last executing test programs:

21m24.209300432s ago: executing program 1 (id=916):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
open(0x0, 0x480, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r1, 0x0, r1)
syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0)
ioctl$KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040))
brk(0x4)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$pvfs2(0x0, 0x0, 0x0, 0x8184c, 0x0)

21m23.865850808s ago: executing program 1 (id=917):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='sched_switch\x00', r0, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, 0x0, 0x18)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c)
setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f00000001c0)='./file1\x00')
syz_mount_image$romfs(&(0x7f0000000040), &(0x7f0000000b40)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x44, &(0x7f0000000600)=ANY=[@ANYBLOB="00f3000000be5500200800000000c19e57fc847c52a19b0b247df0690ca7d757194d0335d8e8a065e069e1294e9f28bcee7085d4988309e751e0eec20f77d6c68ae8"], 0x1, 0x15a, &(0x7f0000003180)="$eJzs2rFK81AUB/DzwYdKwcXRqVCpgjZJE62rjuLm7lBqbhq8MSURpH0BcRIUroMvIfgEPoFkEjddivgSkdtcNI0Wsthb4f9b+ofTJicn9E6nEYVBk8UNoo3e1cFwKQqDasvZ7rAma1Nmj4iqMiRpemPQNy+f9SQl44cv6LXynn3W1jyxf8F87tq6WwIAAAAAAAAAAAAAAAAAAAAAgJLqFRUqXRGcM5+7zVw17g+O25y7UUy0oKlDvepVtcNFTPBbOR9nbBTrMu/I5IvdSNat8d9fq7DaFfy1OF/zNOiZcX/Q8IO253ruiW07LWvTsrZsc3Qts3jF+p3qiZL03sqtkxmPh46s5/bNnsvsm6n3/3/ZF5dnxbt9vX+EKQaiCaV/9Ds3fdP+yH8pPM1l/45Z6UdDWCx5fM6+0fk3JKJ5p/Ygzz+jE/IjVZzGOPU+PgBM8hEAAP//oTc3XQ==")
chdir(&(0x7f0000000240)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000040)={0x0, 0x0, 0x3001, 0x101, 0x20000000, 0x400, 0x800})

21m21.72958714s ago: executing program 1 (id=921):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmsg$kcm(r1, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001a00)}, {0x0}, {&(0x7f0000001680)='\tO', 0x2}], 0x3}, 0x0)

21m21.515128983s ago: executing program 1 (id=923):
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x3000c12, &(0x7f00000003c0)={[{@dmode={'dmode', 0x3d, 0xae}}, {@utf8}, {@overriderock}, {@check_relaxed}, {}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}, {@cruft}, {@nocompress}, {@dmode}, {}, {@overriderock}, {@mode={'mode', 0x3d, 0x1000}}, {}, {@unhide}, {@map_off}]}, 0x1, 0xa2f, &(0x7f00000018c0)="$eJzs3c1vXFdfB/DvHduJH/chydOGUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9fHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPPXsiTee6a2sLt8pm/+Xozsv9sOPP7n/7vLy0gdt5xbFHmZ1yDT2keu12amFuamZK9dr1amFuerlixdHz9+4tlC9NjVdW7i1sFibqU7M164szs1XhyZeqY5dvnyhWhu5NXdz9vrkyHRtdeKlXx8fHb1YfWvkd2pX5hfmZs+/NbIwcWNqenpq9no9ppxdxlwqd8TfnlqsLtauzFSrd+8tL13YlFlPNu2/ZdBYt/Upg8a7BY2Pjo+PjY2Pj33W7D17bcLF1y+/fml0tHd0k2yJeEw7LYfLzzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28ul/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZp1qb9b0a82Kn9/41tXv+XEU/n7mDjkoKRvJf3s5w7GU7zioPBdqWu9kbQuAxhuMu7AQPNSxa+u1TJ8Jb3A/rX1rU1dinjGW77jkBLucVqDhcacT2PZxsAwH47s207vNb+927X/g9v//q/pc11SSEAHAZrPdg/6sDgzoMPeh0BgI200gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3dvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJf2PkuH2A5XsTc6Hf6AnyUHV/mYeealyGx+Wp87AxoEDPjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwL4qkp930SnI0yWiS8/uf1ePz4KAT2CvV3S1WPMzDfJRje50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/ytpPD7VmJTeSnI2ye0kv3vQOT6K/i7zH+5THofPH9TvW37/v5L0ZaVIb2Ozp+ibmJyfmyl3heJoOf/7L7/6orx1LPLT1YGtvSqUBZQ1bOhcollDy5S+jUv9or7UwOTSh/f/5P0/qk5ere+YVxevTU/OXJ//rfXAZ4uvG10gtHaDsJrvn539l79qmXykWfnX5Zq2t7nea/V6J7fW+yvtlu5Q7w7cW14aL2tarL29+Kd/WGmd9XROJy8NJUMba/r98tahptObn8+Nih+KvyiO5W9zu779y2ejWCnKTXS8vv4/u3tveWnkvfeX76zl9Om9j1oKOJHBJHc2HmVdchqsn0/aqu91lb6y1tF6UHl3skt522opcWz9ed2wDr+o7zIDj7QO1c7rUNfleW9mdGFzRivlQfLXf/xMzm27pY+2KfFclxrbKn4o/qu4kf/Mn7f0/1Ept//ZtD062xRRj2zZU1rnbTi8KmfX13y8dcY7m8vseFTyGHye38tvrm3/Ssv5v7mtOhw3a+ejN1smdjhuVg+tbY6Llhq3HBdN3Y6LrUfqPxzf0qKsqx9GJze1SM2zT6dlmnmebER1yPOX81rSe+qRziivdTmjdFt+t8f/3xVD+Z880P8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+BVJT7vpleRskhNJjpfj1WRlc8yDXdRXGSh2k+ae2U3OPz5FxxUtHuZhPsqx/c4IAAAAAAAAgMfj6uT3X371RXmrfx7fk1+rNOdUk94kJ4q/6ZuYnJ+b6VJQX3J79SP9/vYhHSbndnn38/Xxb8ux57rUd7CXDwDAj9r/BQAA//+CGm1g")
mount$overlay(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800), 0x4000000, &(0x7f0000000b00)={[{@verity_require}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off}, {@redirect_dir_follow}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}, {@default_permissions}, {@uuid_off}], [{@subj_type={'subj_type', 0x3d, '@'}}]})

21m21.309470286s ago: executing program 1 (id=925):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$random(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000500)={0x0})
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000900)=@ethtool_gstrings={0x1b, 0x8}})
close_range(r1, 0xffffffffffffffff, 0x0)

21m19.05847019s ago: executing program 1 (id=927):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x3000c12, &(0x7f00000003c0)={[{@dmode={'dmode', 0x3d, 0xae}}, {@utf8}, {@overriderock}, {@check_relaxed}, {}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}, {@cruft}, {@nocompress}, {@dmode}, {}, {@overriderock}, {@mode={'mode', 0x3d, 0x1000}}, {}, {@unhide}, {@map_off}]}, 0x1, 0xa2f, &(0x7f00000018c0)="$eJzs3c1vXFdfB/DvHduJH/chydOGUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9fHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPPXsiTee6a2sLt8pm/+Xozsv9sOPP7n/7vLy0gdt5xbFHmZ1yDT2keu12amFuamZK9dr1amFuerlixdHz9+4tlC9NjVdW7i1sFibqU7M164szs1XhyZeqY5dvnyhWhu5NXdz9vrkyHRtdeKlXx8fHb1YfWvkd2pX5hfmZs+/NbIwcWNqenpq9no9ppxdxlwqd8TfnlqsLtauzFSrd+8tL13YlFlPNu2/ZdBYt/Upg8a7BY2Pjo+PjY2Pj33W7D17bcLF1y+/fml0tHd0k2yJeEw7LYfLzzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28ul/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZp1qb9b0a82Kn9/41tXv+XEU/n7mDjkoKRvJf3s5w7GU7zioPBdqWu9kbQuAxhuMu7AQPNSxa+u1TJ8Jb3A/rX1rU1dinjGW77jkBLucVqDhcacT2PZxsAwH47s207vNb+927X/g9v//q/pc11SSEAHAZrPdg/6sDgzoMPeh0BgI200gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3dvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJf2PkuH2A5XsTc6Hf6AnyUHV/mYeealyGx+Wp87AxoEDPjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwL4qkp930SnI0yWiS8/uf1ePz4KAT2CvV3S1WPMzDfJRje50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/ytpPD7VmJTeSnI2ye0kv3vQOT6K/i7zH+5THofPH9TvW37/v5L0ZaVIb2Ozp+ibmJyfmyl3heJoOf/7L7/6orx1LPLT1YGtvSqUBZQ1bOhcollDy5S+jUv9or7UwOTSh/f/5P0/qk5ere+YVxevTU/OXJ//rfXAZ4uvG10gtHaDsJrvn539l79qmXykWfnX5Zq2t7nea/V6J7fW+yvtlu5Q7w7cW14aL2tarL29+Kd/WGmd9XROJy8NJUMba/r98tahptObn8+Nih+KvyiO5W9zu779y2ejWCnKTXS8vv4/u3tveWnkvfeX76zl9Om9j1oKOJHBJHc2HmVdchqsn0/aqu91lb6y1tF6UHl3skt522opcWz9ed2wDr+o7zIDj7QO1c7rUNfleW9mdGFzRivlQfLXf/xMzm27pY+2KfFclxrbKn4o/qu4kf/Mn7f0/1Ept//ZtD062xRRj2zZU1rnbTi8KmfX13y8dcY7m8vseFTyGHye38tvrm3/Ssv5v7mtOhw3a+ejN1smdjhuVg+tbY6Llhq3HBdN3Y6LrUfqPxzf0qKsqx9GJze1SM2zT6dlmnmebER1yPOX81rSe+qRziivdTmjdFt+t8f/3xVD+Z880P8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+BVJT7vpleRskhNJjpfj1WRlc8yDXdRXGSh2k+ae2U3OPz5FxxUtHuZhPsqx/c4IAAAAAAAAgMfj6uT3X371RXmrfx7fk1+rNOdUk94kJ4q/6ZuYnJ+b6VJQX3J79SP9/vYhHSbndnn38/Xxb8ux57rUd7CXDwDAj9r/BQAA//+CGm1g")
mount$overlay(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800), 0x4000000, &(0x7f0000000b00)={[{@verity_require}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off}, {@redirect_dir_follow}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}, {@default_permissions}, {@uuid_off}], [{@subj_type={'subj_type', 0x3d, '@'}}]})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

21m1.704288618s ago: executing program 32 (id=927):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x3000c12, &(0x7f00000003c0)={[{@dmode={'dmode', 0x3d, 0xae}}, {@utf8}, {@overriderock}, {@check_relaxed}, {}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}, {@cruft}, {@nocompress}, {@dmode}, {}, {@overriderock}, {@mode={'mode', 0x3d, 0x1000}}, {}, {@unhide}, {@map_off}]}, 0x1, 0xa2f, &(0x7f00000018c0)="$eJzs3c1vXFdfB/DvHduJH/chydOGUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9fHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPPXsiTee6a2sLt8pm/+Xozsv9sOPP7n/7vLy0gdt5xbFHmZ1yDT2keu12amFuamZK9dr1amFuerlixdHz9+4tlC9NjVdW7i1sFibqU7M164szs1XhyZeqY5dvnyhWhu5NXdz9vrkyHRtdeKlXx8fHb1YfWvkd2pX5hfmZs+/NbIwcWNqenpq9no9ppxdxlwqd8TfnlqsLtauzFSrd+8tL13YlFlPNu2/ZdBYt/Upg8a7BY2Pjo+PjY2Pj33W7D17bcLF1y+/fml0tHd0k2yJeEw7LYfLzzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28ul/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZp1qb9b0a82Kn9/41tXv+XEU/n7mDjkoKRvJf3s5w7GU7zioPBdqWu9kbQuAxhuMu7AQPNSxa+u1TJ8Jb3A/rX1rU1dinjGW77jkBLucVqDhcacT2PZxsAwH47s207vNb+927X/g9v//q/pc11SSEAHAZrPdg/6sDgzoMPeh0BgI200gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3dvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJf2PkuH2A5XsTc6Hf6AnyUHV/mYeealyGx+Wp87AxoEDPjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwL4qkp930SnI0yWiS8/uf1ePz4KAT2CvV3S1WPMzDfJRje50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/ytpPD7VmJTeSnI2ye0kv3vQOT6K/i7zH+5THofPH9TvW37/v5L0ZaVIb2Ozp+ibmJyfmyl3heJoOf/7L7/6orx1LPLT1YGtvSqUBZQ1bOhcollDy5S+jUv9or7UwOTSh/f/5P0/qk5ere+YVxevTU/OXJ//rfXAZ4uvG10gtHaDsJrvn539l79qmXykWfnX5Zq2t7nea/V6J7fW+yvtlu5Q7w7cW14aL2tarL29+Kd/WGmd9XROJy8NJUMba/r98tahptObn8+Nih+KvyiO5W9zu779y2ejWCnKTXS8vv4/u3tveWnkvfeX76zl9Om9j1oKOJHBJHc2HmVdchqsn0/aqu91lb6y1tF6UHl3skt522opcWz9ed2wDr+o7zIDj7QO1c7rUNfleW9mdGFzRivlQfLXf/xMzm27pY+2KfFclxrbKn4o/qu4kf/Mn7f0/1Ept//ZtD062xRRj2zZU1rnbTi8KmfX13y8dcY7m8vseFTyGHye38tvrm3/Ssv5v7mtOhw3a+ejN1smdjhuVg+tbY6Llhq3HBdN3Y6LrUfqPxzf0qKsqx9GJze1SM2zT6dlmnmebER1yPOX81rSe+qRziivdTmjdFt+t8f/3xVD+Z880P8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+BVJT7vpleRskhNJjpfj1WRlc8yDXdRXGSh2k+ae2U3OPz5FxxUtHuZhPsqx/c4IAAAAAAAAgMfj6uT3X371RXmrfx7fk1+rNOdUk94kJ4q/6ZuYnJ+b6VJQX3J79SP9/vYhHSbndnn38/Xxb8ux57rUd7CXDwDAj9r/BQAA//+CGm1g")
mount$overlay(0x0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800), 0x4000000, &(0x7f0000000b00)={[{@verity_require}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off}, {@redirect_dir_follow}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}, {@default_permissions}, {@uuid_off}], [{@subj_type={'subj_type', 0x3d, '@'}}]})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

11.927081186s ago: executing program 2 (id=3407):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

10.904083822s ago: executing program 4 (id=3409):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080dffffffeffffffffff080211000001"], 0x6f4}}, 0x0)

10.615870666s ago: executing program 4 (id=3410):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff038}, {0x28, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
syz_emit_ethernet(0xdc, &(0x7f0000000280)=ANY=[], 0x0)

10.492482798s ago: executing program 2 (id=3412):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x10003}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r7, 0xc03064ca, &(0x7f0000000ac0)={0x0, 0x0, 0x5, 0x0, 0x4})
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r6, 0x0)

10.109626214s ago: executing program 4 (id=3413):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a000090400000103010100092100080001220100090581"], 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})

9.967245966s ago: executing program 3 (id=3414):
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil)
shmat(r4, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
shmdt(0x0)
r5 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000884000/0x1000)=nil)
shmctl$IPC_INFO(r5, 0x3, &(0x7f0000000300)=""/251)
read$FUSE(r0, &(0x7f0000006280)={0x2020}, 0x2020)

8.758117535s ago: executing program 3 (id=3416):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="50020000", @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c8024000900f36aad4208000a156878badf10076800d5441e0f080009002bd49f3b0c00008008000a00697100002c000b8008000a"], 0x250}}, 0x4c000)
ioctl$PTP_SYS_OFFSET(r1, 0x43403d05, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x240)
syz_open_dev$evdev(0x0, 0xec, 0x220300)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020)

7.663406112s ago: executing program 3 (id=3417):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000100)='./file1\x00', 0x2008054, &(0x7f0000000140)=ANY=[], 0x0, 0xf43, &(0x7f0000002d80)="$eJzs3U9sHNX9APA367+JTbwGfj8ClDiF0kDaOsHJgd6CFLUSQohL76CQQFRD04YeQEQJPQWpBypED1Q9UMGtUnqoVFClClWq1D8cem0PFWovrapUioRUNVXiyvZ76/WLJ7ser2fX3s9H+vrtmzc73+94HWffevZtAIZWY+Xr8eP7ixDe+ejtk1+/ePMXy9vmWnscXPlaxF4zhDDW1i+y430aN9y49vqp5fZm1oawsHyv0TQenr7auu9UCOFSOBg+Ds0wd7j52eWRp8588O4nhy6ce/LFbTl5AAAYMld+v/jnR//+uy/PXr9y4ESYaG1Pz8+bsT8Vn/cfLcL1pVUr2xtxvH0+UGwwLxjP9huJ0cj2G8n2G41tI+vn+cay44yV7DfeId9I27b27XmdAAAAsJOkeW0zFI35df1GY35+dd6/7NOZ8WL+5bOLZ873qVAAAACgss8urlx0K3ZETA5ADUIIIYQQQggxDDE30f8aehtLM/1+BQIAAAAYNmndgdb6YLlL+coCW9M6WrO7/FefaGx8f+iBTj9/2/3zVve/P/k3l//9N/zGAQCgut36bDKdV3oePfXmnpV+vo7gSHa/zT7/b2THGd1knWXrCu6U9QbL6sy/r4OqrP7NPo79UlZ/vh7moCqrP1+nc1CV1T9Rcx1VldU/uUN+B5XVuKfmOqoqq39vzXVUVVb/VM11VFVW/3TNdVRVVv8dNddRVVn9+2quo6qy+nfKZbVl9TdrrqOqsvpna66jqrL676y5jqrK6r+r5jqqKqv/7prr6JcHYpu+Dwey8db8eYM53U6Z4wEAAMCw+4/1/0QPY24AahBCbDlGBqAGIYQQQoi6ojEANdQSF/v9AgQAAADQd+l9Aeld70tRGh/pMD7aYXzstuMjrfcBl91/osP4rf7dcQ8AAADYbX55+cy9bxVr7/Pf6np4k7FN6y9tdh2jfD3Czebf6rpnW82/U9YtAwAAYLgUX/v45uGT770ye/3KgRNts9+bcb6b1gEdja8NfBj76bqA6axfpDn0ifV5GiX75a8P3FF2vGe2eKIAAAAwxNL8vRmKxnzbvLsZGo35+bX5+P4wVpw5u3j6aOynz2f57cxkCGHx9GM11w0AAAB0b22+X+wJG8z/0+f47g/jxfzLZxfPnF/tT7e2jzXaXxeYWdu+8nrBY63jrd++ULL9WOynz+98cWbPyvb5U99afL7H5w4AAADD4vyrr33zucXF099xw42SGxc3da+DIfw3LrE4CMW7UfFGv38zAQAAvfbB397+w3ePTf9q9f3/a+vfpff/H4z9Zlzb749xh3SdQHofwC3v1392fZ6Zsv3Ord+vme03EmMiq3uy7Tjti+6l+82W5WuuP854Sb6pLN90e74N1ikYzfZP+fZl2/P1CdN+M9n2fB3G0SxHkeV/MNv/hwEAAADWHHnlpXNHzr/62lfOvvTcC6dfOP3ysaMLX114fGHh+MKRlev6j7Rf3Q8AAADsRGsX/fa7EgAAAAAAAAAAAAAAAAAAABhedXycWL/PEQAAAIbdvy6GEC4JIYQQQggh6on4CdQ9PGbR93MSYhjiLz3/t1t3LC3lnzQPAAAAsL1uXHv9VHt7i0tFT/O1jtZcbW7GvKn9zcM/fng50m5Xn1j/esnenlbDsKv75//2+Uf7nH8DQ57//Td6m38y3ej6919j/QFOVMv7xR/845H2/PeNdpk/P/9nquU/lOU/FLrLv/Relv/ZavkfyfLv7TL/Led/rlr+R2P+/ameh7rNv/7xn4htOo89XeY/nJ3/86Hb/Nn5N7tMmPlSzA8Aw6jR7wK2SXqWkJ5HT8V+Ot80s8mvftjs8/9GdpwNZkyVpOOm50H3xH56vjSd5U02W/9Udrw7KtaZ2ylXlZTV36vHcbuV1T9Wcx1VldU/XnMdVZXVP1FzHVWV1T9Zcx1VldXf7Ty038rq3ymvK5fVP1VzHVWV1T9dcx1VldW/2f/H+6Ws/n0111FVWf0zt7nPIP3fVlZ/xZfValdW/2zNdVRVVv+dNddRVVn9d9VcR1Vl9d9dcx39cn9sy+bDaf45E8dSv5n1Jzb4Xrb1l6JtOw8AAACg3D+t/yfE4MTYANQgNh+NAahB7NrYMwA17IRYbvpdw7DGt//U/xpqjmL1Rt/rEGJ7Y2mp/zWInoc/yQ+37X03MwCDyu//4ebxH24e/+Hm8ed20jX8RdZPRjqMj3YYH+swPp6N5z+vEx3G78qOm78R4e4O4//XYXxfh/F7Oozv7zB+b4fx+zqM399hHAAAgOHw/7E1PwQAAIDd68JPP/z+zw89e232+pUDJ8L4LevOH439ifi39cuxn697n4zFv/l/L/Z/Ettfx/av2f6uPwEAAIDtlz4nxt//AQAAYPdKn1Nq/g8AAAC712xszf8BAABg97oztub/AAAAsIsVkxtvjm16XeDB2Ha7rh8AMPg+F9sHYnsgtnOx/Xxs0/OAh2L7hZrqAwB650ffePPxt4q19f6PZeM34vbU3uLS6isFRWP9Sv57Yrs3tg93WU/+eQDd5k/2dZlnu/LPbDE/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7NFa+Hj++vwjhnY/ePjlz4eQLy9vmWnscXPlaxF4zhDDWul8aXev/LO5449rrp5bbm7Fdim0RFkIRitZ4ePpqK9NUCOFSOBg+Ds0wd7j52eWRp8588O4nhy6ce/LFbfwWAAAAwK73vwAAAP//LTxGDA==")
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e24, 0x1, 'wrr\x00', 0x1, 0x2, 0x6a}, 0x2c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0)
write$dsp(0xffffffffffffffff, &(0x7f0000002000), 0x0)
keyctl$setperm(0x5, 0x0, 0x1100100)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @dev={0xac, 0x14, 0x14, 0x3f}, 0x4e21, 0x3, 'wrr\x00', 0x4, 0xb, 0x77}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c000240000000000000001014000182090001006c6173740000000004000280140001800a0001006c696d697400000004000280140000001000010000000000000000000084000a"], 0x118}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'nr0\x00', 0x2000})
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000000)=@ethtool_cmd={0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0xdb, 0x4, 0x0, 0xfffff7fc, 0x4, 0x0, 0xff, 0x47, [0xfffffffc, 0x80]}})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'ip6gre0\x00'})
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r5, 0x40086e8b, &(0x7f0000000080)={@desc={0x200000, 0x0, @desc2}})

7.566748293s ago: executing program 0 (id=3418):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080dffffffeffffffffff080211000001"], 0x6f4}}, 0x0)

7.335722037s ago: executing program 0 (id=3419):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
prlimit64(0x0, 0x4, &(0x7f0000000040)={0x0, 0x3ff}, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, r3, 0x1, 0x0, @void}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000004e80)=ANY=[@ANYBLOB="6801000013000100feffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="062000000303000008000a00", @ANYRES32=0x0, @ANYBLOB="050027000000000008000500", @ANYRES32=0x0, @ANYBLOB="1400030062617461647630000000d84b0000000008000a00", @ANYRES32=0x0, @ANYRES16], 0x168}}, 0x0)

6.808736495s ago: executing program 2 (id=3420):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000004e80)=ANY=[@ANYBLOB="6801000013000100feffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="062000000303000008000a00", @ANYBLOB="050027000000000008000500", @ANYRES32=0x0, @ANYBLOB="1400030062617461647630000000d84b0000000008000a00", @ANYRES16], 0x168}}, 0x0)

6.529973409s ago: executing program 2 (id=3421):
prlimit64(0x0, 0x4, &(0x7f0000000040)={0x0, 0x3ff}, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2], [0x80ffff], [], [0x400000000000000]})
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)

6.52227558s ago: executing program 4 (id=3422):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x14, 0x30, 0xb}, 0x14}}, 0x10000000)

6.006477218s ago: executing program 4 (id=3423):
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x18041, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000005c0)={{{@in6=@ipv4={""/10, ""/2, @multicast2}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@empty}}}, &(0x7f0000000480)=0xffffffffffffffe6)
quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000400)=@nullb, r2, 0x0)
quotactl_fd$Q_GETNEXTQUOTA(r1, 0xffffffff80000901, r2, &(0x7f0000000380))
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
socket$kcm(0x29, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x3, 0x7ffc1ffb}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r5=>0x0})
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000300)={@loopback, @remote, @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040346, r5})

2.755358547s ago: executing program 4 (id=3424):
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000003c0)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@nossd}, {}, {@space_cache_v1}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000440)={0x2, 0x4, {0xffffffffffffffff, @struct={0xfffffffd}, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @struct={0x0, 0xce82}, 0x4000, 0x3, [0x0, 0x8, 0x1000000000]}, {0xfffffffffffffffe, @usage=0x9, 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x8, 0x58a, @struct={0x2, 0xf136}, 0x3, 0xa, [0x4, 0x1, 0x2, 0xfffffffffffffffc, 0x0, 0x1]}, {0x6, @struct={0x4, 0x8}, 0x0, 0x7, 0x807fc, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x4a, @struct={0x0, 0x6}, 0xffffffff, 0x4, [0x80000000, 0x800004, 0x0, 0x3ff, 0x80]}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4000044)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)

2.475494422s ago: executing program 2 (id=3425):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="50020000", @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c8024000900f36aad4208000a156878badf10076800d5441e0f080009002bd49f3b0c00008008000a00697100002c000b8008000a"], 0x250}}, 0x4c000)
ioctl$PTP_SYS_OFFSET(r1, 0x43403d05, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x240)
syz_open_dev$evdev(0x0, 0xec, 0x220300)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020)

2.450929892s ago: executing program 3 (id=3426):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
mmap$snddsp(&(0x7f00003c6000/0x1000)=nil, 0x1000, 0x2000004, 0x4010, 0xffffffffffffffff, 0x3000)
mbind(&(0x7f0000a45000/0x1000)=nil, 0x1000, 0x2, 0x0, 0x3, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r4, &(0x7f0000000580)='1\x00', 0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
write$sysctl(r4, &(0x7f0000000000)='2\x00', 0x2)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)

1.914940161s ago: executing program 0 (id=3427):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080dffffffeffffffffff080211000001"], 0x6f4}}, 0x0)

1.31156816s ago: executing program 2 (id=3428):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x10003}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, 0x0)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r7, 0xc03064ca, &(0x7f0000000ac0)={0x0, 0x0, 0x5, 0x0, 0x4})
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r6, 0x0)

1.31128495s ago: executing program 0 (id=3429):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000004e80)=ANY=[@ANYBLOB="6801000013000100feffffff0000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="050027000000000008000500", @ANYRES32=0x0, @ANYBLOB="1400030062617461647630000000d84b0000000008000a00", @ANYRES16], 0x168}}, 0x0)

984.968195ms ago: executing program 3 (id=3430):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x60042, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x483, 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r4, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0xa, r5, 0x0, r3})
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)

937.967836ms ago: executing program 0 (id=3431):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0x3)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x14, 0x30, 0xb}, 0x14}}, 0x10000000)

557.302562ms ago: executing program 0 (id=3432):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x10001}]}}]}, 0x38}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 3 (id=3433):
prlimit64(0x0, 0x4, &(0x7f0000000040)={0x0, 0x3ff}, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2], [0x80ffff], [], [0x400000000000000]})
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)

kernel console output (not intermixed with test programs):

:autofs_fill_super: called with bogus options
[ 1464.979101][T16156] loop3: detected capacity change from 0 to 1024
[ 1465.515659][T16163] autofs4:pid:16163:autofs_fill_super: called with bogus options
[ 1465.641321][T16162] loop0: detected capacity change from 0 to 128
[ 1466.406992][T16166] loop4: detected capacity change from 0 to 4096
[ 1466.943199][T16172] veth0: entered promiscuous mode
[ 1466.949027][T16172] veth0: left promiscuous mode
[ 1468.280589][T16176] loop4: detected capacity change from 0 to 40427
[ 1468.308089][T16176] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1468.316125][T16176] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1468.338411][T16176] F2FS-fs (loop4): invalid crc value
[ 1468.369119][T16176] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1468.551097][T16185] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2730'.
[ 1468.632038][T16176] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1468.639296][T16176] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1468.739886][   T28] audit: type=1800 audit(1751341144.334:714): pid=16175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2729" name="file1" dev="loop4" ino=10 res=0 errno=0
[ 1470.161847][   T11] hfsplus: b-tree write err: -5, ino 4
[ 1471.469059][T16212] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2740'.
[ 1472.290846][T16219] autofs4:pid:16219:autofs_fill_super: called with bogus options
[ 1473.607563][T16227] loop4: detected capacity change from 0 to 512
[ 1474.260480][T16230] loop3: detected capacity change from 0 to 1024
[ 1474.888774][T16227] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.2743: Parent and EA inode have the same ino 15
[ 1474.945511][T16227] EXT4-fs (loop4): Remounting filesystem read-only
[ 1475.112219][ T9172] usb 1-1: new full-speed USB device number 49 using dummy_hcd
[ 1475.324416][ T9172] usb 1-1: config 0 has an invalid interface number: 176 but max is 2
[ 1475.336805][ T9172] usb 1-1: config 0 has an invalid interface number: 36 but max is 2
[ 1475.354860][ T9172] usb 1-1: config 0 has no interface number 0
[ 1475.372003][ T9172] usb 1-1: config 0 has no interface number 1
[ 1475.378205][ T9172] usb 1-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1475.461323][ T9172] usb 1-1: config 0 interface 36 has no altsetting 0
[ 1475.469975][ T9172] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1475.489409][ T9172] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1475.512739][ T9172] usb 1-1: config 0 descriptor??
[ 1475.669996][T16227] EXT4-fs warning (device loop4): ext4_evict_inode:255: couldn't mark inode dirty (err -5)
[ 1475.694608][T16227] EXT4-fs (loop4): 1 orphan inode deleted
[ 1475.714638][T16227] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1475.747374][T16227] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1475.758726][ T9172] qcserial 1-1:0.2: Qualcomm USB modem converter detected
[ 1477.751475][T16260] autofs4:pid:16260:autofs_fill_super: called with bogus options
[ 1478.621442][ T9172] usb 1-1: USB disconnect, device number 49
[ 1478.640609][ T9172] qcserial 1-1:0.2: device disconnected
[ 1479.608713][T12587] hfsplus: b-tree write err: -5, ino 4
[ 1479.620084][T16276] loop0: detected capacity change from 0 to 1024
[ 1483.030335][T16297] autofs4:pid:16297:autofs_fill_super: called with bogus options
[ 1484.301840][ T9172] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[ 1484.504370][ T9172] usb 3-1: config 0 has an invalid interface number: 176 but max is 2
[ 1484.536747][ T9172] usb 3-1: config 0 has an invalid interface number: 36 but max is 2
[ 1484.560214][T16311] loop3: detected capacity change from 0 to 1024
[ 1484.566675][ T9172] usb 3-1: config 0 has no interface number 0
[ 1484.579724][ T9172] usb 3-1: config 0 has no interface number 1
[ 1484.605627][ T9172] usb 3-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1485.330607][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1485.417570][ T9172] usb 3-1: config 0 interface 36 has no altsetting 0
[ 1485.446708][ T9172] usb 3-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1485.502064][ T9172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1485.555687][ T9172] usb 3-1: config 0 descriptor??
[ 1485.808400][ T9172] qcserial 3-1:0.2: Qualcomm USB modem converter detected
[ 1487.563637][ T5832] usb 3-1: USB disconnect, device number 23
[ 1487.570910][ T5832] qcserial 3-1:0.2: device disconnected
[ 1487.925429][T16333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2771'.
[ 1487.934903][T16333] netlink: zone id is out of range
[ 1487.940256][T16333] netlink: set zone limit has 4 unknown bytes
[ 1488.134770][T16332] autofs4:pid:16332:autofs_fill_super: called with bogus options
[ 1490.494319][T16340] trusted_key: encrypted_key: insufficient parameters specified
[ 1492.059261][T16358] loop4: detected capacity change from 0 to 512
[ 1492.079229][T16358] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1494.551836][T16358] EXT4-fs (loop4): 1 truncate cleaned up
[ 1494.615924][T16358] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1494.714953][T14231] hfsplus: b-tree write err: -5, ino 4
[ 1495.195050][ T9371] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1495.266694][T16367] veth0: entered promiscuous mode
[ 1495.783039][T16364] veth0: left promiscuous mode
[ 1496.308903][T16375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2781'.
[ 1496.317962][T16375] netlink: zone id is out of range
[ 1496.323255][T16375] netlink: set zone limit has 4 unknown bytes
[ 1496.685922][T16382] loop2: detected capacity change from 0 to 128
[ 1496.733169][T16382] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[ 1497.028342][T16387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2785'.
[ 1497.802627][   T28] audit: type=1800 audit(1751341173.404:715): pid=16382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2784" name="file1" dev="loop2" ino=94 res=0 errno=0
[ 1497.834020][T16382] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[ 1498.366002][T16397] loop2: detected capacity change from 0 to 1024
[ 1499.072817][T16392] loop0: detected capacity change from 0 to 32768
[ 1499.243216][T16392] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1500.138147][T16392] XFS (loop0): Ending clean mount
[ 1500.357743][   T28] audit: type=1804 audit(1751341175.954:716): pid=16392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2786" name="/newroot/57/file1/file1" dev="loop0" ino=6150 res=1 errno=0
[ 1500.538215][   T28] audit: type=1800 audit(1751341175.954:717): pid=16392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file1" dev="loop0" ino=6150 res=0 errno=0
[ 1500.772333][   T28] audit: type=1800 audit(1751341176.074:718): pid=16415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16414" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1501.192175][   T28] audit: type=1800 audit(1751341176.104:719): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1501.213183][   T28] audit: type=1800 audit(1751341176.114:720): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1501.235038][   T28] audit: type=1800 audit(1751341176.114:721): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1501.256147][   T28] audit: type=1800 audit(1751341176.114:722): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1501.277240][   T28] audit: type=1800 audit(1751341176.124:723): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1501.298576][   T28] audit: type=1800 audit(1751341176.124:724): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1502.818127][   T28] kauditd_printk_skb: 214 callbacks suppressed
[ 1502.818142][   T28] audit: type=1800 audit(1751341178.414:939): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1502.841146][T16413] loop3: detected capacity change from 0 to 32768
[ 1502.903264][   T28] audit: type=1800 audit(1751341178.444:940): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1502.981644][T15154] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1502.983786][T16413] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 1503.001624][T16413] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 1503.015658][   T28] audit: type=1800 audit(1751341178.454:941): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.054441][T16413] syz.3.2790: attempt to access beyond end of device
[ 1503.054441][T16413] loop3: rw=12288, sector=6192449487651092, nr_sectors = 2 limit=32768
[ 1503.072646][   T28] audit: type=1800 audit(1751341178.454:942): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.094540][T16413] gfs2: fsid=syz:syz.0: can't lookup journal index: 0
[ 1503.187654][   T28] audit: type=1800 audit(1751341178.454:943): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.260699][   T28] audit: type=1800 audit(1751341178.454:944): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.282376][   T28] audit: type=1800 audit(1751341178.454:945): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.303748][   T28] audit: type=1800 audit(1751341178.464:946): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.353396][   T28] audit: type=1800 audit(1751341178.464:947): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.406469][T16429] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1503.446572][   T28] audit: type=1800 audit(1751341178.464:948): pid=16414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2786" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1503.505166][T15322] hfsplus: b-tree write err: -5, ino 4
[ 1503.979163][T16437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2795'.
[ 1504.803783][T16443] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2797'.
[ 1504.814106][T16443] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2797'.
[ 1505.931997][T16447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2793'.
[ 1505.942121][T16447] netlink: zone id is out of range
[ 1505.947343][T16447] netlink: set zone limit has 4 unknown bytes
[ 1507.856179][T16464] loop3: detected capacity change from 0 to 1024
[ 1508.978817][T16458] loop0: detected capacity change from 0 to 32768
[ 1509.050908][T16458] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.2800 (16458)
[ 1509.166258][T16458] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1509.173663][T16470] loop4: detected capacity change from 0 to 4096
[ 1509.208580][T16458] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 1509.255149][T16471] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1509.262076][T16458] BTRFS info (device loop0): using free space tree
[ 1509.471793][T16458] BTRFS info (device loop0): enabling ssd optimizations
[ 1509.478853][T16458] BTRFS info (device loop0): auto enabling async discard
[ 1510.108812][T15154] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1510.892328][T16499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2808'.
[ 1510.902078][T16499] netlink: zone id is out of range
[ 1510.907699][T16499] netlink: set zone limit has 4 unknown bytes
[ 1511.594258][T16470] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[ 1511.654676][T16470] Remounting filesystem read-only
[ 1511.943639][ T9371] NILFS (loop4): discard dirty page: offset=0, ino=6
[ 1511.950590][ T9371] NILFS (loop4): discard dirty block: blocknr=23, size=4096
[ 1512.350858][ T9371] NILFS (loop4): discard dirty page: offset=4096, ino=6
[ 1513.073845][ T9371] NILFS (loop4): discard dirty block: blocknr=24, size=4096
[ 1513.179540][ T9371] NILFS (loop4): discard dirty page: offset=8192, ino=6
[ 1513.385447][ T9371] NILFS (loop4): discard dirty block: blocknr=25, size=4096
[ 1513.616075][ T9779] hfsplus: b-tree write err: -5, ino 4
[ 1514.093234][T16525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2814'.
[ 1514.722152][T16526] loop4: detected capacity change from 0 to 512
[ 1515.337304][T16532] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2817'.
[ 1515.346594][T16532] netlink: zone id is out of range
[ 1515.351905][T16532] netlink: set zone limit has 4 unknown bytes
[ 1515.832685][T16526] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[ 1515.934581][T16526] UDF-fs: error (device loop4): udf_verify_fi: directory (ino 21) has entry past directory size at pos 128
[ 1516.267952][T16542] loop3: detected capacity change from 0 to 1024
[ 1518.142467][T16557] loop4: detected capacity change from 0 to 32768
[ 1518.150036][T16557] XFS: ikeep mount option is deprecated.
[ 1518.234117][T16557] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1518.321567][T16572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2828'.
[ 1518.331853][T16572] netlink: zone id is out of range
[ 1518.337108][T16572] netlink: set zone limit has 4 unknown bytes
[ 1518.845211][T16557] XFS (loop4): Ending clean mount
[ 1518.862813][T16557] XFS (loop4): Quotacheck needed: Please wait.
[ 1519.032700][ T1078] hfsplus: b-tree write err: -5, ino 4
[ 1519.080239][T16557] XFS (loop4): Quotacheck: Done.
[ 1520.630476][T16597] mmap: syz.0.2833 (16597) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1520.966373][T16601] netlink: 276 bytes leftover after parsing attributes in process `syz.2.2836'.
[ 1521.836333][T16601] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1522.350492][ T9371] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1522.424480][T16609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2838'.
[ 1522.433840][T16609] netlink: zone id is out of range
[ 1522.439045][T16609] netlink: set zone limit has 4 unknown bytes
[ 1524.733831][T16624] loop2: detected capacity change from 0 to 40427
[ 1524.795008][T16624] F2FS-fs (loop2): invalid crc value
[ 1524.855856][T16624] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1524.934852][T16624] F2FS-fs (loop2): Start checkpoint disabled!
[ 1524.954029][T16624] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[ 1526.492122][T16632] loop4: detected capacity change from 0 to 1024
[ 1526.892250][ T1126] kworker/u4:6: attempt to access beyond end of device
[ 1526.892250][ T1126] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1526.944532][ T1126] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[ 1527.306439][T16641] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2849'.
[ 1527.316073][T16641] netlink: zone id is out of range
[ 1527.321300][T16641] netlink: set zone limit has 4 unknown bytes
[ 1529.089530][T16655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2853'.
[ 1531.654328][ T2983] hfsplus: b-tree write err: -5, ino 4
[ 1533.000173][T16667] loop0: detected capacity change from 0 to 32768
[ 1533.025741][T16667] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.2857 (16667)
[ 1533.112086][T16682] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2860'.
[ 1533.121468][T16682] netlink: zone id is out of range
[ 1533.126831][T16682] netlink: set zone limit has 4 unknown bytes
[ 1533.667536][T16667] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1533.846986][T16667] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 1533.882005][T16667] BTRFS info (device loop0): using free space tree
[ 1533.888934][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[ 1533.933339][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1533.988137][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1534.015843][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1534.046571][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1534.303308][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1535.355811][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1535.392780][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1535.442206][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1535.462543][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1535.648681][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1535.706722][T16667] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1535.802738][T16667] BTRFS error (device loop0): open_ctree failed: -12
[ 1536.444741][ T6269] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by udevd (6269)
[ 1537.651283][T16727] loop4: detected capacity change from 0 to 1024
[ 1538.997074][T16738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2873'.
[ 1539.006747][T16738] netlink: zone id is out of range
[ 1539.012480][T16738] netlink: set zone limit has 4 unknown bytes
[ 1539.493098][T16742] loop2: detected capacity change from 0 to 512
[ 1539.595779][T16742] __quota_error: 15 callbacks suppressed
[ 1539.595800][T16742] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1539.643182][T16742] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1539.653980][T16742] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.2874: Failed to acquire dquot type 1
[ 1539.677022][T16742] EXT4-fs (loop2): 1 truncate cleaned up
[ 1539.691331][T16742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1539.704568][T16742] ext4 filesystem being mounted at /132/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1540.440709][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1542.080371][T16777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2883'.
[ 1542.090724][T16777] netlink: zone id is out of range
[ 1542.096309][T16777] netlink: set zone limit has 4 unknown bytes
[ 1542.772451][ T2983] hfsplus: b-tree write err: -5, ino 4
[ 1543.769043][T16788] loop4: detected capacity change from 0 to 512
[ 1544.093422][T16788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1544.106480][T16788] ext4 filesystem being mounted at /502/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1544.177519][ T9371] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1544.600333][T16781] loop0: detected capacity change from 0 to 32768
[ 1544.665894][T16781] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1544.940778][T16781] XFS (loop0): Ending clean mount
[ 1545.065212][   T28] audit: type=1804 audit(1751341220.664:964): pid=16781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2885" name="/newroot/81/file1/file1" dev="loop0" ino=6150 res=1 errno=0
[ 1545.140843][   T28] audit: type=1800 audit(1751341220.704:965): pid=16781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2885" name="file1" dev="loop0" ino=6150 res=0 errno=0
[ 1545.431799][   T28] audit: type=1800 audit(1751341221.024:966): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.016730][   T28] audit: type=1800 audit(1751341221.024:967): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.112166][   T28] audit: type=1800 audit(1751341221.024:968): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.154610][   T28] audit: type=1800 audit(1751341221.024:969): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.205297][   T28] audit: type=1800 audit(1751341221.024:970): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.246173][   T28] audit: type=1800 audit(1751341221.024:971): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.267659][   T28] audit: type=1800 audit(1751341221.024:972): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.297810][T16820] loop2: detected capacity change from 0 to 1024
[ 1546.340718][T16818] loop3: detected capacity change from 0 to 4096
[ 1546.387360][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.504336][   T28] audit: type=1800 audit(1751341221.024:973): pid=16807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="iou-wrk-16806" name="file0" dev="loop0" ino=6148 res=0 errno=0
[ 1546.643772][T16822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2893'.
[ 1546.653352][T16822] netlink: zone id is out of range
[ 1546.658572][T16822] netlink: set zone limit has 4 unknown bytes
[ 1548.764001][T15154] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1548.890855][T16834] syz.3.2896: attempt to access beyond end of device
[ 1548.890855][T16834] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1548.906096][T16834] (syz.3.2896,16834,0):ocfs2_get_sector:1772 ERROR: status = -5
[ 1548.917444][T16834] (syz.3.2896,16834,0):ocfs2_sb_probe:749 ERROR: status = -5
[ 1548.925252][T16834] (syz.3.2896,16834,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[ 1548.934416][T16834] (syz.3.2896,16834,0):ocfs2_fill_super:1178 ERROR: status = -5
[ 1549.645413][T12587] hfsplus: b-tree write err: -5, ino 4
[ 1550.024166][T16843] loop2: detected capacity change from 0 to 4096
[ 1550.049053][T16843] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1550.073602][T16843] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1550.261242][T16848] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1550.281005][ T5773] udevd[5773]: incorrect nilfs2 checksum on /dev/loop2
[ 1554.299494][T16872] loop2: detected capacity change from 0 to 512
[ 1554.373315][T16872] __quota_error: 238 callbacks suppressed
[ 1554.373334][T16872] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1554.553082][T16872] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1554.601476][T16881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2907'.
[ 1554.696236][T16872] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.2904: Failed to acquire dquot type 1
[ 1554.884202][T16872] EXT4-fs (loop2): 1 truncate cleaned up
[ 1554.974879][T16872] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1555.057694][T16882] loop0: detected capacity change from 0 to 1024
[ 1555.103974][T16872] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1555.428590][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1556.263272][   T28] audit: type=1326 audit(1751341231.864:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.304118][   T28] audit: type=1326 audit(1751341231.864:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.380751][   T28] audit: type=1326 audit(1751341231.884:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.404781][   T28] audit: type=1326 audit(1751341231.884:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.436656][   T28] audit: type=1326 audit(1751341231.884:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.468844][T16895] loop4: detected capacity change from 0 to 65
[ 1556.494244][T16895] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop4
[ 1556.507811][   T28] audit: type=1326 audit(1751341231.884:1217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.589352][   T28] audit: type=1326 audit(1751341231.884:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.672010][   T28] audit: type=1326 audit(1751341231.884:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16888 comm="syz.3.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1556.894241][T16901] veth0: entered promiscuous mode
[ 1557.385577][T16896] veth0: left promiscuous mode
[ 1557.664317][T16902] autofs4:pid:16902:autofs_fill_super: called with bogus options
[ 1558.238415][T16910] loop2: detected capacity change from 0 to 512
[ 1558.496893][T16910] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.2918: Failed to acquire dquot type 1
[ 1558.820817][T16910] EXT4-fs (loop2): 1 truncate cleaned up
[ 1558.848809][T16910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1558.941614][T16910] ext4 filesystem being mounted at /141/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1559.127011][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1559.134038][T16907] loop4: detected capacity change from 0 to 32768
[ 1559.148027][T16907] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.2917 (16907)
[ 1559.202417][T16907] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1559.256190][T16907] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1559.314575][T16907] BTRFS info (device loop4): enabling disk space caching
[ 1559.353081][T16907] BTRFS info (device loop4): doing ref verification
[ 1559.359817][T16907] BTRFS info (device loop4): use zlib compression, level 3
[ 1559.431977][T16907] BTRFS info (device loop4): force clearing of disk cache
[ 1559.551833][T16907] BTRFS info (device loop4): setting nodatacow, compression disabled
[ 1559.560054][T16907] BTRFS info (device loop4): doing ref verification
[ 1559.626246][T16907] BTRFS info (device loop4): disk space caching is enabled
[ 1559.822101][T16907] BTRFS info (device loop4): enabling ssd optimizations
[ 1559.829182][T16907] BTRFS info (device loop4): auto enabling async discard
[ 1559.942104][T16907] BTRFS info (device loop4): rebuilding free space tree
[ 1560.054820][T16907] BTRFS info (device loop4): disabling free space tree
[ 1560.094052][T16907] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1560.113712][ T3515] hfsplus: b-tree write err: -5, ino 4
[ 1560.124791][T16907] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1560.411711][   T28] kauditd_printk_skb: 16 callbacks suppressed
[ 1560.411729][   T28] audit: type=1326 audit(1751341235.994:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1560.440320][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1560.531015][   T28] audit: type=1326 audit(1751341235.994:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1560.623147][   T28] audit: type=1326 audit(1751341235.994:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1560.681243][   T28] audit: type=1326 audit(1751341235.994:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1560.741847][   T28] audit: type=1326 audit(1751341235.994:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1560.818774][ T3515] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[ 1560.846553][T16944] BTRFS info (device loop4): balance: start -d -m
[ 1560.883143][   T28] audit: type=1326 audit(1751341235.994:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1561.822221][   T28] audit: type=1326 audit(1751341235.994:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1561.925301][   T28] audit: type=1326 audit(1751341235.994:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1562.127045][   T28] audit: type=1326 audit(1751341235.994:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1562.150371][   T28] audit: type=1326 audit(1751341235.994:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16939 comm="syz.0.2922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1562.172878][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1562.287194][T16953] veth0: entered promiscuous mode
[ 1562.830965][T16950] veth0: left promiscuous mode
[ 1563.500877][T16958] autofs4:pid:16958:autofs_fill_super: called with bogus options
[ 1564.295621][T16944] BTRFS info (device loop4): relocating block group 6881280 flags data|metadata
[ 1564.739046][T16944] BTRFS info (device loop4): relocating block group 5242880 flags data|metadata
[ 1565.521482][T16944] BTRFS info (device loop4): balance: canceled
[ 1565.557567][T16965] loop2: detected capacity change from 0 to 4096
[ 1565.639044][T16968] loop0: detected capacity change from 0 to 1024
[ 1565.933656][   T28] kauditd_printk_skb: 12 callbacks suppressed
[ 1565.933672][   T28] audit: type=1326 audit(1751341241.524:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1565.970953][ T9371] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1566.079366][   T28] audit: type=1326 audit(1751341241.524:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1566.169476][   T28] audit: type=1326 audit(1751341241.534:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1566.192380][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1566.301817][   T28] audit: type=1326 audit(1751341241.534:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1566.324393][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1566.406065][   T28] audit: type=1326 audit(1751341241.534:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1566.491026][   T28] audit: type=1326 audit(1751341241.564:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1566.577569][T16976] veth0: entered promiscuous mode
[ 1566.911123][   T28] audit: type=1326 audit(1751341241.564:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1567.019244][T16973] veth0: left promiscuous mode
[ 1567.213137][   T28] audit: type=1326 audit(1751341241.584:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1567.342017][   T28] audit: type=1326 audit(1751341241.584:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1567.421861][   T28] audit: type=1326 audit(1751341241.584:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16969 comm="syz.3.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1567.768125][T16984] loop3: detected capacity change from 0 to 512
[ 1567.844755][T16972] loop2: detected capacity change from 0 to 32768
[ 1567.861166][ T9779] hfsplus: b-tree write err: -5, ino 4
[ 1567.901563][T16972] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1567.961789][T16972] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[ 1567.970640][T16972] BTRFS info (device loop2): using free space tree
[ 1568.285947][T16996] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1569.246805][T16972] BTRFS error (device loop2): open_ctree failed: -4
[ 1570.168980][T16984] loop3: detected capacity change from 0 to 40427
[ 1570.180165][T16984] F2FS-fs (loop3): Unrecognized mount option "nouid32" or missing value
[ 1570.293945][ T6269] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1570.550458][T17018] loop0: detected capacity change from 0 to 4096
[ 1571.202903][T17027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2942'.
[ 1571.212416][T17027] netlink: zone id is out of range
[ 1571.217636][T17027] netlink: set zone limit has 4 unknown bytes
[ 1571.268126][T17026] veth0: entered promiscuous mode
[ 1571.699606][T17021] veth0: left promiscuous mode
[ 1572.056851][T17033] loop4: detected capacity change from 0 to 1024
[ 1574.667703][ T2928] hfsplus: b-tree write err: -5, ino 4
[ 1574.686523][T17037] loop0: detected capacity change from 0 to 32768
[ 1574.695603][T17037] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.2947 (17037)
[ 1574.739199][T17037] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1574.782461][T17037] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 1574.808159][T17037] BTRFS info (device loop0): using free space tree
[ 1575.079419][T17069] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2954'.
[ 1575.088937][T17069] netlink: zone id is out of range
[ 1575.094293][T17069] netlink: set zone limit has 4 unknown bytes
[ 1575.787738][T17072] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.2953'.
[ 1576.498993][T17037] BTRFS error (device loop0): open_ctree failed: -4
[ 1576.587861][T17078] veth0: entered promiscuous mode
[ 1577.150928][T17074] veth0: left promiscuous mode
[ 1577.701433][T17080] loop3: detected capacity change from 0 to 4096
[ 1577.736414][T17080] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1577.784013][T17080] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1577.875824][T17088] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1577.892923][ T6269] udevd[6269]: incorrect nilfs2 checksum on /dev/loop3
[ 1579.804034][T17105] loop0: detected capacity change from 0 to 1024
[ 1580.385232][T17111] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2963'.
[ 1580.394898][T17111] netlink: zone id is out of range
[ 1580.400123][T17111] netlink: set zone limit has 4 unknown bytes
[ 1581.480024][   T11] hfsplus: b-tree write err: -5, ino 4
[ 1582.711991][T17140] veth0: entered promiscuous mode
[ 1583.214386][T17134] veth0: left promiscuous mode
[ 1583.581977][ T6291] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[ 1583.685224][T17148] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2970'.
[ 1583.881472][ T6291] usb 5-1: config 0 has an invalid interface number: 176 but max is 2
[ 1583.923026][ T6291] usb 5-1: config 0 has an invalid interface number: 36 but max is 2
[ 1584.010652][ T6291] usb 5-1: config 0 has no interface number 0
[ 1584.083405][ T6291] usb 5-1: config 0 has no interface number 1
[ 1584.156689][ T6291] usb 5-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1584.292928][ T6291] usb 5-1: config 0 interface 36 has no altsetting 0
[ 1584.336142][ T6291] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1584.364011][ T6291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1584.377375][T17150] loop0: detected capacity change from 0 to 4096
[ 1584.400081][T17150] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1584.458028][ T6291] usb 5-1: config 0 descriptor??
[ 1584.468558][T17150] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1584.567818][T17153] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1584.580132][ T6269] udevd[6269]: incorrect nilfs2 checksum on /dev/loop0
[ 1584.962783][ T6291] qcserial 5-1:0.2: Qualcomm USB modem converter detected
[ 1585.025839][T17158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2973'.
[ 1585.035206][T17158] netlink: zone id is out of range
[ 1585.040428][T17158] netlink: set zone limit has 4 unknown bytes
[ 1586.752416][T17170] loop0: detected capacity change from 0 to 1024
[ 1587.668614][ T6291] usb 5-1: USB disconnect, device number 25
[ 1587.675901][ T6291] qcserial 5-1:0.2: device disconnected
[ 1587.779798][T17180] loop2: detected capacity change from 0 to 512
[ 1587.899419][T17180] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[ 1588.141998][T17184] veth0: entered promiscuous mode
[ 1588.637552][T17181] veth0: left promiscuous mode
[ 1589.230948][T17192] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2981'.
[ 1591.003803][T17197] loop4: detected capacity change from 0 to 4096
[ 1591.197438][T17197] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1591.252753][T17204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2984'.
[ 1591.274633][T17204] netlink: zone id is out of range
[ 1591.280163][T17204] netlink: set zone limit has 4 unknown bytes
[ 1591.427769][T17197] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1591.818044][T17207] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1592.498081][T12587] hfsplus: b-tree write err: -5, ino 4
[ 1592.868165][T17216] loop2: detected capacity change from 0 to 512
[ 1592.907229][T12893] Bluetooth: Wrong link type (-22)
[ 1593.029004][T17216] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[ 1594.999494][T17211] loop3: detected capacity change from 0 to 32768
[ 1595.133572][T17211] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.2985 (17211)
[ 1595.241197][T17211] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1595.266001][T17211] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[ 1595.274871][T17211] BTRFS info (device loop3): using free space tree
[ 1595.513863][T17232] veth0: entered promiscuous mode
[ 1595.800508][T17223] veth0: left promiscuous mode
[ 1596.272264][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1596.273084][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1596.329762][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1596.361225][T17240] loop2: detected capacity change from 0 to 1024
[ 1596.472243][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1596.473061][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1596.544631][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1596.631599][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1596.726960][T17249] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2993'.
[ 1596.745858][T17249] netlink: zone id is out of range
[ 1596.751083][T17249] netlink: set zone limit has 4 unknown bytes
[ 1597.272575][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1597.273398][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1597.330529][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1597.422288][T17211] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1597.544664][T17211] BTRFS error (device loop3): open_ctree failed: -12
[ 1597.721567][T17259] netlink: 332 bytes leftover after parsing attributes in process `syz.4.2995'.
[ 1599.539853][ T6269] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by udevd (6269)
[ 1599.573292][T17270] loop0: detected capacity change from 0 to 512
[ 1599.656089][T17270] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[ 1600.622192][ T6291] usb 1-1: new full-speed USB device number 50 using dummy_hcd
[ 1601.014037][ T6291] usb 1-1: config 0 has an invalid interface number: 176 but max is 2
[ 1601.031969][ T6291] usb 1-1: config 0 has an invalid interface number: 36 but max is 2
[ 1601.107534][T17281] veth0: entered promiscuous mode
[ 1601.636977][T17278] veth0: left promiscuous mode
[ 1601.841360][ T6291] usb 1-1: config 0 has no interface number 0
[ 1601.854884][ T6291] usb 1-1: config 0 has no interface number 1
[ 1601.861483][ T6291] usb 1-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1601.904150][ T3515] hfsplus: b-tree write err: -5, ino 4
[ 1601.954553][ T6291] usb 1-1: config 0 interface 36 has no altsetting 0
[ 1601.961358][ T6291] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1602.205810][ T6291] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1602.243023][ T6291] usb 1-1: config 0 descriptor??
[ 1602.715924][ T6291] qcserial 1-1:0.2: Qualcomm USB modem converter detected
[ 1602.921337][T17295] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3005'.
[ 1605.422987][T13535] usb 1-1: USB disconnect, device number 50
[ 1605.439984][T13535] qcserial 1-1:0.2: device disconnected
[ 1605.562391][T13536] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1605.928276][T13536] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[ 1606.001797][T13536] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1606.061581][T13536] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1606.106205][T13536] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1606.134991][T13536] usb 3-1: config 0 descriptor??
[ 1606.141162][T17307] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1606.170478][T13536] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1606.448257][T17317] veth0: entered promiscuous mode
[ 1606.990894][T17313] veth0: left promiscuous mode
[ 1607.917619][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1608.052527][T17321] loop4: detected capacity change from 0 to 1024
[ 1608.220998][T17326] loop0: detected capacity change from 0 to 256
[ 1608.288759][T17326] FAT-fs (loop0): Directory bread(block 64) failed
[ 1608.332054][T17326] FAT-fs (loop0): Directory bread(block 65) failed
[ 1608.347988][T17326] FAT-fs (loop0): Directory bread(block 66) failed
[ 1608.362938][T17326] FAT-fs (loop0): Directory bread(block 67) failed
[ 1608.380283][T17326] FAT-fs (loop0): Directory bread(block 68) failed
[ 1608.397137][T17326] FAT-fs (loop0): Directory bread(block 69) failed
[ 1608.417488][T17326] FAT-fs (loop0): Directory bread(block 70) failed
[ 1608.437661][T17326] FAT-fs (loop0): Directory bread(block 71) failed
[ 1608.469103][T17326] FAT-fs (loop0): Directory bread(block 72) failed
[ 1608.486322][T17326] FAT-fs (loop0): Directory bread(block 73) failed
[ 1610.053956][  T785] usb 3-1: USB disconnect, device number 24
[ 1612.342172][ T1126] hfsplus: b-tree write err: -5, ino 4
[ 1612.391398][T17356] loop3: detected capacity change from 0 to 128
[ 1613.128813][T17358] kvm: kvm [17357]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0
[ 1613.142261][T17358] kvm: kvm [17357]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0
[ 1613.156599][T17358] kvm: kvm [17357]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x20
[ 1613.171906][T17358] kvm: kvm [17357]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0x20
[ 1616.044056][T17395] loop2: detected capacity change from 0 to 1024
[ 1616.466274][T17397] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3031'.
[ 1616.483908][T17397] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1620.922235][ T1126] hfsplus: b-tree write err: -5, ino 4
[ 1620.998975][T17427] serio: Serial port ptm0
[ 1621.774388][T17444] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3042'.
[ 1621.783649][T17444] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1622.151305][T17448] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3043'.
[ 1622.161990][T17448] netlink: 'syz.2.3043': attribute type 9 has an invalid length.
[ 1622.169786][T17448] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3043'.
[ 1625.863219][T17468] loop2: detected capacity change from 0 to 1024
[ 1626.743336][T17470] loop3: detected capacity change from 0 to 8192
[ 1627.861743][T17483] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3053'.
[ 1627.870892][T17483] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1628.472042][T17486] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3054'.
[ 1628.481577][T17486] netlink: 'syz.4.3054': attribute type 9 has an invalid length.
[ 1628.489595][T17486] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3054'.
[ 1630.305549][ T2983] hfsplus: b-tree write err: -5, ino 4
[ 1633.181763][T17522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3062'.
[ 1633.199169][T17522] netlink: zone id is out of range
[ 1633.206972][T17522] netlink: set zone limit has 4 unknown bytes
[ 1633.657121][T17526] loop2: detected capacity change from 0 to 512
[ 1633.745192][T17526] __quota_error: 12 callbacks suppressed
[ 1633.745211][T17526] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1633.835536][T17536] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3066'.
[ 1633.845100][T17536] netlink: 'syz.4.3066': attribute type 9 has an invalid length.
[ 1633.852988][T17536] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3066'.
[ 1633.864026][T17526] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1634.004235][T17526] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.3064: Failed to acquire dquot type 1
[ 1634.176083][T17526] EXT4-fs (loop2): 1 truncate cleaned up
[ 1634.260210][T17526] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1634.354923][T17530] loop3: detected capacity change from 0 to 4096
[ 1634.418842][T17526] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1634.524494][T17530] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1634.634097][T17530] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1634.803318][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1634.874366][ T5773] udevd[5773]: incorrect nilfs2 checksum on /dev/loop3
[ 1634.989259][T17539] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1635.300480][T17542] loop2: detected capacity change from 0 to 1024
[ 1637.440614][T17561] netlink: 276 bytes leftover after parsing attributes in process `syz.3.3072'.
[ 1637.475315][T17561] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1637.839106][ T5845] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 1638.134238][T17566] ksmbd: Unknown IPC event: 6, ignore.
[ 1639.049633][ T5845] usb 1-1: Using ep0 maxpacket: 16
[ 1639.078975][ T5845] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1639.087154][ T5845] usb 1-1: config 0 has no interface number 0
[ 1639.152251][T17570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3074'.
[ 1639.163039][T17570] netlink: zone id is out of range
[ 1639.168361][T17570] netlink: set zone limit has 4 unknown bytes
[ 1639.473923][T17569] loop4: detected capacity change from 0 to 512
[ 1639.576096][T17569] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1639.622063][T17569] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[ 1639.659025][T17569] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3076: Failed to acquire dquot type 1
[ 1639.705253][T17569] EXT4-fs (loop4): 1 truncate cleaned up
[ 1639.723103][T17569] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1639.743214][ T5845] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1639.753018][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1639.761106][ T5845] usb 1-1: Product: syz
[ 1639.765581][T17569] ext4 filesystem being mounted at /549/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1639.791733][ T5845] usb 1-1: Manufacturer: syz
[ 1639.796414][ T5845] usb 1-1: SerialNumber: syz
[ 1639.818817][ T5845] usb 1-1: config 0 descriptor??
[ 1639.849754][ T5845] usb 1-1: can't set config #0, error -71
[ 1639.872480][T15795] hfsplus: b-tree write err: -5, ino 4
[ 1639.880042][ T5845] usb 1-1: USB disconnect, device number 51
[ 1639.989059][T17578] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3077'.
[ 1639.998505][T17578] netlink: 'syz.3.3077': attribute type 9 has an invalid length.
[ 1640.006486][T17578] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3077'.
[ 1640.468499][ T9371] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1641.514235][T17584] loop4: detected capacity change from 0 to 4096
[ 1641.575953][T17584] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1641.813852][T17584] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1641.853684][T17591] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1643.333747][T17599] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3082'.
[ 1643.343128][T17599] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1644.012197][T17610] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1644.560663][T17613] loop2: detected capacity change from 0 to 2048
[ 1644.638930][T17613] Alternate GPT is invalid, using primary GPT.
[ 1644.645813][T17613]  loop2: p1 p2 p3
[ 1644.919998][T17617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3085'.
[ 1644.929297][T17617] netlink: zone id is out of range
[ 1644.934604][T17617] netlink: set zone limit has 4 unknown bytes
[ 1645.766664][T17621] loop4: detected capacity change from 0 to 1024
[ 1645.817342][T17613] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2520)
[ 1645.826851][T17613] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[ 1646.130336][T17627] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3089'.
[ 1646.140201][T17627] netlink: 'syz.3.3089': attribute type 9 has an invalid length.
[ 1646.148183][T17627] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3089'.
[ 1647.049006][ T6106] udevd[6106]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[ 1647.085477][ T5773] udevd[5773]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[ 1647.103292][ T5895] udevd[5895]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[ 1648.195017][T17624] loop0: detected capacity change from 0 to 32768
[ 1648.817391][   T11] hfsplus: b-tree write err: -5, ino 4
[ 1650.691811][T17656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3096'.
[ 1651.040874][T17659] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3097'.
[ 1651.050604][T17656] netlink: zone id is out of range
[ 1651.055958][T17656] netlink: set zone limit has 4 unknown bytes
[ 1651.286802][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805daa8c00: rx timeout, send abort
[ 1651.297510][T17661] netlink: set zone limit has 8 unknown bytes
[ 1651.789169][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805daa8000: rx timeout, send abort
[ 1651.797820][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805daa8c00: abort rx timeout. Force session deactivation
[ 1652.297602][    C1] vcan0 (unregistering): j1939_tp_rxtimer: 0xffff88805daa8000: abort rx timeout. Force session deactivation
[ 1652.372222][T17662] loop3: detected capacity change from 0 to 4096
[ 1652.394430][T17662] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1652.559896][T17662] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1652.575394][ T6269] udevd[6269]: incorrect nilfs2 checksum on /dev/loop3
[ 1652.991323][T17667] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1653.067369][T17671] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1653.410159][ T9779] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1653.754892][T17676] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3100'.
[ 1653.764399][T17676] netlink: 'syz.2.3100': attribute type 9 has an invalid length.
[ 1653.772650][T17676] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3100'.
[ 1654.496559][T17681] loop2: detected capacity change from 0 to 1024
[ 1654.893646][T17685] netlink: 276 bytes leftover after parsing attributes in process `syz.3.3101'.
[ 1654.903078][T17685] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1655.257022][T12893] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1656.963387][T17704] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1657.857047][T17707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3107'.
[ 1657.866619][T17707] netlink: zone id is out of range
[ 1657.871890][T17707] netlink: set zone limit has 4 unknown bytes
[ 1658.469703][T17713] loop0: detected capacity change from 0 to 256
[ 1658.586527][T17713] FAT-fs (loop0): Directory bread(block 64) failed
[ 1658.602132][T17713] FAT-fs (loop0): Directory bread(block 65) failed
[ 1658.608865][T17713] FAT-fs (loop0): Directory bread(block 66) failed
[ 1658.624082][T15322] hfsplus: b-tree write err: -5, ino 4
[ 1658.634091][T17713] FAT-fs (loop0): Directory bread(block 67) failed
[ 1658.640811][T17713] FAT-fs (loop0): Directory bread(block 68) failed
[ 1658.711894][T17713] FAT-fs (loop0): Directory bread(block 69) failed
[ 1658.719553][T17713] FAT-fs (loop0): Directory bread(block 70) failed
[ 1658.742143][T17713] FAT-fs (loop0): Directory bread(block 71) failed
[ 1658.746391][T17715] loop4: detected capacity change from 0 to 4096
[ 1658.748865][T17713] FAT-fs (loop0): Directory bread(block 72) failed
[ 1658.796925][T17715] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1658.812039][T17713] FAT-fs (loop0): Directory bread(block 73) failed
[ 1658.861483][T17718] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3111'.
[ 1658.871283][T17718] netlink: 'syz.2.3111': attribute type 9 has an invalid length.
[ 1658.879278][T17718] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3111'.
[ 1658.983443][T17715] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1659.418515][T17719] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1661.053193][T17711] loop3: detected capacity change from 0 to 32768
[ 1661.837143][T17737] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1661.844865][T17737] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1
[ 1661.844865][T17737] 
[ 1662.329337][T17743] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.3116'.
[ 1663.294939][T17749] loop2: detected capacity change from 0 to 1024
[ 1663.690709][T17757] loop0: detected capacity change from 0 to 256
[ 1663.826125][T17757] FAT-fs (loop0): Directory bread(block 64) failed
[ 1663.864279][T17757] FAT-fs (loop0): Directory bread(block 65) failed
[ 1663.893981][T17757] FAT-fs (loop0): Directory bread(block 66) failed
[ 1663.920562][T17757] FAT-fs (loop0): Directory bread(block 67) failed
[ 1663.930671][T17757] FAT-fs (loop0): Directory bread(block 68) failed
[ 1663.961978][T17757] FAT-fs (loop0): Directory bread(block 69) failed
[ 1663.968765][T17757] FAT-fs (loop0): Directory bread(block 70) failed
[ 1664.086950][T17757] FAT-fs (loop0): Directory bread(block 71) failed
[ 1664.104034][T17757] FAT-fs (loop0): Directory bread(block 72) failed
[ 1664.133771][T17757] FAT-fs (loop0): Directory bread(block 73) failed
[ 1664.897181][T17764] loop0: detected capacity change from 0 to 4096
[ 1664.994553][T17768] netlink: 276 bytes leftover after parsing attributes in process `syz.3.3123'.
[ 1665.003919][T17768] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1665.078895][T17764] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1665.253719][T17764] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1665.629443][T15835] hfsplus: b-tree write err: -5, ino 4
[ 1665.654180][T17769] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1668.581848][T13535] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1668.944528][T13535] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[ 1668.962025][T13535] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1668.981894][T13535] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1669.261502][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.666446][T13535] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1669.692047][T17795] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3129'.
[ 1669.702665][T17795] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1669.838567][T13535] usb 4-1: config 0 descriptor??
[ 1669.866981][T17783] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1669.899525][T13535] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1670.239437][T17803] loop4: detected capacity change from 0 to 1024
[ 1670.841251][T17806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1670.882322][T17806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1671.821176][T17808] loop0: detected capacity change from 0 to 32768
[ 1671.871149][T17808] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1671.954787][T13535] usb 4-1: USB disconnect, device number 23
[ 1672.147520][T17808] XFS (loop0): Ending clean mount
[ 1672.390188][   T28] audit: type=1804 audit(1751341347.984:1278): pid=17825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3133" name="/newroot/141/file1/file1" dev="loop0" ino=6150 res=1 errno=0
[ 1672.791787][   T28] audit: type=1800 audit(1751341348.034:1279): pid=17825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3133" name="file1" dev="loop0" ino=6150 res=0 errno=0
[ 1672.873094][T17823] loop3: detected capacity change from 0 to 4096
[ 1672.914432][T17823] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1672.960733][T17823] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1672.970623][T15154] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[ 1673.057388][ T6269] udevd[6269]: incorrect nilfs2 checksum on /dev/loop3
[ 1673.072269][T17829] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1673.183316][ T2954] hfsplus: b-tree write err: -5, ino 4
[ 1673.588767][T17834] netlink: 304 bytes leftover after parsing attributes in process `syz.3.3139'.
[ 1673.716257][T17836] loop3: detected capacity change from 0 to 512
[ 1673.764808][T17836] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1673.783806][T17828] loop2: detected capacity change from 0 to 32768
[ 1673.783887][T17836] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[ 1673.800872][T17836] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.3140: Failed to acquire dquot type 1
[ 1673.829538][T17836] EXT4-fs (loop3): 1 truncate cleaned up
[ 1673.877632][T17836] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1673.911365][T17828] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[ 1673.932134][T17836] ext4 filesystem being mounted at /183/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1673.943335][T17828] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[ 1674.050711][T14880] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1675.076083][T17832] loop4: detected capacity change from 0 to 40427
[ 1675.141071][T17832] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1675.161696][T17832] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1675.224228][T17832] F2FS-fs (loop4): invalid crc value
[ 1675.249907][T17832] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1675.361708][  T785] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[ 1675.540016][T17832] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1675.556212][T17832] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1676.212289][  T785] usb 3-1: config 0 has an invalid interface number: 22 but max is 0
[ 1676.275564][  T785] usb 3-1: config 0 has no interface number 0
[ 1676.283654][  T785] usb 3-1: config 0 interface 22 has no altsetting 0
[ 1676.420381][  T785] usb 3-1: string descriptor 0 read error: -71
[ 1676.435329][ T9371] syz-executor: attempt to access beyond end of device
[ 1676.435329][ T9371] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[ 1676.450059][  T785] usb 3-1: New USB device found, idVendor=06cd, idProduct=0101, bcdDevice=49.9e
[ 1676.463372][  T785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1676.471848][ T9371] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[ 1676.498025][  T785] usb 3-1: config 0 descriptor??
[ 1676.508440][  T785] usb 3-1: can't set config #0, error -71
[ 1676.523596][  T785] usb 3-1: USB disconnect, device number 25
[ 1676.548047][T14526] ocfs2: Unmounting device (7,2) on (node local)
[ 1677.971933][T17873] loop3: detected capacity change from 0 to 1024
[ 1678.313402][T17876] loop2: detected capacity change from 0 to 512
[ 1678.498487][T17881] netlink: 304 bytes leftover after parsing attributes in process `syz.0.3148'.
[ 1678.790203][T17886] netlink: 276 bytes leftover after parsing attributes in process `syz.4.3149'.
[ 1678.972320][T17886] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1679.523718][T17876] EXT4-fs (loop2): Test dummy encryption mode enabled
[ 1679.557980][T17876] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[ 1679.580584][T17876] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[ 1679.592797][T17876] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1679.641341][T17876] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[ 1679.797766][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1680.235411][T17902] loop2: detected capacity change from 0 to 8
[ 1683.962178][ T1126] hfsplus: b-tree write err: -5, ino 4
[ 1684.758841][T17926] netlink: 276 bytes leftover after parsing attributes in process `syz.4.3159'.
[ 1684.769130][T17926] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1686.500040][T17938] loop0: detected capacity change from 0 to 4096
[ 1686.520638][T17938] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1686.600345][T17938] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1686.720191][T17940] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1687.725092][T17944] loop3: detected capacity change from 0 to 1024
[ 1687.988948][T17934] loop4: detected capacity change from 0 to 32768
[ 1688.064956][T17934] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.3163 (17934)
[ 1688.118126][T17934] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1688.161141][T17934] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1688.197089][T17934] BTRFS info (device loop4): enabling auto defrag
[ 1688.212389][T17934] BTRFS info (device loop4): doing ref verification
[ 1688.229851][T17934] BTRFS info (device loop4): use no compression
[ 1688.256574][T17934] BTRFS info (device loop4): force clearing of disk cache
[ 1688.289794][T17934] BTRFS info (device loop4): setting nodatacow, compression disabled
[ 1688.344303][T17934] BTRFS info (device loop4): disabling free space tree
[ 1688.493586][T17934] BTRFS info (device loop4): enabling ssd optimizations
[ 1688.508127][T17934] BTRFS info (device loop4): auto enabling async discard
[ 1688.532054][T17934] BTRFS info (device loop4): rebuilding free space tree
[ 1688.582218][T17934] BTRFS info (device loop4): disabling free space tree
[ 1688.595686][T17934] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1688.617595][T17934] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1688.961523][ T9371] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1690.371672][T17980] loop4: detected capacity change from 0 to 8
[ 1691.288936][T15835] hfsplus: b-tree write err: -5, ino 4
[ 1691.528229][T17984] loop3: detected capacity change from 0 to 512
[ 1691.572800][T17984] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1691.613031][T17984] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[ 1691.642135][T17984] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.3171: Failed to acquire dquot type 1
[ 1691.653306][T17988] loop0: detected capacity change from 0 to 2048
[ 1691.698922][T17988] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1691.716747][T17984] EXT4-fs (loop3): 1 truncate cleaned up
[ 1691.728659][T17984] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1691.757504][T17984] ext4 filesystem being mounted at /192/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1691.971964][T14880] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1693.261427][T18002] loop2: detected capacity change from 0 to 256
[ 1693.337484][T18002] FAT-fs (loop2): Directory bread(block 64) failed
[ 1693.357339][T18002] FAT-fs (loop2): Directory bread(block 65) failed
[ 1693.380708][T18002] FAT-fs (loop2): Directory bread(block 66) failed
[ 1693.394715][T18002] FAT-fs (loop2): Directory bread(block 67) failed
[ 1693.415959][T18002] FAT-fs (loop2): Directory bread(block 68) failed
[ 1693.429938][T18002] FAT-fs (loop2): Directory bread(block 69) failed
[ 1693.439924][T18009] loop3: detected capacity change from 0 to 1024
[ 1693.450428][T18002] FAT-fs (loop2): Directory bread(block 70) failed
[ 1693.468642][T18002] FAT-fs (loop2): Directory bread(block 71) failed
[ 1693.487419][T18002] FAT-fs (loop2): Directory bread(block 72) failed
[ 1693.508537][T18002] FAT-fs (loop2): Directory bread(block 73) failed
[ 1693.938463][T18013] loop0: detected capacity change from 0 to 8
[ 1693.968070][ T6291] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1694.272209][ T6291] usb 5-1: Using ep0 maxpacket: 32
[ 1694.544266][ T6291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1694.604833][ T6291] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1694.656550][ T6291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1694.686355][ T6291] usb 5-1: config 0 descriptor??
[ 1694.710687][ T6291] hub 5-1:0.0: USB hub found
[ 1694.737024][T18015] loop2: detected capacity change from 0 to 4096
[ 1694.746373][T18017] netlink: 284 bytes leftover after parsing attributes in process `syz.0.3182'.
[ 1694.775028][T18015] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1694.777080][T18017] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1694.806658][T18015] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1694.887775][T18018] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1695.134540][ T6291] hub 5-1:0.0: 1 port detected
[ 1696.904674][ T6291] hub 5-1:0.0: hub_ext_port_status failed (err = 0)
[ 1697.242225][T13535] usb 5-1: USB disconnect, device number 26
[ 1697.421805][ T5845] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[ 1697.623684][ T5845] usb 1-1: config 0 has an invalid interface number: 176 but max is 2
[ 1697.643790][ T5845] usb 1-1: config 0 has an invalid interface number: 36 but max is 2
[ 1697.671659][ T5845] usb 1-1: config 0 has no interface number 0
[ 1697.678019][ T5845] usb 1-1: config 0 has no interface number 1
[ 1697.692361][ T5845] usb 1-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1697.721002][ T5845] usb 1-1: config 0 interface 36 has no altsetting 0
[ 1697.732309][ T5845] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1697.751746][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1697.773269][ T5845] usb 1-1: config 0 descriptor??
[ 1697.820516][ T1126] hfsplus: b-tree write err: -5, ino 4
[ 1698.410428][T15873] Bluetooth: Wrong link type (-22)
[ 1699.259773][T18049] loop3: detected capacity change from 0 to 256
[ 1699.349470][T18049] FAT-fs (loop3): Directory bread(block 64) failed
[ 1699.428836][ T5845] qcserial 1-1:0.2: Qualcomm USB modem converter detected
[ 1699.447732][ T5845] usb 1-1: USB disconnect, device number 52
[ 1699.455808][ T5845] qcserial 1-1:0.2: device disconnected
[ 1699.471362][T18049] FAT-fs (loop3): Directory bread(block 65) failed
[ 1699.478785][T18049] FAT-fs (loop3): Directory bread(block 66) failed
[ 1699.487356][T18049] FAT-fs (loop3): Directory bread(block 67) failed
[ 1699.494585][T18049] FAT-fs (loop3): Directory bread(block 68) failed
[ 1699.501398][T18049] FAT-fs (loop3): Directory bread(block 69) failed
[ 1699.510448][T18049] FAT-fs (loop3): Directory bread(block 70) failed
[ 1699.531732][T18049] FAT-fs (loop3): Directory bread(block 71) failed
[ 1699.565823][T18049] FAT-fs (loop3): Directory bread(block 72) failed
[ 1699.623053][T18049] FAT-fs (loop3): Directory bread(block 73) failed
[ 1699.959514][T18064] loop0: detected capacity change from 0 to 1764
[ 1702.629661][T18064] iso9660: Corrupted directory entry in block 2 of inode 1920
[ 1702.637362][T18067] iso9660: Corrupted directory entry in block 2 of inode 1920
[ 1702.645909][T18065] iso9660: Corrupted directory entry in block 2 of inode 1920
[ 1702.653591][T18065] overlayfs: failed to resolve './file1': -2
[ 1702.851255][T18070] loop2: detected capacity change from 0 to 1024
[ 1703.658171][T12893] Bluetooth: Wrong link type (-22)
[ 1705.845215][T18072] loop3: detected capacity change from 0 to 32768
[ 1706.422802][T18096] mkiss: ax0: crc mode is auto.
[ 1709.225292][T13535] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[ 1709.594965][T13535] usb 5-1: config 0 has an invalid interface number: 176 but max is 2
[ 1709.872803][T13535] usb 5-1: config 0 has an invalid interface number: 36 but max is 2
[ 1709.905267][T13535] usb 5-1: config 0 has no interface number 0
[ 1709.928017][T13535] usb 5-1: config 0 has no interface number 1
[ 1709.989082][T13535] usb 5-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1710.142345][T13535] usb 5-1: config 0 interface 36 has no altsetting 0
[ 1710.149149][T13535] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1710.158457][T13535] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1710.169126][T13535] usb 5-1: config 0 descriptor??
[ 1710.354801][T15835] hfsplus: b-tree write err: -5, ino 4
[ 1710.843319][T18117] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3208'.
[ 1710.852512][T18117] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1711.053889][T13535] qcserial 5-1:0.2: Qualcomm USB modem converter detected
[ 1711.115174][ T5845] usb 5-1: USB disconnect, device number 27
[ 1711.149729][ T5845] qcserial 5-1:0.2: device disconnected
[ 1711.760793][T18129] mkiss: ax0: crc mode is auto.
[ 1712.686393][T18136] netlink: 284 bytes leftover after parsing attributes in process `syz.3.3215'.
[ 1712.766728][T18136] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1712.848195][T18139] loop4: detected capacity change from 0 to 1024
[ 1714.387929][T18148] loop3: detected capacity change from 0 to 256
[ 1714.678588][T18150] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3220'.
[ 1714.687887][T18150] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1714.749893][T18148] FAT-fs (loop3): Directory bread(block 64) failed
[ 1714.764270][T18148] FAT-fs (loop3): Directory bread(block 65) failed
[ 1714.771241][T18148] FAT-fs (loop3): Directory bread(block 66) failed
[ 1714.785178][T18148] FAT-fs (loop3): Directory bread(block 67) failed
[ 1714.800706][T18148] FAT-fs (loop3): Directory bread(block 68) failed
[ 1714.810736][T18148] FAT-fs (loop3): Directory bread(block 69) failed
[ 1714.835441][T18148] FAT-fs (loop3): Directory bread(block 70) failed
[ 1714.853928][T18148] FAT-fs (loop3): Directory bread(block 71) failed
[ 1714.866771][T18148] FAT-fs (loop3): Directory bread(block 72) failed
[ 1714.876097][T18148] FAT-fs (loop3): Directory bread(block 73) failed
[ 1715.686193][T18164] mkiss: ax0: crc mode is auto.
[ 1716.246457][T18166] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3225'.
[ 1716.255936][T18166] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1721.041401][ T2983] hfsplus: b-tree write err: -5, ino 4
[ 1721.344832][T18191] loop3: detected capacity change from 0 to 8
[ 1722.097436][T18189] loop4: detected capacity change from 0 to 40427
[ 1722.165417][T18197] netlink: 276 bytes leftover after parsing attributes in process `syz.2.3235'.
[ 1722.174677][T18197] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1722.268034][T18189] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1722.440688][T18189] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1722.677797][T18189] F2FS-fs (loop4): invalid crc value
[ 1722.754943][T18189] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1722.995661][T18203] mkiss: ax0: crc mode is auto.
[ 1724.054755][T18189] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1724.181925][T18189] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1726.312004][T18220] loop3: detected capacity change from 0 to 2048
[ 1726.602011][T18224] netlink: 276 bytes leftover after parsing attributes in process `syz.2.3243'.
[ 1726.612119][T18225] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1726.641818][T18224] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1727.310669][T18230] overlayfs: missing 'lowerdir'
[ 1728.727388][T18239] mkiss: ax0: crc mode is auto.
[ 1730.696262][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1732.768728][T12893] Bluetooth: Wrong link type (-22)
[ 1733.021353][T18260] netlink: 304 bytes leftover after parsing attributes in process `syz.0.3253'.
[ 1734.860422][T18273] loop3: detected capacity change from 0 to 40427
[ 1735.112780][T18273] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1735.182093][T18273] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1735.583827][T14880] syz-executor: attempt to access beyond end of device
[ 1735.583827][T14880] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1735.753863][T14880] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1735.888911][T18284] mkiss: ax0: crc mode is auto.
[ 1736.990721][T12893] Bluetooth: Wrong link type (-22)
[ 1737.855249][T18299] netlink: 304 bytes leftover after parsing attributes in process `syz.4.3264'.
[ 1739.085058][T18308] loop0: detected capacity change from 0 to 4096
[ 1739.106069][T18308] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1739.181982][T18308] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1739.233660][T18312] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1739.573358][T18316] mkiss: ax0: crc mode is auto.
[ 1741.701286][T18331] loop2: detected capacity change from 0 to 512
[ 1742.170142][T18331] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1742.195053][T18331] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1742.267875][T18331] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.3271: Failed to acquire dquot type 1
[ 1742.337226][T18331] EXT4-fs (loop2): 1 truncate cleaned up
[ 1742.344558][T18331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1742.357384][T18331] ext4 filesystem being mounted at /231/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1742.496694][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1742.791797][ T5811] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[ 1743.955004][ T5811] usb 5-1: config 0 has an invalid interface number: 176 but max is 2
[ 1744.036495][ T5811] usb 5-1: config 0 has an invalid interface number: 36 but max is 2
[ 1744.066989][ T5811] usb 5-1: config 0 has no interface number 0
[ 1744.091800][ T5811] usb 5-1: config 0 has no interface number 1
[ 1744.116917][ T5811] usb 5-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1744.281717][ T5811] usb 5-1: config 0 interface 36 has no altsetting 0
[ 1744.343265][T18357] mkiss: ax0: crc mode is auto.
[ 1745.080408][ T5811] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1745.089652][ T5811] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1745.110909][ T5811] usb 5-1: config 0 descriptor??
[ 1745.714213][ T5811] usb 5-1: Could not set interface, error -71
[ 1745.729725][ T5811] usb 5-1: USB disconnect, device number 28
[ 1746.237434][T18374] loop3: detected capacity change from 0 to 4096
[ 1746.270129][T18374] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1746.298512][T18374] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1746.310465][T18376] loop2: detected capacity change from 0 to 512
[ 1746.356490][T18379] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1746.373545][T18376] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[ 1746.394331][T18376] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1746.411921][T18376] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.3284: Failed to acquire dquot type 1
[ 1746.489834][T18376] EXT4-fs (loop2): 1 truncate cleaned up
[ 1746.516083][T18376] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1746.600049][T18376] ext4 filesystem being mounted at /237/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1746.969399][T14526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1748.767856][T12893] Bluetooth: Wrong link type (-22)
[ 1748.780754][T18401] netlink: 276 bytes leftover after parsing attributes in process `syz.4.3287'.
[ 1748.790309][T18401] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1748.878617][ T5832] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[ 1749.057493][T18407] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1749.793339][ T5832] usb 3-1: config 0 has an invalid interface number: 176 but max is 2
[ 1749.821886][ T5832] usb 3-1: config 0 has an invalid interface number: 36 but max is 2
[ 1749.840602][ T5832] usb 3-1: config 0 has no interface number 0
[ 1749.852411][ T5832] usb 3-1: config 0 has no interface number 1
[ 1749.858644][ T5832] usb 3-1: config 0 interface 36 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1749.882531][ T5832] usb 3-1: config 0 interface 36 has no altsetting 0
[ 1749.891827][ T5832] usb 3-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1749.904902][ T5832] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1749.916393][ T5832] usb 3-1: config 0 descriptor??
[ 1750.125704][ T5832] qcserial 3-1:0.2: Qualcomm USB modem converter detected
[ 1750.375055][ T5832] usb 3-1: USB disconnect, device number 26
[ 1750.382576][ T5832] qcserial 3-1:0.2: device disconnected
[ 1754.286758][T12893] Bluetooth: Wrong link type (-22)
[ 1754.756758][T18442] netlink: 276 bytes leftover after parsing attributes in process `syz.2.3300'.
[ 1754.766648][T18442] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1754.984036][   T28] audit: type=1326 audit(1751341430.584:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1755.319544][   T28] audit: type=1326 audit(1751341430.604:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1756.366480][   T28] audit: type=1326 audit(1751341430.604:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1756.389527][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.880683][   T28] audit: type=1326 audit(1751341430.614:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1756.903719][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.629012][   T28] audit: type=1326 audit(1751341430.614:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1757.652027][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.362357][   T28] audit: type=1326 audit(1751341430.614:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1758.385299][   T28] audit: type=1326 audit(1751341430.614:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1758.408213][   T28] audit: type=1326 audit(1751341430.614:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1758.431055][   T28] audit: type=1326 audit(1751341430.614:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1758.454468][   T28] audit: type=1326 audit(1751341430.614:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18443 comm="syz.0.3301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1760.592109][T18469] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1761.580847][T12893] Bluetooth: Wrong link type (-22)
[ 1762.624977][T18494] loop0: detected capacity change from 0 to 512
[ 1762.822211][T18494] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 1762.866644][T18494] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[ 1762.902864][T18494] EXT4-fs (loop0): Errors on filesystem, clearing orphan list.
[ 1762.981420][T18494] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1763.120108][   T28] kauditd_printk_skb: 60 callbacks suppressed
[ 1763.120166][   T28] audit: type=1326 audit(1751341438.714:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1763.591862][T18491] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[ 1763.731886][ T5832] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1765.368664][   T28] audit: type=1326 audit(1751341438.744:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.391838][   T28] audit: type=1326 audit(1751341438.754:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.414907][   T28] audit: type=1326 audit(1751341438.754:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.438578][   T28] audit: type=1326 audit(1751341438.754:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.532245][ T5832] usb 4-1: Using ep0 maxpacket: 32
[ 1765.540159][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1765.541748][   T28] audit: type=1326 audit(1751341438.754:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.602480][T15154] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1765.611682][ T5832] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1765.616794][   T28] audit: type=1326 audit(1751341438.754:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.631769][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1765.650573][   T28] audit: type=1326 audit(1751341438.754:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.679475][   T28] audit: type=1326 audit(1751341438.754:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.709682][   T28] audit: type=1326 audit(1751341438.754:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18500 comm="syz.2.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1765.714636][ T5832] usb 4-1: config 0 descriptor??
[ 1765.847599][ T5832] hub 4-1:0.0: USB hub found
[ 1766.157766][T18513] netlink: 276 bytes leftover after parsing attributes in process `syz.2.3320'.
[ 1766.167231][T18513] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1767.009529][ T5832] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1767.043194][ T5832] usbhid 4-1:0.0: can't add hid device: -71
[ 1767.051841][ T5832] usbhid: probe of 4-1:0.0 failed with error -71
[ 1767.178686][ T5832] usb 4-1: USB disconnect, device number 24
[ 1768.893301][T18534] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1769.898855][   T28] kauditd_printk_skb: 60 callbacks suppressed
[ 1769.899060][   T28] audit: type=1326 audit(1751341445.334:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1769.935493][   T28] audit: type=1326 audit(1751341445.334:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1769.960373][   T28] audit: type=1326 audit(1751341445.334:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1769.983028][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1770.628535][   T28] audit: type=1326 audit(1751341445.334:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1770.651401][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1771.109101][   T28] audit: type=1326 audit(1751341445.334:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1771.407428][   T28] audit: type=1326 audit(1751341445.334:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1772.817062][   T28] audit: type=1326 audit(1751341445.344:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1772.896816][T18543] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3329'.
[ 1772.906132][T18543] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1772.926293][   T28] audit: type=1326 audit(1751341445.344:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1773.018512][   T28] audit: type=1326 audit(1751341445.344:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1773.120996][   T28] audit: type=1326 audit(1751341445.344:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18536 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1777.193034][T18574] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1778.407271][T18580] netlink: 276 bytes leftover after parsing attributes in process `syz.3.3339'.
[ 1778.416556][T18580] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1778.727156][T18585] netlink: 'syz.4.3341': attribute type 72 has an invalid length.
[ 1778.735979][T18585] netlink: 1700 bytes leftover after parsing attributes in process `syz.4.3341'.
[ 1778.806812][   T28] kauditd_printk_skb: 56 callbacks suppressed
[ 1778.806872][   T28] audit: type=1326 audit(1751341454.404:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1779.200855][   T28] audit: type=1326 audit(1751341454.434:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1779.528332][   T28] audit: type=1326 audit(1751341454.434:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1779.927334][   T28] audit: type=1326 audit(1751341454.434:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1780.890584][   T28] audit: type=1326 audit(1751341454.444:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1780.913137][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1781.230106][   T28] audit: type=1326 audit(1751341454.444:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1782.071368][   T28] audit: type=1326 audit(1751341454.444:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1782.093802][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1782.172494][   T28] audit: type=1326 audit(1751341454.444:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1782.195051][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1782.326710][   T28] audit: type=1326 audit(1751341454.444:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1782.394003][   T28] audit: type=1326 audit(1751341454.444:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18581 comm="syz.2.3340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffaf8f8e929 code=0x7ffc0000
[ 1782.918577][ T2983] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1783.001532][T18599] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1783.026803][T18599] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1783.037045][T18599] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1783.049647][T18599] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1783.065108][T18599] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1783.082453][T18599] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1783.341717][T12893] Bluetooth: Wrong link type (-22)
[ 1783.347172][T12893] Bluetooth: hci0: link tx timeout
[ 1783.357710][T12893] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1783.374541][ T2983] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1783.641441][ T2983] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1783.824292][ T2983] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1784.111672][ T5832] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1784.331834][ T5832] usb 4-1: Using ep0 maxpacket: 32
[ 1784.353765][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1784.389954][T18595] chnl_net:caif_netlink_parms(): no params data found
[ 1784.392648][ T5832] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1784.457242][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1784.520484][ T5832] usb 4-1: config 0 descriptor??
[ 1784.566157][ T5832] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1784.582755][ T5832] hub: probe of 4-1:0.0 failed with error -5
[ 1784.601046][ T5832] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1784.614014][T18606] loop0: detected capacity change from 0 to 32768
[ 1784.632078][T18606] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.3348 (18606)
[ 1784.659016][T18606] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1784.707866][T18620] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3350'.
[ 1784.708333][T18606] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 1784.732185][T18606] BTRFS info (device loop0): enabling auto defrag
[ 1784.741522][T18606] BTRFS info (device loop0): doing ref verification
[ 1784.749188][T18606] BTRFS info (device loop0): use no compression
[ 1784.799103][T18606] BTRFS info (device loop0): force clearing of disk cache
[ 1784.856032][T18606] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 1784.866780][T18606] BTRFS info (device loop0): disabling free space tree
[ 1785.171849][T18599] Bluetooth: hci3: command tx timeout
[ 1785.421762][T18599] Bluetooth: hci0: command 0x0406 tx timeout
[ 1785.654033][T18606] BTRFS info (device loop0): enabling ssd optimizations
[ 1785.803945][T18606] BTRFS info (device loop0): auto enabling async discard
[ 1786.082198][T18606] BTRFS info (device loop0): rebuilding free space tree
[ 1786.131153][T18606] BTRFS info (device loop0): disabling free space tree
[ 1786.169135][T18606] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1786.247377][T18606] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1786.409306][T18595] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1786.432096][T18595] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1786.451986][T18595] bridge_slave_0: entered allmulticast mode
[ 1786.467220][T18595] bridge_slave_0: entered promiscuous mode
[ 1786.477182][T15154] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1786.564170][T18595] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1786.608790][T18595] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1786.642164][T18595] bridge_slave_1: entered allmulticast mode
[ 1786.663880][T18595] bridge_slave_1: entered promiscuous mode
[ 1786.886325][T18595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1786.912097][ T6291] usb 4-1: USB disconnect, device number 25
[ 1787.267589][T12893] Bluetooth: hci3: command tx timeout
[ 1787.324316][T18595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1787.406573][T12893] Bluetooth: Wrong link type (-22)
[ 1787.573014][   T28] kauditd_printk_skb: 58 callbacks suppressed
[ 1787.573074][   T28] audit: type=1326 audit(1751341463.164:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1789.829319][T12893] Bluetooth: hci3: command tx timeout
[ 1789.862306][   T28] audit: type=1326 audit(1751341463.204:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1789.963425][   T28] audit: type=1326 audit(1751341463.204:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.023245][T18595] team0: Port device team_slave_0 added
[ 1790.031663][   T28] audit: type=1326 audit(1751341463.204:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.090004][   T28] audit: type=1326 audit(1751341463.204:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.115466][T18595] team0: Port device team_slave_1 added
[ 1790.131974][T18681] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3358'.
[ 1790.142126][   T28] audit: type=1326 audit(1751341463.204:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.211596][   T28] audit: type=1326 audit(1751341463.204:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.283673][   T28] audit: type=1326 audit(1751341463.204:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.344686][T18595] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1790.347976][   T28] audit: type=1326 audit(1751341463.214:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.367741][T18595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1790.395725][   T28] audit: type=1326 audit(1751341463.214:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18666 comm="syz.0.3353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cc318e929 code=0x7ffc0000
[ 1790.429786][T18595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1790.443383][T18595] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1790.450525][T18595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1790.481078][T18595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1791.178086][T18595] hsr_slave_0: entered promiscuous mode
[ 1791.193110][T18595] hsr_slave_1: entered promiscuous mode
[ 1791.211794][T18595] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1791.233581][T18595] Cannot create hsr debugfs directory
[ 1791.810941][ T2983] hsr_slave_0: left promiscuous mode
[ 1791.844684][ T2983] hsr_slave_1: left promiscuous mode
[ 1791.882512][ T2983] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1791.891715][T12893] Bluetooth: hci3: command tx timeout
[ 1791.907668][ T2983] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1791.919495][ T2983] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1791.931520][ T2983] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1791.947015][ T2983] bridge_slave_1: left allmulticast mode
[ 1791.954607][ T2983] bridge_slave_1: left promiscuous mode
[ 1791.960542][ T2983] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1791.998671][ T2983] bridge_slave_0: left allmulticast mode
[ 1792.005790][ T2983] bridge_slave_0: left promiscuous mode
[ 1792.014029][ T2983] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1792.125281][ T2983] veth1_macvtap: left promiscuous mode
[ 1792.130948][ T2983] veth0_macvtap: left promiscuous mode
[ 1792.172302][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1792.189955][ T2983] veth1_vlan: left promiscuous mode
[ 1792.195528][ T2983] veth0_vlan: left promiscuous mode
[ 1792.284778][T12893] Bluetooth: Wrong link type (-22)
[ 1792.290226][T12893] Bluetooth: hci2: link tx timeout
[ 1792.302044][T12893] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1793.984863][   T28] kauditd_printk_skb: 63 callbacks suppressed
[ 1793.984918][   T28] audit: type=1326 audit(1751341469.584:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1794.206328][   T28] audit: type=1326 audit(1751341469.614:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1794.383644][T12893] Bluetooth: hci2: command 0x0406 tx timeout
[ 1794.496313][   T28] audit: type=1326 audit(1751341469.614:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1794.668960][   T28] audit: type=1326 audit(1751341469.614:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1794.888098][   T28] audit: type=1326 audit(1751341469.614:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1795.080683][   T28] audit: type=1326 audit(1751341469.624:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1795.297168][   T28] audit: type=1326 audit(1751341469.624:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1795.511895][   T28] audit: type=1326 audit(1751341469.624:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1795.716444][   T28] audit: type=1326 audit(1751341469.624:1635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1795.916955][   T28] audit: type=1326 audit(1751341469.624:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18716 comm="syz.3.3367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3038e929 code=0x7ffc0000
[ 1796.641279][ T2983] team0 (unregistering): Port device team_slave_1 removed
[ 1796.736674][ T2983] team0 (unregistering): Port device team_slave_0 removed
[ 1796.849450][ T2983] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1796.944743][ T2983] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1798.160863][ T2983] bond0 (unregistering): Released all slaves
[ 1798.329302][T18702] netlink: 276 bytes leftover after parsing attributes in process `syz.2.3361'.
[ 1798.341001][T18702] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1798.723230][T18599] Bluetooth: hci0: ACL packet for unknown connection handle 201
[ 1799.858586][ T2983] IPVS: stop unused estimator thread 0...
[ 1800.439921][T18595] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1800.472732][T18595] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1800.503080][T18595] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1800.542994][T18595] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1800.864194][T18595] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1800.943353][T18595] 8021q: adding VLAN 0 to HW filter on device team0
[ 1800.978486][ T2928] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1800.985814][ T2928] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1801.035130][ T2928] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1801.042481][ T2928] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1801.394489][T18595] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1801.405138][T18595] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1801.719944][T18783] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1802.032223][T18595] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1802.876579][T18599] Bluetooth: hci0: ACL packet for unknown connection handle 201
[ 1803.349484][T18814] netlink: 276 bytes leftover after parsing attributes in process `syz.3.3381'.
[ 1803.358892][T18814] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1803.990330][T18595] veth0_vlan: entered promiscuous mode
[ 1804.094295][T18595] veth1_vlan: entered promiscuous mode
[ 1804.317415][T18595] veth0_macvtap: entered promiscuous mode
[ 1804.373128][T18595] veth1_macvtap: entered promiscuous mode
[ 1804.466613][T18595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1804.501643][T18595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1804.553117][T18595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1804.581639][T18595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1804.593958][T18595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1804.604591][T18595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1804.617854][T18595] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1804.648416][T18595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1804.680733][T18595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1804.707230][T18595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1804.732506][T18595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1804.748024][T18595] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1804.760086][T18595] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1804.781941][T18595] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1804.822033][T18595] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1804.830811][T18595] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1804.915227][T18595] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1804.991944][T18595] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1805.263578][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1805.300992][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1805.423019][T12587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1805.456315][T12587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1806.707875][T18852] netlink: 304 bytes leftover after parsing attributes in process `syz.3.3388'.
[ 1807.335190][T18864] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1810.572846][T18904] netlink: 320 bytes leftover after parsing attributes in process `syz.0.3398'.
[ 1810.639062][T18901] netlink: 276 bytes leftover after parsing attributes in process `syz.4.3396'.
[ 1810.746704][T18901] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1814.163152][T18945] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3406'.
[ 1814.172626][T18945] netlink: 'syz.3.3406': attribute type 9 has an invalid length.
[ 1814.180470][T18945] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3406'.
[ 1814.189739][T18945] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3406'.
[ 1815.229778][T18953] netlink: 320 bytes leftover after parsing attributes in process `syz.3.3408'.
[ 1817.261674][T13535] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1817.446866][T18990] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3416'.
[ 1817.456684][T18990] netlink: 'syz.3.3416': attribute type 9 has an invalid length.
[ 1817.464666][T18990] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3416'.
[ 1817.474179][T18990] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3416'.
[ 1817.516910][T13535] usb 5-1: Using ep0 maxpacket: 32
[ 1817.634204][T13535] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1817.749819][T13535] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1817.838737][T13535] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1817.952223][T13535] usb 5-1: config 0 descriptor??
[ 1818.060399][T13535] hub 5-1:0.0: bad descriptor, ignoring hub
[ 1818.115744][T13535] hub: probe of 5-1:0.0 failed with error -5
[ 1818.192491][T13535] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1818.465677][T18992] loop3: detected capacity change from 0 to 4096
[ 1818.486750][T18992] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1818.523480][T18992] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[ 1818.611684][T18997] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1819.036784][T19003] netlink: 276 bytes leftover after parsing attributes in process `syz.0.3419'.
[ 1819.046043][T19003] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1819.302255][T19006] netlink: 320 bytes leftover after parsing attributes in process `syz.2.3420'.
[ 1819.443103][ T5832] usb 5-1: USB disconnect, device number 29
[ 1820.148156][   T28] kauditd_printk_skb: 60 callbacks suppressed
[ 1820.148214][   T28] audit: type=1326 audit(1751341495.744:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1820.176920][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1820.578216][   T28] audit: type=1326 audit(1751341495.784:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1820.903225][   T28] audit: type=1326 audit(1751341495.784:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1820.926239][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1821.265983][   T28] audit: type=1326 audit(1751341495.784:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1821.591113][   T28] audit: type=1326 audit(1751341495.784:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1821.884760][   T28] audit: type=1326 audit(1751341495.784:1702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1822.245551][   T28] audit: type=1326 audit(1751341495.784:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1822.594949][   T28] audit: type=1326 audit(1751341495.794:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1822.922251][   T28] audit: type=1326 audit(1751341495.794:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1822.945563][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1823.033318][   T28] audit: type=1326 audit(1751341495.794:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19015 comm="syz.4.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9e9a38e929 code=0x7ffc0000
[ 1823.619653][T19024] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3425'.
[ 1823.629155][T19024] netlink: 'syz.2.3425': attribute type 9 has an invalid length.
[ 1823.637542][T19024] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3425'.
[ 1823.647027][T19024] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3425'.
[ 1824.711054][T19032] netlink: 328 bytes leftover after parsing attributes in process `syz.0.3429'.
[ 1825.174914][T19020] loop4: detected capacity change from 0 to 32768
[ 1825.404168][T19044] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1825.433215][T19020] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.3424 (19020)
[ 1825.459275][T19020] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[ 1825.499776][T19020] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm
[ 1825.546467][T19020] BTRFS info (device loop4): force zlib compression, level 3
[ 1825.590818][T19020] BTRFS info (device loop4): force clearing of disk cache
[ 1825.622898][T19020] BTRFS info (device loop4): setting nodatasum
[ 1825.638995][T19020] BTRFS info (device loop4): allowing degraded mounts
[ 1825.648438][T19020] BTRFS info (device loop4): enabling disk space caching
[ 1825.659915][T19020] BTRFS info (device loop4): disk space caching is enabled
[ 1825.726469][T19020] BTRFS info (device loop4): auto enabling async discard
[ 1825.747424][T19020] BTRFS info (device loop4): rebuilding free space tree
[ 1825.770825][T19020] BTRFS info (device loop4): disabling free space tree
[ 1825.781645][T19020] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1825.808412][T19020] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1826.022013][T19020] BTRFS info (device loop4): balance: start -susage=34359738372,drange=7..526332,limit=0..6
[ 1826.084240][T19020] ------------[ cut here ]------------
[ 1826.090349][T19020] BTRFS: Transaction aborted (error -28)
[ 1826.098083][T19020] WARNING: CPU: 0 PID: 19020 at fs/btrfs/block-group.c:2753 btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.109567][T19020] Modules linked in:
[ 1826.113670][T19020] CPU: 0 PID: 19020 Comm: syz.4.3424 Not tainted 6.6.95-syzkaller #0
[ 1826.121831][T19020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1826.132091][T19020] RIP: 0010:btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.139967][T19020] Code: ba a7 6a 8c ba c8 0a 00 00 44 89 e1 e8 d9 e2 c4 06 e9 19 f6 ff ff e8 9f 3d ed fd 48 c7 c7 80 fd ee 8a 44 89 e6 e8 00 a2 b7 fd <0f> 0b e9 79 fe ff ff e8 84 3d ed fd 48 c7 c7 80 fd ee 8a 44 89 ee
[ 1826.160358][T19020] RSP: 0018:ffffc9000452f740 EFLAGS: 00010246
[ 1826.166627][T19020] RAX: 7f1df9227b908d00 RBX: 0000000000000000 RCX: 0000000000080000
[ 1826.174873][T19020] RDX: ffffc9000c729000 RSI: 000000000001f941 RDI: 000000000001f942
[ 1826.182997][T19020] RBP: ffffc9000452f988 R08: ffffc9000452f347 R09: 1ffff920008a5e68
[ 1826.191032][T19020] R10: dffffc0000000000 R11: fffff520008a5e69 R12: 00000000ffffffe4
[ 1826.199520][T19020] R13: ffff88802f42b850 R14: ffff88802f42b858 R15: ffff88806a610001
[ 1826.208108][T19020] FS:  00007f9e9b2b66c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1826.217278][T19020] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1826.223987][T19020] CR2: 00007f3d3127af98 CR3: 0000000069555000 CR4: 00000000003506f0
[ 1826.232127][T19020] Call Trace:
[ 1826.235458][T19020]  <TASK>
[ 1826.238479][T19020]  ? fill_dummy_bgs+0x290/0x290
[ 1826.244341][T19020]  ? __lock_acquire+0x7c80/0x7c80
[ 1826.249452][T19020]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 1826.255462][T19020]  ? mutex_unlock+0x10/0x10
[ 1826.260043][T19020]  ? do_raw_spin_unlock+0x121/0x230
[ 1826.265406][T19020]  ? btrfs_trans_release_metadata+0x147/0x1b0
[ 1826.272899][T19020]  __btrfs_end_transaction+0x140/0x630
[ 1826.278435][T19020]  btrfs_inc_block_group_ro+0x596/0x630
[ 1826.284159][T19020]  btrfs_relocate_block_group+0x452/0xd70
[ 1826.289960][T19020]  btrfs_relocate_chunk+0x12a/0x3b0
[ 1826.295397][T19020]  __btrfs_balance+0x187b/0x21c0
[ 1826.300460][T19020]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 1826.306249][T19020]  ? describe_balance_start_or_resume+0x4b0/0x4b0
[ 1826.312803][T19020]  ? __wait_for_common+0x6d0/0x6d0
[ 1826.317981][T19020]  ? __rwlock_init+0xf0/0x150
[ 1826.322888][T19020]  ? do_raw_spin_unlock+0x121/0x230
[ 1826.328153][T19020]  btrfs_balance+0xcb1/0x11c0
[ 1826.332965][T19020]  btrfs_ioctl_balance+0x4a2/0x730
[ 1826.338133][T19020]  ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 1826.345546][T19020]  __se_sys_ioctl+0xfd/0x170
[ 1826.350219][T19020]  do_syscall_64+0x55/0xb0
[ 1826.354974][T19020]  ? clear_bhb_loop+0x40/0x90
[ 1826.359712][T19020]  ? clear_bhb_loop+0x40/0x90
[ 1826.364577][T19020]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1826.370549][T19020] RIP: 0033:0x7f9e9a38e929
[ 1826.375174][T19020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1826.394925][T19020] RSP: 002b:00007f9e9b2b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1826.403488][T19020] RAX: ffffffffffffffda RBX: 00007f9e9a5b5fa0 RCX: 00007f9e9a38e929
[ 1826.411581][T19020] RDX: 0000200000000440 RSI: 00000000c4009420 RDI: 0000000000000003
[ 1826.419618][T19020] RBP: 00007f9e9a410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1826.427826][T19020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1826.435907][T19020] R13: 0000000000000000 R14: 00007f9e9a5b5fa0 R15: 00007ffccea0c448
[ 1826.443998][T19020]  </TASK>
[ 1826.447900][T19020] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1826.455221][T19020] CPU: 0 PID: 19020 Comm: syz.4.3424 Not tainted 6.6.95-syzkaller #0
[ 1826.463326][T19020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1826.473419][T19020] Call Trace:
[ 1826.476721][T19020]  <TASK>
[ 1826.479667][T19020]  dump_stack_lvl+0x16c/0x230
[ 1826.484375][T19020]  ? show_regs_print_info+0x20/0x20
[ 1826.489596][T19020]  ? load_image+0x3b0/0x3b0
[ 1826.494133][T19020]  panic+0x2c0/0x710
[ 1826.498054][T19020]  ? bpf_jit_dump+0xd0/0xd0
[ 1826.502590][T19020]  __warn+0x2e0/0x470
[ 1826.506592][T19020]  ? btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.513114][T19020]  ? btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.519635][T19020]  report_bug+0x2be/0x4f0
[ 1826.523990][T19020]  ? btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.530508][T19020]  ? btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.537030][T19020]  ? btrfs_create_pending_block_groups+0xe12/0xf20
[ 1826.543552][T19020]  handle_bug+0xcf/0x120
[ 1826.547863][T19020]  exc_invalid_op+0x1a/0x50
[ 1826.552428][T19020]  asm_exc_invalid_op+0x1a/0x20
[ 1826.557312][T19020] RIP: 0010:btrfs_create_pending_block_groups+0xe10/0xf20
[ 1826.564447][T19020] Code: ba a7 6a 8c ba c8 0a 00 00 44 89 e1 e8 d9 e2 c4 06 e9 19 f6 ff ff e8 9f 3d ed fd 48 c7 c7 80 fd ee 8a 44 89 e6 e8 00 a2 b7 fd <0f> 0b e9 79 fe ff ff e8 84 3d ed fd 48 c7 c7 80 fd ee 8a 44 89 ee
[ 1826.584070][T19020] RSP: 0018:ffffc9000452f740 EFLAGS: 00010246
[ 1826.590152][T19020] RAX: 7f1df9227b908d00 RBX: 0000000000000000 RCX: 0000000000080000
[ 1826.598136][T19020] RDX: ffffc9000c729000 RSI: 000000000001f941 RDI: 000000000001f942
[ 1826.606125][T19020] RBP: ffffc9000452f988 R08: ffffc9000452f347 R09: 1ffff920008a5e68
[ 1826.614108][T19020] R10: dffffc0000000000 R11: fffff520008a5e69 R12: 00000000ffffffe4
[ 1826.622090][T19020] R13: ffff88802f42b850 R14: ffff88802f42b858 R15: ffff88806a610001
[ 1826.630125][T19020]  ? fill_dummy_bgs+0x290/0x290
[ 1826.635000][T19020]  ? __lock_acquire+0x7c80/0x7c80
[ 1826.640051][T19020]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 1826.645710][T19020]  ? mutex_unlock+0x10/0x10
[ 1826.650234][T19020]  ? do_raw_spin_unlock+0x121/0x230
[ 1826.655462][T19020]  ? btrfs_trans_release_metadata+0x147/0x1b0
[ 1826.661566][T19020]  __btrfs_end_transaction+0x140/0x630
[ 1826.667064][T19020]  btrfs_inc_block_group_ro+0x596/0x630
[ 1826.672639][T19020]  btrfs_relocate_block_group+0x452/0xd70
[ 1826.678391][T19020]  btrfs_relocate_chunk+0x12a/0x3b0
[ 1826.683642][T19020]  __btrfs_balance+0x187b/0x21c0
[ 1826.688626][T19020]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 1826.694282][T19020]  ? describe_balance_start_or_resume+0x4b0/0x4b0
[ 1826.700725][T19020]  ? __wait_for_common+0x6d0/0x6d0
[ 1826.705866][T19020]  ? __rwlock_init+0xf0/0x150
[ 1826.710657][T19020]  ? do_raw_spin_unlock+0x121/0x230
[ 1826.715878][T19020]  btrfs_balance+0xcb1/0x11c0
[ 1826.720606][T19020]  btrfs_ioctl_balance+0x4a2/0x730
[ 1826.725740][T19020]  ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 1826.732179][T19020]  __se_sys_ioctl+0xfd/0x170
[ 1826.736819][T19020]  do_syscall_64+0x55/0xb0
[ 1826.741273][T19020]  ? clear_bhb_loop+0x40/0x90
[ 1826.745962][T19020]  ? clear_bhb_loop+0x40/0x90
[ 1826.750653][T19020]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1826.756571][T19020] RIP: 0033:0x7f9e9a38e929
[ 1826.761017][T19020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1826.780646][T19020] RSP: 002b:00007f9e9b2b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1826.789087][T19020] RAX: ffffffffffffffda RBX: 00007f9e9a5b5fa0 RCX: 00007f9e9a38e929
[ 1826.797077][T19020] RDX: 0000200000000440 RSI: 00000000c4009420 RDI: 0000000000000003
[ 1826.805083][T19020] RBP: 00007f9e9a410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1826.813067][T19020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1826.821050][T19020] R13: 0000000000000000 R14: 00007f9e9a5b5fa0 R15: 00007ffccea0c448
[ 1826.829051][T19020]  </TASK>
[ 1826.834242][T19020] Kernel Offset: disabled
[ 1826.838694][T19020] Rebooting in 86400 seconds..