c7569643d", @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000003,gid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,discard,errors=continue,\x00'], 0x5, 0x1510, &(0x7f00000037c0)="$eJzs3Am4TlX7MPD7Xmvt45D0dJLhsNa6N08yLCdJMiTJkCRJkmRKSDrJKwmJQ6akQxKS4ZAMh5AMJ0465nkekyTpJEmmTMn6rlN83t7qe//v/+17/a//uX/Xta9n3c/a99prP/czrL0N33UZWrNxrWoNiQj+LfjrQxIAxALAQAC4DgACACgXVy4uqz+nxKR/7yDsr/VI6tWeAbuauP7ZG9c/e+P6Z29c/+yN65+9cf2zN65/9sb1Zyw72zy94PW8Zd+N7/9nZ/z7/79IZumxX60tfWPXfyGF65+9cf3/1wr+Kztx/bM3rn/2xvXP3rj+2UGOP+3h+mdvXH/GsrOrff+Zt6u7Xe33H2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yx7OGsv0IBwOX21Z4XY4wxxhhjjDHG/jo+x9WeAWOMMcYYY4wxxv7/QxAgQUEAMZADYiEn5AIBANdCHrgOInA9xMENkBduhHyQHwpAQYiHQlAYNBiwQBBCESgKUbgJisHNUBxKQEkoBQ5KQwLcAmXgVigLt0E5uB3Kwx1QASpCJagMd0IVuAuqwt1QDe6B6lADakItuBdqw31QB+6HuvAA1IMHoT48BA3gYWgIj0AjeBQaw2PQBB6HptAMmkMLaPnfyn8JesDL0BN6QRL0hj7wCvSFftAfBsBAeBUGwWswGF6HZBgCQ+ENGAZvwnB4C0bASBgFb8NoeAfGwFgYB+MhBSbARHgXJsF7MBmmwFSYBqkwHWbA+zATZsFs+ADmwIcwF+bBfFgAafARLIRFkA4fw2L4BDJgCSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBbvhU9gDn8Fe+Bz2wRf/Yv6Zf8jvioCAAgUqVBiDMRiLsZgLc2FuzI15MA9GMIJxGId5MS/mw3xYAAtgPMZjYSyMBg0SEhbBIhjFKBbDYlgci2NJLIkOHSZgApbBW7EslsVyWA7LY3msgBWxIlbGylgFq2BVrIrVsBpWx+pYE2vivXgv9sY6WAfrYl2sh/Uu357ChtgQG2EjbIyNsQk2wabYFJtjc2yJLbEVtsLW2BrbYltsh+2wPbbHREzEDtgBO2JH7ISdsDN2xi7YBbtiN+yGL+UAfBlfxl5YXfTGPtgH+2Jyjv44AAfgqzgIX8PX8HVMxiE4FN/AN/BNHI6ncQSOxFE4CquId3AMjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsIPcA5+iB/iPJyHCzAN03AhLsJ0TMfFeAYzcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/Fz/AzTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyFp/A0nsGzeBbP43m8gC/Ef9NoV4k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFMVFMFBfFRUlRUjjhRIJIEGVEGVFWlBXlxO2ivLhDVBAVRRtXWVQWVURbV1XcLaqJaqK6qCFqilqilqgtaos6oo6oK+qKeqKeqC8eEg1Eb+yPj4isyjQWQ7CJGIpNRTMhL32DtRLDsbVoI9qKp8RIHIHtRSuXKJ4VHcQY7Cj+Jsbi86KzGI9dxIuiq+gmuouXRA/R2vUUvcRk7C36iGnYV/QT/cUAMRNriA9wTs6a4nWRLIaIoeINsQDfFMPFW2KEGClGibfFaPGOGCPGinFivEgRE8RE8a6YJN4Tk8UUMVVME6liupgh3hczxSwxW3wg5ogPxVwxT8wXC0Sa+EgsFItEuvhYLBafiAyxRCwVy8RysUKsFKvEarFGrBXrxHqxQWwUm8RmsUVsFdvEdrFD7BS7xG7xqdgjPhN7xedin/hC7BdfigPiK3FQfC0yxTfikPhWHBbfiSPie3FU/CCOiePihDgpTokfxWlxRpwV58R58ZO4IH4WF4UXIFEKKaWSgYyROWSszClzyWtkbhlcenWvl3HyBplX3ijzyfyygCwo42UhWVhqaaSVJENZRBaVUXmTLCZvlsVlCVlSlpJOlpYJ8hZZRt4qy8rbZDl5uywv75AVZEVZSVaWd8oq8i4JkV+PUV3WkDVlLXmvrC3vk3Xk/bKufEDWkw/K+vIh2UA+LBvKR2Qj+ahsLB+TTeTjsqlsJpvLFrKlfEK2kk/K1rKNbCufku3k07K9fEYmymdlB+kvvUWel53lC7KLfFF2ld1kd/mzvCi97Cl7SYDeso98RfaV/WR/OUAOlK/KQfI1OVi+LpPlEDlUviGHyTflcPmWHCFHylHybTlaviPHyLFynBwvU+QEOVG+KyfJ9+RkOUVOldNkqpwu+18aabaU/zT/3T/IH/zL0TfJzXKL3Cq3ye1yh9wpd8ndcrfcI/fIvXKv3Cf3yf1yvzwgD8iD8qDMlJnykDwkD8vD8og8Io/Ko/KYPC7PyZPylPxRnpZn5Bl5Tp6X5+WFS68BKFRCSaVUoGJUDhWrcqpc6hqVW12r8qjrVERdr+LUDSqvulHlU/lVAVVQxatCqrDSyiirSIWqiCqqouomvPSGUSVVKeVUaZWgbvlX8lUxdbMqrkr8Jv/y/JL+ZH4tVUvVSrVSrVVr1Va1Ve1UO9VetVeJKlF1UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VZJKUn3UK6qv6qf6qwFqoHpVDVKD1GA1WCWrZDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVolLURDVRTVKT1GQ1WU1VU1WqSlUz1Aw1U81Us9VsNUfNUXPVXDVfzVdpKk0tVAtVukpXi9VilaGWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qQ21Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVabKVIfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbJAryBXkDnIHeYI8QSSIBHFBXJA3uDHIF+QPCgQFg/igUFA40IEJbCAuFT0a3BQUC24OigclgpJBqcAFpYOE4JagTHBrUDa4LSgX3B6UD+4IKgQVg0pB5eDOoEpwV1A1uDuoFtwTVA9qBDWDWsG9Qe3gvqBOcH9QN3ggqBc8GNQPHgoaBA8HDYNHgkbBo0Hj4LGgSfB40DRoFjQPWgQt/9LxvT+d/0nXU/fSSbq37qNf0X11P91fD9AD9at6kH5ND9av62Q9RA/Vb+hh+k09XL+lR+iRepR+W4/W7+gxeqwep8frFD1BT9Tv6kn6PT1ZT9FT9TSdqqfrGfp9PVPP0rP1B3qO/lDP1fP0fL1Ap+mP9EK9SKfrj/Vi/YnO0Ev0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/ROvUvv1p/qPfozvVd/rvfpL/R+/aU+oL/SB/XXOlN/ow/pb/Vh/Z0+or/XR/UP+pg+rk/ok/qU/lGf1mf0WX1On9c/6Qv6Z31R+6zFfdbPu1FGmRgTY2JNrMllcpncJrfJY/KYiImYOBNn8pq8Jp/JZwqYAibexJvCprDJQoZMEVPERE3UFDPFTHFT3JQ0JY0zziSYBFPGlDFlTVlTzpQz5U15U8FUMJVMJXOnudPcZe4yd5u7zT3mHlPD1DC1TC1T29Q2dUwdU9fUNfVMPVPf1DcNTAPT0DQ0jUwj09g0Nk1ME9PUNDXNTXPT0rQ0rUwr09q0Nm1NW9POtDPtTXuTaBJNB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySZJNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNsks1QM9QMM8PMcDPcjDAjzaishap5x4wxY804M96kmBQz0Uw0k8wkM9lMNlPNVJNqUs0MM8PMNDPNbDPbzDFzzFwz18w3802aSTMLzUKTbtLNYrPYZJgMs9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTSZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm/yXfi+9ibU5bS57jc1tr7V57HX2H+MCtqCNt4VsYattPpv/N7Gx1ha3JWxJW8o6W9om2Ft+F1ewFW0lW9neaavYu2zV38W17X22jr3f1rUP2Fr23t/E9eyDtr59zDZABLDNbCPbwja2j9km9nHb1DazzW0L284+bdvbZ2yifdZ2sM/9Ll5oF9nVdo1da9fZPfYze9aes4ftd/a8/cn2tL3sQPuqHWRfs4Pt6zbZDvldPMq+bUfbd+wYO9aOs+N/F0+102yqnW5n2PftTDvrd3Ga/cjOsel2rp1n59sFv8RZc0q3H9vF9hObYZfYpXaZXW5X2JV21f+d6zK7wW60m+xu+6ndarfZ7XaH3Wl3/RJnncde+7ndZ7+wh+y39oD9yh60R2ym/eaXOOv8jtjv7VH7gz1mj9sT9qQ9ZX+0p+2ZX84/69xP2p/tRestEBKQJEUBxVAOiqWclIuuodx0LeWh6yhC11Mc3UB56UbKR/mpABWkeCpEhUmTIUtEIRWhohSlm+jyOr0klSJHpSmBbqEydCuVpduoHN1O5ekOqkAVqRJVpjupCt1FVeluqkb3UHWqQTWpFt1Ltek+qkP3U116gOrRg1SfHqIG9DA1pEeoET1KjekxakKPU1NqRs2pBbWkJ6gVPUmtqQ21paeoHT1N7ekZSqRnqQM9Rx3pb9SJnqfO9AJ1oRepK3Wj7vQS9aCXqSf1oiTqTX3oFepL/ag/DaCB9CoNotdoML1OyTSEhtIbNIzepOH0Fo2gkTSK3qbR9A6NobE0jsZTCk2gifQuTaL3aDJNoak0jVJpOs2g92kmzaLZ9AHNoQ9pLs2j+bSA0ugjWkiLKJ0+psX0CWXQElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDvtoJ20i3bTp7SHPqO99Dntoy9oP31JB+grOkhfUyZ9Q4foWzpM39ER+t73oh/oGB2nE3SSTtGPdJrO0Fk6R+fpJ7pAP9NF8gQhhiKUoQqDMCbMEcaGOcNc4TVh7vDaME94XRgJrw/jwhvCvOGNYb4wf1ggLBjGh4XCwqEOTWhDCsOwSFg0jIY3hcXCm8PiYYmwZFgqdGHpMCG8JSwT3hqWDW8Ly4W3h+XDO8IKYcXwsQcqh3eGVcK7wqrh3WG18J6welgjrBnWCu8Na4f3hXXC+8O64QNh2fDBsH74UNggfDhsGD4SNgofDRuHj4VNwsfDpmGzsHnYImwZPhG2Cp8MW4dtwrbhU2G78OmwffhMmBg+G3YIn/ul/8FFf96fFPYO+4SvhK+E3t8v50cXRNOiH0UXRhdF06MfRxdHP4lmRJdEl0aXRZdHV0RXRldFV0fXRNdG10XXRzdEN0Y3Rb2vlQMcOuGkUy5wMS6Hi3U5XS53jcvtrnV53HUu4q53ce4Gl9fd6PK5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd5Mr5m52xV0JV9KVcs6VdgmuhWvpWrpW7knX2rVxbd1T7in3tHvaPeOecc+6Du4519H9zXVyz7vO7gX3gnvRdXXdXHf3kuvhJuT59TOZ5Pq4Pq6v6+v6u/5uoBvoBrlBbrAb7JJdshvqhrphbpgb7oa7EW6EG+VGudFutBvjxrhxbpxLcSluopvoJrlJbrKb7Ka6qS7VpboZboab6Wa6KrN+PcpcN9fNd/NdmktzC13WmjHdLXaLXYbLcEvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O91Ot9vtdnv8db8O6va5/W6/O+AOuIPua5fpvnGH3LfusPvOHXHfu6PuB3fMHXcn3El3yv3oTrsz7qw75867n9wF97O76LxLiUyITIy8G5kUeS8yOTIlMjUyLZIamR6ZEXk/MjMyKzI78kFkTuTDyNzIvMj8yIJIWuSjyMLIokh65OPI4sgnkYzIksjSyLLI8siKiPeFtoa+iC/qo/4mX8zf7Iv7Er6kL+WdL+0T/C2+jL/Vl/W3+XL+dl/e3+Er+Iq+kn/cN/XNfHPfwrf0T/hW/knf2rfxbf1Tvp1/2rf3z/hE/6zv4J/zHf3ffCf/vO/sX/Bd/Iu+q+/mu/uXfA//su/pe/kk39v38a/4vr6f7+8H+IH+VT/Iv+YH+9d9sh/ih/o3/DD/ph/u3/Ij/Eg/KuZtP/ryJTKM9yl+gp/o3/WT/Ht+sp/ip/ppPtVP9zP8+36mn+Vn+w/8HP+hn+vn+fl+gU/zH/mFfpFP9x/7xf4Tn+GXXL6p7Ff6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t//U7/Gf+b3+c7/Pf+H3+y/9Af+VP+i/9pn+G3/If+sP++/8Ef+9P+p/8Mf8cX/Cn/Sn/I/+tD/jz/pz/rz/yV/wP/uL/G/WGGOMMcb+SyZcaYo/6u/9B8+Jv9u5DwBcu61g5t/3Z60o1+f7td1PxLeLAMCzvbo8cnmrXj0pKenSvhkSgqLzAC7/SVCWGLgSL4G28DQkQhso84fz7ye6nad/Mn70doBcf5cTC1fiK+N/+SfjP/HUqIXlw7Nx/4/x5wEUL3olJydciZdAW5X12AbK/sn4+Vv9k/nn/CoFoPXf5eSGK/GV+SfAk/AcJP5mT8YYY4wxxhhj7Ff9RKVOl68/L/+Nzz+6Po9XV3JywJX4n12fM8YYY4wxxhhj7Op7vlv3Z55ITGzT6V9vVP1vZXHjf2rDe4DLzygA+DcHBPiPn8WW/8ixki99dP6xa/k5H8D/jFL+FY2r/MXEGGOMMcYY+8tdWfT/9nl1tSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ/+J/07sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//geYOMQ==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

1m48.345144446s ago: executing program 6 (id=649):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000080000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000095"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r4=>0x0]}, &(0x7f0000000600)=0x8)
sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0)

1m47.978035003s ago: executing program 6 (id=652):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="98"], 0x298)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
lseek(r3, 0xffff, 0x0)

1m47.302871104s ago: executing program 36 (id=652):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="98"], 0x298)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
lseek(r3, 0xffff, 0x0)

57.523185002s ago: executing program 7 (id=969):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000)
syz_usb_disconnect(0xffffffffffffffff)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0)
bind$xdp(0xffffffffffffffff, &(0x7f0000000240)={0x2c, 0x1}, 0x60)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='htcp\x00', 0x5)
shutdown(r0, 0x2)

56.604496187s ago: executing program 7 (id=980):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
syz_emit_ethernet(0xfdef, 0x0, 0x0)
write(r0, &(0x7f00000000c0)="510003000000", 0x6)

56.306579152s ago: executing program 7 (id=983):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file0\x00', 0x1080000, 0x0, 0x8, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x9}}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC=r0])
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)

55.685287852s ago: executing program 7 (id=986):
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='./file1\x00')
r1 = syz_clone(0x24022000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$romfs(&(0x7f0000000540), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[], 0x1, 0x14f, &(0x7f0000000900)="$eJzs2r9Kw1AUBvAzFCodHZ0KlSho/mtddRQ33yC0uWnwxpREkPYFxElwuA6+hOAT+AgZ3XQR9CUi197aNhXrUBuL32/pR05IT28ut8vRkziyWaoTbXevj19WkziqN929FrOZRwOHRFSXIcvzG4OmPH3Ws5yML274VZVZN6y/DT4bm4E4umQh950FtAUAAAAAAAAAAAAAAAAAAAAAAPOg1VSodUR0wULu22PVtNc/8Tj3k7Sk9kqn1dUMFzHBb+X6uBP1rVcibV+mUBwksm5N1KvDsNER/Lm4vuZZ1DXTXl8PIy/wA//UcdymtWNZu4758Syz+ETtTvVEWX5vTY+TaWPzZo8/mTdT77+yFoqr8+K3jd4/wvxCProit0fp/fzbsKK2+V/pZ4nCzHNlWQz//9pVt/Egzz+jFfO2uriI5SzxtwPAN94DAAD//zRDNTE=")
setpgid(r1, r1)
r2 = getpgid(r1)
setpgid(0x0, r2)
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file1\x00', 0x810010, &(0x7f0000000680)=ANY=[@ANYBLOB="0059f7e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5ce1eda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa7570802a8e3343423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e3056812dc293cecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRES16, @ANYRES16=0x0, @ANYRES32, @ANYRES64=0x0, @ANYRES64, @ANYRESDEC=0x0], 0x1, 0x1fb, &(0x7f0000000280)="$eJzskk9rE08Yxz+zu0n296OlQaKiCEUtWg9tNqnGPwcFLwb1JBVqQTAkaQ2m/mkCNaGHCEIRL4JVaBEPoqSIB/ENmIOn3hSKt1LouYcevEjryuxOtpN34GE+h/3uzDzP99nn2blbe1RLALvb80VIInFI8V0IHGBQBFuU7FBdpdeVxtX5FSvUjtLfSnfPNicmQVSOreeszsHSUZGkL/VrdYMiA7c5//bapx83Yotr+7Y+fJXxV282viBOlgbevfn84vJSf2Avbk3qPnbnyLIrjYCXOxPrG84hUl2vyuLafvfPgdWn7Y+5Z7KD11MIb9kFRr+NLF30+p9byrPWaN4rVKvl2dqlJxZbQamf2/NF+XInAb7v+0HvQB7QY2T7K+zFHHZgHLDxoxiHPdL1mYfpWqM5UpkpTJeny/ez2bGcd9rzzmTTU5Xq+1fyWfaEVkJNEKmnAPmb/tPOY8COivkfWlo1hPZp6lzouXHt1w0fpwdLy+2qoBPlJlScHME4J5CjnWsJbXcocHEIWsojsOfCRcbRvi+s5QYHo8UH1dICAtFNa+NEHplNYtEiqy/GzkVtLygdUppX2la6qXTQ7b2pTuBgqfs83II4jwv1+mwmDit9KkvtZeXgwrdkSx+YrJq0e5u7YGMwGAwGg8FgMBgM/wx/AwAA//+2K50Q")

55.271630489s ago: executing program 7 (id=988):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)

54.975417375s ago: executing program 7 (id=994):
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='2K', 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x8000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x33, 0x2}, 0x7)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

54.67503428s ago: executing program 37 (id=994):
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='2K', 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x8000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x33, 0x2}, 0x7)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.83410634s ago: executing program 2 (id=1169):
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff03000000"], 0x0)
mlockall(0x2)
r0 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r0, 0xb)
shmat(r0, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
shmctl$SHM_UNLOCK(r0, 0xc)
unshare(0x20000400)
r1 = openat$rtc(0xffffffffffffff9c, 0x0, 0x101840, 0x0)
ioctl$RTC_AIE_ON(r1, 0x7001)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000040)={0x1, @raw_data="dfab4d85d47fab3f5852323481422e0f382a7fff4f2f6544e6018dbd8ab7448ced0cb6d971aa93e8b234fd2ceb6c160545bc47d95cb6f68a98ee9ea4686093a60d1e90430c08857fd0c428cdd40ea133631f9993733758d144b78ac24b59a54138ada8c18089c1250c7de9ef6ad3b2f7f28322211b5313b263f34c07a174f7d1d0f000f2bd2a60f9e4f18a82318f990d85778a2b77c73764d2d187c87800f0905ca84dbdd9002b572b0928a92da591fbaa566464e5cb6dbaf6a6945d91b66259944c62c5090ca50c"})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000030c0)={0x0, 0x0, &(0x7f0000003080)={&(0x7f0000003040)={0x2c, 0x1, 0x4, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x4}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x8}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40084}, 0x0)

7.420943114s ago: executing program 3 (id=1174):
r0 = socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$team(&(0x7f0000000140), 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000011000101000000000000", @ANYRES32=r2], 0x20}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="5400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00030000000000002c0012800b00010062726964676500001c00028008000500010000000500250001000000050029000000000008000a00", @ANYRES32=r4, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000)={'team0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r6, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)

6.190992575s ago: executing program 3 (id=1182):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "cbfc0b9af540340c"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x922, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "5c91440132bb112240fcbcc3fa9d0431575f8614d3538ce09c50eecd6ac579e8e83b944b666113f3afed71231e6653a13532f17b33515bdd7e1be14f53b9fc9b"}}, 0x80}}, 0x0)

5.91274145s ago: executing program 2 (id=1184):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
tee(r2, r3, 0xfffffffffffffc01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)

5.91104465s ago: executing program 9 (id=1192):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', <r1=>0x0})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_emit_ethernet(0x5e, &(0x7f0000000340)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb763e", 0x28, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x41}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, [{0x18, 0x3, "007c4de20278ab96e88afd5c976b4c1ce4a945b1aafb"}]}}}}}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', <r3=>0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000300)=""/33, 0x21}, {&(0x7f0000000440)=""/146, 0x92}], 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@private2, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r3})
syz_emit_ethernet(0x42, &(0x7f0000001540)={@local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @udp={0x6, 0x6, '{&N', 0xc, 0x11, 0x0, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {0x4e22, 0x4e23, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x6, 0x0, @void}}}}}}}}, 0x0)

5.91018205s ago: executing program 8 (id=1185):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="fff500001400030007000000000000000000009fcd1c970014000100ff"], 0x44}}, 0x0)

4.646497891s ago: executing program 8 (id=1186):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000000500000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000000)='./file0\x00')
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

4.646245671s ago: executing program 3 (id=1187):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x140, 0x40000000, 0x41000000}], 0x0)

4.586090672s ago: executing program 9 (id=1188):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r3, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)

4.197402759s ago: executing program 8 (id=1189):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x10)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000180)=0x2000, 0x4)

3.57747572s ago: executing program 3 (id=1190):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x40000100)
fanotify_init(0x8, 0x101000)
socket$nl_route(0x10, 0x3, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x4, 0x0, 0x7fffffff}, 0x0, 0x0)

3.152593217s ago: executing program 8 (id=1191):
r0 = socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$team(&(0x7f0000000140), 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000011000101000000000000", @ANYRES32=r2], 0x20}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="5400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="00030000000000002c0012800b00010062726964676500001c00028008000500010000000500250001000000050029000000000008000a00", @ANYRES32=r4, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000)={'team0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r6, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)

3.152253027s ago: executing program 2 (id=1193):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

3.152054167s ago: executing program 3 (id=1194):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/12, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)

2.851519442s ago: executing program 2 (id=1195):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x4, @multicast1}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0)

2.832413922s ago: executing program 9 (id=1196):
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2200890, 0x0)
pread64(r1, &(0x7f0000002240)=""/237, 0xed, 0x4eb)

2.774202813s ago: executing program 3 (id=1197):
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c40000000000109022472510000"], 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='coredump_filter\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000040)='\x00', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x396, @empty}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000500)={'syz0\x00', {0x9, 0x6, 0x9}, 0x5, [0x1, 0x400, 0x6, 0xfffffffb, 0x7, 0x7, 0x5, 0xd, 0x800, 0x4, 0x8ca6, 0x2, 0x10, 0x200, 0x8, 0x3, 0x2, 0x4, 0x6, 0x7, 0x2, 0x6, 0x7, 0x5, 0x101, 0x6, 0x1000401, 0x4, 0x15, 0x10000, 0x1ff, 0x0, 0x0, 0x6af, 0xc6, 0x5, 0x2800, 0x0, 0x9, 0x0, 0x80000003, 0x81, 0x5d89, 0x2, 0x2, 0x2, 0x699, 0x180, 0x7ffffffe, 0x6, 0xb5b5, 0x7, 0x1, 0x8000, 0x3, 0x5b, 0x7ff, 0x8001, 0x3, 0x1, 0x3, 0x6, 0x481b, 0x10001], [0x9, 0xffffffff, 0x5f8, 0x1, 0x2, 0x4ec, 0x5, 0xfffffff7, 0x1, 0x385, 0x3, 0xfffffffe, 0x8, 0x2, 0xffffffff, 0x0, 0x4, 0x6, 0x4, 0x7, 0x7, 0xe, 0x4, 0x9, 0x72ed, 0x4, 0x4, 0x7865484d, 0x0, 0xe5, 0x0, 0x4, 0x8, 0x8, 0x0, 0x6, 0x6, 0x9, 0xffffffbc, 0x15b4, 0xffffffff, 0xa08, 0xd1, 0x0, 0x8001, 0xc, 0x1, 0xb7, 0x40, 0xc, 0x7fff, 0x8, 0xfffffffd, 0x80000001, 0x1, 0x1, 0x5, 0x7, 0x0, 0x1ff, 0x0, 0x0, 0x1, 0x8], [0x10, 0x0, 0x4, 0x2, 0x8, 0x2, 0xfffff001, 0x3, 0x0, 0x7386, 0x2, 0x5, 0x80000001, 0x5fef, 0x2000d, 0xe, 0x3, 0x104, 0x100, 0x42c1, 0x3, 0x7ffe, 0x3, 0x6, 0x1, 0xa4, 0x1, 0xffffff00, 0xfffffff9, 0xd94, 0x46de873e, 0x3ff, 0x3, 0x1, 0xd1, 0x5, 0x3, 0x400, 0x10000, 0x7ff, 0x8, 0x3, 0x6, 0x6, 0x2, 0x8, 0x8, 0x4, 0x970, 0x1, 0x1, 0x5, 0x9, 0x200, 0x26d, 0xcbf, 0x400, 0x1ff, 0x3, 0x3, 0x2, 0x4, 0x1, 0x401], [0x19f3, 0x2, 0x147c, 0x9, 0x6, 0x2, 0x4429, 0xf, 0x2, 0x7, 0x100, 0x0, 0x8, 0x100, 0x10001, 0x4, 0xfffd, 0x7, 0x1000, 0x8, 0x6, 0x7f, 0x100, 0x5, 0xff, 0x8, 0x40, 0x5, 0x3, 0x7, 0xf00000, 0x3, 0x7, 0xfffffffd, 0x7, 0x0, 0x8, 0x3, 0x9f4d, 0x9, 0x5, 0x7fff, 0x3, 0x401, 0x11e9, 0x800, 0xc5, 0x4, 0x1, 0x2, 0xfffffff9, 0x0, 0x0, 0x7, 0x6, 0x8, 0x4, 0x3af, 0xdc, 0x8, 0xfe19, 0x4, 0x7, 0x9]}, 0x45c)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/64, 0x328000, 0x800}, 0x20)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000340)='westwood\x00', 0x38)
shutdown(r1, 0x1)

1.580385654s ago: executing program 2 (id=1198):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff", @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0xc94})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.553269304s ago: executing program 9 (id=1199):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffffb]}, 0x8, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r2, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r0], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r3, 0x0, 0x0, 0x44010, &(0x7f0000000040)={0x11, 0x8100, r2, 0x1, 0x7}, 0x14)

1.171196861s ago: executing program 2 (id=1200):
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12)
r0 = openat$vcsu(0xffffff9c, &(0x7f0000000180), 0xa080, 0x0)
r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.129429471s ago: executing program 9 (id=1201):
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140)='2K', 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x8000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e20, 0x2, @remote, 0x7}, @in={0x2, 0x4e20, @loopback}], 0x2c)
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x20, 0x2, 0x8}, 0x9}}, 0x18)
write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x33, 0x2}, 0x7)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.106155691s ago: executing program 8 (id=1202):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)
ftruncate(r3, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r4, r3, 0x0, 0x578410eb)

30.56803ms ago: executing program 9 (id=1203):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
syz_clone(0x60001600, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = getpid()
fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3})
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000001c0)=<r4=>0x0)
fcntl$setown(r1, 0x8, r4)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 8 (id=1204):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {0x7, 0x1, 0xb, 0x2, 0xa, 0x0, 0x40000000}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ppoll(&(0x7f0000000140), 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)={[0x401]}, 0x8)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000f80)={@private0}, &(0x7f0000001300)=0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000001400)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24040880}, 0x4048801)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
setsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f0000000340)=0xc6, 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x5, @empty}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff20000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0)
mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3)

kernel console output (not intermixed with test programs):

 leftover after parsing attributes in process `syz.2.367'.
[  123.843451][  T786] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  123.858725][  T786] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  123.885380][  T786] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  123.905476][  T786] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.927794][ T6929] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  123.961165][ T6948] 8021q: adding VLAN 0 to HW filter on device bond1
[  124.022862][ T6938] loop3: detected capacity change from 0 to 32768
[  124.049583][ T6938] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  124.060308][ T6938] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.198150][ T6938] XFS (loop3): Ending clean mount
[  124.224803][ T6938] XFS (loop3): Quotacheck needed: Please wait.
[  124.302279][  T786] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input11
[  124.338413][ T6938] XFS (loop3): Quotacheck: Done.
[  124.409689][   T28] audit: type=1800 audit(1753420262.553:412): pid=6938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.362" name="file1" dev="loop3" ino=9286 res=0 errno=0
[  124.459375][ T6969] all: renamed from lo (while UP)
[  124.648990][  T786] usb 5-1: USB disconnect, device number 6
[  124.649049][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  124.663284][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  124.674316][  T786] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  124.784281][ T5785] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.917685][ T6983] sit0: entered promiscuous mode
[  124.931175][ T6983] netlink: 'syz.0.377': attribute type 1 has an invalid length.
[  124.955663][ T6983] netlink: 1 bytes leftover after parsing attributes in process `syz.0.377'.
[  125.555991][  T787] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  125.765695][  T787] usb 5-1: Using ep0 maxpacket: 16
[  125.773401][  T787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.785182][  T787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.795613][  T787] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  125.808567][  T787] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  125.817700][  T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.829572][  T787] usb 5-1: config 0 descriptor??
[  125.956346][ T5874] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  126.158097][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.173208][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  126.191538][ T5874] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  126.202778][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.217094][ T5874] usb 1-1: config 0 descriptor??
[  126.247811][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.255111][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.285702][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x4
[  126.292985][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.305674][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.312941][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.335723][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.343000][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.350391][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.358945][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.366255][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.373928][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.381237][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.388500][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.395775][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.403902][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.411265][  T787] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  126.424921][  T787] microsoft 0003:045E:07DA.0009: No inputs registered, leaving
[  126.434963][  T787] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  126.492565][  T787] microsoft 0003:045E:07DA.0009: no inputs found
[  126.510440][  T787] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway
[  126.531223][ T5874] usbhid 1-1:0.0: can't add hid device: -71
[  126.540442][  T787] usb 5-1: USB disconnect, device number 7
[  126.566564][ T5874] usbhid: probe of 1-1:0.0 failed with error -71
[  126.586250][ T5874] usb 1-1: USB disconnect, device number 9
[  126.660130][ T7011] kvm: Disabled LAPIC found during irq injection
[  126.960771][ T7021] netlink: 92 bytes leftover after parsing attributes in process `syz.2.392'.
[  127.340326][ T7019] loop3: detected capacity change from 0 to 32768
[  127.365661][ T7019] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.390 (7019)
[  127.391598][ T7019] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  127.412702][ T7034] loop2: detected capacity change from 0 to 8
[  127.412975][ T7019] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  127.438495][ T7019] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  127.451070][ T7019] BTRFS info (device loop3): use zstd compression, level 3
[  127.458749][ T7019] BTRFS info (device loop3): using free space tree
[  127.574716][ T7019] BTRFS info (device loop3): enabling ssd optimizations
[  127.595700][ T7019] BTRFS info (device loop3): auto enabling async discard
[  127.662724][   T28] audit: type=1800 audit(1753420265.803:413): pid=7019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.390" name="file1" dev="loop3" ino=260 res=0 errno=0
[  127.780676][ T7031] loop4: detected capacity change from 0 to 32768
[  127.813857][ T7031] (syz.4.396,7031,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  127.856433][ T7031] (syz.4.396,7031,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  127.994697][ T5785] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  128.022001][ T7031] JBD2: Ignoring recovery information on journal
[  128.256911][ T7031] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  128.321309][ T7057] loop2: detected capacity change from 0 to 32768
[  128.422310][ T7057] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  128.546428][ T7057] XFS (loop2): Ending clean mount
[  128.553836][ T7031] ocfs2: Unmounting device (7,4) on (node local)
[  128.565233][ T7057] XFS (loop2): Quotacheck needed: Please wait.
[  128.748742][ T7057] XFS (loop2): Quotacheck: Done.
[  129.122520][ T5786] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  129.565576][    C1] sched: RT throttling activated
[  129.846442][ T7085] pim6reg: entered allmulticast mode
[  129.871561][ T7085] pim6reg: left allmulticast mode
[  130.470390][ T7069] loop3: detected capacity change from 0 to 262144
[  130.508296][ T7069] F2FS-fs (loop3): invalid crc value
[  130.518198][ T7069] F2FS-fs (loop3): Found nat_bits in checkpoint
[  130.584478][ T7069] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  131.715706][   T27] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  131.915710][   T27] usb 3-1: Using ep0 maxpacket: 8
[  131.924769][   T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  131.938352][   T27] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  131.948524][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.959210][   T27] usb 3-1: config 0 descriptor??
[  132.175883][   T27] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  132.593429][  T787] usb 3-1: USB disconnect, device number 8
[  132.691789][ T7120] loop4: detected capacity change from 0 to 164
[  132.752323][ T7120] Unable to read rock-ridge attributes
[  133.066937][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  133.073314][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  133.294606][ T7120] Unable to read rock-ridge attributes
[  133.376497][ T7132] input: syz1 as /devices/virtual/input/input13
[  133.410078][   T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  133.429029][   T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  133.443220][   T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  133.474377][   T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  133.482671][   T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  133.490657][   T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  133.541764][ T7133] lo speed is unknown, defaulting to 1000
[  133.621036][ T7136] netlink: 48 bytes leftover after parsing attributes in process `syz.2.426'.
[  134.139612][ T7133] chnl_net:caif_netlink_parms(): no params data found
[  134.253084][ T7133] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.264931][ T7133] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.286723][ T7133] bridge_slave_0: entered allmulticast mode
[  134.293987][ T7133] bridge_slave_0: entered promiscuous mode
[  134.320425][ T7133] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.333673][ T7133] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.348944][ T7133] bridge_slave_1: entered allmulticast mode
[  134.361978][ T7133] bridge_slave_1: entered promiscuous mode
[  134.480331][ T7133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.515312][ T7133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.629326][ T7133] team0: Port device team_slave_0 added
[  134.639483][ T7141] loop2: detected capacity change from 0 to 32768
[  134.659700][ T7133] team0: Port device team_slave_1 added
[  134.713583][ T7133] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.724690][ T7141] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  134.738714][ T7133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.766558][ T7133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.794785][ T7133] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.816645][ T7133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  134.848506][ T7133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  134.950401][ T7141] XFS (loop2): Ending clean mount
[  134.994975][ T7133] hsr_slave_0: entered promiscuous mode
[  135.010898][ T7133] hsr_slave_1: entered promiscuous mode
[  135.021137][ T7133] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  135.033029][ T7133] Cannot create hsr debugfs directory
[  135.149284][ T7141] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xd0, xfs_rmapbt block 0x14 
[  135.163773][ T7141] XFS (loop2): Unmount and run xfs_repair
[  135.185920][ T7141] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  135.203815][ T7141] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  135.217528][ T7141] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80  ..P.............
[  135.232258][ T7141] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  135.252874][ T7141] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  135.322054][ T7141] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  135.343184][ T7141] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  135.358254][ T7141] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  135.373519][ T7141] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  135.389004][ T7141] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x14 len 4 error 74
[  135.403941][ T7141] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598).  Shutting down filesystem.
[  135.429001][ T7141] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  135.480913][ T7133] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  135.509992][ T7133] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  135.530063][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  135.532002][ T7174] block device autoloading is deprecated and will be removed.
[  135.550103][   T50] Bluetooth: hci3: command tx timeout
[  135.560936][ T7133] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  135.576655][ T7133] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  135.872355][ T7133] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.935975][ T7133] 8021q: adding VLAN 0 to HW filter on device team0
[  135.958264][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.965472][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.006350][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.006932][ T7184] Bluetooth: MGMT ver 1.22
[  136.013498][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.186481][ T5874] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  136.381120][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.422627][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.434820][ T5874] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  136.467022][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.498131][ T5874] usb 4-1: config 0 descriptor??
[  137.365224][ T5874] hid-led 0003:27B8:01ED.000A: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.3-1/input0
[  137.397649][ T5874] hid-led 0003:27B8:01ED.000A: ThingM blink(1) initialized
[  137.615814][   T50] Bluetooth: hci3: command tx timeout
[  137.622049][  T786] usb 4-1: USB disconnect, device number 9
[  137.811701][ T7193] loop4: detected capacity change from 0 to 64
[  139.546987][ T7133] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.696128][   T50] Bluetooth: hci3: command tx timeout
[  139.799949][ T7214] loop4: detected capacity change from 0 to 8
[  139.888369][ T7214] SQUASHFS error: zlib decompression failed, data probably corrupt
[  139.890921][ T7212] syzkaller0: entered promiscuous mode
[  139.902951][ T7214] SQUASHFS error: Failed to read block 0x9b: -5
[  139.910002][ T7214] SQUASHFS error: Unable to read metadata cache entry [99]
[  139.910063][ T7212] syzkaller0: entered allmulticast mode
[  139.928025][ T7214] SQUASHFS error: Unable to read inode 0x127
[  139.935345][ T7216] netlink: 'syz.3.445': attribute type 39 has an invalid length.
[  140.587508][ T5827] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  140.805720][ T5827] usb 4-1: Using ep0 maxpacket: 32
[  140.839690][ T5827] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  140.853852][ T5827] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  140.867625][ T5827] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  140.876994][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  140.891391][ T5827] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  140.902351][ T5827] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  140.917934][ T5827] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  140.927426][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.952159][ T5827] usb 4-1: config 0 descriptor??
[  141.182283][ T5827] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  141.202899][ T5827] usb 4-1: USB disconnect, device number 10
[  141.228748][ T5827] usblp0: removed
[  141.785870][   T50] Bluetooth: hci3: command tx timeout
[  141.878761][ T5827] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  142.105980][ T5827] usb 4-1: Using ep0 maxpacket: 32
[  142.136548][ T5827] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  142.145098][ T5827] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  142.165012][ T5827] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  142.176499][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  142.186505][ T5827] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  142.196339][ T5827] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  142.209769][ T5827] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  142.219012][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.229502][ T5827] usb 4-1: config 0 descriptor??
[  142.804710][ T5827] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  142.918528][ T7133] veth0_vlan: entered promiscuous mode
[  142.948656][ T7133] veth1_vlan: entered promiscuous mode
[  142.988511][ T7226] IPv4: Oversized IP packet from 127.202.26.0
[  142.995302][ T7133] veth0_macvtap: entered promiscuous mode
[  143.027908][ T7133] veth1_macvtap: entered promiscuous mode
[  143.071246][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.106137][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.124248][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.150814][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.161919][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.172778][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.183123][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  143.194676][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.208708][ T7133] batman_adv: batadv0: Interface activated: batadv_slave_0
[  143.221699][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.233866][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.247278][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.258362][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.271459][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.301162][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.311623][ T7133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.322446][ T7133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.335147][ T7133] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.349979][ T7133] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.359803][ T7133] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.371793][ T7133] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.384921][ T7133] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.523413][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.539093][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.580213][ T2904] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.592705][ T2904] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.723345][ T7246] netlink: 4 bytes leftover after parsing attributes in process `syz.4.454'.
[  143.918818][ T7250] md2: using deprecated bitmap file support
[  143.929946][ T7250] md2: error: failed to get bitmap file
[  144.140286][ T5874] usb 4-1: USB disconnect, device number 11
[  144.170901][ T5874] usblp0: removed
[  144.236628][ T7257] VFS: Lookup of 'file0' in fuse fuse would have caused loop
[  145.224716][ T7275] overlayfs: failed to get inode (-116)
[  145.233485][ T7275] overlayfs: failed to get inode (-116)
[  145.243444][ T7275] overlayfs: failed to get inode (-116)
[  145.250311][ T7275] overlayfs: failed to get inode (-116)
[  145.286149][  T967] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  145.395210][ T7281] binder: 7280:7281 ioctl c0306201 200000000080 returned -14
[  145.402766][ T7283] input: syz1 as /devices/virtual/input/input14
[  145.428436][ T7281] binder: BINDER_SET_CONTEXT_MGR already set
[  145.435062][ T7281] binder: 7280:7281 ioctl 4018620d 200000000040 returned -16
[  145.476350][  T967] usb 6-1: Using ep0 maxpacket: 8
[  145.487522][  T967] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  145.508047][  T967] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  145.533695][  T967] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  145.537336][ T7285] loop2: detected capacity change from 0 to 512
[  145.561254][  T967] usb 6-1: config 250 has no interface number 0
[  145.575244][  T967] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  145.591172][  T967] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  145.618318][  T967] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  145.632984][ T7285] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.639823][  T967] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  145.657690][  T967] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  145.672011][  T967] usb 6-1: config 250 interface 228 has no altsetting 0
[  145.687087][  T967] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  145.697522][  T967] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  145.706665][  T967] usb 6-1: Product: syz
[  145.710855][  T967] usb 6-1: SerialNumber: syz
[  145.711188][ T7285] ext4 filesystem being mounted at /143/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.720800][  T967] hub 6-1:250.228: bad descriptor, ignoring hub
[  145.732723][  T967] hub: probe of 6-1:250.228 failed with error -5
[  145.944959][  T967] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  146.011188][ T7285] EXT4-fs error (device loop2): ext4_dx_csum_verify:502: inode #2: comm syz.2.470: dir seems corrupt?  Run e2fsck -D.
[  146.048422][ T7285] EXT4-fs (loop2): Remounting filesystem read-only
[  146.151268][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.352089][ T7293] loop4: detected capacity change from 0 to 40427
[  146.356673][  T967] usb 6-1: USB disconnect, device number 2
[  146.361443][ T7293] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff
[  146.367505][  T967] usblp0: removed
[  146.378994][ T7293] F2FS-fs (loop4): Image doesn't support compression
[  146.394855][ T7293] F2FS-fs (loop4): invalid crc value
[  146.403638][ T7293] F2FS-fs (loop4): Found nat_bits in checkpoint
[  146.468853][ T7295] loop3: detected capacity change from 0 to 32768
[  146.481481][ T7293] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  146.485050][ T7295] XFS (loop3): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent.
[  146.514750][ T7295] XFS (loop3): Quotacheck needed: Please wait.
[  146.561531][ T7295] XFS (loop3): Quotacheck: Done.
[  146.562013][ T7293] F2FS-fs (loop4): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x516/0x19c0
[  146.581093][ T7293] F2FS-fs (loop4): invalid blkaddr: 1535, type: 10, run fsck to fix.
[  146.586172][   T27] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  146.639822][ T5785] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  146.736539][  T967] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  146.827465][   T27] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  146.846134][   T27] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  146.885879][   T27] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  146.914578][ T7310] loop4: detected capacity change from 0 to 1024
[  146.916066][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.936365][  T967] usb 6-1: Using ep0 maxpacket: 8
[  146.945244][  T967] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  146.961095][ T7310] hfsplus: unable to parse mount options
[  146.968208][  T967] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  146.986753][ T7312] loop3: detected capacity change from 0 to 512
[  146.991664][  T967] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  147.003143][  T967] usb 6-1: config 250 has no interface number 0
[  147.010135][  T967] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  147.021921][ T7312] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.475: bg 0: block 248: padding at end of block bitmap is not set
[  147.022774][ T7312] Quota error (device loop3): write_blk: dquota write failed
[  147.036524][  T967] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  147.036557][  T967] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  147.036577][  T967] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  147.036598][  T967] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  147.036620][  T967] usb 6-1: config 250 interface 228 has no altsetting 0
[  147.038602][  T967] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  147.079620][ T7312] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  147.118507][ T7312] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.475: Failed to acquire dquot type 1
[  147.131952][ T7312] EXT4-fs (loop3): 1 truncate cleaned up
[  147.140421][ T7312] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.153406][ T7312] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.161852][  T967] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  147.176277][   T27] usb 3-1: GET_CAPABILITIES returned 0
[  147.181811][   T27] usbtmc 3-1:16.0: can't read capabilities
[  147.231229][  T967] usb 6-1: Product: syz
[  147.236583][  T967] usb 6-1: SerialNumber: syz
[  147.249005][  T967] hub 6-1:250.228: bad descriptor, ignoring hub
[  147.255483][  T967] hub: probe of 6-1:250.228 failed with error -5
[  147.267128][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.277720][ T2904] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-5
[  147.286849][ T2904] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:8: Failed to release dquot type 1
[  147.421957][    T8] usb 3-1: USB disconnect, device number 9
[  147.467315][  T967] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 3 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  147.508983][  T967] usb 6-1: USB disconnect, device number 3
[  147.518706][  T967] usblp0: removed
[  147.645987][ T5874] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  147.825997][ T5874] usb 5-1: Using ep0 maxpacket: 32
[  147.837788][ T5874] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  147.847491][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.855525][ T5874] usb 5-1: Product: syz
[  147.860486][ T5874] usb 5-1: Manufacturer: syz
[  147.865094][ T5874] usb 5-1: SerialNumber: syz
[  147.873484][ T5874] usb 5-1: config 0 descriptor??
[  147.881485][ T5874] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  148.329558][ T7331] netlink: 96 bytes leftover after parsing attributes in process `syz.3.483'.
[  148.636853][ T7335] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  148.895279][ T7339] loop3: detected capacity change from 0 to 8192
[  148.924625][   T11] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  149.083588][ T7339] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[  149.102867][ T7339] FAT-fs (loop3): Filesystem has been set read-only
[  149.115534][ T7352] loop5: detected capacity change from 0 to 128
[  149.120521][ T7339] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[  149.146313][ T7339] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[  149.151106][ T7352] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  149.162479][ T7339] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[  149.172849][ T7352] ext4 filesystem being mounted at /7/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  149.297327][ T5874] gspca_topro: Sensor cx0342
[  149.404418][ T7133] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  149.505130][ T5874] usb 5-1: USB disconnect, device number 8
[  149.765864][   T27] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  149.776280][ T7374] loop5: detected capacity change from 0 to 512
[  149.783654][ T7374] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  149.803857][ T7374] EXT4-fs (loop5): 1 truncate cleaned up
[  149.810720][ T7374] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.834193][ T7374] syz.5.498 (pid 7374) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  149.872857][ T7133] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.976067][   T27] usb 4-1: Using ep0 maxpacket: 8
[  150.003267][   T27] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.072459][   T27] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  150.126609][   T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.285458][   T27] usb 4-1: config 0 descriptor??
[  150.333405][   T27] gspca_main: vc032x-2.14.0 probing 046d:0892
[  151.395976][  T786] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  151.536112][  T967] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  151.581522][  T786] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  151.591943][  T786] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  151.602774][  T786] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  151.612221][  T786] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  151.625021][  T786] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[  151.648259][  T786] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  151.664457][  T786] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  151.673093][  T786] usb 5-1: Product: syz
[  151.677837][  T786] usb 5-1: Manufacturer: syz
[  151.689249][  T786] cdc_wdm 5-1:1.0: skipping garbage
[  151.705918][  T786] cdc_wdm 5-1:1.0: skipping garbage
[  151.715897][  T786] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  151.722288][  T786] cdc_wdm 5-1:1.0: Unknown control protocol
[  151.734561][ T7401] fuse: Bad value for 'rootmode'
[  151.740095][  T967] usb 3-1: Using ep0 maxpacket: 32
[  151.753208][  T967] usb 3-1: config 0 has no interfaces?
[  151.765498][  T967] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  151.781884][  T967] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.790699][  T967] usb 3-1: Product: syz
[  151.806134][  T967] usb 3-1: Manufacturer: syz
[  151.810778][  T967] usb 3-1: SerialNumber: syz
[  151.828914][  T967] usb 3-1: config 0 descriptor??
[  151.864823][   T28] audit: type=1804 audit(1753420290.003:414): pid=7403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.509" name="/newroot/18/bus/file0" dev="overlay" ino=123 res=1 errno=0
[  151.896684][ T5854] usb 5-1: USB disconnect, device number 9
[  152.046817][ T7407] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4252604744 (544333407232 ns) > initial count (412347679616 ns). Using initial count to start timer.
[  152.048933][  T967] usb 3-1: USB disconnect, device number 10
[  152.192704][   T27] gspca_vc032x: reg_w err -71
[  152.198560][   T27] vc032x: probe of 4-1:0.0 failed with error -71
[  152.209742][   T27] usb 4-1: USB disconnect, device number 12
[  152.520608][ T7413] loop5: detected capacity change from 0 to 32768
[  153.259135][ T7442] loop5: detected capacity change from 0 to 512
[  153.345075][ T7442] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.383953][ T7442] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.463034][   T28] audit: type=1800 audit(1753420291.603:415): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.523" name="file1" dev="loop5" ino=15 res=0 errno=0
[  153.513800][ T7449] loop3: detected capacity change from 0 to 1024
[  153.554212][ T7133] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.570724][ T7449] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.593851][ T7449] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.646120][   T28] audit: type=1804 audit(1753420291.783:416): pid=7449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.525" name="/newroot/109/file1/file1" dev="loop3" ino=15 res=1 errno=0
[  153.667730][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.768878][ T3511] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: block 1: comm kworker/u4:13: lblock 1 mapped to illegal pblock 1 (length 7)
[  153.817642][ T7456] kvm: vcpu 2: requested 80 ns lapic timer period limited to 200000 ns
[  153.842287][ T7456] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1125468108 (18007489728 ns) > initial count (200000 ns). Using initial count to start timer.
[  153.862937][ T3511] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 7 with error 117
[  153.898677][ T3511] EXT4-fs (loop3): This should not happen!! Data will be lost
[  153.898677][ T3511] 
[  153.942504][ T3511] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  153.995307][ T3511] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 12 with error 28
[  154.008734][ T3511] EXT4-fs (loop3): This should not happen!! Data will be lost
[  154.008734][ T3511] 
[  154.020323][ T3511] EXT4-fs (loop3): Total free blocks count 0
[  154.027425][ T3511] EXT4-fs (loop3): Free/Dirty block details
[  154.033665][ T3511] EXT4-fs (loop3): free_blocks=4293918720
[  154.043885][ T3511] EXT4-fs (loop3): dirty_blocks=16
[  154.052176][ T3511] EXT4-fs (loop3): Block reservation details
[  155.162535][ T7485] nbd5: detected capacity change from 0 to 10
[  155.211807][   T24] block nbd5: Send control failed (result -89)
[  155.220438][   T24] block nbd5: Request send failed, requeueing
[  155.237058][   T50] block nbd5: Receive control failed (result -32)
[  155.237930][   T24] block nbd5: Dead connection, failed to find a fallback
[  155.252828][   T24] block nbd5: shutting down sockets
[  155.271436][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.284369][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.299252][   T10] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.309494][   T10] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.320708][   T10] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.336105][   T10] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.344532][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.361888][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.371668][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.382020][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.390284][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.400623][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.409651][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.418969][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.427000][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.436108][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.443884][ T7485] ldm_validate_partition_table(): Disk read failed.
[  155.451486][   T24] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.460949][   T24] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.470441][   T10] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  155.481382][   T10] Buffer I/O error on dev nbd5, logical block 0, async page read
[  155.493645][ T7485] Dev nbd5: unable to read RDB block 0
[  155.520053][ T7485]  nbd5: unable to read partition table
[  155.529176][ T7485] nbd5: partition table beyond EOD, truncated
[  155.546530][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  155.569993][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=4, location=4
[  155.581633][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=3, location=3
[  155.593797][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=2, location=2
[  155.605515][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  155.615109][ T7485] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  155.622792][ T7485] UDF-fs: Scanning with blocksize 1024 failed
[  155.634611][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  155.644567][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=1, location=1
[  155.653981][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=0, location=0
[  155.663284][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  155.674397][ T7485] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  155.682038][ T7485] UDF-fs: Scanning with blocksize 2048 failed
[  155.695031][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  155.708234][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=0, location=0
[  155.722867][ T7485] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  155.733444][ T7485] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  155.741121][ T7485] UDF-fs: Scanning with blocksize 4096 failed
[  155.747586][ T7485] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1)
[  156.332837][ T7492] loop5: detected capacity change from 0 to 32768
[  156.382175][ T7492] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  156.524644][ T7492] XFS (loop5): Ending clean mount
[  156.537284][ T7492] XFS (loop5): Quotacheck needed: Please wait.
[  156.660864][ T7492] XFS (loop5): Quotacheck: Done.
[  156.744265][   T28] audit: type=1800 audit(1753420294.883:417): pid=7492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.538" name="file2" dev="loop5" ino=9287 res=0 errno=0
[  156.764810][    C0] vkms_vblank_simulate: vblank timer overrun
[  156.931846][   T28] audit: type=1804 audit(1753420295.073:418): pid=7492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.538" name="/newroot/29/file0/file2" dev="loop5" ino=9287 res=1 errno=0
[  157.108353][ T7133] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.361583][ T7503] netlink: 'syz.3.540': attribute type 1 has an invalid length.
[  157.395696][ T7503] 8021q: adding VLAN 0 to HW filter on device bond1
[  157.455139][ T7503] bond1: (slave veth3): Enslaving as an active interface with a down link
[  157.505180][ T7503] 8021q: adding VLAN 0 to HW filter on device batadv1
[  157.513107][ T7503] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  157.806210][ T5874] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  158.006115][ T5874] usb 5-1: Using ep0 maxpacket: 16
[  158.017972][ T5874] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  158.034970][ T5874] usb 5-1: config 0 has no interface number 0
[  158.042631][   T28] audit: type=1326 audit(1753420296.173:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7521 comm="syz.3.547" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x0
[  158.064294][    C0] vkms_vblank_simulate: vblank timer overrun
[  158.072486][ T5874] usb 5-1: config 0 interface 41 has no altsetting 0
[  158.082391][ T5874] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  158.092504][ T5874] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.101621][ T5874] usb 5-1: Product: syz
[  158.106606][ T5874] usb 5-1: Manufacturer: syz
[  158.111224][ T5874] usb 5-1: SerialNumber: syz
[  158.122003][ T5874] usb 5-1: config 0 descriptor??
[  158.131948][ T5874] CoreChips: probe of 5-1:0.41 failed with error -22
[  158.171126][ T7514] loop2: detected capacity change from 0 to 40427
[  158.182270][ T7514] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x7
[  158.193519][ T7514] F2FS-fs (loop2): invalid crc value
[  158.230363][ T7514] F2FS-fs (loop2): Found nat_bits in checkpoint
[  158.332723][ T7514] F2FS-fs (loop2): Start checkpoint disabled!
[  158.342534][ T7514] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  158.367246][   T27] usb 5-1: USB disconnect, device number 10
[  158.400378][ T7514] syz.2.544: attempt to access beyond end of device
[  158.400378][ T7514] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  158.424063][ T7514] syz.2.544: attempt to access beyond end of device
[  158.424063][ T7514] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  158.568435][   T12] kworker/u4:1: attempt to access beyond end of device
[  158.568435][   T12] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  158.587415][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  158.594850][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  160.097762][   T27] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  160.325753][   T27] usb 3-1: Using ep0 maxpacket: 8
[  160.344694][   T27] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  160.354080][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.362713][   T27] usb 3-1: Product: syz
[  160.367314][   T27] usb 3-1: Manufacturer: syz
[  160.371932][   T27] usb 3-1: SerialNumber: syz
[  160.388517][   T27] usb 3-1: config 0 descriptor??
[  160.654360][   T27] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  160.864587][   T27] gspca_sunplus: reg_w_riv err -71
[  160.870270][   T27] sunplus: probe of 3-1:0.0 failed with error -71
[  160.884211][   T27] usb 3-1: USB disconnect, device number 11
[  161.741361][ T7566] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  161.865827][ T5827] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  162.058389][ T5827] usb 3-1: Using ep0 maxpacket: 16
[  162.076072][ T5827] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  162.095181][ T5827] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  162.107476][ T5827] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  162.117645][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.132400][ T5827] usb 3-1: Product: syz
[  162.137123][ T5827] usb 3-1: Manufacturer: syz
[  162.153281][ T5827] usb 3-1: SerialNumber: syz
[  162.395906][ T5827] usb 3-1: 0:2 : does not exist
[  162.406472][ T5827] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  162.465781][ T5827] usb 3-1: USB disconnect, device number 12
[  162.497292][ T7577] netlink: 24 bytes leftover after parsing attributes in process `syz.5.565'.
[  162.908333][ T7586] loop5: detected capacity change from 0 to 256
[  162.916642][ T7586] exfat: Deprecated parameter 'utf8'
[  162.937042][ T7586] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  163.345951][ T5874] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  163.421136][ T7604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'.
[  163.467422][ T7604] 8021q: adding VLAN 0 to HW filter on device team1
[  163.544777][ T5874] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.570189][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.583077][ T5874] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.596328][ T5874] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  163.605411][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.628442][ T5874] usb 3-1: config 0 descriptor??
[  163.747887][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.892205][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.916384][ T7608] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  164.017554][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.265511][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  164.280835][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  164.293220][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  164.315158][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  164.331800][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  164.352179][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  164.525284][ T7615] lo speed is unknown, defaulting to 1000
[  164.883797][ T5874] input: HID 256c:006d as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.000B/input/input15
[  164.986751][ T5874] uclogic 0003:256C:006D.000B: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.2-1/input0
[  165.131361][ T7615] chnl_net:caif_netlink_parms(): no params data found
[  165.151472][ T5874] usb 3-1: USB disconnect, device number 13
[  165.309923][ T7615] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.319495][ T7615] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.327395][ T7615] bridge_slave_0: entered allmulticast mode
[  165.334182][ T7615] bridge_slave_0: entered promiscuous mode
[  165.342549][ T7615] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.351123][ T7615] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.358787][ T7615] bridge_slave_1: entered allmulticast mode
[  165.368137][ T7615] bridge_slave_1: entered promiscuous mode
[  165.450636][ T7615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  165.463763][ T7615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.536342][  T967] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  165.552377][ T7615] team0: Port device team_slave_0 added
[  165.564666][ T7615] team0: Port device team_slave_1 added
[  165.738161][  T967] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  165.767093][  T967] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  165.781907][  T967] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  165.793707][ T7615] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.806435][ T7615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.834544][  T967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.845010][ T7615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.857377][  T967] usb 5-1: config 0 descriptor??
[  165.873728][ T7639] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  165.886353][   T12] hsr_slave_0: left promiscuous mode
[  165.895309][   T12] hsr_slave_1: left promiscuous mode
[  165.904771][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  165.920720][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  165.930935][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  165.940023][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  165.949099][   T12] bridge_slave_1: left allmulticast mode
[  165.954812][   T12] bridge_slave_1: left promiscuous mode
[  165.961665][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.972923][   T12] bridge_slave_0: left allmulticast mode
[  165.979807][   T12] bridge_slave_0: left promiscuous mode
[  165.986571][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.031526][   T12] veth1_macvtap: left promiscuous mode
[  166.046908][   T12] veth0_macvtap: left promiscuous mode
[  166.052801][   T12] veth1_vlan: left promiscuous mode
[  166.059169][   T12] veth0_vlan: left promiscuous mode
[  166.331239][  T967] logitech 0003:046D:C298.000C: unbalanced collection at end of report description
[  166.347175][  T967] logitech 0003:046D:C298.000C: parse failed
[  166.361085][ T7651] loop2: detected capacity change from 0 to 40427
[  166.375744][  T967] logitech: probe of 0003:046D:C298.000C failed with error -22
[  166.377557][ T7651] F2FS-fs (loop2): LFS is not compatible with checkpoint=disable
[  166.418386][ T5791] Bluetooth: hci3: command tx timeout
[  166.591528][ T5827] usb 5-1: USB disconnect, device number 11
[  167.267547][   T12] team0 (unregistering): Port device team_slave_1 removed
[  167.316683][ T7662] loop2: detected capacity change from 0 to 32768
[  167.332818][ T7662] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.596 (7662)
[  167.383463][ T7662] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.397164][ T7662] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  167.407484][ T7662] BTRFS info (device loop2): using free space tree
[  167.407967][   T12] team0 (unregistering): Port device team_slave_0 removed
[  167.479309][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  167.515026][ T7662] BTRFS info (device loop2): enabling ssd optimizations
[  167.527356][ T7662] BTRFS info (device loop2): auto enabling async discard
[  167.607244][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  167.613494][ T7682] loop4: detected capacity change from 0 to 2048
[  167.646744][ T7682] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  167.764432][ T5786] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.791802][ T7682] loop4: detected capacity change from 2048 to 0
[  167.814934][    C1] blk_print_req_error: 11 callbacks suppressed
[  167.814952][    C1] I/O error, dev loop4, sector 1408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  167.909373][ T6131] syz-executor: attempt to access beyond end of device
[  167.909373][ T6131] loop4: rw=0, sector=1408, nr_sectors = 1 limit=0
[  167.944556][ T6131] syz-executor: attempt to access beyond end of device
[  167.944556][ T6131] loop4: rw=0, sector=1408, nr_sectors = 1 limit=0
[  168.033219][ T6294] syz.4.135: attempt to access beyond end of device
[  168.033219][ T6294] loop4: rw=2049, sector=128, nr_sectors = 1 limit=0
[  168.047029][ T6294] buffer_io_error: 5 callbacks suppressed
[  168.047040][ T6294] Buffer I/O error on dev loop4, logical block 128, lost sync page write
[  168.496251][ T5791] Bluetooth: hci3: command tx timeout
[  168.648273][   T12] bond0 (unregistering): Released all slaves
[  168.743724][ T7615] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.751315][ T7615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.777251][    C1] vkms_vblank_simulate: vblank timer overrun
[  168.783836][ T7615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.964474][ T7615] hsr_slave_0: entered promiscuous mode
[  168.982941][ T7615] hsr_slave_1: entered promiscuous mode
[  169.003906][ T7615] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  169.012486][ T7615] Cannot create hsr debugfs directory
[  169.439162][ T7615] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  169.454099][ T7615] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  169.470710][ T7615] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  169.481604][ T7615] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  169.546374][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.644978][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.725963][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.777734][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  169.789277][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  169.799521][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  169.809392][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  169.830949][ T7615] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.854827][   T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  169.871725][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  169.928432][ T7615] 8021q: adding VLAN 0 to HW filter on device team0
[  169.976907][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.012573][ T3511] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.019779][ T3511] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.072110][ T3511] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.079291][ T3511] bridge0: port 2(bridge_slave_1) entered forwarding state
[  170.123469][ T7709] lo speed is unknown, defaulting to 1000
[  170.211922][ T7615] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  170.578718][   T50] Bluetooth: hci3: command tx timeout
[  170.742212][ T7615] 8021q: adding VLAN 0 to HW filter on device batadv0
[  171.110585][ T7709] chnl_net:caif_netlink_parms(): no params data found
[  171.434554][ T7763] kvm: pic: single mode not supported
[  171.434772][ T7763] kvm: pic: level sensitive irq not supported
[  171.441585][ T7763] kvm: pic: level sensitive irq not supported
[  171.448401][ T7763] kvm: pic: single mode not supported
[  171.454525][ T7763] kvm: pic: level sensitive irq not supported
[  171.464772][ T7763] kvm: pic: level sensitive irq not supported
[  171.589512][ T7709] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.612756][ T7709] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.643541][ T7709] bridge_slave_0: entered allmulticast mode
[  171.659008][ T7709] bridge_slave_0: entered promiscuous mode
[  171.677504][ T7709] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.684642][ T7709] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.694286][ T7709] bridge_slave_1: entered allmulticast mode
[  171.707345][ T7709] bridge_slave_1: entered promiscuous mode
[  171.722922][ T7615] veth0_vlan: entered promiscuous mode
[  171.734991][ T7768] netlink: 12 bytes leftover after parsing attributes in process `syz.3.626'.
[  171.870354][ T7709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.887837][ T7615] veth1_vlan: entered promiscuous mode
[  171.937720][   T50] Bluetooth: hci1: command tx timeout
[  171.944285][ T7709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.954678][ T7768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.626'.
[  172.231389][ T7709] team0: Port device team_slave_0 added
[  172.268937][ T7709] team0: Port device team_slave_1 added
[  172.276507][ T7615] veth0_macvtap: entered promiscuous mode
[  172.294777][   T12] hsr_slave_0: left promiscuous mode
[  172.305035][   T12] hsr_slave_1: left promiscuous mode
[  172.320744][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.344962][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  172.369457][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.383533][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  172.394609][   T12] bridge_slave_1: left allmulticast mode
[  172.408757][   T12] bridge_slave_1: left promiscuous mode
[  172.414545][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.439517][   T12] bridge_slave_0: left allmulticast mode
[  172.456187][   T12] bridge_slave_0: left promiscuous mode
[  172.464245][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.527803][   T12] veth1_macvtap: left promiscuous mode
[  172.533418][   T12] veth0_macvtap: left promiscuous mode
[  172.546322][   T12] veth1_vlan: left promiscuous mode
[  172.551698][   T12] veth0_vlan: left promiscuous mode
[  172.656259][   T50] Bluetooth: hci3: command tx timeout
[  173.395991][ T5874] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  173.453879][   T12] team0 (unregistering): Port device team_slave_1 removed
[  173.503181][   T28] audit: type=1326 audit(1753420311.633:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.555799][   T28] audit: type=1326 audit(1753420311.633:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.578629][   T28] audit: type=1326 audit(1753420311.633:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.592412][ T5874] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  173.603804][   T28] audit: type=1326 audit(1753420311.633:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.626478][   T12] team0 (unregistering): Port device team_slave_0 removed
[  173.659530][ T5874] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  173.667050][   T28] audit: type=1326 audit(1753420311.643:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.686341][ T5874] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  173.693423][   T28] audit: type=1326 audit(1753420311.643:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.711045][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.761212][   T28] audit: type=1326 audit(1753420311.673:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.789449][ T7783] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  173.807897][ T5874] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  173.817150][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.829560][   T28] audit: type=1326 audit(1753420311.673:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.884932][   T28] audit: type=1326 audit(1753420311.683:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.946110][   T28] audit: type=1326 audit(1753420311.683:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7790 comm="syz.3.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cb98e9a9 code=0x7ffc0000
[  173.997227][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.017121][   T50] Bluetooth: hci1: command tx timeout
[  174.340822][ T5854] usb 3-1: USB disconnect, device number 14
[  175.168866][   T12] bond0 (unregistering): Released all slaves
[  175.273592][ T7615] veth1_macvtap: entered promiscuous mode
[  175.283205][ T7709] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.292648][ T7709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.322155][ T7709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.352658][ T7709] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.360380][ T7709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.390028][ T7709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.476601][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  175.494266][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.511147][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  175.521829][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.538457][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  175.549169][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.571113][ T7615] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.591398][ T7709] hsr_slave_0: entered promiscuous mode
[  175.600254][ T7709] hsr_slave_1: entered promiscuous mode
[  175.627726][ T7709] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.661068][ T7709] Cannot create hsr debugfs directory
[  175.689956][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.705117][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.716129][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.732744][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.742931][ T7615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  175.760486][ T7615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  175.802461][ T7615] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.885400][ T7615] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.905628][ T7615] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.914376][ T7615] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.923212][ T7615] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.102159][   T50] Bluetooth: hci1: command tx timeout
[  176.185068][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.218043][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.301966][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  176.320895][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  176.338383][ T7709] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  176.350982][ T7709] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  176.366173][ T7709] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  176.404696][ T7709] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  176.561817][ T7821] loop2: detected capacity change from 0 to 4096
[  176.611788][ T7709] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.613892][ T7829] loop6: detected capacity change from 0 to 256
[  176.660747][ T7709] 8021q: adding VLAN 0 to HW filter on device team0
[  176.683163][ T3481] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.690385][ T3481] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.724535][ T3481] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.731758][ T3481] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.763190][ T7829] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  177.137332][   T50] Bluetooth: hci2: command tx timeout
[  177.211219][ T7709] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.450175][   T58] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.641009][   T58] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.842451][   T58] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.987550][   T58] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.176220][   T50] Bluetooth: hci1: command tx timeout
[  178.189801][ T7709] veth0_vlan: entered promiscuous mode
[  178.337023][ T7709] veth1_vlan: entered promiscuous mode
[  178.638243][ T7709] veth0_macvtap: entered promiscuous mode
[  178.722320][ T7709] veth1_macvtap: entered promiscuous mode
[  178.871676][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.923618][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.961912][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.976538][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  178.992888][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  179.006167][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  179.015089][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.023371][ T7856] 9p: Unknown access argument 18446744073709551615: -34
[  179.026187][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.043788][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.054126][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  179.061721][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.073048][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.083372][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  179.090935][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  179.149231][ T7709] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.180652][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.211185][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.257746][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.283803][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.297932][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.309442][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.322128][ T7709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.332746][ T7709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.350117][ T7709] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.433293][ T7709] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  179.442901][ T7709] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  179.454222][ T7709] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  179.464970][ T7709] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  179.562687][ T7853] lo speed is unknown, defaulting to 1000
[  179.812861][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.837408][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.984399][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.012991][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.083641][ T7875] mmap: syz.3.662 (7875) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  180.471697][ T7853] chnl_net:caif_netlink_parms(): no params data found
[  180.551901][   T58] hsr_slave_0: left promiscuous mode
[  180.572188][   T58] hsr_slave_1: left promiscuous mode
[  180.588436][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  180.606043][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  180.626613][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  180.634071][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  180.651433][   T58] bridge_slave_1: left allmulticast mode
[  180.658000][   T58] bridge_slave_1: left promiscuous mode
[  180.664976][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.675223][ T7892] loop7: detected capacity change from 0 to 1024
[  180.684470][   T58] bridge_slave_0: left allmulticast mode
[  180.693443][   T58] bridge_slave_0: left promiscuous mode
[  180.700151][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.707292][ T7892] EXT4-fs: Ignoring removed nomblk_io_submit option
[  180.763266][ T7892] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.805788][   T58] veth1_macvtap: left promiscuous mode
[  180.811374][   T58] veth0_macvtap: left promiscuous mode
[  180.840327][   T58] veth1_vlan: left promiscuous mode
[  180.859760][   T58] veth0_vlan: left promiscuous mode
[  181.137165][ T5791] Bluetooth: hci3: command tx timeout
[  181.342212][ T7911] block device autoloading is deprecated and will be removed.
[  181.865340][ T7709] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.248707][   T58] team0 (unregistering): Port device team_slave_1 removed
[  182.348338][   T58] team0 (unregistering): Port device team_slave_0 removed
[  182.421881][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  182.523640][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  183.225777][ T5791] Bluetooth: hci3: command tx timeout
[  183.468768][   T58] bond0 (unregistering): Released all slaves
[  183.787206][ T7853] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.806703][ T7853] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.813954][ T7853] bridge_slave_0: entered allmulticast mode
[  183.824373][ T7853] bridge_slave_0: entered promiscuous mode
[  183.845156][ T7942] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  183.862685][ T7853] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.882245][ T7853] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.890308][ T7853] bridge_slave_1: entered allmulticast mode
[  183.897777][ T7853] bridge_slave_1: entered promiscuous mode
[  183.998321][ T7853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.037811][ T7860] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  184.037874][ T7853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.116963][ T7853] team0: Port device team_slave_0 added
[  184.127832][ T7853] team0: Port device team_slave_1 added
[  184.157956][ T7853] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.165017][ T7853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.192108][ T7853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.208199][ T7853] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.215250][ T7853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.242336][ T7853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.264088][ T7860] usb 3-1: config 0 has no interfaces?
[  184.276955][ T7860] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  184.292620][ T7860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.301940][ T7860] usb 3-1: Product: syz
[  184.306880][ T7860] usb 3-1: Manufacturer: syz
[  184.311502][ T7860] usb 3-1: SerialNumber: syz
[  184.326805][ T7860] usb 3-1: config 0 descriptor??
[  184.336294][ T5791] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  184.348115][ T5791] Bluetooth: hci1: Injecting HCI hardware error event
[  184.357249][   T50] Bluetooth: hci1: hardware error 0x00
[  184.376760][ T7853] hsr_slave_0: entered promiscuous mode
[  184.385112][ T7853] hsr_slave_1: entered promiscuous mode
[  184.394458][ T7853] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  184.402097][ T7853] Cannot create hsr debugfs directory
[  184.532969][ T7853] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  184.544035][ T7853] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  184.561762][ T7853] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  184.569452][ T5827] usb 3-1: USB disconnect, device number 15
[  184.581763][ T7853] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  184.612714][ T7853] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.620094][ T7853] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.629806][ T7853] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.637007][ T7853] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.661717][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.675149][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.724712][ T7853] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.748728][ T7853] 8021q: adding VLAN 0 to HW filter on device team0
[  184.761598][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.768782][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.787059][ T2904] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.794221][ T2904] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.196638][ T7853] 8021q: adding VLAN 0 to HW filter on device batadv0
[  185.295969][ T5791] Bluetooth: hci3: command tx timeout
[  186.416689][   T50] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  186.493744][ T7853] veth0_vlan: entered promiscuous mode
[  186.523117][ T7853] veth1_vlan: entered promiscuous mode
[  186.539658][ T5827] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  186.572559][ T7853] veth0_macvtap: entered promiscuous mode
[  186.592133][ T7853] veth1_macvtap: entered promiscuous mode
[  186.619409][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  186.630459][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.641231][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  186.653311][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.663598][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  186.679451][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.691241][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  186.724831][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.736028][ T5827] usb 8-1: Using ep0 maxpacket: 16
[  186.743605][ T5827] usb 8-1: config 1 has an invalid descriptor of length 133, skipping remainder of the config
[  186.757452][ T7853] batman_adv: batadv0: Interface activated: batadv_slave_0
[  186.764795][ T5827] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  186.777856][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  186.789817][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.801529][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  186.812940][ T5827] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  186.823562][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.833882][ T5827] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.842326][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  186.853078][ T5827] usb 8-1: Product: syz
[  186.857766][ T5827] usb 8-1: Manufacturer: syz
[  186.862395][ T5827] usb 8-1: SerialNumber: syz
[  186.867474][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.882366][ T7853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  186.900594][ T7853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  186.912963][ T7853] batman_adv: batadv0: Interface activated: batadv_slave_1
[  186.951395][ T7853] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.968267][ T7853] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.985633][ T7853] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.007163][ T7853] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.145218][ T5827] usb 8-1: 0:2 : does not exist
[  187.187347][ T3481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.194260][ T5827] usb 8-1: USB disconnect, device number 2
[  187.207891][ T3481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.280799][ T2955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.299587][ T2955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.304638][ T8011] netlink: 'syz.3.700': attribute type 4 has an invalid length.
[  187.376395][   T50] Bluetooth: hci3: command tx timeout
[  187.384736][ T8011] netlink: 'syz.3.700': attribute type 4 has an invalid length.
[  187.736977][ T7860] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  187.926161][ T7860] usb 9-1: Using ep0 maxpacket: 16
[  187.933685][ T7860] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  187.949362][ T7860] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  187.959364][ T7860] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.967815][ T7860] usb 9-1: Product: syz
[  187.972067][ T7860] usb 9-1: Manufacturer: syz
[  187.977420][ T7860] usb 9-1: SerialNumber: syz
[  187.983610][ T7860] usb 9-1: config 0 descriptor??
[  187.991955][ T7860] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  188.001655][ T7860] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  188.157032][  T967] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  188.338551][  T967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.350489][  T967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.363815][  T967] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  188.377759][  T967] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  188.387390][  T967] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.398254][  T967] usb 8-1: config 0 descriptor??
[  188.604539][ T7860] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  188.833064][  T967] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  188.858161][  T967] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  188.884457][  T967] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  189.257379][ T7860] em28xx 9-1:0.0: board has no eeprom
[  189.539276][ T7860] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  189.598336][ T7860] em28xx 9-1:0.0: dvb set to bulk mode.
[  189.618391][  T967] em28xx 9-1:0.0: Binding DVB extension
[  189.692253][ T7860] usb 9-1: USB disconnect, device number 2
[  189.757122][ T7860] em28xx 9-1:0.0: Disconnecting em28xx
[  190.114967][  T967] em28xx 9-1:0.0: Registering input extension
[  190.137617][ T7860] em28xx 9-1:0.0: Closing input extension
[  190.202554][ T7860] em28xx 9-1:0.0: Freeing device
[  190.731576][ T8060] loop2: detected capacity change from 0 to 32768
[  190.776531][ T8060] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  190.860916][ T8060] XFS (loop2): Ending clean mount
[  190.886487][ T8060] XFS (loop2): Quotacheck needed: Please wait.
[  190.972299][ T8060] XFS (loop2): Quotacheck: Done.
[  191.014002][ T8089] loop8: detected capacity change from 0 to 256
[  191.016596][ T5827] usb 8-1: USB disconnect, device number 3
[  191.031966][ T8089] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  191.054538][   T28] kauditd_printk_skb: 15 callbacks suppressed
[  191.054552][   T28] audit: type=1800 audit(1753420329.193:445): pid=8060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.715" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  191.095619][ T8089] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  191.158626][ T8089] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  191.263375][ T5786] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  191.470445][   T50] Bluetooth: hci2: command 0x0406 tx timeout
[  191.869141][ T8087] loop7: detected capacity change from 0 to 40427
[  191.891379][ T8087] F2FS-fs (loop7): build fault injection attr: rate: 771, type: 0x7ffff
[  191.923352][ T8087] F2FS-fs (loop7): invalid crc value
[  191.947376][ T8087] F2FS-fs (loop7): Found nat_bits in checkpoint
[  191.986247][   T28] audit: type=1326 audit(1753420330.123:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8115 comm="syz.2.733" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x0
[  192.074657][ T8087] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  192.259811][ T8132] overlayfs: failed to clone upperpath
[  192.361127][ T7709] syz-executor: attempt to access beyond end of device
[  192.361127][ T7709] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  192.396763][ T7709] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  193.001020][ T8160] loop2: detected capacity change from 0 to 64
[  194.507818][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  194.514283][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  195.065908][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.8.767'.
[  195.485849][ T5854] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  195.675716][ T5854] usb 3-1: Using ep0 maxpacket: 8
[  195.690921][ T5854] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  195.701833][ T5854] usb 3-1: config 0 has no interface number 0
[  195.709268][ T5854] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  195.720822][ T5854] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  195.730335][ T5854] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.740834][ T5854] usb 3-1: config 0 descriptor??
[  195.759477][ T5854] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  195.952263][ T5854] usb 3-1: USB disconnect, device number 16
[  197.433758][ T8250] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  199.638435][ T8290] loop2: detected capacity change from 0 to 32768
[  199.720743][ T8290] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  199.734221][ T8290] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  199.844485][ T8290] XFS (loop2): Ending clean mount
[  199.872215][ T8290] XFS (loop2): Quotacheck needed: Please wait.
[  200.004321][ T8290] XFS (loop2): Quotacheck: Done.
[  200.053669][   T28] audit: type=1800 audit(1753420338.193:447): pid=8290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.797" name="file1" dev="loop2" ino=9286 res=0 errno=0
[  200.484891][ T5786] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  200.804333][ T8324] nbd7: detected capacity change from 0 to 10
[  200.828166][   T10] block nbd7: Send control failed (result -89)
[  200.836710][   T10] block nbd7: Request send failed, requeueing
[  200.844082][   T10] block nbd7: Dead connection, failed to find a fallback
[  200.851226][ T5791] block nbd7: Receive control failed (result -32)
[  200.866106][   T10] block nbd7: shutting down sockets
[  200.871356][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  200.880975][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  200.889471][   T24] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  200.906041][   T24] Buffer I/O error on dev nbd7, logical block 0, async page read
[  200.914139][   T24] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  200.923303][   T24] Buffer I/O error on dev nbd7, logical block 0, async page read
[  200.940018][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  200.956099][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  200.964109][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  200.973773][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  200.982263][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  200.991475][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  200.999766][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  201.008929][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  201.017596][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  201.027275][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  201.035050][ T8324] ldm_validate_partition_table(): Disk read failed.
[  201.042407][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  201.053531][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  201.062041][   T10] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  201.071778][   T10] Buffer I/O error on dev nbd7, logical block 0, async page read
[  201.080489][ T8324] Dev nbd7: unable to read RDB block 0
[  201.087003][ T8324]  nbd7: unable to read partition table
[  201.093164][ T8324] nbd7: partition table beyond EOD, truncated
[  201.100242][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[  201.110875][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=4, location=4
[  201.120852][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=3, location=3
[  201.130744][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=2, location=2
[  201.140850][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[  201.150937][ T8324] UDF-fs: warning (device nbd7): udf_load_vrs: No anchor found
[  201.160542][ T8324] UDF-fs: Scanning with blocksize 1024 failed
[  201.171359][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[  201.181717][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=1, location=1
[  201.191697][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=0, location=0
[  201.202203][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[  201.212258][ T8324] UDF-fs: warning (device nbd7): udf_load_vrs: No anchor found
[  201.220845][ T8324] UDF-fs: Scanning with blocksize 2048 failed
[  201.228213][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256
[  201.238678][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=0, location=0
[  201.248517][ T8324] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512
[  201.260195][ T8324] UDF-fs: warning (device nbd7): udf_load_vrs: No anchor found
[  201.268479][ T8324] UDF-fs: Scanning with blocksize 4096 failed
[  201.274569][ T8324] UDF-fs: warning (device nbd7): udf_fill_super: No partition found (1)
[  202.214073][ T8339] loop7: detected capacity change from 0 to 32768
[  202.235538][ T8339] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.301887][ T8339] XFS (loop7): Ending clean mount
[  202.311744][ T8339] XFS (loop7): Quotacheck needed: Please wait.
[  202.350201][ T8339] XFS (loop7): Quotacheck: Done.
[  202.394175][   T28] audit: type=1800 audit(1753420340.533:448): pid=8339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.812" name="bus" dev="loop7" ino=9290 res=0 errno=0
[  202.448394][ T7709] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  202.886233][  T967] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  203.078424][  T967] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  203.088727][  T967] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  203.103522][  T967] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  203.108647][ T5854] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  203.113107][  T967] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.315695][ T5854] usb 3-1: Using ep0 maxpacket: 32
[  203.322935][ T5854] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  203.331298][ T5854] usb 3-1: config 0 has no interface number 0
[  203.343978][ T5854] usb 3-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping
[  203.354967][ T5854] usb 3-1: config 0 interface 1 has no altsetting 0
[  203.357425][  T967] usb 8-1: GET_CAPABILITIES returned 0
[  203.364176][ T5854] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  203.376798][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.388204][ T5854] usb 3-1: Product: syz
[  203.396131][  T967] usbtmc 8-1:16.0: can't read capabilities
[  203.397117][ T5854] usb 3-1: Manufacturer: syz
[  203.413256][ T5854] usb 3-1: SerialNumber: syz
[  203.420917][ T5854] usb 3-1: config 0 descriptor??
[  203.622252][  T967] usb 8-1: USB disconnect, device number 4
[  203.643299][ T5854] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  203.657403][ T5854] cx231xx 3-1:0.1: Failed to read PCB config
[  203.663469][ T5854] cx231xx: probe of 3-1:0.1 failed with error -71
[  203.672440][ T5854] usb 3-1: USB disconnect, device number 17
[  204.256082][ T5854] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  204.455693][ T5854] usb 3-1: Using ep0 maxpacket: 32
[  204.462333][ T5854] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  204.470833][ T5854] usb 3-1: config 0 has no interface number 0
[  204.476977][ T5854] usb 3-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping
[  204.487444][ T5854] usb 3-1: config 0 interface 1 has no altsetting 0
[  204.496212][ T5854] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  204.505262][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.513548][ T5854] usb 3-1: Product: syz
[  204.517792][ T5854] usb 3-1: Manufacturer: syz
[  204.522397][ T5854] usb 3-1: SerialNumber: syz
[  204.530141][ T5854] usb 3-1: config 0 descriptor??
[  204.758437][ T5854] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  204.779202][ T5854] cx231xx 3-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4)
[  204.896248][ T5854] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --110
[  204.914914][ T5854] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  204.941399][ T5854] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  204.963824][ T5854] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  204.983267][ T5854] cx231xx 3-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  205.000103][ T5854] cx231xx 3-1:0.1: Failed to set devmode to analog: error: -32
[  205.053321][ T5854] i2c i2c-2: Added multiplexed i2c bus 4
[  205.092810][ T5854] i2c i2c-2: Added multiplexed i2c bus 5
[  205.256320][ T5854] cx231xx 3-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]!
[  205.277004][ T5854] cx231xx 3-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]!
[  205.299479][ T5854] cx231xx: probe of 3-1:0.1 failed with error -71
[  205.309005][ T5854] usb 3-1: USB disconnect, device number 18
[  205.416960][ T8389] overlayfs: failed to clone upperpath
[  205.741737][ T8401] loop2: detected capacity change from 0 to 4096
[  205.779258][ T8402] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  206.110013][ T8408] loop7: detected capacity change from 0 to 1024
[  206.117827][ T8408] EXT4-fs: Ignoring removed nomblk_io_submit option
[  206.124568][ T8408] EXT4-fs: Ignoring removed mblk_io_submit option
[  206.152962][ T8408] EXT4-fs (loop7): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.558370][ T8417] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  207.177794][ T7709] EXT4-fs (loop7): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[  207.815051][ T8454] overlayfs: failed to clone upperpath
[  207.904026][   T28] audit: type=1326 audit(1753420346.043:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8460 comm="syz.8.855" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f131318e9a9 code=0x0
[  207.945674][ T8463] vlan2: entered promiscuous mode
[  207.950900][ T8463] syz_tun: entered promiscuous mode
[  208.053768][ T8466] overlayfs: failed to clone upperpath
[  208.146161][  T967] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  208.195366][ T5791] Bluetooth: hci2: unexpected event for opcode 0x0000
[  208.329036][  T967] usb 8-1: Using ep0 maxpacket: 8
[  208.337488][  T967] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  208.346912][  T967] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.356671][  T967] usb 8-1: config 0 descriptor??
[  208.566825][  T967] asix 8-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  209.130136][ T8486] netlink: 4 bytes leftover after parsing attributes in process `syz.3.866'.
[  209.668398][ T8494] lo speed is unknown, defaulting to 1000
[  210.602111][  T967] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  210.620661][  T967] asix: probe of 8-1:0.0 failed with error -71
[  210.632701][  T967] usb 8-1: USB disconnect, device number 5
[  212.258801][ T5791] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  212.268111][ T5791] Bluetooth: hci2: Injecting HCI hardware error event
[  212.283973][   T50] Bluetooth: hci2: hardware error 0x00
[  214.356321][   T50] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  215.068275][ T8563] lo speed is unknown, defaulting to 1000
[  218.144386][ T8600] 9pnet_fd: Insufficient options for proto=fd
[  218.435499][ T8518] Set syz1 is full, maxelem 65536 reached
[  218.711265][ T8611] loop2: detected capacity change from 0 to 256
[  218.737883][ T8611] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  219.929902][ T8619] netlink: 168 bytes leftover after parsing attributes in process `syz.7.916'.
[  220.462524][ T8626] netlink: 'syz.8.919': attribute type 10 has an invalid length.
[  220.560291][ T8626] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  221.092985][   T28] audit: type=1326 audit(1753420359.233:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.134870][   T28] audit: type=1326 audit(1753420359.233:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.162406][   T28] audit: type=1326 audit(1753420359.263:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.205987][   T28] audit: type=1326 audit(1753420359.263:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.229321][   T28] audit: type=1326 audit(1753420359.263:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.253451][   T28] audit: type=1326 audit(1753420359.263:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.277258][   T28] audit: type=1326 audit(1753420359.263:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.328681][   T28] audit: type=1326 audit(1753420359.263:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.358773][   T28] audit: type=1326 audit(1753420359.263:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  221.434746][   T28] audit: type=1326 audit(1753420359.263:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8639 comm="syz.2.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9ab18e9a9 code=0x7ffc0000
[  223.081190][ T8677] lo speed is unknown, defaulting to 1000
[  224.837946][ T8702] loop2: detected capacity change from 0 to 256
[  224.861403][ T8702] exfat: Deprecated parameter 'namecase'
[  224.870618][ T8702] exfat: Deprecated parameter 'namecase'
[  224.891035][ T8702] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d)
[  225.073892][ T8709] loop7: detected capacity change from 0 to 512
[  225.120725][ T8709] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.163816][ T8709] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  225.255078][ T8709] EXT4-fs error (device loop7): ext4_validate_block_bitmap:439: comm syz.7.951: bg 0: block 145: padding at end of block bitmap is not set
[  225.699352][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.955'.
[  225.816414][ T7709] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.803590][ T8739] sch_tbf: burst 4395 is lower than device lo mtu (65550) !
[  228.169857][ T8774] 9p: Unknown access argument 18446744073709551615: -34
[  228.797183][ T8794] Bluetooth: MGMT ver 1.22
[  228.827747][ T8787] loop2: detected capacity change from 0 to 40427
[  228.836724][ T8787] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  228.844602][ T8787] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  228.861528][ T8787] F2FS-fs (loop2): invalid crc value
[  228.889321][ T8787] F2FS-fs (loop2): Found nat_bits in checkpoint
[  228.948619][ T8787] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  228.955761][ T8787] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  229.570476][ T8810] netlink: 'syz.3.984': attribute type 10 has an invalid length.
[  229.618514][ T8810] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  229.730012][ T8814] loop7: detected capacity change from 0 to 24
[  229.744972][ T8814] MTD: Attempt to mount non-MTD device "/dev/loop7"
[  229.770928][ T8814] romfs: bad initial checksum on dev loop7.
[  229.844799][ T8814] loop7: detected capacity change from 0 to 8
[  230.403305][ T3511] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.518377][ T3511] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.610208][ T3511] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.704676][ T3511] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.099023][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  231.099040][   T28] audit: type=1800 audit(1753420369.233:485): pid=8831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.992" name="/" dev="fuse" ino=0 res=0 errno=0
[  232.194128][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  232.204863][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  232.214102][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  232.225350][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  232.243869][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  232.257794][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  232.499177][ T8852] lo speed is unknown, defaulting to 1000
[  233.661534][ T8852] chnl_net:caif_netlink_parms(): no params data found
[  234.335765][ T5791] Bluetooth: hci1: command tx timeout
[  234.573171][ T3511] hsr_slave_0: left promiscuous mode
[  234.629709][ T3511] hsr_slave_1: left promiscuous mode
[  234.653662][ T3511] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.766744][ T3511] batman_adv: batadv0: Removing interface: batadv_slave_0
[  234.801832][ T3511] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.829511][ T3511] batman_adv: batadv0: Removing interface: batadv_slave_1
[  234.867136][ T3511] bridge_slave_1: left allmulticast mode
[  234.872796][ T3511] bridge_slave_1: left promiscuous mode
[  234.885642][ T3511] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.895500][ T3511] bridge_slave_0: left allmulticast mode
[  234.903205][ T3511] bridge_slave_0: left promiscuous mode
[  234.916060][ T3511] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.703166][ T3511] veth1_macvtap: left promiscuous mode
[  235.709024][ T3511] veth0_macvtap: left promiscuous mode
[  235.714753][ T3511] veth1_vlan: left promiscuous mode
[  235.720133][ T3511] veth0_vlan: left promiscuous mode
[  236.425007][ T5791] Bluetooth: hci1: command tx timeout
[  237.382541][ T3511] team0 (unregistering): Port device team_slave_1 removed
[  237.470297][ T3511] team0 (unregistering): Port device team_slave_0 removed
[  237.725810][ T3511] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  238.113985][ T3511] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  238.495999][ T5791] Bluetooth: hci1: command tx timeout
[  238.903292][ T3511] bond0 (unregistering): Released all slaves
[  239.035059][ T8905] netlink: 'syz.8.1016': attribute type 4 has an invalid length.
[  239.100708][ T8906] netlink: 'syz.8.1016': attribute type 4 has an invalid length.
[  239.432904][ T8852] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.527063][ T8852] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.534351][ T8852] bridge_slave_0: entered allmulticast mode
[  239.600847][ T8852] bridge_slave_0: entered promiscuous mode
[  239.642381][ T8852] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.663310][ T8852] bridge0: port 2(bridge_slave_1) entered disabled state
[  239.680701][ T8852] bridge_slave_1: entered allmulticast mode
[  239.699892][ T8852] bridge_slave_1: entered promiscuous mode
[  239.868747][ T8852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  239.899892][ T8852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  239.991160][ T8927] sch_tbf: burst 4395 is lower than device lo mtu (11337746) !
[  240.037545][ T8852] team0: Port device team_slave_0 added
[  240.067623][ T8852] team0: Port device team_slave_1 added
[  240.121645][ T8852] batman_adv: batadv0: Adding interface: batadv_slave_0
[  240.136977][ T8852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.190333][ T8852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  240.208323][ T8852] batman_adv: batadv0: Adding interface: batadv_slave_1
[  240.225850][ T8852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.294932][ T8852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  240.414502][ T8852] hsr_slave_0: entered promiscuous mode
[  240.421825][ T8852] hsr_slave_1: entered promiscuous mode
[  240.432183][ T8852] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  240.446772][ T8852] Cannot create hsr debugfs directory
[  240.590371][ T5791] Bluetooth: hci1: command tx timeout
[  241.458821][ T8941] syz.2.1026[8941] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.459043][ T8941] syz.2.1026[8941] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  242.367291][ T8947] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  243.230080][ T8852] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  243.271957][ T8852] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  243.305359][ T8852] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  243.321557][ T8852] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  243.383185][ T8958] Invalid ELF header magic: != ELF
[  243.426067][ T8958] loop2: detected capacity change from 0 to 1024
[  243.464866][ T8958] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.490442][ T8852] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.536822][ T8852] 8021q: adding VLAN 0 to HW filter on device team0
[  243.558142][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.565334][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.581375][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.588607][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.632420][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.762344][ T8973] loop2: detected capacity change from 0 to 512
[  243.770694][ T8973] EXT4-fs: Ignoring removed nomblk_io_submit option
[  243.789584][ T8973] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  243.803425][ T8973] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01d, mo2=0102]
[  243.813187][ T8973] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80)
[  243.825870][ T8973] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features
[  243.857502][ T8973] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  243.967182][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.192049][ T8852] 8021q: adding VLAN 0 to HW filter on device batadv0
[  244.659954][ T8852] veth0_vlan: entered promiscuous mode
[  244.724806][ T8852] veth1_vlan: entered promiscuous mode
[  244.827794][ T8852] veth0_macvtap: entered promiscuous mode
[  244.865186][ T8852] veth1_macvtap: entered promiscuous mode
[  244.950068][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  244.998433][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.016215][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.028054][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.044239][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.058875][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.075093][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  245.117812][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.153695][ T8852] batman_adv: batadv0: Interface activated: batadv_slave_0
[  245.210589][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.228343][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.240376][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.253686][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.293964][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.324628][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.344633][ T8852] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  245.356902][ T8852] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  245.392862][ T8852] batman_adv: batadv0: Interface activated: batadv_slave_1
[  245.432514][ T8852] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  245.442587][ T8852] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  245.454735][ T8852] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  245.472036][ T8852] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  245.642529][ T2955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  245.658003][ T2955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.711383][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  245.721539][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  246.062882][ T9016] 9pnet_fd: Insufficient options for proto=fd
[  246.583481][ T5827] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  246.609212][ T9021] loop2: detected capacity change from 0 to 1024
[  246.620983][ T5827] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  246.625225][ T9021] EXT4-fs: Ignoring removed nomblk_io_submit option
[  247.888893][ T9021] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  247.950632][ T9021] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  248.035206][ T9021] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.289126][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.506631][ T9050] Cannot find map_set index 0 as target
[  249.526515][ T9058] lo speed is unknown, defaulting to 1000
[  251.555742][ T5791] Bluetooth: hci3: command tx timeout
[  252.914447][ T9125] syz.8.1076[9125] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  252.914578][ T9125] syz.8.1076[9125] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  255.459537][ T9149] loop2: detected capacity change from 0 to 512
[  255.508840][ T9149] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.1089: casefold flag without casefold feature
[  255.536699][ T9149] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.1089: couldn't read orphan inode 15 (err -117)
[  255.587994][ T9149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.940308][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  255.947279][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  255.961561][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.059444][ T9186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1096'.
[  258.823309][ T9201] batman_adv: batadv0: Adding interface: ip6gretap1
[  258.848861][ T9201] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.877678][ T9201] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  258.920798][ T9203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  258.974058][ T9203] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.013455][ T9203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.021647][ T9203] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.157330][ T9203] batman_adv: batadv0: Removing interface: ip6gretap1
[  260.188819][ T9225] netlink: 'syz.9.1110': attribute type 10 has an invalid length.
[  260.224673][ T9225] 8021q: adding VLAN 0 to HW filter on device team0
[  260.246842][ T9225] bond0: (slave team0): Enslaving as an active interface with an up link
[  262.669550][ T9255] bridge2: entered promiscuous mode
[  262.674814][ T9255] bridge2: entered allmulticast mode
[  262.754750][ T9255] team0: Port device bridge2 added
[  262.778379][ T9256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1120'.
[  263.395518][ T5834] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  263.701026][ T5834] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  263.712390][ T5834] usb 10-1: config 0 interface 0 has no altsetting 0
[  263.722789][ T5834] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  263.744865][ T5834] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  263.756220][ T5834] usb 10-1: Product: syz
[  263.760939][ T5834] usb 10-1: Manufacturer: syz
[  263.778510][ T5834] usb 10-1: SerialNumber: syz
[  263.798321][ T5834] usb 10-1: config 0 descriptor??
[  263.808610][ T5834] usb 10-1: selecting invalid altsetting 0
[  263.882553][ T9256] team0 (unregistering): Port device team_slave_0 removed
[  263.892932][ T9256] team0 (unregistering): Port device team_slave_1 removed
[  263.912333][ T9256] team0 (unregistering): Port device bridge2 removed
[  264.136300][ T9269] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  266.251289][ T5875] usb 10-1: USB disconnect, device number 2
[  267.859455][ T5827] IPVS: starting estimator thread 0...
[  268.008596][ T9308] IPVS: using max 17 ests per chain, 40800 per kthread
[  271.125949][ T5791] Bluetooth: Wrong link type (-57)
[  273.307002][ T9350] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.317051][ T9350] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.970138][ T9350] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.021200][ T9350] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.949510][ T9350] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.961487][ T9350] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.970609][ T9350] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  275.980023][ T9350] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.068717][ T9366] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.078325][ T9366] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.088848][ T9366] bridge0: entered allmulticast mode
[  276.120560][ T9369] bridge_slave_1: left allmulticast mode
[  276.127361][ T9369] bridge_slave_1: left promiscuous mode
[  276.135121][ T9369] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.161588][ T9369] bridge_slave_0: left allmulticast mode
[  276.171687][ T9369] bridge_slave_0: left promiscuous mode
[  276.180246][ T9369] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.333415][ T9395] netlink: 'syz.8.1165': attribute type 10 has an invalid length.
[  276.374131][ T9395] team0: Port device dummy0 added
[  276.379826][ T9398] netlink: 'syz.8.1165': attribute type 10 has an invalid length.
[  276.424443][ T9398] team0: Port device dummy0 removed
[  276.436363][ T9398] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  276.540459][ T9415] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  276.703389][ T9418] loop9: detected capacity change from 0 to 2048
[  276.745776][ T5854] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  276.759172][ T9418]  loop9: p1 < > p3
[  276.767951][ T9418] loop9: p3 size 134217728 extends beyond EOD, truncated
[  276.808835][ T9418] kvm: emulating exchange as write
[  276.947646][ T5854] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.964106][ T5854] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  276.976943][ T5854] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  276.993407][ T5854] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  277.281773][ T5854] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.758586][ T5854] usb 3-1: Product: syz
[  277.790472][ T5854] usb 3-1: Manufacturer: syz
[  277.845528][ T5854] usb 3-1: SerialNumber: syz
[  277.864275][ T5854] usb 3-1: config 0 descriptor??
[  277.896344][ T9411] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  277.904770][ T5854] usb 3-1: ucan: probing device on interface #0
[  277.922638][ T5854] usb 3-1: ucan: invalid EP count (1)
[  277.935322][ T5854] usb 3-1: ucan: probe failed; try to update the device firmware
[  277.962085][ T9427] bridge2: entered promiscuous mode
[  277.967850][ T9427] bridge2: entered allmulticast mode
[  277.979198][ T9427] team0: Port device bridge2 added
[  278.516489][ T9427] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1174'.
[  278.819721][ T9427] team0 (unregistering): Port device team_slave_0 removed
[  278.899098][ T9427] team0 (unregistering): Port device team_slave_1 removed
[  278.935081][ T9427] team0 (unregistering): Port device bridge2 removed
[  278.962467][ T9439] loop9: detected capacity change from 0 to 512
[  278.974028][ T9439] EXT4-fs (loop9): Test dummy encryption mode enabled
[  279.000051][ T9439] EXT4-fs error (device loop9): ext4_xattr_ibody_find:2244: inode #15: comm syz.9.1178: corrupted in-inode xattr: invalid ea_ino
[  279.014301][ T9439] EXT4-fs error (device loop9): ext4_orphan_get:1404: comm syz.9.1178: couldn't read orphan inode 15 (err -117)
[  279.052988][ T9439] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.152719][ T9447] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1183'.
[  279.163176][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1183'.
[  279.208782][ T8852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.310716][ T5854] usb 3-1: USB disconnect, device number 19
[  279.945701][ T9459] netlink: 'syz.8.1185': attribute type 3 has an invalid length.
[  282.197269][ T9483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1194'.
[  282.364205][ T9486] bridge1: entered promiscuous mode
[  282.396718][ T9486] bridge1: entered allmulticast mode
[  282.426649][ T9486] team0: Port device bridge1 added
[  282.446130][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1191'.
[  283.776581][   T50] Bluetooth: hci1: command tx timeout
[  283.985231][ T9484] team0 (unregistering): Port device team_slave_0 removed
[  284.007199][ T9484] team0 (unregistering): Port device team_slave_1 removed
[  284.037990][ T9484] team0 (unregistering): Port device bridge1 removed
[  285.319816][ T9524] 
[  285.322189][ T9524] =====================================================
[  285.329110][ T9524] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  285.336574][ T9524] 6.6.100-syzkaller #0 Not tainted
[  285.341689][ T9524] -----------------------------------------------------
[  285.348624][ T9524] syz.9.1203/9524 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  285.353461][ T9521] lo speed is unknown, defaulting to 1000
[  285.356300][ T9524] ffffffff8ca0a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xf9/0x360
[  285.356356][ T9524] 
[  285.356356][ T9524] and this task is already holding:
[  285.356361][ T9524] ffff8880753b9c98 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360
[  285.356399][ T9524] which would create a new lock dependency:
[  285.356404][ T9524]  (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
[  285.356445][ T9524] 
[  285.356445][ T9524] but this new dependency connects a HARDIRQ-irq-safe lock:
[  285.356453][ T9524]  (&dev->event_lock#2){-.-.}-{2:2}
[  285.356474][ T9524] 
[  285.356474][ T9524] ... which became HARDIRQ-irq-safe at:
[  285.356492][ T9524]   lock_acquire+0x197/0x410
[  285.356510][ T9524]   _raw_spin_lock_irqsave+0xa8/0xf0
[  285.356532][ T9524]   input_event+0x7a/0xc0
[  285.356550][ T9524]   psmouse_report_standard_packet+0x53/0x200
[  285.356569][ T9524]   psmouse_process_byte+0x478/0x670
[  285.356586][ T9524]   psmouse_handle_byte+0x43/0x490
[  285.356604][ T9524]   ps2_interrupt+0x164/0x980
[  285.356620][ T9524]   serio_interrupt+0x8b/0x130
[  285.356634][ T9524]   i8042_interrupt+0x394/0x730
[  285.356649][ T9524]   __handle_irq_event_percpu+0x276/0x930
[  285.356668][ T9524]   handle_irq_event+0x8b/0x1e0
[  285.356686][ T9524]   handle_edge_irq+0x247/0xb30
[  285.356701][ T9524]   __common_interrupt+0x13b/0x230
[  285.356717][ T9524]   common_interrupt+0xb4/0xd0
[  285.356734][ T9524]   asm_common_interrupt+0x26/0x40
[  285.356754][ T9524]   unwind_next_frame+0x1768/0x2970
[  285.356773][ T9524]   arch_stack_walk+0x144/0x190
[  285.356787][ T9524]   stack_trace_save+0x9c/0xe0
[  285.356804][ T9524]   kasan_set_track+0x4e/0x70
[  285.356818][ T9524]   kasan_save_free_info+0x2e/0x50
[  285.356835][ T9524]   ____kasan_slab_free+0x126/0x1e0
[  285.356849][ T9524]   slab_free_freelist_hook+0x130/0x1b0
[  285.356860][ T9524]   __kmem_cache_free+0xba/0x1f0
[  285.356878][ T9524]   security_cred_free+0xc0/0xf0
[  285.356895][ T9524]   put_cred_rcu+0x68/0x2a0
[  285.356912][ T9524]   rcu_core+0xcc4/0x1720
[  285.356924][ T9524]   handle_softirqs+0x280/0x820
[  285.356937][ T9524]   run_ksoftirqd+0x9c/0xf0
[  285.356951][ T9524]   smpboot_thread_fn+0x635/0xa00
[  285.356969][ T9524]   kthread+0x2fa/0x390
[  285.570868][ T9524]   ret_from_fork+0x48/0x80
[  285.575369][ T9524]   ret_from_fork_asm+0x11/0x20
[  285.580213][ T9524] 
[  285.580213][ T9524] to a HARDIRQ-irq-unsafe lock:
[  285.587218][ T9524]  (tasklist_lock){.+.+}-{2:2}
[  285.587240][ T9524] 
[  285.587240][ T9524] ... which became HARDIRQ-irq-unsafe at:
[  285.599847][ T9524] ...
[  285.599854][ T9524]   lock_acquire+0x197/0x410
[  285.607049][ T9524]   _raw_read_lock+0x36/0x50
[  285.611638][ T9524]   do_wait+0x294/0xaf0
[  285.615791][ T9524]   kernel_wait+0xac/0x170
[  285.620205][ T9524]   call_usermodehelper_exec_work+0xb9/0x220
[  285.626177][ T9524]   process_scheduled_works+0xa45/0x15b0
[  285.631797][ T9524]   worker_thread+0xa55/0xfc0
[  285.636466][ T9524]   kthread+0x2fa/0x390
[  285.640610][ T9524]   ret_from_fork+0x48/0x80
[  285.645100][ T9524]   ret_from_fork_asm+0x11/0x20
[  285.649939][ T9524] 
[  285.649939][ T9524] other info that might help us debug this:
[  285.649939][ T9524] 
[  285.660173][ T9524] Chain exists of:
[  285.660173][ T9524]   &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock
[  285.660173][ T9524] 
[  285.673375][ T9524]  Possible interrupt unsafe locking scenario:
[  285.673375][ T9524] 
[  285.681685][ T9524]        CPU0                    CPU1
[  285.687035][ T9524]        ----                    ----
[  285.692386][ T9524]   lock(tasklist_lock);
[  285.696614][ T9524]                                local_irq_disable();
[  285.703349][ T9524]                                lock(&dev->event_lock#2);
[  285.710540][ T9524]                                lock(&f->f_owner.lock);
[  285.717550][ T9524]   <Interrupt>
[  285.721017][ T9524]     lock(&dev->event_lock#2);
[  285.725861][ T9524] 
[  285.725861][ T9524]  *** DEADLOCK ***
[  285.725861][ T9524] 
[  285.733984][ T9524] 6 locks held by syz.9.1203/9524:
[  285.739092][ T9524]  #0: ffff88807ad7e418 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  285.748229][ T9524]  #1: ffffffff8ce7b6f0 (file_rwsem){.+.+}-{0:0}, at: __break_lease+0x183/0x12c0
[  285.757353][ T9524]  #2: ffff888025825a68 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x190/0x12c0
[  285.766823][ T9524]  #3: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0
[  285.775866][ T9524]  #4: ffff888078b200c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0
[  285.785012][ T9524]  #5: ffff8880753b9c98 (&f->f_owner.lock){....}-{2:2}, at: send_sigio+0x33/0x360
[  285.794327][ T9524] 
[  285.794327][ T9524] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  285.804715][ T9524]    -> (&dev->event_lock#2){-.-.}-{2:2} {
[  285.810529][ T9524]       IN-HARDIRQ-W at:
[  285.814756][ T9524]                           lock_acquire+0x197/0x410
[  285.821423][ T9524]                           _raw_spin_lock_irqsave+0xa8/0xf0
[  285.828784][ T9524]                           input_event+0x7a/0xc0
[  285.835186][ T9524]                           psmouse_report_standard_packet+0x53/0x200
[  285.843329][ T9524]                           psmouse_process_byte+0x478/0x670
[  285.850696][ T9524]                           psmouse_handle_byte+0x43/0x490
[  285.857885][ T9524]                           ps2_interrupt+0x164/0x980
[  285.864639][ T9524]                           serio_interrupt+0x8b/0x130
[  285.871474][ T9524]                           i8042_interrupt+0x394/0x730
[  285.878395][ T9524]                           __handle_irq_event_percpu+0x276/0x930
[  285.886190][ T9524]                           handle_irq_event+0x8b/0x1e0
[  285.893154][ T9524]                           handle_edge_irq+0x247/0xb30
[  285.900087][ T9524]                           __common_interrupt+0x13b/0x230
[  285.907795][ T9524]                           common_interrupt+0xb4/0xd0
[  285.914632][ T9524]                           asm_common_interrupt+0x26/0x40
[  285.921822][ T9524]                           unwind_next_frame+0x1768/0x2970
[  285.929100][ T9524]                           arch_stack_walk+0x144/0x190
[  285.936038][ T9524]                           stack_trace_save+0x9c/0xe0
[  285.942896][ T9524]                           kasan_set_track+0x4e/0x70
[  285.949740][ T9524]                           kasan_save_free_info+0x2e/0x50
[  285.956930][ T9524]                           ____kasan_slab_free+0x126/0x1e0
[  285.964202][ T9524]                           slab_free_freelist_hook+0x130/0x1b0
[  285.971819][ T9524]                           __kmem_cache_free+0xba/0x1f0
[  285.978832][ T9524]                           security_cred_free+0xc0/0xf0
[  285.985852][ T9524]                           put_cred_rcu+0x68/0x2a0
[  285.992439][ T9524]                           rcu_core+0xcc4/0x1720
[  285.998841][ T9524]                           handle_softirqs+0x280/0x820
[  286.005766][ T9524]                           run_ksoftirqd+0x9c/0xf0
[  286.012338][ T9524]                           smpboot_thread_fn+0x635/0xa00
[  286.019450][ T9524]                           kthread+0x2fa/0x390
[  286.025680][ T9524]                           ret_from_fork+0x48/0x80
[  286.032266][ T9524]                           ret_from_fork_asm+0x11/0x20
[  286.039192][ T9524]       IN-SOFTIRQ-W at:
[  286.043421][ T9524]                           lock_acquire+0x197/0x410
[  286.050090][ T9524]                           _raw_spin_lock_irqsave+0xa8/0xf0
[  286.057454][ T9524]                           input_event+0x7a/0xc0
[  286.063861][ T9524]                           psmouse_report_standard_packet+0x53/0x200
[  286.072005][ T9524]                           psmouse_process_byte+0x478/0x670
[  286.079370][ T9524]                           psmouse_handle_byte+0x43/0x490
[  286.086557][ T9524]                           ps2_interrupt+0x164/0x980
[  286.093309][ T9524]                           serio_interrupt+0x8b/0x130
[  286.100146][ T9524]                           i8042_interrupt+0x394/0x730
[  286.107070][ T9524]                           __handle_irq_event_percpu+0x276/0x930
[  286.114865][ T9524]                           handle_irq_event+0x8b/0x1e0
[  286.121789][ T9524]                           handle_edge_irq+0x247/0xb30
[  286.128712][ T9524]                           __common_interrupt+0x13b/0x230
[  286.135902][ T9524]                           common_interrupt+0xb4/0xd0
[  286.142750][ T9524]                           asm_common_interrupt+0x26/0x40
[  286.149942][ T9524]                           unwind_next_frame+0x1768/0x2970
[  286.157220][ T9524]                           arch_stack_walk+0x144/0x190
[  286.164141][ T9524]                           stack_trace_save+0x9c/0xe0
[  286.170980][ T9524]                           kasan_set_track+0x4e/0x70
[  286.177730][ T9524]                           kasan_save_free_info+0x2e/0x50
[  286.184913][ T9524]                           ____kasan_slab_free+0x126/0x1e0
[  286.192184][ T9524]                           slab_free_freelist_hook+0x130/0x1b0
[  286.199802][ T9524]                           __kmem_cache_free+0xba/0x1f0
[  286.206820][ T9524]                           security_cred_free+0xc0/0xf0
[  286.213837][ T9524]                           put_cred_rcu+0x68/0x2a0
[  286.220418][ T9524]                           rcu_core+0xcc4/0x1720
[  286.226818][ T9524]                           handle_softirqs+0x280/0x820
[  286.233825][ T9524]                           run_ksoftirqd+0x9c/0xf0
[  286.240397][ T9524]                           smpboot_thread_fn+0x635/0xa00
[  286.247500][ T9524]                           kthread+0x2fa/0x390
[  286.253724][ T9524]                           ret_from_fork+0x48/0x80
[  286.260306][ T9524]                           ret_from_fork_asm+0x11/0x20
[  286.267235][ T9524]       INITIAL USE at:
[  286.271379][ T9524]                          lock_acquire+0x197/0x410
[  286.277953][ T9524]                          _raw_spin_lock_irqsave+0xa8/0xf0
[  286.285230][ T9524]                          input_inject_event+0xab/0x320
[  286.292241][ T9524]                          led_trigger_event+0x133/0x210
[  286.299253][ T9524]                          kbd_led_trigger_activate+0xbd/0x100
[  286.306785][ T9524]                          led_trigger_set+0x524/0x940
[  286.313616][ T9524]                          led_trigger_set_default+0x1a0/0x1e0
[  286.321147][ T9524]                          led_classdev_register_ext+0x6e9/0x940
[  286.328852][ T9524]                          input_leds_connect+0x4eb/0x6b0
[  286.335952][ T9524]                          input_register_device+0xcdc/0x1070
[  286.343423][ T9524]                          atkbd_connect+0x6fb/0x9a0
[  286.350099][ T9524]                          serio_driver_probe+0x7a/0xa0
[  286.357029][ T9524]                          really_probe+0x25b/0xb40
[  286.363616][ T9524]                          __driver_probe_device+0x18c/0x330
[  286.370981][ T9524]                          driver_probe_device+0x4f/0x420
[  286.378083][ T9524]                          __driver_attach+0x44e/0x6f0
[  286.384919][ T9524]                          bus_for_each_dev+0x22d/0x2a0
[  286.391847][ T9524]                          serio_handle_event+0x1a2/0x860
[  286.399050][ T9524]                          process_scheduled_works+0xa45/0x15b0
[  286.406675][ T9524]                          worker_thread+0xa55/0xfc0
[  286.413338][ T9524]                          kthread+0x2fa/0x390
[  286.419477][ T9524]                          ret_from_fork+0x48/0x80
[  286.425983][ T9524]                          ret_from_fork_asm+0x11/0x20
[  286.432837][ T9524]     }
[  286.435582][ T9524]     ... key      at: [<ffffffff9720e600>] input_allocate_device.__key.5+0x0/0x20
[  286.444863][ T9524]   -> (&client->buffer_lock){....}-{2:2} {
[  286.450774][ T9524]      INITIAL USE at:
[  286.454849][ T9524]                        lock_acquire+0x197/0x410
[  286.461267][ T9524]                        _raw_spin_lock+0x2e/0x40
[  286.467683][ T9524]                        evdev_pass_values+0xcb/0xab0
[  286.474441][ T9524]                        evdev_events+0x1d8/0x330
[  286.480842][ T9524]                        input_pass_values+0x907/0x1300
[  286.487773][ T9524]                        input_event_dispose+0x346/0x6c0
[  286.494803][ T9524]                        input_inject_event+0x1f9/0x320
[  286.501728][ T9524]                        evdev_write+0x32a/0x470
[  286.508049][ T9524]                        vfs_write+0x288/0x940
[  286.514193][ T9524]                        ksys_write+0x147/0x250
[  286.520424][ T9524]                        do_syscall_64+0x55/0xb0
[  286.526742][ T9524]                        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.534540][ T9524]    }
[  286.537203][ T9524]    ... key      at: [<ffffffff9720e8a0>] evdev_open.__key.28+0x0/0x20
[  286.545610][ T9524]    ... acquired at:
[  286.549578][ T9524]    _raw_spin_lock+0x2e/0x40
[  286.554269][ T9524]    evdev_pass_values+0xcb/0xab0
[  286.559285][ T9524]    evdev_events+0x1d8/0x330
[  286.563950][ T9524]    input_pass_values+0x907/0x1300
[  286.569142][ T9524]    input_event_dispose+0x346/0x6c0
[  286.574419][ T9524]    input_inject_event+0x1f9/0x320
[  286.579620][ T9524]    evdev_write+0x32a/0x470
[  286.584213][ T9524]    vfs_write+0x288/0x940
[  286.588625][ T9524]    ksys_write+0x147/0x250
[  286.593124][ T9524]    do_syscall_64+0x55/0xb0
[  286.597705][ T9524]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.603765][ T9524] 
[  286.606130][ T9524]  -> (&new->fa_lock){....}-{2:2} {
[  286.611336][ T9524]     INITIAL USE at:
[  286.615300][ T9524]                      lock_acquire+0x197/0x410
[  286.621530][ T9524]                      _raw_write_lock_irq+0xa3/0xe0
[  286.628199][ T9524]                      fasync_remove_entry+0xf4/0x1c0
[  286.634950][ T9524]                      lease_modify+0x1a6/0x390
[  286.641198][ T9524]                      locks_remove_file+0x4c0/0xe20
[  286.647879][ T9524]                      __fput+0x18f/0x970
[  286.653606][ T9524]                      task_work_run+0x1ce/0x250
[  286.659945][ T9524]                      exit_to_user_mode_loop+0xe6/0x110
[  286.666974][ T9524]                      exit_to_user_mode_prepare+0xb1/0x140
[  286.674255][ T9524]                      syscall_exit_to_user_mode+0x1a/0x50
[  286.681446][ T9524]                      do_syscall_64+0x61/0xb0
[  286.687591][ T9524]                      entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.695215][ T9524]     INITIAL READ USE at:
[  286.699663][ T9524]                           lock_acquire+0x197/0x410
[  286.706344][ T9524]                           _raw_read_lock_irqsave+0xb0/0x100
[  286.713883][ T9524]                           kill_fasync+0x192/0x4b0
[  286.720461][ T9524]                           evdev_pass_values+0x54b/0xab0
[  286.727561][ T9524]                           evdev_events+0x1d8/0x330
[  286.734229][ T9524]                           input_pass_values+0x907/0x1300
[  286.741502][ T9524]                           input_event_dispose+0x346/0x6c0
[  286.748774][ T9524]                           input_inject_event+0x1f9/0x320
[  286.755963][ T9524]                           evdev_write+0x32a/0x470
[  286.762546][ T9524]                           vfs_write+0x288/0x940
[  286.768950][ T9524]                           ksys_write+0x147/0x250
[  286.775441][ T9524]                           do_syscall_64+0x55/0xb0
[  286.782016][ T9524]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.790072][ T9524]   }
[  286.792640][ T9524]   ... key      at: [<ffffffff96f15ac0>] fasync_insert_entry.__key+0x0/0x20
[  286.801387][ T9524]   ... acquired at:
[  286.805257][ T9524]    _raw_read_lock_irqsave+0xb0/0x100
[  286.810707][ T9524]    kill_fasync+0x192/0x4b0
[  286.815284][ T9524]    evdev_pass_values+0x54b/0xab0
[  286.820384][ T9524]    evdev_events+0x1d8/0x330
[  286.825045][ T9524]    input_pass_values+0x907/0x1300
[  286.830229][ T9524]    input_event_dispose+0x346/0x6c0
[  286.835498][ T9524]    input_inject_event+0x1f9/0x320
[  286.840693][ T9524]    evdev_write+0x32a/0x470
[  286.845268][ T9524]    vfs_write+0x288/0x940
[  286.849673][ T9524]    ksys_write+0x147/0x250
[  286.854186][ T9524]    do_syscall_64+0x55/0xb0
[  286.858761][ T9524]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.864818][ T9524] 
[  286.867129][ T9524] -> (&f->f_owner.lock){....}-{2:2} {
[  286.872508][ T9524]    INITIAL USE at:
[  286.876387][ T9524]                    lock_acquire+0x197/0x410
[  286.882439][ T9524]                    _raw_write_lock_irq+0xa3/0xe0
[  286.888928][ T9524]                    __f_setown+0x3b/0x330
[  286.894725][ T9524]                    fcntl_dirnotify+0x6e2/0x8d0
[  286.901039][ T9524]                    do_fcntl+0x37c/0x1380
[  286.906830][ T9524]                    __se_sys_fcntl+0xc9/0x1a0
[  286.912971][ T9524]                    do_syscall_64+0x55/0xb0
[  286.918939][ T9524]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  286.926392][ T9524]    INITIAL READ USE at:
[  286.930707][ T9524]                         lock_acquire+0x197/0x410
[  286.937198][ T9524]                         _raw_read_lock_irqsave+0xb0/0x100
[  286.944473][ T9524]                         send_sigio+0x33/0x360
[  286.950702][ T9524]                         kill_fasync+0x228/0x4b0
[  286.957106][ T9524]                         evdev_pass_values+0x54b/0xab0
[  286.964030][ T9524]                         evdev_events+0x1d8/0x330
[  286.970520][ T9524]                         input_pass_values+0x907/0x1300
[  286.977532][ T9524]                         input_event_dispose+0x346/0x6c0
[  286.984632][ T9524]                         input_inject_event+0x1f9/0x320
[  286.991644][ T9524]                         evdev_write+0x32a/0x470
[  286.998047][ T9524]                         vfs_write+0x288/0x940
[  287.004279][ T9524]                         ksys_write+0x147/0x250
[  287.010596][ T9524]                         do_syscall_64+0x55/0xb0
[  287.017004][ T9524]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  287.024938][ T9524]  }
[  287.027510][ T9524]  ... key      at: [<ffffffff96f14e40>] init_file.__key+0x0/0x20
[  287.035315][ T9524]  ... acquired at:
[  287.039127][ T9524]    _raw_read_lock_irqsave+0xb0/0x100
[  287.044585][ T9524]    send_sigio+0x33/0x360
[  287.048989][ T9524]    kill_fasync+0x228/0x4b0
[  287.053563][ T9524]    evdev_pass_values+0x54b/0xab0
[  287.058664][ T9524]    evdev_events+0x1d8/0x330
[  287.063327][ T9524]    input_pass_values+0x907/0x1300
[  287.068516][ T9524]    input_event_dispose+0x346/0x6c0
[  287.073785][ T9524]    input_inject_event+0x1f9/0x320
[  287.078977][ T9524]    evdev_write+0x32a/0x470
[  287.083553][ T9524]    vfs_write+0x288/0x940
[  287.087964][ T9524]    ksys_write+0x147/0x250
[  287.092457][ T9524]    do_syscall_64+0x55/0xb0
[  287.097036][ T9524]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  287.103093][ T9524] 
[  287.105477][ T9524] 
[  287.105477][ T9524] the dependencies between the lock to be acquired
[  287.105485][ T9524]  and HARDIRQ-irq-unsafe lock:
[  287.119000][ T9524] -> (tasklist_lock){.+.+}-{2:2} {
[  287.124125][ T9524]    HARDIRQ-ON-R at:
[  287.128100][ T9524]                     lock_acquire+0x197/0x410
[  287.134248][ T9524]                     _raw_read_lock+0x36/0x50
[  287.140397][ T9524]                     do_wait+0x294/0xaf0
[  287.146116][ T9524]                     kernel_wait+0xac/0x170
[  287.152089][ T9524]                     call_usermodehelper_exec_work+0xb9/0x220
[  287.159628][ T9524]                     process_scheduled_works+0xa45/0x15b0
[  287.166811][ T9524]                     worker_thread+0xa55/0xfc0
[  287.173054][ T9524]                     kthread+0x2fa/0x390
[  287.178773][ T9524]                     ret_from_fork+0x48/0x80
[  287.184855][ T9524]                     ret_from_fork_asm+0x11/0x20
[  287.191275][ T9524]    SOFTIRQ-ON-R at:
[  287.195244][ T9524]                     lock_acquire+0x197/0x410
[  287.201392][ T9524]                     _raw_read_lock+0x36/0x50
[  287.207541][ T9524]                     do_wait+0x294/0xaf0
[  287.213253][ T9524]                     kernel_wait+0xac/0x170
[  287.219223][ T9524]                     call_usermodehelper_exec_work+0xb9/0x220
[  287.226760][ T9524]                     process_scheduled_works+0xa45/0x15b0
[  287.234031][ T9524]                     worker_thread+0xa55/0xfc0
[  287.240348][ T9524]                     kthread+0x2fa/0x390
[  287.246056][ T9524]                     ret_from_fork+0x48/0x80
[  287.252117][ T9524]                     ret_from_fork_asm+0x11/0x20
[  287.258522][ T9524]    INITIAL USE at:
[  287.262404][ T9524]                    lock_acquire+0x197/0x410
[  287.268459][ T9524]                    _raw_write_lock_irq+0xa3/0xe0
[  287.274958][ T9524]                    copy_process+0x225d/0x3d70
[  287.281190][ T9524]                    kernel_clone+0x21b/0x840
[  287.287332][ T9524]                    user_mode_thread+0xde/0x130
[  287.293656][ T9524]                    rest_init+0x27/0x300
[  287.299366][ T9524]                    arch_call_rest_init+0xe/0x10
[  287.305773][ T9524]                    start_kernel+0x459/0x4e0
[  287.311835][ T9524]                    x86_64_start_reservations+0x2a/0x30
[  287.318842][ T9524]                    copy_bootdata+0x0/0xe0
[  287.324718][ T9524]                    secondary_startup_64_no_verify+0x179/0x17b
[  287.332340][ T9524]    INITIAL READ USE at:
[  287.336659][ T9524]                         lock_acquire+0x197/0x410
[  287.343157][ T9524]                         _raw_read_lock+0x36/0x50
[  287.349650][ T9524]                         do_wait+0x294/0xaf0
[  287.355706][ T9524]                         kernel_wait+0xac/0x170
[  287.362130][ T9524]                         call_usermodehelper_exec_work+0xb9/0x220
[  287.370026][ T9524]                         process_scheduled_works+0xa45/0x15b0
[  287.377568][ T9524]                         worker_thread+0xa55/0xfc0
[  287.384151][ T9524]                         kthread+0x2fa/0x390
[  287.390297][ T9524]                         ret_from_fork+0x48/0x80
[  287.396788][ T9524]                         ret_from_fork_asm+0x11/0x20
[  287.403546][ T9524]  }
[  287.406034][ T9524]  ... key      at: [<ffffffff8ca0a058>] tasklist_lock+0x18/0x40
[  287.413737][ T9524]  ... acquired at:
[  287.417523][ T9524]    _raw_read_lock+0x36/0x50
[  287.422191][ T9524]    send_sigio+0xf9/0x360
[  287.426596][ T9524]    kill_fasync+0x228/0x4b0
[  287.431170][ T9524]    lease_break_callback+0x26/0x30
[  287.436354][ T9524]    __break_lease+0x4a7/0x12c0
[  287.441189][ T9524]    vfs_truncate+0x1ff/0x300
[  287.445857][ T9524]    do_sys_truncate+0xe0/0x1a0
[  287.450688][ T9524]    do_syscall_64+0x55/0xb0
[  287.455261][ T9524]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  287.461315][ T9524] 
[  287.463622][ T9524] 
[  287.463622][ T9524] stack backtrace:
[  287.469492][ T9524] CPU: 1 PID: 9524 Comm: syz.9.1203 Not tainted 6.6.100-syzkaller #0
[  287.477544][ T9524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.487602][ T9524] Call Trace:
[  287.490873][ T9524]  <TASK>
[  287.493791][ T9524]  dump_stack_lvl+0x16c/0x230
[  287.498475][ T9524]  ? load_image+0x3b0/0x3b0
[  287.502969][ T9524]  ? show_regs_print_info+0x20/0x20
[  287.508152][ T9524]  ? load_image+0x3b0/0x3b0
[  287.512650][ T9524]  ? print_shortest_lock_dependencies+0xf4/0x160
[  287.518964][ T9524]  __lock_acquire+0x678f/0x7c80
[  287.523811][ T9524]  ? verify_lock_unused+0x140/0x140
[  287.529007][ T9524]  lock_acquire+0x197/0x410
[  287.533499][ T9524]  ? send_sigio+0xf9/0x360
[  287.537909][ T9524]  ? read_lock_is_recursive+0x20/0x20
[  287.543265][ T9524]  ? do_raw_read_lock+0x3d/0x90
[  287.548105][ T9524]  ? _raw_read_lock_irqsave+0xbc/0x100
[  287.553553][ T9524]  ? _raw_read_lock+0x50/0x50
[  287.558221][ T9524]  ? _raw_read_lock_irqsave+0xbc/0x100
[  287.563672][ T9524]  _raw_read_lock+0x36/0x50
[  287.568164][ T9524]  ? send_sigio+0xf9/0x360
[  287.572568][ T9524]  send_sigio+0xf9/0x360
[  287.576797][ T9524]  kill_fasync+0x228/0x4b0
[  287.581207][ T9524]  ? kill_fasync+0x53/0x4b0
[  287.585703][ T9524]  lease_break_callback+0x26/0x30
[  287.590747][ T9524]  __break_lease+0x4a7/0x12c0
[  287.595412][ T9524]  ? apparmor_capable+0x137/0x1a0
[  287.600429][ T9524]  ? lease_modify+0x390/0x390
[  287.605103][ T9524]  ? generic_permission+0x2ca/0x590
[  287.610299][ T9524]  vfs_truncate+0x1ff/0x300
[  287.614793][ T9524]  do_sys_truncate+0xe0/0x1a0
[  287.619463][ T9524]  ? break_lease+0xd0/0xd0
[  287.623866][ T9524]  ? lockdep_hardirqs_on+0x98/0x150
[  287.629065][ T9524]  do_syscall_64+0x55/0xb0
[  287.633470][ T9524]  ? clear_bhb_loop+0x40/0x90
[  287.638130][ T9524]  ? clear_bhb_loop+0x40/0x90
[  287.642791][ T9524]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  287.648680][ T9524] RIP: 0033:0x7f6f9a58e9a9
[  287.653084][ T9524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.672683][ T9524] RSP: 002b:00007f6f9b406038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  287.681092][ T9524] RAX: ffffffffffffffda RBX: 00007f6f9a7b6080 RCX: 00007f6f9a58e9a9
[  287.689058][ T9524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  287.697023][ T9524] RBP: 00007f6f9a610d69 R08: 0000000000000000 R09: 0000000000000000
[  287.704984][ T9524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  287.712970][ T9524] R13: 0000000000000000 R14: 00007f6f9a7b6080 R15: 00007ffcc5b7ae98
[  287.720969][ T9524]  </TASK>