last executing test programs:

9m39.629904664s ago: executing program 32 (id=253):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2000}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)

8m1.788528817s ago: executing program 33 (id=511):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x47, 0x0, 0x1}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000007c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000400000003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

7m23.559853153s ago: executing program 34 (id=594):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, r2, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r3, 0x0, 0xc0)
close_range(r0, 0xffffffffffffffff, 0x0)

6m13.617801731s ago: executing program 35 (id=826):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)

6m5.888484924s ago: executing program 7 (id=848):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
msgsnd(0x0, 0x0, 0x3f9, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r0 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0)
r1 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0)
r2 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x3, 0x0})
io_uring_enter(r2, 0x47ba, 0x98f1, 0x20, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x6, 0x0)

6m4.87416696s ago: executing program 7 (id=849):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000440)=ANY=[], 0x1, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0/../file0\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000004380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)

6m2.239415209s ago: executing program 7 (id=855):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000080)=""/212)

6m0.954572819s ago: executing program 7 (id=858):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000001380)='./file2\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRESOCT], 0x1, 0x1256, &(0x7f0000002400)="$eJzs3E9rXFUYB+B3plNnOjV/1FptF3rQjauhycKVIEFSkAwotRFaQZiSiQ65zoTMGBgRY1duXfoZxKU7RfwC2boX3GUjrrIQrzh3apJ2qk0jmVKfZ3Nf7rm/e84hl8Ad7jl7r3350cZ6v7HeGkS5VIryZkTaT5GiHHe8sFIcb9xcWWo2l6+ldHXp+sKrKaXZF39479NvXvpxcP7db2e/q8bu/Pt7vy7+sntx99LeH9c/7PRTp5+6vUFqpVu93qB1K2untU5/o5HS21m71W+nTrff3jrSvp71NjeHqdVdm6lvbrX7/dTqDtNGe5gGvTTYGqbWB61ONzUajTRTD+7r7L9fsvr1fp5/H5HnZ+OJyPM8L0U9SvFkzMRsfB4RT8XT8UxciGfjYjwXz8el0VWnMXwAAAAAAAAAAAAAAAAAAAD4/9gfreY/WP9/Lupxfrz+fy7mJ67/PzPtQQMAAAAAAAAAAAAAAAAAAMBj5p0bN1eWms3laynVIrIvtle3V4tj0b60Hp3Ioh1XYi5+j9EeAYWivvpmc/lKGjkTETvj/M726pmI6riTv/ILo+0ExvnK6PSd/EKRT3E7O5SvRr3ovxYR7ViMubhwqP/aQX5xYr4Wr7x8aPyNmMt3InqRxdqo74P8ZwspvfFW86785dF1AAAA8DhopL/NH33/LXb5azTu117kj/H7wF3v15W4XJnu3InoDz/ZaGVZe+toUbvnzNSK6qMxjOMU5ZPEqzGp6eeIyMpHmr76KeK/GHOp9BD3+bj0j8/P6RSloqiNn+WT3DCimFDpUXh+jl3cPtHcJxfT+5/E6Tn4o9/TVDk3lREBAAAAAAAAAADwIB7ke8Df4qG/IqzEhC/LXp/OVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgWAAAAABAmL91Gh0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMFQAAAD//3MPuIc=")
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

5m58.233112882s ago: executing program 7 (id=873):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x2, 0xffffffffffffffff, 0x30)

5m57.705482s ago: executing program 0 (id=862):
modify_ldt$write2(0x11, &(0x7f00000001c0)={0x0, 0x20000800, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000100)={0x3, 0x20000000, 0x4000, 0x0, 0x1, 0x0, 0x1}, 0x10)

5m56.113489601s ago: executing program 0 (id=865):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507faff15300000d60600000ee60090bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00'}, 0x48)

5m55.007105813s ago: executing program 0 (id=868):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

5m54.528051923s ago: executing program 7 (id=870):
socket$igmp(0x2, 0x3, 0x2)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x9, 0x5, 0x5, 0x2, 0x400069a, 0xae, 0x2400000, 0x800}}}, 0xfffffec2)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5m53.320516775s ago: executing program 36 (id=870):
socket$igmp(0x2, 0x3, 0x2)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$FUSE_STATFS(r1, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x9, 0x5, 0x5, 0x2, 0x400069a, 0xae, 0x2400000, 0x800}}}, 0xfffffec2)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5m53.27588952s ago: executing program 0 (id=874):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000001380)='./file2\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRESOCT], 0x1, 0x1256, &(0x7f0000002400)="$eJzs3E9rXFUYB+B3plNnOjV/1FptF3rQjauhycKVIEFSkAwotRFaQZiSiQ65zoTMGBgRY1duXfoZxKU7RfwC2boX3GUjrrIQrzh3apJ2qk0jmVKfZ3Nf7rm/e84hl8Ad7jl7r3350cZ6v7HeGkS5VIryZkTaT5GiHHe8sFIcb9xcWWo2l6+ldHXp+sKrKaXZF39479NvXvpxcP7db2e/q8bu/Pt7vy7+sntx99LeH9c/7PRTp5+6vUFqpVu93qB1K2untU5/o5HS21m71W+nTrff3jrSvp71NjeHqdVdm6lvbrX7/dTqDtNGe5gGvTTYGqbWB61ONzUajTRTD+7r7L9fsvr1fp5/H5HnZ+OJyPM8L0U9SvFkzMRsfB4RT8XT8UxciGfjYjwXz8el0VWnMXwAAAAAAAAAAAAAAAAAAAD4/9gfreY/WP9/Lupxfrz+fy7mJ67/PzPtQQMAAAAAAAAAAAAAAAAAAMBj5p0bN1eWms3laynVIrIvtle3V4tj0b60Hp3Ioh1XYi5+j9EeAYWivvpmc/lKGjkTETvj/M726pmI6riTv/ILo+0ExvnK6PSd/EKRT3E7O5SvRr3ovxYR7ViMubhwqP/aQX5xYr4Wr7x8aPyNmMt3InqRxdqo74P8ZwspvfFW86785dF1AAAA8DhopL/NH33/LXb5azTu117kj/H7wF3v15W4XJnu3InoDz/ZaGVZe+toUbvnzNSK6qMxjOMU5ZPEqzGp6eeIyMpHmr76KeK/GHOp9BD3+bj0j8/P6RSloqiNn+WT3DCimFDpUXh+jl3cPtHcJxfT+5/E6Tn4o9/TVDk3lREBAAAAAAAAAADwIB7ke8Df4qG/IqzEhC/LXp/OVAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgWAAAAABAmL91Gh0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMFQAAAD//3MPuIc=")
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

5m51.641296106s ago: executing program 0 (id=879):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18)
socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3506, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)

5m50.784350185s ago: executing program 0 (id=881):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6ae", 0x20)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022)

5m50.190513711s ago: executing program 37 (id=881):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6ae", 0x20)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022)

3m54.92037871s ago: executing program 8 (id=1202):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x58, 0x5)

3m49.702170284s ago: executing program 8 (id=1211):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x10, 0x0, &(0x7f0000002880)=[@clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0})

3m49.386253558s ago: executing program 8 (id=1212):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffa)
sendfile(r0, r0, 0x0, 0x800000009)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r3, 0x2007ffb)
sendfile(r2, r3, 0x0, 0x1000000201005)
copy_file_range(r1, 0x0, r0, 0x0, 0xfffffbffa003e458, 0x700000000000000)

3m46.108466635s ago: executing program 8 (id=1218):
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
io_uring_setup(0x26d7, &(0x7f00000000c0)={0x0, 0x200066c7, 0x10000, 0xffffffff, 0x3, 0x0, r0})
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
write$binfmt_misc(r4, &(0x7f0000000400)=' ', 0x1)

3m45.661845248s ago: executing program 8 (id=1220):
prlimit64(0x0, 0x8, &(0x7f0000000080)={0x7, 0x8aa}, 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000440)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@resuid={'resuid', 0x3d, 0xee01}}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, 0x0, 0x143142, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = fsmount(r0, 0x0, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r3, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x5)

3m40.355396014s ago: executing program 8 (id=1235):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)

3m24.409395943s ago: executing program 38 (id=1235):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$LINK_DETACH(0x22, 0x0, 0x0)

47.960090751s ago: executing program 1 (id=1588):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c756e695f786c6174653d312c757466383d312c757466383d312c646973636172642c757466383d302c756e695f786c6174653d302c666c7573682c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c646f733178666c6f7070792c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c757466382c0014697a7960fb374b723f64329787434c6c9f891d2e309efaf1d4e529e1ba0f697fedffb095592bc19d5a8f8141ee9bf46262f3a2b1452bf206c0e2ae8a465e6e1be6eeb5d588035a24458d476fc1f9a234cdc4ba352a4185614ce67df4870bff796357ee95fffb99cde9"], 0xfe, 0x2b7, &(0x7f0000001340)="$eJzs3T9vW1UUAPDzHPvFJUMyMCEk3tCBhajpyoArFCREJpAH/khQ0VaqYqtSLFkqIKxOfAIGBr4HGzsSC98AiQ/ARoUqXfT8Xmxju3ad4hSlv9+Sq3PP8T3X7yUerHfzxev90zsPBvceffN7tNtZNDrRicdZHEQjzqVaAABXwuOU4s8Lfb43G9vqCQDYrpnP/9ZTUnYXQ+9suy0AYIs++viTD26dnBx/WBTtiP53w24W1c9q/ta9uB+9uBs3Yj+eTL8LSKkav/f+yXE0i9JBXO+Pht2ysv/5r5PUPMb1R7EfB8vrj4rKTP1o2G3FK7uRZRH3O2UjN2M/Xl2oL+ePby6pj24eb7brTZbrH8Z+/PZlPIhe3Bl/pzFd/9s8infT9399/WmZXNZno2F3d5w3lXYu+9oAAAAAAAAAAAAAAAAAAAAAAHB1HRYTB3G9X4bq83d2noznD/81Pz5fpzGer+qziHw8mDsfaJTix/PzdW4URZGyKn9yvs+1ZrzWjOYL2zgAAAAAAAAAAAAAAAAAAAD8jwwefnV6u9e7e/afDOqH/CeP9V/0dTozkTdidfLuRmvFTp1e9jqfc/TLZ/1JpNzERZoftoqIVT23FiLXyn7Wv/LfKaWUZRHPd5laz7LWmsHe6pzyDf75h723Tm9n697D9vmF+2l2Ko+zwcO5axrZJh2mjW6/fEVOXt8xz/Q6e8/5S/T2H9VidSRbs4vWTKRVD+Jpt197o/v58v4GAQAAAAAAAAAAAAAAAAAAlelDv0smH60sbWytKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4ZNP//z8dxEJkbjCqi5fnpJRGk0geZ4MXvEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeAv8EAAD//yiCbKI=")
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x17)
sendfile(r1, r0, 0x0, 0xfffa83)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x58e, &(0x7f00000001c0)={[{@errors_remount}, {@lazytime}, {@block_validity}, {@block_validity}, {@block_validity}, {@quota}, {@jqfmt_vfsv0}]}, 0x1, 0x459, &(0x7f0000000240)="$eJzs289vFFUcAPDvTFug/LAV8Qc/1CoaG3+0tKBy8KLRxIMmJl7wWNtCkEINrYkQomAMHg2Jd+PRxL/Ak16MejLxqndDQgwXkdOa2Z1hf3S3tMu2g+znkwx9b+YN7333zdt9M283gL41lv2TROyMiD8iYqSWbS4wVvtz4/qF2X+vX5hNolJ59++kWu6f6xdmi6LFeTvyzHgakX6exP429S6dO39qZmFh/myen1w+/eHk0rnzL5w8PXNi/sT8memjR48cnnr5pekXV558c/1x3p+1dd8niwf2vvnelbdnj115/5fvBor4W+LokbHVDj5dqfS4unLtakgngyU2hHXJxkDWXUPV8T8SA1HvvJF447NSGwdsqEquw+GLFeAelkTZLQDKUXzQZ/e/xbZ5s4/yXXu1dgOUxX0j32pHBiPNywy13N/20lhEHLt48+tsi415DgEA0OSHbP7zfLv5XxoPNZS7L18bGs3XUnZHxAMRsSciHoyoln04Ih5ZZ/2tiyQr5z/p1a4CW6Ns/vdKvrbVPP8rZn8xOpDndlXjH0qOn1yYP5S/JuMxtDXLT61Sx4+v//5lp2ON879sy+ov5oJ5O64Obm0+Z25meeZOYm507VLEvsF28Se3VgKSiNgbEfu6rOPks98e6HTs9vGvogfrTJVvIp6p9f/FaIm/kKy+Pjm5LRbmD00WV8VKv/52+Z1O9d9R/D2Q9f/2ttf/rfhHk8b12qX113H5zy863tNMdHX913dsyf9+PLO8fHYqYkvyVq3Rjfun6+cW+aJ8Fv/4wfbjf3fUX4n9EZFdxI9GxGMR8Xjed09ExJMRcbAlrsb7659fe+qDTvHfDf0/19L/o81FWvq/ntgSrXvaJwZO/fR98/9YT67t/e9INTWe71nL+99a2tXd1QwAAAD/P2lE7IwknbiVHk4nJmrf4d8T29OFxaXl544vfnRmrvYbgdEYSosnXSMNz0On8tv60Uu1/HSRz48fzp8bfzUwXM1PzC4uzJUdPPS5HSvGf1od/5m/BspuHbDh/F4L+lfD+E/KbAew+Xz+Q/8y/qF/tRn/w2W0A9h87T7/Py2hHcDmaxn/lv2gj7j/h/5l/EP/ahz/vgAAfWNpOG7/I/l2iW3RzVkS90wi0ruiGb1JJF2OgrUmdpYd4PoTZb8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9MZ/AQAA//8L+fEo")
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000400)='./file0\x00', 0x1800880, &(0x7f0000000040)=ANY=[], 0x1, 0x1ff, &(0x7f0000000440)="$eJzsmTGL1EAUx/8zm03ORThsLGwsPPBEL5tkVa65QsFSFO5ELBcvHqc5V/Yi3G2j+wEsLQRbv4CFhbVWdrYqqCBYuKWF1chMJsnsZhOzrOCC7wc7+WfmzZv3ZmZfExAE8d/y9cvPz08ur2+dA3AUK3B0//dGbsMN+4/PHp59unHl+csPL96wKf5knxD115e+P729BjxeVu9C8LHxFf3cAs/0DXCc0fomGFwZq6Mmi3TtEAy3tM1dQ/eOaBGF7HYv2r6zG4WebHzZBLLpANJJK4thNGTYBrCklzDz3j8c3OtGQD8RUZiKpkjXKQzNKqr2z5LxXeLY0O8yPm4cmaufnrF/Pjh8rTtg2NR6HQ5c1823JPU/ZDhh5f4bhfz/kIA8lCobFIea9TxPCHt81rG1v7D79cRyZYILLuTZzudHXoV/nUUufgkhKmzYZI/8Q2c9x0ev3xVnfVuEvCbFo3r1RRUuAIWh960oujpHGLYuAqVXIqkfzAJOG/XJgpXVj3a896C9fzhY293r7oQ74f0g6Fz0znvehaCtClHSVtS/JVWfWob/ZomtzWwcdOO47x8Acd/P3oOkNSru5qveDzWHq/rHsXoq8SGvikrbmb4G0z+unlKtNkqDJwiCIAiCIAiCIAiCIAiCmImTYMmHsORDlSghuK6sfwcAAP//A2hkRg==")

45.203387795s ago: executing program 1 (id=1595):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r0}, 0x18)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000280)=""/56, 0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340))
r4 = dup(r3)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r4})
close_range(r1, 0xffffffffffffffff, 0x0)

42.096286865s ago: executing program 1 (id=1605):
r0 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000005c0)=r0, 0x12)
r3 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r5}, 0x10)
write$cgroup_int(r3, &(0x7f0000000040)=0x1, 0x12)

39.616677053s ago: executing program 1 (id=1609):
socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x37000000)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000090000000000"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x701, 0x0, 0x0, {0x16}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0)

35.499148308s ago: executing program 1 (id=1631):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)

34.123414602s ago: executing program 1 (id=1623):
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = socket$xdp(0x2c, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$phonet(0x23, 0x2, 0x1)
sendto$phonet(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x23, 0x28, 0xfd, 0xe}, 0x10)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000380)=@buf)

30.350644357s ago: executing program 6 (id=1642):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x88, r1, 0x5, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x1, 0x1, 0x7, 0x0, {0xa600000000000000, 0x2, 0x0, 0x3fe, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x9, 0x3}}, @val={0x72, 0x6}, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}}, 0x20000014)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x20000041)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r6, @ANYBLOB="040013000a0006000802110000010000060010008005000006001200000000000500c2"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

30.35015017s ago: executing program 2 (id=1629):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b702000000000080bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffff9c6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000004a000000b70000000000000095000000000000008e17f199a68b061b93d83298a8cdda1ce784909b849d5550ad855dab54d8877a6db61d69f2ffcaa10350e11cb97ce8df1bc9a0c4eeceb9971e43405d621ffbc9b0d8ca56b50f0c010ddb03cf1c62d57c08a90b189d190c341035de53a9a53608c10556e5734eb84049761051ce540c772e201b2de17dfdb5b60939d5d6aed4062049b87e03e2cd18a77dda613e0c64497fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8000000000000000b91c61bd99dc89f12907af7dccd106cb937b450f859ce8292a79c3e40000b59b0fc46d6cec3c080a882add4e1179bd4a44f231a2d73148be428ba953df4aece69311687f4122073a236c3a32efa04137d46f0247d2638da3261c8162bb7c7824be6195a66d2e17e122040e11001131ce319045e5b3334e68475ac3f46aa2837f9004600daded9b19b35eebe52613c346e255421b23a278fd00004270b1cd5fc9aa2286ccca37db965d9dd366598f5ec993cb0cf127e2a46cfbdf63eea190d86a4d1b75ae98480100bd5828954a7d093a54f7e75b3753508ca3c41685d1e407315e59d626c23b3f89a926e9382966853774e7dd1f1a2177cdf2802237c177d543e8da47a01f05e113e53518270239b69c117e2637c31085f4d8a596b6edab26afaf6605b231199f38a6fc7eb83714387450ea18eafbace8eec18a4b2c442e7b88a7611c1283bec84e1715fb9f4fcaf52c08058fc4f21c0ad71adabdd850aed3eeec6eaab347bdf474e17b9aa345d1e6e3bb83f90230bdf53e7d0e5c3f914d905422b83f30936674ba8f0bffaf2305c0972df71fe5f4e015064716897bced7798509e64df360d95f9a4099f86438ac2bbcbdbd1d9db21a1d5c065567fd70aae68096827fa5c2d9bd20292344c7dcf6241447cfbb05b5d0fdb4e08afbac5397b64aa369922ed7ed8918f97294b6854210d2b93aaf92159dbaa2f186d4a420c68d6baf1c31de4f0bf478bfd51bb1e96ea849a80ae5a89be7e38474c7aade344d68324f9e12a6b9770e6bd12ae69efffaee58040753701af84c2924c1b5aea1650f42c9ae9820a33095f062fb88313d035ea405515a61a4be64f9fa0985c5be592090cc48291004609fdac2ab6100000000000000a84570c7c00d647daf8af334050b61e9b2d3f0adad1d1ff47be19b8da2799e9ecef8efabe73f92dbd0760f8bbd9c710bd1371e2b5d9a2ea2190f5e4f5cd641cdfe5d89f84a368ef7e6ff1eacdc0ec9e97b8f9c9e314661ea0aa8a104008d188b66b3a4aedeed9df4238a08fc2fb1007233cc2c87fcaa0cccd8ec03440eafe1c8660c73acc17bff740d199a7c0c52c63c0408b5158e0000000c275eedb02f141113cf2c55b2c08c2c68cc99d2bb5840fba332e1c82862ec9b90106248f81d32a47ac94ddee815dba8aeb5d3121cf247a81aef7805b020e9eec44cbe3055be69fe066824ba2292b9cdce41635fc00df96fb10a3a8cc60c4a76c65ebbb0640e0a29de94edf5cbefac1c5fa96e7080af804b22cabce10ea52f1018527f4aa39cdafa3eff63de2a7f50d042667820f6f86f276afb2b8134301e031351ee13013137e9d5cec0c84d7e3f82c6fd12eb98f9ea654bcb9ce59a2015183c6e65bb0537e611b830d74c30fb8207fca0990acdbb51e4e234026e00000000b3ebae3eb52c140953a350fcf0124b1a30b1afc29ea56f8413686d912eb8118d73ef9c6d3843ebcb555301c0205dd3bd9b1d742e334319c8979c322e92fbc2c400"/1423], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42)

27.048489062s ago: executing program 6 (id=1647):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x3, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0, 0x4})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000780)={0x3, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}, {0xffff1000, 0xb3, &(0x7f00000006c0)=""/179}, {0xeeee8000, 0x7b, &(0x7f0000000800)=""/123}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x39383ddd, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)

27.037723875s ago: executing program 2 (id=1649):
sched_setaffinity(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
gettid()
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x60000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mount$bpf(0x0, 0x0, 0x0, 0x400008, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x5, &(0x7f0000000280)={[{@errors_continue}, {@discard}, {@discard}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x1}}, {@norecovery}, {@order_relaxed}, {@order_strict}]}, 0x1, 0xa0d, &(0x7f0000002ac0)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")

18.614942215s ago: executing program 39 (id=1623):
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = socket$xdp(0x2c, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$phonet(0x23, 0x2, 0x1)
sendto$phonet(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x23, 0x28, 0xfd, 0xe}, 0x10)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000380)=@buf)

13.848690773s ago: executing program 4 (id=1632):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x0, 0x42, 0x0, 0x100, 0x0, 0x10000}, 0x28)
syz_open_dev$usbfs(0x0, 0x76, 0x103901)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000580), 0x1000)

13.847778545s ago: executing program 6 (id=1651):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r0, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}]}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x3, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

13.847229463s ago: executing program 2 (id=1652):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
pipe2(&(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4000)
fcntl$setpipe(r1, 0x407, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x28, 0xd19e, 0x0, 0x0, 0x4, 0x8d, 0x40000000, 0x0, 0x0, 0x10, 0x2}}, 0x50)
vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r1, 0x407, 0x2000000)

13.070424927s ago: executing program 4 (id=1633):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601040000000000000000070000001400078008001140000000000800124000040c8f0500010006000000050005000200000005000400000000000900020073797a310000000011000300686173683a69702c706f7274"], 0x60}}, 0x20004000)

11.737761868s ago: executing program 4 (id=1635):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

11.737119746s ago: executing program 2 (id=1637):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0xfffffffe, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000003100)=@gcm_128={{0x304}, "040000000048bd00", "0dd12f0d004fcf0000e8bfff1a8600", "cf0f00", "8657e2b7e63b34e4"}, 0x28)
write$binfmt_script(r0, &(0x7f0000001300), 0x8f)
recvmmsg(r0, 0x0, 0x0, 0x40000002, 0x0)
writev(r0, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000013c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001380)=0x40)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000380)="ac", 0x1}], 0x1)

11.73690789s ago: executing program 3 (id=1638):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0xfffff000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0)
r2 = dup2(r1, r1)
read$FUSE(r2, &(0x7f0000002b00)={0x2020}, 0x2020)

11.736759132s ago: executing program 5 (id=1639):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
clock_gettime(0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
stat(0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
write$sndseq(r0, 0x0, 0x0)
r1 = dup(r0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

11.736524482s ago: executing program 6 (id=1659):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000700)=0x8, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

11.064447845s ago: executing program 2 (id=1640):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r2, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)

10.465621505s ago: executing program 4 (id=1641):
openat$sequencer(0xffffff9c, &(0x7f0000004700), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x101102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e23, @remote}, 0x2, 0x1, 0x3, 0x4}}, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0)

10.465072633s ago: executing program 6 (id=1645):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x2be, &(0x7f0000000140)={0x0, 0x978, 0x0, 0x6, 0x1000111}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, r2, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r3, 0x3516, 0x3e44, 0x8, 0x0, 0x0)

9.497338685s ago: executing program 9 (id=1646):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
write$binfmt_elf64(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509)
close(r2)
r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
close(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x401, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

8.312369156s ago: executing program 5 (id=1650):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x7}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0, 0x4})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000340)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x0, 0x0, 0x3b, 0x100, 0x6, 0x8001, 0x3, 0x2, 0x949a, 0x3})

8.033632874s ago: executing program 3 (id=1656):
syz_io_uring_setup(0x4ce3, &(0x7f0000000380)={0x0, 0xe7ed, 0x2, 0x0, 0x2d9}, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
syz_io_uring_setup(0x279, &(0x7f0000000200)={0x0, 0x84d8, 0x3}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
r0 = syz_io_uring_setup(0x1ed3, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x5, 0x279}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0x9, 0x7, 0x1})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

7.979373475s ago: executing program 4 (id=1657):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r0, 0xa, 0x13)
fcntl$setlease(r0, 0x400, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x3)
fcntl$setsig(r1, 0xa, 0x12)
ppoll(&(0x7f0000000000)=[{r2, 0x8402}], 0x1, 0x0, 0x0, 0x0)
dup2(r1, r2)
r3 = getpgid(0x0)
fcntl$setown(r1, 0x8, r3)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)

7.369886041s ago: executing program 3 (id=1658):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x40)

7.133544412s ago: executing program 9 (id=1660):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="05000000040000000400000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000200000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r3, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)

7.004373685s ago: executing program 5 (id=1661):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
close(0x3)
bind$alg(r1, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
accept4(r1, 0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee6, 0x0, 0x2, 0x30b}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[], 0x84}}, 0x0)

6.795336781s ago: executing program 9 (id=1662):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000400)="f0307024ad83e33e29cada69a04d2d503f12e6cd634e710de7a256edb044825fa794d11a4aa022716faf14336b15c8b0792c321ce225a60f44dd5baf03c4ce747bb5c9f8d52f9dc768881dc57742745c958efd7fd668a95e668b6ac6385b69ac21815c2aed72ea132ca05c61c62cedb1cc28d7a570decc073930cc3b3e7c945dc5c0ae0702d4e19a773fba512b4bf71a36e2920863f8fe5c06549f2647e0f6e9070454a8ee253882d7a5eed5ec9ee2c0ec7a3d338eeb9eb62244beceb56c9870c7d7064b40d293b983509d8f4cca43180064ddaa904cfcaa442c72bba24d25fec602eb9c8bb802bd50be85295d706599e511242e13c2482b35a445ec9c7524a5bed38956a20cdc25c7a5b479da27e9f1e34335fb4206998f2c49d7778aa7e7c63ebefc29c920252dbdf71f2823b2b5d6aca7a21d8e13ef37315e9b6e733382371598dd6592de394d27d91f7eee1e4a47f357ba217cb6a31ad1f00d819f9a6ef7d1aa6720eb484e218708b0be9fe6cf3905cd75af3d6e6d9b0dc1c1e5071c937637b6864ebb665ec730f8fd96b99f07e2e39a5ccbce5c063e802b421242eff9bcbe0a21bf3e762ee42e969248dfcdd8c061ad190cffb69bc09df602029b8484c68fae959fe42fde38d88b947b97896aaec5f9b09d2d05b1f73c8a2d93d2562a915d016092519e7ff424d37cf70f8ee36e0b0984a14cbd2fe5cf7500c10e09467b71abdbcf10b86601f39f20213ca5c1447f7b64a5a0d31256aacbe813c6c3750ae666829712ca442bdc1c1e1dd91af76034f6c4a6b7872f8b487e3bfcca359e8f42ef0221fd0d6f5ef225c918d982bf2d426696e8e9f90822a5c3e65772592a3b77637b67a45ff5cde4ac59aecfcceaad09b877ca6e5c5535c4ddf56002224677ced7e7bf4f5fe0dd4b21f42dfad0cd0da369d368736275a3a58ca8015b87138297ac9232fb6c246ec79ef1ba54b74b8e4abc89f728e8d49570985dcaa34979fa41bed8077ee9c9c861f958c82e883550ef6654057db1371868a4c6d3f72ce7306e7300b2720f9f2836f6db58deca706173f00ac38b50fb8649c4fac3d80677eb725fb172c78540068abd4aec60f0ca32f5aedf6abbaf6e8946b16ed58dd516891b86c6a577348d96a7485a34dd09dc766fc41012e40f7588574ed7c16afe18bd6220924f5eb9447f4acea8996d30ce83a0671e16e44538a4033811658efd277d01cbbd38f5c61ecfc7593dc07e5b4a0d7fad5fbe6e3eee2216bc23e456b793286c06e140ea9389132ce3051912b7f9f31f70f476d23f97113ce69068607d07e2a581cf6646", 0x3a5, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r2, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c002e00"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)

6.503069884s ago: executing program 3 (id=1663):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x18d7, &(0x7f0000001800)={0x0, 0x579a, 0x0, 0x0, 0x40085}, &(0x7f0000000400), &(0x7f0000ffe000))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x2, &(0x7f0000000180), 0xfe)

5.22834543s ago: executing program 3 (id=1665):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r1 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x3c, r3, 0x5, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x70000, {0x18, 0x0, 0x8000, 0x1ff}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x8060040)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, 0x0, 0x8800)

5.05797259s ago: executing program 9 (id=1666):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x10)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)

4.770481555s ago: executing program 3 (id=1667):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
shutdown(0xffffffffffffffff, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

4.695009531s ago: executing program 5 (id=1668):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

4.598676719s ago: executing program 4 (id=1669):
unshare(0x2c020400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$bcachefs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC], 0xff, 0x5a85, &(0x7f0000001080)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvXy+nuD/v6KNt0PpzvWwVM3vyH86B1b7/jeuq/8Xd+Rpw/NVEmqTf0phJXXNT++L4QwkP4PaV8MTf0xdtotIYTBpse9uSCv13eY/8ac9fPS5bJ0OVQQJ96/PrNeytTLrkd9meVgwfYWKi+PbuqVO6izPLOePRktVF6esXx1uvx6urx4nvHL6T6Uk1BKQqWR/mQy00dC03FLQlI7ltXGeqlxbEO6/5n1JLNeyqyX+zL7Vdtu2tHKSdJaHutlyuPpuJKWX9B8bdLGe3PKX5suq+kT9cW4HrI36oZm3WjsV03M6+QcuZwOpaZzULvyxoFPD8ZQWjaUrJn1mKk24n3Htt69obztm8eHc/JI7k/S+ElX8Q9+d/XyD3758IHs63oj/nWlNH6pq/g/vurEs9cc/txnc+N/KsYvdxX/kocGn7nq0TvX57bPydg+la7ijz/12CfWnX39kdz8743xq13F33z0RP+KUw89nJv/WGyfga7iP/m2d/7ki0888HRu/BDjD3YVf9vRPZ/sHzl1UW78h2P7DHXXf547csUPRkZ+NpoX//EYf0VX8b9w6J633rfqritzj++W2D7DXcV/94UP3rH81APn5507k3s7fYUFoJ2z0musj6frXY0zp7KzFvPXNF74q9FK/Zpvefp/xYKjN8lcfE5vZ2Uv4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACOE1b/iv7/rf7xt+ppKu96c3nizVl7F8WQjJQAhh3/7xvft37r5x9EM3Hdi7e3xydHz/6MTu/XtvHb3sN0b3TuyZHL91+t6xN15af9yakNSXyfmztj0QpqZKw61lcXv/6sIjP9rw5v/zzyGMveb7I5Xc/Dfes+u+s9v8zEg2T71914Grv3/536b7NZzmNdwmr6mpqamQk9f/ff8v7/vzkz+9KISxX5krr8ee/K1/bEmoVjATJ1XqD/WE+pPBtnk0sk7zie1V2bFzcmJs7vadfnw5Zz/+9Uee/sWOWz79y3r7VnP3o8P2Hdg8NVn6y63v/v9/eVu9oCivM3Xci9o77kXML7ZfNW3vlel+rczZr0rOft35vYef+Ma5h/MbumC/+tIO0Je8tqPtxr0bTFa3lFfT+jGR+LiN+3ft2bjv1oNv3Llr/MaJGyd2v2XTZZuuGLv8iss31vZ8Y2/2//lDYazy3LrBELf/qx3ufy/600D22Tdru6v++NDX48/O+lNrXsvm3R7TeRW3R3NGec+/wfd+7DNvuefRq+sFRf081m6cT9Ll4PRx3hSa+tvstmq3X0XHJ4Qw2q4dnn3+ynDO/9h5R9F5qPnINP/MSDZPfWf9z//2zX+z9jfrBaflPN+cUJfn+UbWM/nU2qu6Y+ftzXWXWvv2h3K6X0Nt89r0nUf77j7+z3/SyG/ZsnDL+P79ezfVfy5PM12enNc2r2xp3K91tZ/lkB7e0OimbfrrtL5Qzy97/ozVs606lN43lKxpu19Z8b5jW+/eUN72zeN5LZ3cX9/iQFhRXyavy6k5mXlguZFwu+0v1edfUf8YedfffO19X/v7y2b1j0vqP4v2K8nZr6888YXPfP7T//bve7df7/qtE8M//59/tKFesOTPK+V6Io2s03ySmfPK5MQlIRQ9/9aF9vvReP79+3KMm2bUfn+Knn/Z7czUbx9vNLM+FMpdPV8veWjwmasevXN97vP15FzP1+adva3lceWC5+tS6T/Z51dSac1j8Z5fLR0l2Tz1rY+fdeiRj245t15Q9HrZqN2uX1/awfgjZ7/+8ZofjNw0+m/+e+/OG1/6ja9e+8PxzX9aL+j+uMdcenPcq2n7VnPat5F1HHc2t++bbrhpcnu9vKidz9z1b7osGP/EU8m+Ww9+eHxycmLvvs72q9PX07idbCt3+3oaz25rCvarNGu/Fu9GJ+3V6fMt5r+96/Zqfb4NhaSr14WD3129/INfPnxgeNaj0g1dV0rjl7qK/+OrTjx7zeHPfTY3/qdi/EpX8cefeuwT686+/khu/HuTNH61q/ibj57oX3HqoYdz44/F/Ae6iv/k2975ky8+8cDTufFDjD/UVfzUz3LjP56k25m+Rgrhqy9cuqO+noS+9PkW8+hryStk15PMeimzXm5eL8VZhHQD5SRpLY/10vILmnJp5w9zyuNVWHVtffliXA/ZG3OXLzWlpnN/u/Ki61QAgFe6+P5/vAaN7/9PpBdK+TMNMKPbcdiPnztyxQ9GRn62NiduHIfNzOe0vse6No0fHx/nAUfeFMaml7eP1i/05/s+Qnw+ZOc543Yuen1rjMJ5zqna9mfNcxbNv6/PrMe86vPllaZxaGr2uKYSOph/X58JUzT/ntn94vezRj8+K63Rpnmr7PHrS2fM2n3eIbS2S2U6Ql7/yM6Lxc9zjKwMW2rb67B/ZD9HE49D9nM0cTvnZk6c3X6OJq9/DM9uh5a8Yv+I9eboH7WUi9+PnH38whztO3P82kfLHr95HO9qCP/pc3Flsd6f7cG8YdtTWifzhv1tthDv63zecHHfDzMvmRM/fYJ1MG/40qqWx53eecNYHvej0uF84vtyyns1nxhPFzGvk3PkcjqYTwReqeL4P75GTI//py/A/1+mXtE4JXvVGOPlfk6v3D6fonHH7M/pDXb1Or7t6J5P9o+cuij3OufhTj+nt6dlbbDgcz9F7bghs17YjjkTNEXjvex2ito9+7mMobCiq3b/wqF73nrfqruuzG33LfUX0uJ2/0zL2oqCdl/sz3O+/D9nYLzQNv4S/xxDp/NnZ+xzDOkHnxZrPPIHOeXzHY8MzrrR2K+apTsemXkh7W+dwAMAaCuO/xvvn6Xj//8VK6TXEUXj1osz6zFe7rg15/okb9z6++nylkz9ofQ3KuZ73fzuCx+8Y/mpB87PHbfc2+k49D+2rA0XjkMXNm7OHUds6c3nxXPHEY1x1sLGibn5N8aJCxun57xN2zROX9g4Ord9GuPo1nmAz5zoLH6cB8iN35gH6OE496WZSqdvnFswX5fZWFztdL7ujIyjV7bu56KMo9Nfn12scfR7c8rnO44emnWjsV81S3cc3VpuHA0AvFLF8X+8jIvj/0cz9Rb6PnvuuKBH1+3ZvwfSiP/4oowrZ+L36P3f4nHfYo9b88b1yaF2W4n3dj6uX+x5iZf7+7+LPS80XPsDnmn8TSs7jN/pPNkZe395qYyL040aFwMAsJTF8f9Aup4//l/Y+GTW+K2vfgk5Mz55+Y3Pm+udufF5r953Nz5vG7/T961z4i+d+a/F/ZzMq378H9fT1SnjfwAAlqA4/o+/9hj//t9/Sdezf7d+6Y3Tp9JL0kV6Hz1tD+N04/Qwxzj97Tm/7xHv73yc3uN5thi/+XMA5gFO7+fjB2bqmwcAAOBM6KuNlGb/nv0H0mX29+zzfi//mpz6NR38TdRKenl8/f69ExPXHtizfXz/xLW7b9o+se/am/fu3L9/Yne93kLHjbnjljTJvlBJ26N9vey4bVU6MbAq5+8hZOvHsOfVbsz+ewjZzQ4U/B2BmePXWb55x680R/12/SPveOfF/8Oc+lHj+N/wR5dcu2PftTt379y/c3xy58GJ1ujTDTE4j+/NTNL/8/q+1Mee/HfHQ6jfqn1rZkZp/t/fGQ/PPPNo+THriVSabpEk9/hP55Fk8lidZrI67/sPcvL+9n/78z++cOqXXwxh7DXl180379aQm6f+8/snfn//8e/vmc6/NGf+jZppXkXfV5qtH/enMnnTvv1v2HHTgd3Zb5TsTpzPKDXWF2k+I336lzucn9iWUz7f398vz7qxNHU8PzHtHdefvsQAAJa4+P5/vJ6N7x9+Or2AiuWdj9PrF47dvn+cO04f62ycnv1esqJxerZ+3N9Ox+nVBY7Ts9vPH6cP5NZvN07PG3fnxf+DnPrz1Xk/6eL3MeLw88uHD+T2k+uy/WSgbb3s9xkU9ZNs/fn2k2SB/SS7/aL5nHb12/WTvOOeF/89OfXzFPWHSqM/LOz3Z3L7w6c6O2/8ema9qD9k68+3P5QW2B+y2y/qD+3qt+sPecc3L/7VOfU71do/pjtGrV9MXHvzTXs/3FRvsb//Isz+SEYn+S2beezifv9Htzpv38X93NfC8w9hc60kL//F/VzZwvMvav95/P7XyjDrc2W5+T+ecwLpef6L+/0uGXnVZz/+dM3XpmeCos+fFc3jbs0pn+887rJZN5amec3jAj0Vx//x7Z44/r8rXfb6baCX//ek+R6ztvF79D1mRdcxr7rX8+xb7l7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7++kPor6yt3Tx+575TV5/7u9/+s4kXPvp7/7Dr9l/7yJd+OnrDb3/r/sHPv3hs+wU7fvg7Z93w4IeuPHrPXz/y/IqvvfRUYezh2s/KxelqNYTkmSSE6jdO/sXHjn3nnOmyJIRQToYPhbA6WfPI6iQTYewXIYTtMdVK651ffeHSHdPL2+/qbylflQmS3a8wVI75NOcZwi2Fe8TLUDXtZwdP3fyG8KN3bL3je+u+8nd9R54+NFMlqTb1pxBWXtf8+L4QwkD6P9SfMjVr44PT5ZYQwmDT495ckNfrO8x/Y876eelyWbocKogT71+fWS9l6mXXo77McrBgewuVl0e39Yosz6xnT0YLlZdnLF+dLr+eLi+eZ/xy/J+EUhIqjfQnk5k+EpqOWxKS2rGsNtZLjWMb0v3PrCeZ9VJmvdyX2a/adtOOVk6S1vJYL1MeT8eVtPyC5nN1G+/NKX9tuqymT9QX43rI3qgbmnWjsV81Ma+Tc+SS+g/FVbpXajoHtStvHPj0YAylZUPJmlmPmWoj3nds690bytu+eXw4J4/k/iSNn3QV/+B3Vy//4JcPH1ibF/+6Uhq/1FX8H1914tlrDn/us7nxPxXjl7uKf8lDg89c9eid63Pb52Rsn0pX8cefeuwT686+/khu/vfG+NWu4m8+eqJ/xamHHs7Nfyy2z0BX8Z982zt/8sUnHng6N36I8Qe7ir/t6J5P9o+cuig3/sOxfYa66z/PHbniByMjPxvNi/94jL+iq/hfOHTPW+9bddeVucd3S2yf4a7iv/vCB+9YfuqB8/POncm9vXrlBHh1Oiu9xvp4ut7tOHOhmsYLfzVaqV/zLU//r+jlhjKmt7NyEeMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDK9E+3XfaB97/9PVsrSQhJTp2pNuJ95WWbN492sd3xpx77xLqzrz/SXLa2izgAAABAsTgOLzVKqmFtuDkZCOe1rR/nCM6La0lreXYZ42TnCDqNEzJxSm3ilLqIU+5RPpUexenrUZxlPYrT36M41YI41dBZnIE54lSme0CH+QzOmU/ncYZ6FGd5j+Ks6FGclT2Ks6pHcYbnjNN5P1zdozhrehTnrB7FObtHcV7Tozi/0qM45/QoTnZOeb79cEVa89y8OLUb5cI4laTcuKPdfPo56XbOX+B2hubcTnVqRdHrcYfbGSjYn7id12ceVyrezqHm+tUOt/Or899O6/53uJ1fX+B2SgXbif32lmx+cTtxrcP+f2uP4hzsUZyP9CjObT2K8yfzidPmPbIY5097lM9HFxgHoFNx/D8z3hsO/ZXfDIPpGSc7CxDHu+tqP2e/3uWdkGK812XKlxXFyw7UM/HWzTe/7ARCJt76TLS+lniVxnhkjnjV5ngbMnfOtb9v29w+t+Z4F2fK++eIV5OdWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARfRPt132gfe//T1bQxKm/7U11Ua8r7xs8+bRLrZ7bOvdG8rbvnm8uay/0kUgAAAAoFAch/c1Sqqhv7Ip9CfLWupV03mAarpeHq4vR1aGLdPLZLRUWx9MVs/5uEr6uI37d+3ZuO/Wg2/cuWv8xokbJ3a/ZdNlm64Yu/yKyzfu2Dk5MVb/GUJ/QbwQQm36Yd+tBz88Pjk5sXdfvTCb/9r0cWtrydb+1R438qYwNr28Pc1/TcH2SrO2t3g3OjqAAAAAAAAAAAAA/8Ku3YZKWpYPAL+emTkz49H9O398Gxf3OKyrWFmpHUNLPA8ECb4sHoSYY51kyZWko7vorphNupCaUgTKwrLhhzZM0qQvvqREvrBgmCV0NgmV8kN9KLQMFT+EMnHOzDNnZs6McxrEXbff78Pzct3XfV/P/Xw4cD1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgQ7TYmJ6vz8zOTSYRyZCc5gDZWL6YprUx6n7lie0/KE29c3p3rFQYYyEAAABgpKwPn+hEylEq5CMfJy7fbYyugVjp+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP89i43p+frM7NyRSUQyJKc5QDaWL6ZpbYy6r7710Gdfmpr6W3esOsY6AAAAwGhZH57rRMpRjVNiIjlxqfPvRLNvA+v75rfyVmTrbFhjXv+3g2F5p6wx77Q15n1sRN7m9vmmAAAAgI++rP8vdCKVKBXWreqHs/5/VF+f5Z3cl5dvn9f+W4HimjMBAACA95f1/6VOpBqlQrXTr6+139/Yl5fNH/V/+2z+qUPmj/p//qXts//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx2Jjer4+MzuXTyKSITnNAbKxfDFNa2PUPfvJyX9cvP/2jd2xUmGMhQAAAICRsj58pfUuR6kwGRNx5HLfP3XhvY986ZHHpiOi1eYXi3HTlh07rj+7dczyznp+/8T3n33926vyzmodD9oGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8xiY3q+PjM7d0QSkQzJaQ6QjeWLaVobo+4rn//iXx548fHXumPVMdYBAAAARsv68JXevxzVKEYxjl++6+71l+T65g/7ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPm745s3f2LKwsPV6FwfnopmPOAQew4WL3ouD/ZcJAAD4oJ0cSTT/SydcdrCfGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQsNqbn6zOzc+UkIhmS02w2dy0dumVj+WKa1saomz7xQmndO08+3R2rjrEOAAAAMFrWh6/0/uWoxkRMxHHLd4O+CSz3/5UP8SEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ8piY3q+PjM7ty6JSIbkNAfIxvLFNK2NUff+XXs/d9/R37uoO1YqjLEQAAAAMFLWhxc7kXKUCh+PUpzUvl/onZDk2+fB3wVW5m3vmTa55nmNrlnFyK953p19Oyu0d9OaV25H85XWuTOvtjIv155X65pXjU75Wmfe8sva3VNt3YjnHPTuAQAA4MOS9f+lTqQSpUKpq///aU9+RZ8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyx2Jier8/MziVJRDIkpzlANpYvpmltjLo3//b/j/rqz+7a2R2rjrEOAAAAMFrWh6/0/uWoxob4v9iw3PdHpTc/y/tn/d377vnXX0+POPP4A1OF/mV/lF38+pULnuo/ROR6s3MRR7frJUPq/eb399y4qfnuAxFnHpc/aVW9eP96vUumzUfrWy/d8eyB7SNeDgAAABwmsv5/ohOpRKlw3dD+P+u8R/T/HcsN+NE37vrFse1juyPvm5GrtOvlhtT7wqaH/nzquX9/fan/X13vk52rT++99r5jewq2In2StDlz7c7NB87Zl8t23aqf76ufvZcvf+u1f199093vtuqXo9yOr+97lFa11ce+8pE2F3J75i55b0+jt35hyP5v/93TL/5q/V1vL9V/6+TJTv3TYlD91s4LQ+vHEWlz8vI7dp+3d//m3voRUYv86vpvvH1RnPDHa27r3/9k38Ldb7772P8C0ubzG9/cd+691fN76ydL9btk7//nL96/+yd3f/exrH72W5HTT1lr/Vxf/efuPGbXM7detr63fq6vfrb/p654aWpb7Tt/6N//VT2rFoY+xer9P3jGw1e+vCW9pX8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8LLYmJ6vz8zO5ZKIZEhOc4BsLF9M09oYdV+9+IU3rrjrxz/sjlXHWAcAAAAYLevDV3r/clSjGMWYXO77H61vvXTHswe2R6U1mrTPhYVtN+z4xNXbdl531UF6cgAAAGCtXr04We7/C51IJUqFTTHR7v9nrt25+cA5+3JZ/59bOicRcfU1C1vPjE7ec3ces+uZWy9b3/lOELH8s4DyUt5nVvIuvOCFypt/+vqpA/POXsl7fuOb+869t3p+lhfdeWdF5/vEg2c8fOXLW9JbOs/Xnfepr21baH+eyNadvPyO3eft3b85l33HaJ8n2+tmeQu5PXOXvLenkatEaWk8384rt/cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKy22Jier8/MzkU+IhmS0+zWDmRj+WKa1saoe8mmX9521DuPb+iOlQpjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVfZxAH+emdl3Z3d2dVdfaCtaVysKu1AKIuqmoiI0QujKkLA0L6IgiCjsojU0Eiu6CbJuJCqothAMcpNEizX6J910UUGBdRGItFC7SBcZO/OccfY4p9HZCqTPB4Znn+ec8z2/c55nzuwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiv9FZG6u2RHY/M3nnRrZ89df/Mk7d/8NC2K55466exTTd/urf/9ZNTm5dv+faWpZsOPLBmcvcrh38bfO+PYx2DH280K1O3GkI8EUOofjj94tNTn18wNxZDCOU4NB7CcFxyeDjmElb/HkLY3Kxz/sZ9M9dsmWu37eqdN744F5K/rlArZ/U0DM2vt9WpfBjnnWpaZ1tnH7sqfH/T+u1fLnv3nZ6J4+Ond4lz+5TTegph0cbW43tCCH3pMydbbSPZwaldF0Lobznuug51XXqW9a8q6F+c2v+lttYhJ9u+Itcv5fbL9zM9uba/w/kWqqiObvfrZCDXzz+MFqpZ56r248OpfT+1K88xv5x9YijFUGmW/2A8vUZCy7zFEOtzWW32S9ncVkK6/p6W42IIMdcv5frlntx11c+bFlo5xvnj2X658exxXEnjy1uf1W3cVTB+YWqr6Yt6MuuH/B8NtTP+aF5XXVbX9F/U8m8otTyD2o03Jz5NRi2N1eKSM4451Ua2bWr9s5eXN3x0ZKigjrg3pvzYVf7WL4YH7nl756MjRfkbSym/1FX+D2uP/nL3zldfLsx/Icsvd5V/9cH+E2s/3rGi8P5MZ/enclb5MfWzbfce++S5Zf+/b6LdXNfz92T51a7qv3HyaO/g7MFDhfWvzu5PX1f5391w249vfr3/eGF+yPL7u8rfMPnw872js1cW5h9qfBVq9RXaxfr5deLab0ZHfx4ryv8qu/+DbfJjx/w3xndf/9riXWsK1+e67P4Mpfy+c6r/jssObB+Y3X9J0bMz7vm7fjkB/puWpv+xnkn9Tu+Z+2ZKbd8zF6rlfeGlsUrjF2ggfTq9Gy7E3HkW/YP5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//2/0YpQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
fallocate(r1, 0x0, 0x4, 0x5)
writev(r1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)

4.598523757s ago: executing program 9 (id=1670):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008200000018070000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a6000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

3.611268519s ago: executing program 5 (id=1671):
sched_setaffinity(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
gettid()
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x60000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mount$bpf(0x0, 0x0, 0x0, 0x400008, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x5, &(0x7f0000000280)={[{@errors_continue}, {@discard}, {@discard}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x1}}, {@norecovery}, {@order_relaxed}, {@order_strict}]}, 0x1, 0xa0d, &(0x7f0000002ac0)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")

2.115820495s ago: executing program 2 (id=1672):
openat$sequencer(0xffffff9c, &(0x7f0000004700), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x101102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e23, @remote}, 0x2, 0x1, 0x3, 0x4}}, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0)

2.114251499s ago: executing program 6 (id=1673):
syz_io_uring_setup(0x4ce3, &(0x7f0000000380)={0x0, 0xe7ed, 0x2, 0x0, 0x2d9}, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
syz_io_uring_setup(0x279, &(0x7f0000000200)={0x0, 0x84d8, 0x3}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
r0 = syz_io_uring_setup(0x1ed3, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x5, 0x279}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0x9, 0x7, 0x1})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1.849470662s ago: executing program 5 (id=1674):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000700)=0x8, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

0s ago: executing program 9 (id=1675):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
connect$inet(r0, &(0x7f0000001980)={0x2, 0x1, @local}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x810)

kernel console output (not intermixed with test programs):

32.530062][ T9082] veth0_vlan: entered promiscuous mode
[  432.704145][ T9082] veth1_vlan: entered promiscuous mode
[  432.900279][ T9082] veth0_macvtap: entered promiscuous mode
[  433.330153][ T9082] veth1_macvtap: entered promiscuous mode
[  433.546776][ T9082] batman_adv: batadv0: Interface activated: batadv_slave_0
[  433.586503][ T9082] batman_adv: batadv0: Interface activated: batadv_slave_1
[  433.682573][ T7290] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  433.729298][ T7290] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  433.799330][ T7290] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  433.861491][ T7290] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  434.227309][ T7449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  434.261382][ T7449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  434.281759][ T9102] 8021q: adding VLAN 0 to HW filter on device batadv0
[  436.053827][ T6323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.120520][ T6323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  437.915711][ T9289] netlink: 'syz.3.928': attribute type 4 has an invalid length.
[  437.983093][ T9294] netlink: 'syz.3.928': attribute type 4 has an invalid length.
[  438.050974][ T9284] bond1: (slave ip6gretap1): making interface the new active one
[  438.103420][ T9284] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  438.942068][ T9298] loop2: detected capacity change from 0 to 8192
[  439.251320][ T7332]  loop2: p1 p2[DM] p4
[  439.256610][ T7332] loop2: p1 size 196608 extends beyond EOD, truncated
[  439.307825][ T7332] loop2: p2 start 4292936063 is beyond EOD, truncated
[  439.339252][ T7332] loop2: p4 size 50331648 extends beyond EOD, truncated
[  439.609801][ T9102] veth0_vlan: entered promiscuous mode
[  439.698228][ T9102] veth1_vlan: entered promiscuous mode
[  440.676886][ T6191] udevd[6191]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  440.728724][ T7332] udevd[7332]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  441.510655][ T9102] veth0_macvtap: entered promiscuous mode
[  441.660954][ T9102] veth1_macvtap: entered promiscuous mode
[  441.797718][ T9102] batman_adv: batadv0: Interface activated: batadv_slave_0
[  441.890023][ T9102] batman_adv: batadv0: Interface activated: batadv_slave_1
[  441.921222][   T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  441.938774][ T7449] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  441.969649][ T7449] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  441.992895][ T9340] binder_alloc: 9339: pid 9339 spamming oneway? 1 buffers allocated for a total size of 4096
[  442.030840][ T7449] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  442.059227][ T7449] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  442.192992][   T24] usb 2-1: Using ep0 maxpacket: 32
[  443.049527][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.061158][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  443.070931][   T24] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  443.080116][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.091339][   T24] usb 2-1: config 0 descriptor??
[  443.542443][   T24] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  443.649733][ T9347] bond2: (slave ip6gretap1): making interface the new active one
[  443.701454][ T9347] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  443.873165][ T5951] usb 2-1: USB disconnect, device number 3
[  443.977482][ T7031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  444.011113][ T7031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  444.028147][ T9355] fido_id[9355]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  444.133956][ T9359] loop9: detected capacity change from 0 to 1024
[  444.183665][ T9359] EXT4-fs: Ignoring removed bh option
[  444.224174][ T9359] EXT4-fs: Ignoring removed nobh option
[  444.268450][ T7031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  444.322463][ T7031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  444.353057][ T9359] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  445.854008][ T8892] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  446.339070][ T9382] netlink: 12 bytes leftover after parsing attributes in process `syz.9.955'.
[  446.352277][ T9386] loop3: detected capacity change from 0 to 128
[  446.559039][ T9386] EXT4-fs: Ignoring removed nomblk_io_submit option
[  446.980119][ T9386] EXT4-fs (loop3): Test dummy encryption mode enabled
[  447.468189][ T9386] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  447.635612][ T9386] ext4 filesystem being mounted at /181/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  448.853123][ T9427] netlink: 36 bytes leftover after parsing attributes in process `syz.6.968'.
[  449.746663][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  451.672987][ T5864] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  452.589584][ T9444] netlink: 25 bytes leftover after parsing attributes in process `syz.9.973'.
[  455.127212][ T9461] 8021q: adding VLAN 0 to HW filter on device bond1
[  455.260925][ T9467] bond1: (slave ip6gretap1): making interface the new active one
[  455.293193][ T9467] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  455.607803][ T9474] netlink: 12 bytes leftover after parsing attributes in process `syz.2.978'.
[  457.336070][ T9487] loop6: detected capacity change from 0 to 8192
[  457.387377][ T6190]  loop6: p1 p2[DM] p4
[  457.407524][ T6190] loop6: p1 size 196608 extends beyond EOD, truncated
[  457.462718][ T6190] loop6: p2 start 4292936063 is beyond EOD, truncated
[  457.496504][ T6190] loop6: p4 size 50331648 extends beyond EOD, truncated
[  457.605211][ T9487]  loop6: p1 p2[DM] p4
[  457.628540][ T9487] loop6: p1 size 196608 extends beyond EOD, truncated
[  457.801419][ T9487] loop6: p2 start 4292936063 is beyond EOD, truncated
[  457.904580][ T9498] loop2: detected capacity change from 0 to 16
[  457.935568][ T9487] loop6: p4 size 50331648 extends beyond EOD, truncated
[  457.951988][ T9498] erofs (device loop2): mounted with root inode @ nid 36.
[  457.996558][ T9498] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[  458.093816][ T9498] erofs (device loop2): failed to decompress -3 in[47, 4049] out[1851]
[  458.168173][ T9498] erofs (device loop2): read error -117 @ 43 of nid 36
[  458.205707][ T9503] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[  458.274525][ T9503] erofs (device loop2): failed to decompress -3 in[47, 4049] out[1851]
[  458.336776][ T9503] erofs (device loop2): read error -117 @ 43 of nid 36
[  458.548169][ T5845] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  458.554559][ T9501] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.564602][ T9501] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.853418][   T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  458.904535][ T5845] usb 10-1: Using ep0 maxpacket: 8
[  459.812223][   T10] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  459.820888][   T10] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  459.911677][ T5969] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  459.936114][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  460.000092][ T7332] udevd[7332]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  460.019072][ T6190] udevd[6190]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[  460.049501][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  460.098564][ T7332] udevd[7332]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  460.109728][ T6190] udevd[6190]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[  460.124396][ T5969] usb 9-1: Using ep0 maxpacket: 16
[  460.135907][ T5969] usb 9-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  460.149171][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  460.160352][ T5969] usb 9-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  460.223055][   T10] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  460.231276][ T5969] usb 9-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  460.260838][   T10] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  460.287827][   T10] usb 7-1: Product: syz
[  460.306638][   T10] usb 7-1: Manufacturer: syz
[  460.306643][ T5969] usb 9-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  460.352334][   T10] cdc_wdm 7-1:1.0: skipping garbage
[  460.370191][ T9501] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  460.388261][   T10] cdc_wdm 7-1:1.0: skipping garbage
[  460.400696][ T5969] usb 9-1: config 7 interface 0 has no altsetting 0
[  460.426719][ T5969] usb 9-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  460.439692][ T9501] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  460.447669][ T5969] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.481465][   T10] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  460.509107][   T10] cdc_wdm 7-1:1.0: Unknown control protocol
[  460.675068][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.681894][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.690749][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.697367][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.703845][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.710456][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.716852][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.723503][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.730736][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.737345][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.744276][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.750888][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.757277][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.763886][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.770293][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.776898][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.783251][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.789848][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.796160][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  460.802765][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  460.814042][ T5971] usb 7-1: USB disconnect, device number 3
[  460.814203][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  460.888792][ T5969] hid (null): report_id 14459 is invalid
[  460.959339][ T5969] hid (null): report_id 0 is invalid
[  460.971503][   T30] audit: type=1326 audit(1756893019.980:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9515 comm="syz.2.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2725f8ebe9 code=0x7fc00000
[  460.996412][ T5969] hid (null): report_id 3563458052 is invalid
[  461.049725][ T5969] input: HID 0458:5010 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:7.0/0003:0458:5010.0006/input/input12
[  461.424026][ T5969] kye 0003:0458:5010.0006: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.8-1/input0
[  461.562784][ T5969] usb 9-1: USB disconnect, device number 3
[  461.846345][ T7448] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  461.908012][ T7448] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  461.977944][ T9522] fido_id[9522]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  461.998460][ T7448] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  462.008499][ T7448] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  462.041150][ T5845] usb 10-1: unable to get BOS descriptor or descriptor too short
[  462.138079][ T5845] usb 10-1: unable to read config index 0 descriptor/start: -71
[  462.206958][ T5845] usb 10-1: can't read configurations, error -71
[  462.482893][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.3.997'.
[  462.557077][ T9545] netlink: 12 bytes leftover after parsing attributes in process `syz.1.999'.
[  462.898310][ T9551] macvlan2: entered promiscuous mode
[  462.929773][ T9551] macvlan2: entered allmulticast mode
[  463.006445][ T9551] bond3: (slave macvlan2): Opening slave failed
[  463.397784][ T9548] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  463.413267][ T9548] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  464.997350][ T9561] loop1: detected capacity change from 0 to 8192
[  471.917059][ T9631] loop9: detected capacity change from 0 to 256
[  472.052590][ T9631] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  472.131171][   T30] audit: type=1800 audit(1756893031.120:100): pid=9631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1023" name="file1" dev="loop9" ino=1048654 res=0 errno=0
[  472.221275][ T9631] FAT-fs (loop9): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  472.232327][ T9631] FAT-fs (loop9): Filesystem has been set read-only
[  472.895350][ T9648] loop3: detected capacity change from 0 to 16
[  472.903253][ T9647] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1029'.
[  472.939390][ T9648] erofs (device loop3): mounted with root inode @ nid 36.
[  473.443113][ T9654] netlink: 'syz.3.1043': attribute type 4 has an invalid length.
[  473.554795][   T30] audit: type=1326 audit(1756893032.560:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  473.611135][   T30] audit: type=1326 audit(1756893032.560:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  473.695490][   T30] audit: type=1326 audit(1756893032.600:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  473.757534][   T30] audit: type=1326 audit(1756893032.600:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  474.697674][   T30] audit: type=1326 audit(1756893032.600:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  474.722378][   T30] audit: type=1326 audit(1756893032.600:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  474.744880][   T30] audit: type=1326 audit(1756893032.600:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  474.768699][   T30] audit: type=1326 audit(1756893032.600:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  474.791420][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[  474.808167][   T30] audit: type=1326 audit(1756893032.600:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.9.1031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7feff0d8ebe9 code=0x7ffc0000
[  477.578183][ T9691] loop6: detected capacity change from 0 to 256
[  477.592458][ T9691] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  477.638155][ T9691] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  477.709095][ T9691] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  477.760814][ T9695] loop3: detected capacity change from 0 to 16
[  477.787741][ T9695] erofs (device loop3): mounted with root inode @ nid 36.
[  477.799207][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  477.799249][   T30] audit: type=1326 audit(1756893036.810:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb12f8ebe9 code=0x7ffc0000
[  477.890975][ T9695] overlayfs: failed to get redirect (-117)
[  477.974323][   T30] audit: type=1326 audit(1756893036.850:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffb12f8ebe9 code=0x7ffc0000
[  478.000403][   T30] audit: type=1326 audit(1756893036.850:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb12f8ebe9 code=0x7ffc0000
[  478.022840][   T30] audit: type=1326 audit(1756893036.850:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ffb12f8ebe9 code=0x7ffc0000
[  478.046764][   T30] audit: type=1326 audit(1756893036.850:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffb12f8ec23 code=0x7ffc0000
[  478.531142][   T30] audit: type=1326 audit(1756893036.860:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ffb12f8d69f code=0x7ffc0000
[  478.569692][   T30] audit: type=1326 audit(1756893036.870:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7ffb12f8ec77 code=0x7ffc0000
[  478.593409][   T30] audit: type=1326 audit(1756893036.870:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffb12f8d550 code=0x7ffc0000
[  478.691161][   T30] audit: type=1326 audit(1756893036.870:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ffb12f8d84a code=0x7ffc0000
[  478.833180][   T30] audit: type=1326 audit(1756893036.890:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.6.1054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb12f8ebe9 code=0x7ffc0000
[  479.007268][ T9702] loop9: detected capacity change from 0 to 16
[  479.113448][ T9702] erofs (device loop9): mounted with root inode @ nid 36.
[  479.281482][ T9706] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1046'.
[  479.401611][ T9710] netlink: 19 bytes leftover after parsing attributes in process `syz.1.1048'.
[  481.565708][ T5845] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  482.111382][ T5845] usb 4-1: Using ep0 maxpacket: 32
[  482.140782][ T5845] usb 4-1: config 0 has an invalid interface number: 89 but max is 0
[  482.168738][ T5845] usb 4-1: config 0 has no interface number 0
[  482.185945][ T5845] usb 4-1: config 0 interface 89 has no altsetting 0
[  482.407348][ T5845] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  482.431098][ T5845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.451099][ T5845] usb 4-1: Product: syz
[  482.461353][ T5845] usb 4-1: Manufacturer: syz
[  482.471118][ T5845] usb 4-1: SerialNumber: syz
[  482.484841][ T9727] vlan2: entered promiscuous mode
[  482.489899][ T9727] bridge0: entered promiscuous mode
[  483.064298][ T9728] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  483.283093][ T5845] usb 4-1: config 0 descriptor??
[  483.298405][ T5845] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  483.309220][ T5845] em28xx 4-1:0.89: Video interface 89 found: bulk
[  483.312059][ T9727] vlan2: entered allmulticast mode
[  483.341170][ T9727] bridge0: entered allmulticast mode
[  483.563102][ T5845] em28xx 4-1:0.89: unknown em28xx chip ID (0)
[  483.784696][ T5845] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  483.811226][ T5845] em28xx 4-1:0.89: board has no eeprom
[  483.911099][ T5845] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67)
[  483.940680][ T5845] em28xx 4-1:0.89: analog set to bulk mode.
[  483.947126][ T5969] em28xx 4-1:0.89: Registering V4L2 extension
[  483.993811][ T5845] usb 4-1: USB disconnect, device number 5
[  484.040156][ T5845] em28xx 4-1:0.89: Disconnecting em28xx
[  484.133120][ T9743] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1058'.
[  484.230596][ T5969] em28xx 4-1:0.89: Config register raw data: 0xffffffed
[  484.243848][ T5969] em28xx 4-1:0.89: AC97 chip type couldn't be determined
[  484.251163][ T5969] em28xx 4-1:0.89: No AC97 audio processor
[  484.265175][ T5969] usb 4-1: Decoder not found
[  484.273286][ T5969] em28xx 4-1:0.89: failed to create media graph
[  484.282325][ T5969] em28xx 4-1:0.89: V4L2 device video103 deregistered
[  484.348793][ T5969] em28xx 4-1:0.89: Registering snapshot button...
[  484.418912][ T5969] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input13
[  484.490537][ T5969] em28xx 4-1:0.89: Remote control support is not available for this card.
[  484.544275][ T9752] loop2: detected capacity change from 0 to 65
[  484.616640][ T5845] em28xx 4-1:0.89: Closing input extension
[  484.651360][ T5845] em28xx 4-1:0.89: Deregistering snapshot button
[  484.659932][ T9752] BFS-fs: bfs_fill_super(): NOTE: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway
[  484.747403][ T5845] em28xx 4-1:0.89: Freeing device
[  485.059751][ T9759] binder: 9756:9759 ioctl c0306201 200000000180 returned -11
[  486.275494][ T9771] loop6: detected capacity change from 0 to 16
[  486.393774][ T9771] erofs (device loop6): mounted with root inode @ nid 36.
[  487.737101][ T9783] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1068'.
[  488.096414][ T9786] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1070'.
[  489.428963][ T9796] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  489.505275][ T9796] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  489.652042][ T9802] overlayfs: workdir and upperdir must reside under the same mount
[  489.860377][ T9806] binder: 9805:9806 ioctl c0306201 200000000440 returned -14
[  489.880760][ T9797] macvlan2: entered promiscuous mode
[  489.897947][ T9797] macvlan2: entered allmulticast mode
[  489.934741][ T9797] bond1: (slave macvlan2): Error -98 calling set_mac_address
[  490.051108][ T5845] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  490.211212][ T5845] usb 2-1: Using ep0 maxpacket: 32
[  490.312335][ T5845] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  490.612249][ T5845] usb 2-1: config 0 has no interface number 0
[  490.618390][ T5845] usb 2-1: config 0 interface 89 has no altsetting 0
[  490.861960][ T5845] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  490.877554][ T5845] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.888115][ T5845] usb 2-1: Product: syz
[  490.910945][ T5845] usb 2-1: Manufacturer: syz
[  490.927612][ T5845] usb 2-1: SerialNumber: syz
[  490.956567][ T5845] usb 2-1: config 0 descriptor??
[  491.023946][ T5845] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  491.112584][ T5845] em28xx 2-1:0.89: Video interface 89 found: bulk
[  491.627128][ T5845] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[  491.670185][ T9823] loop2: detected capacity change from 0 to 16
[  491.710784][ T9823] erofs (device loop2): mounted with root inode @ nid 36.
[  493.540155][ T5845] em28xx 2-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1)
[  493.871112][ T5845] em28xx 2-1:0.89: failed to read eeprom (err=-5)
[  493.877618][ T5845] em28xx 2-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  493.951292][ T5845] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[  493.958671][ T5845] em28xx 2-1:0.89: analog set to bulk mode.
[  493.971356][   T24] em28xx 2-1:0.89: Registering V4L2 extension
[  493.982602][ T5845] usb 2-1: USB disconnect, device number 4
[  494.001920][ T5845] em28xx 2-1:0.89: Disconnecting em28xx
[  494.312278][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  494.312299][   T30] audit: type=1326 audit(1756893053.330:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9838 comm="syz.8.1087" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fda8af8ebe9 code=0x0
[  494.459562][   T24] em28xx 2-1:0.89: Config register raw data: 0xffffffed
[  494.474681][   T24] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[  494.515576][   T24] em28xx 2-1:0.89: No AC97 audio processor
[  494.552710][   T24] usb 2-1: Decoder not found
[  494.564062][   T24] em28xx 2-1:0.89: failed to create media graph
[  494.577621][   T24] em28xx 2-1:0.89: V4L2 device video103 deregistered
[  494.604677][   T24] em28xx 2-1:0.89: Registering snapshot button...
[  494.623754][   T24] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input14
[  494.653693][   T24] em28xx 2-1:0.89: Remote control support is not available for this card.
[  494.662486][ T5845] em28xx 2-1:0.89: Closing input extension
[  494.668620][ T5845] em28xx 2-1:0.89: Deregistering snapshot button
[  494.707375][ T5845] em28xx 2-1:0.89: Freeing device
[  495.324917][ T9844] loop9: detected capacity change from 0 to 1024
[  495.350833][ T9851] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1089'.
[  495.459964][ T9844] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  495.632395][ T9844] EXT4-fs error (device loop9): ext4_find_dest_de:2051: inode #2: block 16: comm syz.9.1092: bad entry in directory: inode out of bounds - offset=12, inode=1282, rec_len=12, size=1024 fake=1
[  496.412490][ T9869] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  497.036867][ T8892] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  497.039690][ T9870] netlink: 80 bytes leftover after parsing attributes in process `syz.8.1096'.
[  498.861150][ T5951] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  499.111150][ T5951] usb 10-1: Using ep0 maxpacket: 32
[  499.871562][ T5951] usb 10-1: config 0 has an invalid interface number: 89 but max is 0
[  499.879748][ T5951] usb 10-1: config 0 has no interface number 0
[  499.888263][ T5951] usb 10-1: config 0 interface 89 has no altsetting 0
[  499.901947][ T5951] usb 10-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  499.921353][ T5951] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.940036][ T5951] usb 10-1: Product: syz
[  499.960017][ T5951] usb 10-1: Manufacturer: syz
[  499.970169][ T5951] usb 10-1: SerialNumber: syz
[  499.997694][ T5951] usb 10-1: config 0 descriptor??
[  500.013612][ T5951] em28xx 10-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  500.031079][ T5951] em28xx 10-1:0.89: Video interface 89 found: bulk
[  500.671264][ T5951] em28xx 10-1:0.89: unknown em28xx chip ID (0)
[  500.731210][   T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  500.891481][   T24] usb 3-1: Using ep0 maxpacket: 8
[  500.919230][   T24] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  500.945636][   T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  500.956641][   T24] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  500.967375][   T24] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  500.982544][   T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  500.991956][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.440327][   T24] usb 3-1: GET_CAPABILITIES returned 0
[  501.457188][   T24] usbtmc 3-1:16.0: can't read capabilities
[  501.611597][ T5951] em28xx 10-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1)
[  501.625947][ T5973] usb 3-1: USB disconnect, device number 5
[  501.763375][ T5951] em28xx 10-1:0.89: failed to read eeprom (err=-5)
[  501.782090][ T5951] em28xx 10-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  501.951122][ T5951] em28xx 10-1:0.89: Identified as Terratec Grabby (card=67)
[  501.999361][ T5951] em28xx 10-1:0.89: analog set to bulk mode.
[  502.012106][ T5952] em28xx 10-1:0.89: Registering V4L2 extension
[  502.026560][ T5951] usb 10-1: USB disconnect, device number 5
[  502.058293][ T5951] em28xx 10-1:0.89: Disconnecting em28xx
[  502.192440][ T5952] em28xx 10-1:0.89: Config register raw data: 0xffffffed
[  502.236128][ T5952] em28xx 10-1:0.89: AC97 chip type couldn't be determined
[  502.270016][ T5952] em28xx 10-1:0.89: No AC97 audio processor
[  502.315316][ T5952] usb 10-1: Decoder not found
[  502.337013][ T5952] em28xx 10-1:0.89: failed to create media graph
[  502.436383][ T5952] em28xx 10-1:0.89: V4L2 device video103 deregistered
[  502.510072][ T5952] em28xx 10-1:0.89: Registering snapshot button...
[  502.619028][ T5952] input: em28xx snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.89/input/input15
[  503.626812][ T5952] em28xx 10-1:0.89: Remote control support is not available for this card.
[  503.711234][ T5951] em28xx 10-1:0.89: Closing input extension
[  503.724903][ T5951] em28xx 10-1:0.89: Deregistering snapshot button
[  503.823112][ T5951] em28xx 10-1:0.89: Freeing device
[  508.141764][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  509.716568][ T9987] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  510.067167][ T9992] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1133'.
[  510.127617][ T9992] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1133'.
[  511.207343][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  511.341809][   T10] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  511.553501][   T10] usb 3-1: config 1 has an invalid interface descriptor of length 6, skipping
[  511.581242][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  511.617127][   T10] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  511.652822][   T10] usb 3-1: config 1 has no interface number 1
[  511.683807][   T10] usb 3-1: string descriptor 0 read error: -22
[  511.687471][T10011] hugetlbfs: syz.6.1138 (10011): Using mlock ulimits for SHM_HUGETLB is obsolete
[  511.710670][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  511.751127][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.835896][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  511.877563][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  511.911171][   T10] usb 3-1: MIDIStreaming interface descriptor not found
[  512.205457][   T10] usb 3-1: USB disconnect, device number 6
[  513.553412][T10032] loop6: detected capacity change from 0 to 2048
[  513.620447][T10032] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  513.848771][T10038] loop8: detected capacity change from 0 to 1764
[  514.089936][T10038] binder: 10034:10038 ioctl c0306201 200000000080 returned -14
[  514.579116][ T9102] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  514.836659][T10055] loop3: detected capacity change from 0 to 1024
[  515.794072][ T7267] hfsplus: b-tree write err: -5, ino 4
[  516.025671][T10073] __vm_enough_memory: pid: 10073, comm: syz.3.1170, bytes: 21200516984832 not enough memory for the allocation
[  516.031822][T10072] binder: 10070:10072 ioctl c0306201 200000000080 returned -14
[  518.389901][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  521.200040][ T5973] libceph: connect (1)[c::]:6789 error -101
[  521.206631][ T5973] libceph: mon0 (1)[c::]:6789 connect error
[  521.251725][T10114] ceph: No mds server is up or the cluster is laggy
[  522.667882][ T7452] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  523.976171][ T7452] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  524.651750][   T30] audit: type=1800 audit(1756893083.660:145): pid=10151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1181" name="/" dev="9p" ino=2 res=0 errno=0
[  524.917897][ T7452] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.359789][ T7452] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.291356][ T7452] gretap0: left allmulticast mode
[  530.337860][ T7452] gretap0: left promiscuous mode
[  531.146497][ T7452] bridge0: port 3(gretap0) entered disabled state
[  531.271594][ T7452] bridge_slave_1: left allmulticast mode
[  531.277280][ T7452] bridge_slave_1: left promiscuous mode
[  531.299404][ T7452] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.874244][ T7452] bridge_slave_0: left allmulticast mode
[  531.944694][ T7452] bridge_slave_0: left promiscuous mode
[  531.987826][ T7452] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.671340][ T1212] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  532.864276][ T1212] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  532.903978][ T1212] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.981753][ T1212] usb 3-1: Product: syz
[  532.985974][ T1212] usb 3-1: Manufacturer: syz
[  533.030870][ T1212] usb 3-1: SerialNumber: syz
[  533.082122][ T1212] usb 3-1: config 0 descriptor??
[  533.338824][ T1212] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  534.843379][T10233] loop3: detected capacity change from 0 to 2048
[  535.681634][ T1212] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  535.794964][T10233] NILFS (loop3): The specified checkpoint is not a snapshot (checkpoint number=1)
[  536.421136][ T1212] usb 3-1: USB disconnect, device number 7
[  536.444164][ T7452] bond2 (unregistering): (slave ip6gretap1): Releasing active interface
[  538.193638][T10246] binder: BINDER_SET_CONTEXT_MGR already set
[  538.199649][T10246] binder: 10243:10246 ioctl 4018620d 200000004a80 returned -16
[  540.630760][ T1212] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  541.050094][ T1212] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  541.071174][ T1212] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  541.082292][ T1212] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  541.121124][ T1212] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  541.160721][ T1212] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  541.191576][ T1212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.236778][ T1212] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  541.252173][ T1212] usb 4-1: invalid MIDI out EP 0
[  541.305667][T10253] loop8: detected capacity change from 0 to 32768
[  541.416075][T10253] JBD2: journal reset failed
[  541.431355][T10253] (syz.8.1212,10253,1):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  541.445887][T10253] (syz.8.1212,10253,1):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4
[  541.479527][ T1212] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  541.593239][ T5969] usb 4-1: USB disconnect, device number 6
[  541.647353][ T7452] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  541.667398][ T7452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  541.678613][T10274] loop6: detected capacity change from 0 to 1024
[  541.694880][ T7452] bond0 (unregistering): Released all slaves
[  541.696186][T10274] hfsplus: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  542.180247][ T7452] bond1 (unregistering): (slave veth3): Releasing active interface
[  542.190229][ T7452] veth0_to_bond: entered promiscuous mode
[  542.278336][ T7452] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  542.301671][ T7452] bond1 (unregistering): Released all slaves
[  542.349324][ T7452] bond2 (unregistering): Released all slaves
[  542.670592][T10291] loop8: detected capacity change from 0 to 1024
[  543.023723][T10291] EXT4-fs: Ignoring removed nobh option
[  543.029331][T10291] EXT4-fs: Ignoring removed bh option
[  543.397597][T10291] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  543.655731][T10307] fuse: Bad value for 'fd'
[  543.722503][T10308] loop2: detected capacity change from 0 to 256
[  543.811390][T10308] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  543.877645][T10308] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  543.915403][T10308] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  543.981133][T10276] Bluetooth: hci5: command 0x0405 tx timeout
[  543.989031][T10276] Bluetooth: hci4: command 0x0406 tx timeout
[  546.350427][ T7452] hsr_slave_0: left promiscuous mode
[  546.398030][ T7452] hsr_slave_1: left promiscuous mode
[  547.328269][ T7452] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  547.361498][ T7452] batman_adv: batadv0: Removing interface: batadv_slave_0
[  547.415292][ T8120] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  547.468899][ T7452] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  547.525416][ T7452] batman_adv: batadv0: Removing interface: batadv_slave_1
[  547.638331][ T7452] veth1_macvtap: left promiscuous mode
[  547.650871][ T7452] veth0_macvtap: left promiscuous mode
[  547.688775][ T7452] veth1_vlan: left promiscuous mode
[  547.701391][ T7452] veth0_vlan: left promiscuous mode
[  547.771450][ T5951] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  547.951187][ T5951] usb 4-1: Using ep0 maxpacket: 8
[  547.965440][ T5951] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  548.020108][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.044960][ T5951] usb 4-1: Product: syz
[  548.055680][ T5951] usb 4-1: Manufacturer: syz
[  548.080415][ T5951] usb 4-1: SerialNumber: syz
[  548.111167][ T5951] usb 4-1: config 0 descriptor??
[  548.134190][ T5951] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  548.351640][T10345] loop6: detected capacity change from 0 to 1024
[  548.485764][T10345] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  548.521870][T10355] loop1: detected capacity change from 0 to 512
[  548.661575][T10355] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  548.696313][T10355] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  548.793382][T10362] loop2: detected capacity change from 0 to 16
[  548.848619][T10362] erofs (device loop2): mounted with root inode @ nid 36.
[  548.897707][ T9082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.975724][   T30] audit: type=1804 audit(1756893107.980:146): pid=10345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1240" name="/newroot/53/file1/file1" dev="loop6" ino=15 res=1 errno=0
[  549.077909][T10362] erofs (device loop2): bogus dirent @ nid 36
[  549.438021][ T9102] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.087052][T10376] loop2: detected capacity change from 0 to 1024
[  550.149523][T10376] EXT4-fs: Ignoring removed nobh option
[  550.197336][T10376] EXT4-fs: Ignoring removed bh option
[  550.278990][T10376] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  550.377789][ T5951] gspca_sonixj: reg_w1 err -71
[  550.405745][ T7452] team0 (unregistering): Port device team_slave_1 removed
[  550.561291][ T5951] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  550.946433][ T5951] usb 4-1: USB disconnect, device number 7
[  552.604058][ T5865] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  552.760403][ T7452] team0 (unregistering): Port device team_slave_0 removed
[  552.921620][T10398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1252'.
[  554.239658][T10410] loop9: detected capacity change from 0 to 512
[  554.316925][T10410] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  554.331762][T10410] ext4 filesystem being mounted at /68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  554.477074][ T8892] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.893079][T10447] loop9: detected capacity change from 0 to 1024
[  560.117340][T10447] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  561.034438][   T30] audit: type=1804 audit(1756893120.000:147): pid=10447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.1266" name="/newroot/72/file1/file1" dev="loop9" ino=15 res=1 errno=0
[  561.490939][ T8892] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  561.826787][T10472] loop6: detected capacity change from 0 to 32768
[  561.994947][T10472] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  561.994989][T10472]   allowing incompatible features above 0.0: (unknown version)
[  561.995012][T10472]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  562.032675][T10472] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  562.040876][T10472] bcachefs (loop6): initializing new filesystem
[  562.056148][T10472] bcachefs (loop6): going read-write
[  562.211382][T10472] bcachefs (loop6): marking superblocks
[  562.229028][T10472] bcachefs (loop6): initializing freespace
[  562.240437][T10472] bcachefs (loop6): done initializing freespace
[  562.249848][T10472] bcachefs (loop6): reading snapshots table
[  562.255886][T10472] bcachefs (loop6): reading snapshots done
[  563.147452][T10472] bcachefs (loop6):  loop6: Superblock write was silently dropped! (seq 0 expected 42)
[  563.161489][T10472] bcachefs (loop6): done starting filesystem
[  563.201252][ T5845] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  563.413366][ T5845] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  563.442149][ T5845] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  563.471685][ T5845] usb 10-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  563.526763][ T5845] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.531667][T10472] bcachefs (loop6): shutting down
[  563.539472][ T5845] usb 10-1: config 0 descriptor??
[  563.541057][T10472] bcachefs (loop6): going read-only
[  563.549418][ T5845] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  563.550093][T10472] bcachefs (loop6): finished waiting for writes to stop
[  563.657461][T10472] bcachefs (loop6): flushing journal and stopping allocators, journal seq 4
[  563.679649][T10472] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 4
[  563.707579][T10472] bcachefs (loop6): clean shutdown complete, journal seq 5
[  563.715672][T10472] bcachefs (loop6): marking filesystem clean
[  563.833942][T10472] bcachefs (loop6): shutdown complete
[  564.014253][T10493] loop2: detected capacity change from 0 to 2048
[  564.208791][T10493] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  564.630625][ T1212] usb 10-1: USB disconnect, device number 6
[  564.971150][T10499] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  565.011407][T10499] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28
[  565.112803][T10499] EXT4-fs (loop2): This should not happen!! Data will be lost
[  565.112803][T10499] 
[  565.150218][ T5872] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  565.223143][ T5872] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  565.235223][ T5872] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  565.246740][ T5872] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  565.256147][ T5872] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  565.315875][T10499] EXT4-fs (loop2): Total free blocks count 0
[  565.323173][T10499] EXT4-fs (loop2): Free/Dirty block details
[  565.329226][T10499] EXT4-fs (loop2): free_blocks=2415919104
[  565.444119][T10499] EXT4-fs (loop2): dirty_blocks=128
[  565.511323][T10499] EXT4-fs (loop2): Block reservation details
[  565.653727][T10499] EXT4-fs (loop2): i_reserved_data_blocks=8
[  566.650778][T10515] loop1: detected capacity change from 0 to 16
[  566.678601][T10515] erofs (device loop1): mounted with root inode @ nid 36.
[  566.758101][T10515] erofs (device loop1): bogus dirent @ nid 36
[  566.922930][T10505] chnl_net:caif_netlink_parms(): no params data found
[  566.984709][ T7452] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  567.182309][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1284'.
[  567.263952][T10521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1284'.
[  567.345723][   T51] Bluetooth: hci6: command tx timeout
[  568.627626][T10505] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.696252][T10505] bridge0: port 1(bridge_slave_0) entered disabled state
[  568.791715][T10505] bridge_slave_0: entered allmulticast mode
[  569.143539][T10505] bridge_slave_0: entered promiscuous mode
[  569.252607][T10505] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.306794][T10505] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.357442][T10505] bridge_slave_1: entered allmulticast mode
[  569.414269][T10505] bridge_slave_1: entered promiscuous mode
[  569.439647][   T51] Bluetooth: hci6: command tx timeout
[  569.776063][T10505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.113539][T10505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  571.560235][T10563] loop9: detected capacity change from 0 to 32768
[  571.571168][   T51] Bluetooth: hci6: command tx timeout
[  571.686954][T10563] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  571.686984][T10563]   allowing incompatible features above 0.0: (unknown version)
[  571.687002][T10563]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  571.725733][T10563] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0
[  571.734651][T10563] bcachefs (loop9): initializing new filesystem
[  571.747494][T10563] bcachefs (loop9): going read-write
[  571.769403][T10563] bcachefs (loop9): marking superblocks
[  571.782528][T10563] bcachefs (loop9): initializing freespace
[  571.791838][T10563] bcachefs (loop9): done initializing freespace
[  571.800280][T10563] bcachefs (loop9): reading snapshots table
[  571.806255][T10563] bcachefs (loop9): reading snapshots done
[  571.839883][T10563] bcachefs (loop9):  loop9: Superblock write was silently dropped! (seq 0 expected 42)
[  571.850418][T10563] bcachefs (loop9): done starting filesystem
[  571.999628][T10576] loop1: detected capacity change from 0 to 2048
[  572.098605][T10505] team0: Port device team_slave_0 added
[  572.554843][T10505] team0: Port device team_slave_1 added
[  572.602110][T10563] bcachefs (loop9): shutting down
[  572.607152][T10563] bcachefs (loop9): going read-only
[  572.612375][T10563] bcachefs (loop9): finished waiting for writes to stop
[  572.624737][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  572.634996][T10576] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  572.691172][T10563] bcachefs (loop9): flushing journal and stopping allocators, journal seq 3
[  572.780082][T10563] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 3
[  572.790324][T10563] bcachefs (loop9): clean shutdown complete, journal seq 4
[  572.798352][T10563] bcachefs (loop9): marking filesystem clean
[  572.847410][T10505] batman_adv: batadv0: Adding interface: batadv_slave_0
[  572.858862][T10505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  572.885244][T10505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  572.906557][T10505] batman_adv: batadv0: Adding interface: batadv_slave_1
[  572.919298][T10563] bcachefs (loop9): shutdown complete
[  572.971063][T10505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  573.011335][T10505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  573.050053][T10551] loop3: detected capacity change from 0 to 1024
[  573.078279][T10551] hfsplus: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  573.135294][T10583] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  573.162615][T10583] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 506 with error 28
[  573.179348][T10583] EXT4-fs (loop1): This should not happen!! Data will be lost
[  573.179348][T10583] 
[  573.185530][T10586] loop6: detected capacity change from 0 to 16
[  573.189735][T10583] EXT4-fs (loop1): Total free blocks count 0
[  573.201542][T10583] EXT4-fs (loop1): Free/Dirty block details
[  573.207443][T10583] EXT4-fs (loop1): free_blocks=2415919104
[  573.248879][T10586] erofs (device loop6): mounted with root inode @ nid 36.
[  573.267476][T10588] loop2: detected capacity change from 0 to 128
[  573.270430][T10583] EXT4-fs (loop1): dirty_blocks=512
[  573.285979][T10583] EXT4-fs (loop1): Block reservation details
[  573.288179][T10588] EXT4-fs: Ignoring removed nomblk_io_submit option
[  573.292641][T10583] EXT4-fs (loop1): i_reserved_data_blocks=32
[  573.307671][T10588] EXT4-fs (loop2): Test dummy encryption mode enabled
[  573.345352][T10588] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  573.360216][T10586] erofs (device loop6): bogus dirent @ nid 36
[  573.382908][T10505] hsr_slave_0: entered promiscuous mode
[  573.415945][T10505] hsr_slave_1: entered promiscuous mode
[  573.453102][T10505] debugfs: 'hsr0' already exists in 'hsr'
[  573.458836][T10505] Cannot create hsr debugfs directory
[  573.471211][T10588] ext4 filesystem being mounted at /234/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  573.581481][ T5872] Bluetooth: hci6: command tx timeout
[  573.715949][ T9082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  574.005457][T10598] loop1: detected capacity change from 0 to 1024
[  574.339232][T10598] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  575.773113][   T30] audit: type=1804 audit(1756893134.790:148): pid=10598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1304" name="/newroot/65/file1/file1" dev="loop1" ino=15 res=1 errno=0
[  576.602472][ T9082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.197399][T10618] loop6: detected capacity change from 0 to 4096
[  579.113987][T10618] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  579.637874][ T9102] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.024777][T10632] loop9: detected capacity change from 0 to 16
[  580.081478][T10632] erofs (device loop9): mounted with root inode @ nid 36.
[  580.175592][T10632] erofs (device loop9): bogus dirent @ nid 36
[  580.638678][T10635] loop3: detected capacity change from 0 to 2048
[  580.765769][T10635] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  581.039762][T10641] 8021q: adding VLAN 0 to HW filter on device bond1
[  581.089246][T10505] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  581.215383][T10645] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  581.271201][T10645] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 290 with error 28
[  581.318244][T10645] EXT4-fs (loop3): This should not happen!! Data will be lost
[  581.318244][T10645] 
[  581.328399][T10645] EXT4-fs (loop3): Total free blocks count 0
[  581.334472][T10645] EXT4-fs (loop3): Free/Dirty block details
[  581.341155][T10645] EXT4-fs (loop3): free_blocks=2415919104
[  581.346938][T10645] EXT4-fs (loop3): dirty_blocks=304
[  581.352323][T10645] EXT4-fs (loop3): Block reservation details
[  581.359840][T10645] EXT4-fs (loop3): i_reserved_data_blocks=19
[  581.407054][T10643] bond1: (slave ip6gretap1): making interface the new active one
[  581.428060][T10643] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  581.451343][   T24] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  581.571805][T10505] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  581.595078][T10505] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  581.632170][   T24] usb 10-1: Using ep0 maxpacket: 32
[  581.654245][T10505] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  581.671201][   T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  581.691859][   T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  581.718242][   T24] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  581.741260][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.777536][T10658] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1318'.
[  581.785157][   T24] usb 10-1: config 0 descriptor??
[  581.812665][ T5864] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  582.006438][T10658] ip6_vti0: entered promiscuous mode
[  582.026403][T10658] ip6_vti0: entered allmulticast mode
[  582.585281][   T24] savu 0003:1E7D:2D5A.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0
[  582.667533][   T24] usb 10-1: USB disconnect, device number 7
[  582.901351][ T5865] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  583.700005][T10505] 8021q: adding VLAN 0 to HW filter on device bond0
[  584.241752][T10505] 8021q: adding VLAN 0 to HW filter on device team0
[  584.262383][ T7453] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.269504][ T7453] bridge0: port 1(bridge_slave_0) entered forwarding state
[  584.352469][ T7031] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.359619][ T7031] bridge0: port 2(bridge_slave_1) entered forwarding state
[  584.400240][T10683] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1322'.
[  584.751304][   T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  584.965088][   T24] usb 7-1: Using ep0 maxpacket: 8
[  585.630361][T10680] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.638115][T10680] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.920564][T10680] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  585.994092][T10680] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  586.482768][T10683] bridge_slave_1: left allmulticast mode
[  586.501177][T10683] bridge_slave_1: left promiscuous mode
[  586.508108][T10683] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.522592][T10683] bridge_slave_0: left allmulticast mode
[  586.528582][T10683] bridge_slave_0: left promiscuous mode
[  586.543414][T10683] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.554132][   T24] usb 7-1: unable to get BOS descriptor or descriptor too short
[  586.564099][   T24] usb 7-1: unable to read config index 0 descriptor/start: -71
[  586.591540][   T24] usb 7-1: can't read configurations, error -71
[  586.735006][ T5995] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  586.777901][ T5995] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  586.860247][ T5995] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  586.875884][ T5995] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  587.531812][T10709] bond2: option mode: unable to set because the bond device has slaves
[  587.831563][T10716] loop9: detected capacity change from 0 to 256
[  587.848937][T10716] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  587.868359][T10716] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  587.897767][T10716] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  588.137476][ T5973] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  589.042192][ T5973] usb 7-1: Using ep0 maxpacket: 32
[  589.072711][ T5973] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  589.156152][ T5973] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  589.214754][ T5973] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  589.320342][ T5973] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.406542][ T5973] usb 7-1: config 0 descriptor??
[  589.646016][T10505] 8021q: adding VLAN 0 to HW filter on device batadv0
[  591.905674][T10737] loop9: detected capacity change from 0 to 2048
[  591.999392][ T5973] usbhid 7-1:0.0: can't add hid device: -71
[  592.032630][ T5973] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  592.067615][T10737] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  592.096423][ T5973] usb 7-1: USB disconnect, device number 6
[  592.277530][T10744] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  592.304782][T10744] EXT4-fs (loop9): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 466 with error 28
[  592.318645][T10744] EXT4-fs (loop9): This should not happen!! Data will be lost
[  592.318645][T10744] 
[  592.328620][T10744] EXT4-fs (loop9): Total free blocks count 0
[  592.337744][T10744] EXT4-fs (loop9): Free/Dirty block details
[  592.349944][T10744] EXT4-fs (loop9): free_blocks=2415919104
[  592.357168][T10744] EXT4-fs (loop9): dirty_blocks=480
[  592.371206][T10744] EXT4-fs (loop9): Block reservation details
[  592.377204][T10744] EXT4-fs (loop9): i_reserved_data_blocks=30
[  592.486109][T10505] veth0_vlan: entered promiscuous mode
[  592.510056][T10505] veth1_vlan: entered promiscuous mode
[  592.522172][ T6323] EXT4-fs (loop9): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  592.633480][T10505] veth0_macvtap: entered promiscuous mode
[  592.666840][T10505] veth1_macvtap: entered promiscuous mode
[  592.692936][T10757] loop1: detected capacity change from 0 to 256
[  592.703036][T10757] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  592.722093][T10757] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  593.407638][ T5973] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  593.601097][ T5973] usb 3-1: Using ep0 maxpacket: 32
[  593.613833][ T5973] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  593.761059][ T5973] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  593.763092][T10505] batman_adv: batadv0: Interface activated: batadv_slave_0
[  593.782641][T10757] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  593.789244][ T5973] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  593.803811][ T5973] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.823263][ T5973] usb 3-1: config 0 descriptor??
[  593.849719][T10505] batman_adv: batadv0: Interface activated: batadv_slave_1
[  593.885458][ T7448] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  594.452806][ T7448] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  594.491215][ T7448] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  594.510885][ T7448] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  594.627793][ T5973] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  594.821458][ T7448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  594.829294][ T7448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  595.061108][   T24] usb 3-1: USB disconnect, device number 8
[  595.996674][ T7453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  596.007487][ T7453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  596.185419][T10788] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1347'.
[  596.519775][T10788] bridge_slave_1: left allmulticast mode
[  596.528763][T10788] bridge_slave_1: left promiscuous mode
[  596.548985][T10788] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.593542][T10788] bridge_slave_0: left allmulticast mode
[  596.612412][T10788] bridge_slave_0: left promiscuous mode
[  596.689825][T10788] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.023575][ T7448] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.775883][ T7448] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.777196][T10827] loop9: detected capacity change from 0 to 16
[  605.291487][T10827] erofs (device loop9): mounted with root inode @ nid 36.
[  605.527667][T10831] erofs (device loop9): bogus lookback distance 1586 @ lcn 46 of nid 36
[  605.536367][T10831] erofs (device loop9): readahead error at folio 47 @ nid 36
[  605.543861][T10831] erofs (device loop9): bogus lookback distance 1586 @ lcn 46 of nid 36
[  605.552286][T10831] erofs (device loop9): readahead error at folio 46 @ nid 36
[  605.560016][T10831] erofs (device loop9): readahead error at folio 45 @ nid 36
[  605.568629][T10831] erofs (device loop9): bogus lookback distance 1388 @ lcn 42 of nid 36
[  605.577167][T10831] erofs (device loop9): readahead error at folio 43 @ nid 36
[  605.584837][T10831] erofs (device loop9): bogus lookback distance 1388 @ lcn 42 of nid 36
[  605.593267][T10831] erofs (device loop9): readahead error at folio 42 @ nid 36
[  605.600691][T10831] erofs (device loop9): bogus lookback distance 774 @ lcn 40 of nid 36
[  605.609058][T10831] erofs (device loop9): readahead error at folio 41 @ nid 36
[  605.616513][T10831] erofs (device loop9): bogus lookback distance 774 @ lcn 40 of nid 36
[  605.626205][T10831] erofs (device loop9): readahead error at folio 40 @ nid 36
[  605.633827][T10831] erofs (device loop9): readahead error at folio 39 @ nid 36
[  605.641319][T10831] erofs (device loop9): readahead error at folio 38 @ nid 36
[  605.651094][T10831] erofs (device loop9): readahead error at folio 36 @ nid 36
[  605.659477][T10831] erofs (device loop9): bogus lookback distance 1468 @ lcn 31 of nid 36
[  605.668031][T10831] erofs (device loop9): readahead error at folio 31 @ nid 36
[  605.676546][T10831] erofs (device loop9): readahead error at folio 25 @ nid 36
[  605.684118][T10831] erofs (device loop9): readahead error at folio 24 @ nid 36
[  605.692268][T10831] erofs (device loop9): readahead error at folio 19 @ nid 36
[  605.701674][T10831] syz.9.1376: attempt to access beyond end of device
[  605.701674][T10831] loop9: rw=524288, sector=784, nr_sectors = 64 limit=16
[  605.716192][T10831] syz.9.1376: attempt to access beyond end of device
[  605.716192][T10831] loop9: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  605.732645][T10831] syz.9.1376: attempt to access beyond end of device
[  605.732645][T10831] loop9: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  605.747677][T10831] syz.9.1376: attempt to access beyond end of device
[  605.747677][T10831] loop9: rw=524288, sector=16, nr_sectors = 16 limit=16
[  606.173254][ T7448] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.707040][ T7448] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.770505][   T30] audit: type=1326 audit(1756893166.780:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  607.821900][   T30] audit: type=1326 audit(1756893166.810:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  607.901165][   T30] audit: type=1326 audit(1756893166.820:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  607.952930][   T30] audit: type=1326 audit(1756893166.820:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  608.040437][   T30] audit: type=1326 audit(1756893166.820:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  608.141659][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  608.153078][   T30] audit: type=1326 audit(1756893166.820:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  608.176081][   T30] audit: type=1326 audit(1756893166.820:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  608.761225][   T10] usb 4-1: Using ep0 maxpacket: 32
[  608.814638][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  608.889648][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  608.925561][   T30] audit: type=1326 audit(1756893166.820:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  608.971069][   T30] audit: type=1326 audit(1756893166.830:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  608.971277][   T10] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  609.059335][   T30] audit: type=1326 audit(1756893166.830:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10847 comm="syz.1.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  609.084081][T10863] loop1: detected capacity change from 0 to 16
[  609.117594][T10863] erofs (device loop1): mounted with root inode @ nid 36.
[  609.128676][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.128742][T10864] netlink: 'syz.2.1371': attribute type 4 has an invalid length.
[  609.161588][T10863] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[  609.172749][   T10] usb 4-1: config 0 descriptor??
[  609.198298][T10863] erofs (device loop1): failed to decompress -3 in[47, 4049] out[1851]
[  609.208215][ T7448] bridge_slave_1: left allmulticast mode
[  609.226605][ T7448] bridge_slave_1: left promiscuous mode
[  609.254294][ T7448] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.264341][T10863] erofs (device loop1): read error -117 @ 43 of nid 36
[  609.302508][T10870] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[  609.343159][ T7448] bridge_slave_0: left allmulticast mode
[  609.348159][T10870] erofs (device loop1): failed to decompress -3 in[47, 4049] out[1851]
[  609.359028][ T7448] bridge_slave_0: left promiscuous mode
[  609.385448][T10870] erofs (device loop1): read error -117 @ 43 of nid 36
[  609.413021][ T7448] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.417176][T10873] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1374'.
[  609.921065][ T5971] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  610.479821][ T5971] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  610.484956][   T10] savu 0003:1E7D:2D5A.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  610.513084][ T5971] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.539045][ T5971] usb 7-1: Product: syz
[  610.552436][ T5971] usb 7-1: Manufacturer: syz
[  610.563098][   T10] usb 4-1: USB disconnect, device number 8
[  610.568655][ T5971] usb 7-1: SerialNumber: syz
[  610.624949][ T5971] usb 7-1: config 0 descriptor??
[  610.851566][ T5971] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  611.832912][ T7448] dvmrp1 (unregistering): left allmulticast mode
[  612.004088][T10892] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1383'.
[  612.141174][T10882] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  612.544769][ T5971] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  612.557708][T10887] comedi comedi2: reset error (fatal)
[  612.603808][ T5971] usb 7-1: USB disconnect, device number 7
[  612.771321][T10882] usb 10-1: Using ep0 maxpacket: 16
[  612.783383][T10882] usb 10-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  612.822132][T10882] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  612.843570][T10882] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  612.857072][T10896] loop1: detected capacity change from 0 to 16
[  612.874842][T10882] usb 10-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  612.895132][T10896] erofs (device loop1): mounted with root inode @ nid 36.
[  612.907350][T10882] usb 10-1: config 7 interface 0 has no altsetting 0
[  612.937473][T10882] usb 10-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  612.949713][T10896] overlayfs: failed to get redirect (-117)
[  612.975649][T10882] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.418398][T10882] hid (null): report_id 14459 is invalid
[  613.435438][T10882] hid (null): report_id 0 is invalid
[  613.447111][T10882] hid (null): report_id 3563458052 is invalid
[  613.535815][ T7448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  613.556126][T10882] input: HID 0458:5010 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:7.0/0003:0458:5010.000A/input/input16
[  613.606285][ T7448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  613.731798][ T7448] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  614.176331][T10882] kye 0003:0458:5010.000A: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.9-1/input0
[  614.334716][ T7448] bond0 (unregistering): Released all slaves
[  614.384056][T10882] usb 10-1: USB disconnect, device number 8
[  614.481674][T10873] bridge_slave_1: left allmulticast mode
[  614.487515][T10873] bridge_slave_1: left promiscuous mode
[  614.641750][T10873] bridge0: port 2(bridge_slave_1) entered disabled state
[  616.303956][T10873] bridge_slave_0: left allmulticast mode
[  616.309635][T10873] bridge_slave_0: left promiscuous mode
[  616.371330][T10873] bridge0: port 1(bridge_slave_0) entered disabled state
[  616.741176][T10929] loop9: detected capacity change from 0 to 128
[  616.769592][T10929] EXT4-fs: Ignoring removed nomblk_io_submit option
[  616.814589][T10929] EXT4-fs (loop9): Test dummy encryption mode enabled
[  616.864516][T10929] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  616.894055][T10929] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  617.727937][ T7448] hsr_slave_0: left promiscuous mode
[  617.755839][ T7448] hsr_slave_1: left promiscuous mode
[  617.772780][ T7448] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  617.898891][ T7448] batman_adv: batadv0: Removing interface: batadv_slave_0
[  617.901068][ T5971] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  617.918815][ T7448] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  617.960119][ T7448] batman_adv: batadv0: Removing interface: batadv_slave_1
[  618.128635][ T7448] veth1_macvtap: left promiscuous mode
[  618.143544][ T5971] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  618.171465][ T7448] veth0_macvtap: left promiscuous mode
[  618.187204][ T5971] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  618.207553][ T7448] veth1_vlan: left promiscuous mode
[  618.229691][ T7448] veth0_vlan: left promiscuous mode
[  618.309311][ T5971] usb 2-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  618.369658][ T5971] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.512180][ T5971] usb 2-1: config 0 descriptor??
[  618.584199][ T5971] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  619.396497][T10882] usb 2-1: USB disconnect, device number 5
[  621.919639][T10957] loop3: detected capacity change from 0 to 1024
[  622.080218][T10957] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  622.160555][ T8892] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  622.479847][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  622.479872][   T30] audit: type=1804 audit(1756893181.490:163): pid=10957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1391" name="/newroot/259/file1/file1" dev="loop3" ino=15 res=1 errno=0
[  622.561320][T10964] loop6: detected capacity change from 0 to 764
[  623.397302][T10964] Symlink component flag not implemented
[  623.403270][T10964] Symlink component flag not implemented
[  623.409613][T10964] Symlink component flag not implemented (129)
[  623.416033][T10964] Symlink component flag not implemented (6)
[  624.287125][ T5864] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  625.706017][T10987] loop1: detected capacity change from 0 to 256
[  625.758214][T10987] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  625.875218][T10987] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  626.458992][T10987] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  626.611072][   T30] audit: type=1326 audit(1756893185.610:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  626.698945][   T30] audit: type=1326 audit(1756893185.610:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  627.100381][   T30] audit: type=1326 audit(1756893185.620:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  627.211218][   T30] audit: type=1326 audit(1756893185.620:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  627.234957][   T30] audit: type=1326 audit(1756893185.630:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  627.258785][ T7448] team0 (unregistering): Port device team_slave_1 removed
[  627.662014][T11005] netlink: 'syz.5.1412': attribute type 1 has an invalid length.
[  627.731579][T11005] netlink: 'syz.5.1412': attribute type 4 has an invalid length.
[  627.739432][T11005] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.1412'.
[  627.771386][T11003] Driver unsupported XDP return value 0 on prog  (id 253) dev N/A, expect packet loss!
[  627.781269][   T30] audit: type=1326 audit(1756893185.630:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fade1f8ec23 code=0x7ffc0000
[  628.102497][T11009] loop1: detected capacity change from 0 to 40427
[  628.111837][ T7448] team0 (unregistering): Port device team_slave_0 removed
[  628.126037][T11009] F2FS-fs (loop1): invalid crc value
[  628.214981][T11009] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  628.225836][T11009] F2FS-fs (loop1): Start checkpoint disabled!
[  628.235077][T11009] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  628.285736][   T30] audit: type=1326 audit(1756893185.650:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fade1f8d69f code=0x7ffc0000
[  628.552066][T11013] F2FS-fs (loop1): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  628.661155][   T30] audit: type=1326 audit(1756893185.670:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fade1f8ec77 code=0x7ffc0000
[  628.684740][   T30] audit: type=1326 audit(1756893185.670:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fade1f8d550 code=0x7ffc0000
[  628.707188][   T30] audit: type=1326 audit(1756893185.670:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fade1f8d84a code=0x7ffc0000
[  628.741357][   T30] audit: type=1326 audit(1756893185.720:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  628.765776][   T30] audit: type=1326 audit(1756893185.720:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  628.789145][T11015] loop2: detected capacity change from 0 to 256
[  628.847337][T11015] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  628.871983][   T30] audit: type=1326 audit(1756893186.010:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  629.019312][   T30] audit: type=1326 audit(1756893186.010:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  629.087413][   T30] audit: type=1326 audit(1756893186.010:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10986 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fade1f8ebe9 code=0x7ffc0000
[  629.563549][ T7031] kworker/u8:15: attempt to access beyond end of device
[  629.563549][ T7031] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  629.601432][T11015] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  629.608194][ T7031] CPU: 1 UID: 0 PID: 7031 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT(full) 
[  629.608240][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  629.608271][ T7031] Workqueue: writeback wb_workfn (flush-7:1)
[  629.608332][ T7031] Call Trace:
[  629.608344][ T7031]  <TASK>
[  629.608358][ T7031]  dump_stack_lvl+0x16c/0x1f0
[  629.608413][ T7031]  f2fs_handle_critical_error+0x624/0x9f0
[  629.608464][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.608509][ T7031]  ? f2fs_build_fault_attr+0x53/0x1f0
[  629.608561][ T7031]  f2fs_write_end_io+0x958/0xcf0
[  629.608618][ T7031]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  629.608677][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.608733][ T7031]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  629.608783][ T7031]  bio_endio+0x713/0x860
[  629.608842][ T7031]  submit_bio_noacct+0x306/0x1ed0
[  629.608899][ T7031]  __submit_merged_bio+0x33c/0x770
[  629.608958][ T7031]  __submit_merged_write_cond+0x319/0x3f0
[  629.609027][ T7031]  f2fs_write_cache_pages+0x2067/0x2570
[  629.609120][ T7031]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  629.609184][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.609237][ T7031]  ? __pfx_f2fs_sync_meta_pages+0x10/0x10
[  629.609306][ T7031]  ? __lock_acquire+0x62e/0x1ce0
[  629.609479][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.609532][ T7031]  f2fs_write_data_pages+0x4ad/0xd90
[  629.609602][ T7031]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  629.609674][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.609717][ T7031]  ? __lock_acquire+0xb97/0x1ce0
[  629.609777][ T7031]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  629.609840][ T7031]  do_writepages+0x27a/0x600
[  629.609895][ T7031]  ? __pfx_do_writepages+0x10/0x10
[  629.609941][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.609986][ T7031]  ? reacquire_held_locks+0xcd/0x1f0
[  629.610044][ T7031]  ? writeback_sb_inodes+0x3b0/0xfa0
[  629.610100][ T7031]  __writeback_single_inode+0x160/0xfb0
[  629.610156][ T7031]  ? __pfx___writeback_single_inode+0x10/0x10
[  629.610204][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.610248][ T7031]  ? do_raw_spin_unlock+0x172/0x230
[  629.610295][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.610347][ T7031]  writeback_sb_inodes+0x60d/0xfa0
[  629.610424][ T7031]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  629.610477][ T7031]  ? do_raw_spin_lock+0x12c/0x2b0
[  629.610590][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.610634][ T7031]  ? rcu_is_watching+0x12/0xc0
[  629.610679][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.610754][ T7031]  ? queue_io+0x3f6/0x520
[  629.610804][ T7031]  wb_writeback+0x419/0xb70
[  629.610867][ T7031]  ? __pfx_wb_writeback+0x10/0x10
[  629.610912][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.610971][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611015][ T7031]  ? mark_held_locks+0x49/0x80
[  629.611081][ T7031]  wb_workfn+0x14d/0xbe0
[  629.611138][ T7031]  ? try_to_wake_up+0x160/0x1870
[  629.611184][ T7031]  ? __pfx_wb_workfn+0x10/0x10
[  629.611240][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611294][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611345][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611387][ T7031]  ? rcu_is_watching+0x12/0xc0
[  629.611443][ T7031]  process_one_work+0x9cf/0x1b70
[  629.611502][ T7031]  ? __pfx_batadv_nc_worker+0x10/0x10
[  629.611549][ T7031]  ? __pfx_process_one_work+0x10/0x10
[  629.611590][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611648][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611691][ T7031]  ? assign_work+0x1a0/0x250
[  629.611734][ T7031]  worker_thread+0x6c8/0xf10
[  629.611802][ T7031]  ? __pfx_worker_thread+0x10/0x10
[  629.611843][ T7031]  kthread+0x3c5/0x780
[  629.611882][ T7031]  ? __pfx_kthread+0x10/0x10
[  629.611921][ T7031]  ? srso_alias_return_thunk+0x5/0xfbef5
[  629.611965][ T7031]  ? rcu_is_watching+0x12/0xc0
[  629.612011][ T7031]  ? __pfx_kthread+0x10/0x10
[  629.612051][ T7031]  ret_from_fork+0x5d7/0x6f0
[  629.612085][ T7031]  ? __pfx_kthread+0x10/0x10
[  629.612123][ T7031]  ret_from_fork_asm+0x1a/0x30
[  629.612197][ T7031]  </TASK>
[  629.618897][ T7031] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  629.888218][T11015] FAT-fs (loop2): Filesystem has been set read-only
[  632.367426][T11041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1427'.
[  632.611669][T11051] netlink: 'syz.3.1430': attribute type 4 has an invalid length.
[  632.682510][T11054] netlink: 'syz.3.1430': attribute type 4 has an invalid length.
[  633.171445][T11065] binder: 11064:11065 ioctl c0306201 200000000680 returned -14
[  633.321118][ T5969] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  633.519090][ T5969] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  633.551073][ T5969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.593321][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.624389][ T5969] usb 2-1: Product: syz
[  633.626282][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.628565][ T5969] usb 2-1: Manufacturer: syz
[  633.628597][ T5969] usb 2-1: SerialNumber: syz
[  633.644888][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.680375][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.705300][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.719356][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.734574][ T5969] usb 2-1: config 0 descriptor??
[  633.801761][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  633.838769][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  634.133975][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  634.178440][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  634.494974][ T5952] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  634.503121][ T5969] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  634.582987][ T5952] hid-generic 0000:0000:0000.000B: reserved main item tag 0xd
[  634.881275][ T5952] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  635.802967][ T7448] IPVS: stop unused estimator thread 0...
[  637.166953][ T7448] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.266870][ T5969] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  637.332078][ T5969] usb 2-1: USB disconnect, device number 6
[  637.722571][ T7448] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.051080][ T5952] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  638.884358][ T5952] usb 3-1: Using ep0 maxpacket: 8
[  638.941861][ T5952] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  638.991186][ T5952] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  639.027903][ T5952] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  639.062480][ T5952] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  639.116231][ T5952] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  639.138081][ T7448] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.234167][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.507838][ T7448] netdevsim netdevsim7  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.656675][ T5952] usb 3-1: GET_CAPABILITIES returned 0
[  639.729836][ T5952] usbtmc 3-1:16.0: can't read capabilities
[  640.429114][ T7448] bridge_slave_1: left allmulticast mode
[  640.450027][ T7448] bridge_slave_1: left promiscuous mode
[  640.493145][ T7448] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.609334][ T7448] bridge_slave_0: left allmulticast mode
[  640.670880][ T5973] usb 3-1: USB disconnect, device number 9
[  640.686539][ T7448] bridge_slave_0: left promiscuous mode
[  640.701377][ T5969] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  640.751230][ T7448] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.881186][ T5969] usb 7-1: Using ep0 maxpacket: 16
[  640.903493][ T5969] usb 7-1: config 0 has an invalid interface number: 236 but max is 0
[  640.931488][ T5969] usb 7-1: config 0 has no interface number 0
[  640.979693][ T5969] usb 7-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=84.33
[  641.008492][ T5969] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.057464][ T5969] usb 7-1: Product: syz
[  641.080428][ T5969] usb 7-1: Manufacturer: syz
[  641.101760][ T5969] usb 7-1: SerialNumber: syz
[  641.130004][ T5969] usb 7-1: config 0 descriptor??
[  641.156412][ T5969] usb-storage 7-1:0.236: USB Mass Storage device detected
[  641.236535][ T5969] usb-storage 7-1:0.236: device ignored
[  642.545207][T11129] overlayfs: workdir and upperdir must reside under the same mount
[  642.885514][   T10] usb 7-1: USB disconnect, device number 8
[  645.017656][T11141] loop2: detected capacity change from 0 to 8
[  646.744848][T11148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1456'.
[  646.923968][T11149] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1456'.
[  647.871105][   T10] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  648.686252][   T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  648.701246][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.709345][   T10] usb 6-1: Product: syz
[  648.733228][   T10] usb 6-1: Manufacturer: syz
[  648.740419][   T10] usb 6-1: SerialNumber: syz
[  648.766126][   T10] usb 6-1: config 0 descriptor??
[  648.977540][   T10] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  650.939573][ T7448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  651.236497][   T10] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  651.324753][   T10] usb 6-1: USB disconnect, device number 6
[  651.353731][ T7448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  651.412910][T11181] binder: 11180:11181 ioctl c0306201 200000000440 returned -14
[  651.463328][ T7448] bond0 (unregistering): Released all slaves
[  652.813167][T11190] netlink: 88 bytes leftover after parsing attributes in process `syz.9.1472'.
[  652.855070][T11190] netlink: 48 bytes leftover after parsing attributes in process `syz.9.1472'.
[  653.810624][ T5873] usb 10-1: new low-speed USB device number 9 using dummy_hcd
[  654.005913][ T5873] usb 10-1: config 1 has an invalid interface descriptor of length 6, skipping
[  654.339038][ T5873] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  655.527049][ T5873] usb 10-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  655.900413][ T5873] usb 10-1: config 1 has no interface number 1
[  655.998188][T11218] loop2: detected capacity change from 0 to 256
[  656.043790][T11218] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  656.115942][T11218] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  656.176712][ T5873] usb 10-1: string descriptor 0 read error: -71
[  656.185662][ T5873] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  656.200492][T11218] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  656.225751][ T5873] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.291973][ T5873] usb 10-1: can't set config #1, error -71
[  656.334008][ T5873] usb 10-1: USB disconnect, device number 9
[  656.367227][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  656.367250][   T30] audit: type=1326 audit(1756893215.380:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2725f8ebe9 code=0x7ffc0000
[  656.445047][ T7448] hsr_slave_0: left promiscuous mode
[  656.466173][   T30] audit: type=1326 audit(1756893215.410:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2725f8ebe9 code=0x7ffc0000
[  656.532389][ T7448] hsr_slave_1: left promiscuous mode
[  656.562114][ T7448] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  656.609869][ T7448] batman_adv: batadv0: Removing interface: batadv_slave_0
[  656.654526][T11230] binder: 11227:11230 ioctl c0306201 200000000080 returned -14
[  656.666500][   T30] audit: type=1326 audit(1756893215.430:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2725f8ebe9 code=0x7ffc0000
[  656.692823][ T7448] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  656.756167][ T7448] batman_adv: batadv0: Removing interface: batadv_slave_1
[  656.765529][   T30] audit: type=1326 audit(1756893215.430:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2725f8ebe9 code=0x7ffc0000
[  656.864608][   T30] audit: type=1326 audit(1756893215.430:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2725f8ebe9 code=0x7ffc0000
[  656.887922][   T30] audit: type=1326 audit(1756893215.440:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f2725f8ebe9 code=0x7ffc0000
[  656.913017][   T30] audit: type=1326 audit(1756893215.440:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2725f8ec23 code=0x7ffc0000
[  656.936887][   T30] audit: type=1326 audit(1756893215.460:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2725f8d69f code=0x7ffc0000
[  657.089044][ T7448] veth1_macvtap: left promiscuous mode
[  657.626630][ T7448] veth0_macvtap: left promiscuous mode
[  657.632394][ T7448] veth1_vlan: left promiscuous mode
[  657.637734][ T7448] veth0_vlan: left promiscuous mode
[  657.643595][   T30] audit: type=1326 audit(1756893215.470:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f2725f8ec77 code=0x7ffc0000
[  657.739812][   T30] audit: type=1326 audit(1756893215.470:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11217 comm="syz.2.1477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2725f8d550 code=0x7ffc0000
[  657.769144][T11236] loop3: detected capacity change from 0 to 2048
[  658.188494][T11236] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  658.232861][T11236] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  658.371264][ T5969] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  658.552371][ T5969] usb 2-1: Using ep0 maxpacket: 8
[  658.839558][ T5969] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  659.450418][ T5969] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  659.569613][ T5969] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  659.728682][ T5969] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  659.765364][ T5969] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  659.809820][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.455887][ T5969] usb 2-1: GET_CAPABILITIES returned 0
[  660.461726][ T5969] usbtmc 2-1:16.0: can't read capabilities
[  660.701637][ T5952] usb 2-1: USB disconnect, device number 7
[  662.815722][T11274] loop3: detected capacity change from 0 to 764
[  663.329612][T11274] Symlink component flag not implemented
[  663.404590][T11274] Symlink component flag not implemented
[  663.456876][T11274] Symlink component flag not implemented (129)
[  663.585363][T11274] Symlink component flag not implemented (6)
[  664.548952][ T7448] team0 (unregistering): Port device team_slave_1 removed
[  664.667757][ T7448] team0 (unregistering): Port device team_slave_0 removed
[  665.773380][ T5969] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  666.323278][ T5969] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  666.346098][ T5969] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  666.356822][ T5969] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  666.391083][ T5969] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  666.435799][ T5969] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  666.504222][ T5969] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  666.509564][T11310] loop5: detected capacity change from 0 to 256
[  666.535215][ T5969] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  666.567834][ T5969] usb 3-1: Product: syz
[  666.577021][ T5969] usb 3-1: Manufacturer: syz
[  666.578186][ T7448] IPVS: stop unused estimator thread 0...
[  666.603851][ T5969] cdc_wdm 3-1:1.0: skipping garbage
[  666.749821][ T5969] cdc_wdm 3-1:1.0: skipping garbage
[  666.767850][T11310] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  666.820245][ T5969] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  666.829130][T11310] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  666.841031][ T5969] cdc_wdm 3-1:1.0: Unknown control protocol
[  666.850098][ T5969] usb 3-1: USB disconnect, device number 10
[  667.097251][T11310] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  667.184110][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  667.184134][   T30] audit: type=1326 audit(1756893226.200:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f138ebe9 code=0x7ffc0000
[  667.290156][   T30] audit: type=1326 audit(1756893226.200:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f138ebe9 code=0x7ffc0000
[  667.355832][   T30] audit: type=1326 audit(1756893226.230:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f29f138ebe9 code=0x7ffc0000
[  667.583878][ T7448] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.448081][   T30] audit: type=1326 audit(1756893226.230:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f138ebe9 code=0x7ffc0000
[  668.473525][   T30] audit: type=1326 audit(1756893226.230:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29f138ebe9 code=0x7ffc0000
[  668.625060][   T30] audit: type=1326 audit(1756893226.240:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f29f138ebe9 code=0x7ffc0000
[  668.647830][   T30] audit: type=1326 audit(1756893226.240:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f29f138ec23 code=0x7ffc0000
[  668.679483][   T30] audit: type=1326 audit(1756893226.260:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f29f138d69f code=0x7ffc0000
[  668.753498][   T30] audit: type=1326 audit(1756893226.300:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f29f138ec77 code=0x7ffc0000
[  669.116587][   T30] audit: type=1326 audit(1756893226.330:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11307 comm="syz.5.1501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29f138d550 code=0x7ffc0000
[  669.429130][ T7448] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.045912][ T7448] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.083959][T11347] binder: 11338:11347 ioctl c0306201 200000000440 returned -14
[  670.303986][ T7448] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.939636][ T7448] bridge_slave_1: left allmulticast mode
[  671.945407][ T7448] bridge_slave_1: left promiscuous mode
[  671.951961][ T7448] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.966294][ T7448] bridge_slave_0: left allmulticast mode
[  671.972048][ T7448] bridge_slave_0: left promiscuous mode
[  671.989864][ T7448] bridge0: port 1(bridge_slave_0) entered disabled state
[  673.446450][T11377] __vm_enough_memory: pid: 11377, comm: syz.2.1518, bytes: 21199727783936 not enough memory for the allocation
[  675.728785][ T7448] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  678.658525][ T5969] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  679.243038][ T5969] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  679.311078][ T5969] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  679.828068][ T5969] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  679.901626][ T5969] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  679.993455][ T5969] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  680.043456][ T5969] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  680.052906][ T5969] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  680.063030][ T5969] usb 10-1: Product: syz
[  680.113611][ T5969] usb 10-1: Manufacturer: syz
[  680.138602][ T5969] cdc_wdm 10-1:1.0: skipping garbage
[  680.182557][ T5969] cdc_wdm 10-1:1.0: skipping garbage
[  680.221720][ T5969] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  680.247509][ T5969] cdc_wdm 10-1:1.0: Unknown control protocol
[  680.432768][ T5969] usb 10-1: USB disconnect, device number 10
[  685.182799][   T51] Bluetooth: hci6: command 0x0405 tx timeout
[  686.933924][ T7448] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  688.448770][T11472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  688.765919][ T7448] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  688.838404][T11479] loop6: detected capacity change from 0 to 128
[  688.866273][T11479] EXT4-fs: Ignoring removed nomblk_io_submit option
[  688.886229][ T7448] bond0 (unregistering): Released all slaves
[  688.987239][ T7448] bond1 (unregistering): Released all slaves
[  689.149736][T11479] EXT4-fs (loop6): Test dummy encryption mode enabled
[  689.213935][T11479] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  689.276889][T11479] ext4 filesystem being mounted at /113/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  690.656378][T11492] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1547'.
[  692.484695][T10309] Bluetooth: hci6: command 0x0405 tx timeout
[  692.832036][T11512] loop5: detected capacity change from 0 to 256
[  692.971143][T11512] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  693.093412][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  693.093437][   T30] audit: type=1800 audit(1756893252.110:244): pid=11512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1554" name="file1" dev="loop5" ino=1048671 res=0 errno=0
[  693.101100][   T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  693.198897][T11512] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  693.219107][T11512] FAT-fs (loop5): Filesystem has been set read-only
[  693.522796][   T24] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  693.531769][   T24] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  693.554435][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  693.578502][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  693.614073][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  693.693100][   T24] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  693.702883][   T24] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  693.710858][   T24] usb 2-1: Product: syz
[  693.715413][   T24] usb 2-1: Manufacturer: syz
[  693.753052][   T24] cdc_wdm 2-1:1.0: skipping garbage
[  693.759762][   T24] cdc_wdm 2-1:1.0: skipping garbage
[  693.786165][   T24] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  693.798627][   T24] cdc_wdm 2-1:1.0: Unknown control protocol
[  693.846613][ T9102] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  694.604378][ T1212] usb 2-1: USB disconnect, device number 8
[  695.671419][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  695.702139][ T7448] hsr_slave_0: left promiscuous mode
[  696.194578][ T7448] hsr_slave_1: left promiscuous mode
[  696.211292][ T7448] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.219587][ T7448] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.302079][ T7448] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.342401][ T7448] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.500638][ T7448] veth1_macvtap: left promiscuous mode
[  696.542091][ T7448] veth0_macvtap: left promiscuous mode
[  696.552303][ T7448] veth1_vlan: left promiscuous mode
[  696.674011][ T7448] veth0_vlan: left promiscuous mode
[  704.312726][T11569] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1571'.
[  706.000576][T11576] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  706.914376][T11587] loop5: detected capacity change from 0 to 1024
[  708.917729][T11344] hfsplus: b-tree write err: -5, ino 4
[  709.259753][T11601] __vm_enough_memory: pid: 11601, comm: syz.1.1578, bytes: 21200165310464 not enough memory for the allocation
[  717.380177][ T7448] team0 (unregistering): Port device team_slave_1 removed
[  717.863741][ T7448] team0 (unregistering): Port device team_slave_0 removed
[  719.874417][T11639] loop1: detected capacity change from 0 to 256
[  720.267001][   T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  721.818705][T11639] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  722.027843][   T30] audit: type=1800 audit(1756893281.010:245): pid=11639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1588" name="file1" dev="loop1" ino=1048672 res=0 errno=0
[  722.073151][   T24] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  722.082016][   T24] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  722.112091][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  722.132401][T11639] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  722.140929][T11639] FAT-fs (loop1): Filesystem has been set read-only
[  722.154658][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  722.202725][   T24] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  722.256631][   T24] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  722.268939][   T24] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  722.301877][   T24] usb 6-1: Product: syz
[  722.306055][   T24] usb 6-1: Manufacturer: syz
[  722.365055][   T24] cdc_wdm 6-1:1.0: skipping garbage
[  722.370276][   T24] cdc_wdm 6-1:1.0: skipping garbage
[  722.409861][   T24] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  722.426662][   T24] cdc_wdm 6-1:1.0: Unknown control protocol
[  722.488834][T11654] loop2: detected capacity change from 0 to 1024
[  723.601083][ T5969] usb 6-1: USB disconnect, device number 7
[  724.802157][ T7273] hfsplus: b-tree write err: -5, ino 4
[  726.326660][T11689] loop2: detected capacity change from 0 to 1024
[  726.371607][T11694] loop3: detected capacity change from 0 to 128
[  726.399500][T11689] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  726.404506][T11694] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  726.697114][T11694] hpfs: hpfs_map_sector(): read error
[  727.045386][   T30] audit: type=1804 audit(1756893286.060:246): pid=11689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1607" name="/newroot/280/file1/file1" dev="loop2" ino=15 res=1 errno=0
[  727.645814][ T5865] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  728.595153][T11708] loop5: detected capacity change from 0 to 256
[  728.838238][T11714] loop9: detected capacity change from 0 to 2048
[  729.201444][T11708] exfat: Deprecated parameter 'namecase'
[  729.212933][T11714] NILFS (loop9): The specified checkpoint is not a snapshot (checkpoint number=1)
[  729.297096][T11708] exfat: Unknown parameter 'Pmask'
[  732.231327][   T24] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  733.334419][T11742] fuse: Bad value for 'fd'
[  734.477786][T11752] loop5: detected capacity change from 0 to 1024
[  734.585271][T11752] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  734.884429][T11759] loop2: detected capacity change from 0 to 32768
[  735.064223][T11759] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  735.064253][T11759]   allowing incompatible features above 0.0: (unknown version)
[  735.064270][T11759]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  735.100737][T11759] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  735.109088][T11759] bcachefs (loop2): initializing new filesystem
[  735.121386][   T30] audit: type=1804 audit(1756893294.120:247): pid=11775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1625" name="/newroot/45/file1/file1" dev="loop5" ino=15 res=1 errno=0
[  735.124827][T11759] bcachefs (loop2): going read-write
[  735.187011][T11759] bcachefs (loop2): marking superblocks
[  735.200799][T11759] bcachefs (loop2): initializing freespace
[  735.210263][T11759] bcachefs (loop2): done initializing freespace
[  735.218923][T11759] bcachefs (loop2): reading snapshots table
[  735.224873][T11759] bcachefs (loop2): reading snapshots done
[  735.272983][T11759] bcachefs (loop2):  loop2: Superblock write was silently dropped! (seq 0 expected 42)
[  735.284829][T11759] bcachefs (loop2): done starting filesystem
[  735.593663][T11759] bcachefs (loop2): shutting down
[  735.598726][T11759] bcachefs (loop2): going read-only
[  735.604439][T11759] bcachefs (loop2): finished waiting for writes to stop
[  735.677065][T11759] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3
[  735.729913][T10505] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  735.752881][T11759] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3
[  735.767911][T11759] bcachefs (loop2): clean shutdown complete, journal seq 4
[  735.778181][T11759] bcachefs (loop2): marking filesystem clean
[  735.823758][T11759] bcachefs (loop2): shutdown complete
[  741.944947][T11813] loop2: detected capacity change from 0 to 2048
[  746.328889][T11813] NILFS (loop2): The specified checkpoint is not a snapshot (checkpoint number=1)
[  749.483189][T10309] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  749.497796][T10309] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  749.518708][T10309] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  749.528589][T10309] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  749.540908][T10309] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  749.758754][ T7453] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.787931][T11818] chnl_net:caif_netlink_parms(): no params data found
[  749.866460][ T7453] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.950741][ T7453] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.996797][T11818] bridge0: port 1(bridge_slave_0) entered blocking state
[  750.004367][T11818] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.012693][T11818] bridge_slave_0: entered allmulticast mode
[  750.020493][T11818] bridge_slave_0: entered promiscuous mode
[  750.042731][ T7453] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.059437][T11818] bridge0: port 2(bridge_slave_1) entered blocking state
[  750.068095][T11818] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.075356][T11818] bridge_slave_1: entered allmulticast mode
[  750.084395][T11818] bridge_slave_1: entered promiscuous mode
[  750.130358][T11818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  750.143828][T11818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  750.198357][T11818] team0: Port device team_slave_0 added
[  750.207813][T11818] team0: Port device team_slave_1 added
[  750.273054][T11818] batman_adv: batadv0: Adding interface: batadv_slave_0
[  750.280020][T11818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  750.306259][T11818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  750.318573][ T7453] bridge_slave_1: left allmulticast mode
[  750.324287][ T7453] bridge_slave_1: left promiscuous mode
[  750.330065][ T7453] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.339861][ T7453] bridge_slave_0: left allmulticast mode
[  750.345642][ T7453] bridge_slave_0: left promiscuous mode
[  750.351604][ T7453] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.467065][ T7453] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  750.819040][ T7453] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  750.830716][ T7453] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  750.842280][ T7453] bond0 (unregistering): Released all slaves
[  750.935975][ T7453] bond1 (unregistering): Released all slaves
[  750.953921][T11818] batman_adv: batadv0: Adding interface: batadv_slave_1
[  750.960865][T11818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  750.986971][T11818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  751.111738][T11818] hsr_slave_0: entered promiscuous mode
[  751.118231][T11818] hsr_slave_1: entered promiscuous mode
[  751.235135][ T7453] hsr_slave_0: left promiscuous mode
[  751.241909][ T7453] hsr_slave_1: left promiscuous mode
[  751.247870][ T7453] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  751.255506][ T7453] batman_adv: batadv0: Removing interface: batadv_slave_0
[  751.265739][ T7453] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  751.275459][ T7453] batman_adv: batadv0: Removing interface: batadv_slave_1
[  751.302403][ T7453] veth1_macvtap: left promiscuous mode
[  751.307930][ T7453] veth0_macvtap: left promiscuous mode
[  751.313678][ T7453] veth1_vlan: left promiscuous mode
[  751.318985][ T7453] veth0_vlan: left promiscuous mode
[  751.581146][ T5872] Bluetooth: hci3: command tx timeout
[  751.783535][ T7453] team0 (unregistering): Port device team_slave_1 removed
[  751.833360][ T7453] team0 (unregistering): Port device team_slave_0 removed
[  752.792462][T11818] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  752.803219][T11818] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  752.816416][T11818] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  752.828618][T11818] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  752.917471][T11818] 8021q: adding VLAN 0 to HW filter on device bond0
[  752.942876][T11818] 8021q: adding VLAN 0 to HW filter on device team0
[  752.957128][ T7448] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.964290][ T7448] bridge0: port 1(bridge_slave_0) entered forwarding state
[  752.981813][ T7265] bridge0: port 2(bridge_slave_1) entered blocking state
[  752.988913][ T7265] bridge0: port 2(bridge_slave_1) entered forwarding state
[  753.247791][T11818] 8021q: adding VLAN 0 to HW filter on device batadv0
[  753.559512][T11818] veth0_vlan: entered promiscuous mode
[  753.571878][T11818] veth1_vlan: entered promiscuous mode
[  753.610513][T11818] veth0_macvtap: entered promiscuous mode
[  753.623473][T11818] veth1_macvtap: entered promiscuous mode
[  753.646199][T11818] batman_adv: batadv0: Interface activated: batadv_slave_0
[  753.661429][ T5872] Bluetooth: hci3: command tx timeout
[  753.663879][T11818] batman_adv: batadv0: Interface activated: batadv_slave_1
[  753.683106][ T7265] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  753.697365][ T7265] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  753.706630][ T7265] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  753.720894][ T7265] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  753.795162][ T7266] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.806793][ T7266] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.838910][ T7273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.848013][ T7273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  754.649491][T11856] loop2: detected capacity change from 0 to 7
[  754.677360][T11856] Dev loop2: unable to read RDB block 7
[  754.691805][T11856]  loop2: unable to read partition table
[  754.702990][T11856] loop2: partition table beyond EOD, truncated
[  754.709178][T11856] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  755.721116][T11853] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  755.745208][ T5872] Bluetooth: hci3: command tx timeout
[  756.435969][T11869] loop5: detected capacity change from 0 to 2048
[  756.604842][T11869] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  757.070069][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  757.911715][ T5872] Bluetooth: hci3: command tx timeout
[  761.187286][T11927] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1662'.
[  764.512992][T11948] loop4: detected capacity change from 0 to 32768
[  764.754109][T11953] loop5: detected capacity change from 0 to 2048
[  765.316183][T11953] NILFS (loop5): The specified checkpoint is not a snapshot (checkpoint number=1)
[  766.222713][T11948] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  766.222744][T11948]   allowing incompatible features above 0.0: (unknown version)
[  766.222761][T11948]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  766.259772][T11948] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  766.268188][T11948] bcachefs (loop4): initializing new filesystem
[  766.283820][T11948] bcachefs (loop4): going read-write
[  767.677593][T11948] bcachefs (loop4): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR
[  767.688133][T11948] bcachefs (loop4): flushing journal and stopping allocators, journal seq 0
[  767.697593][T11948] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 0
[  767.829775][T11948] bcachefs (loop4): unclean shutdown complete, journal seq 1
[  767.837972][T11948] bcachefs (loop4): bch2_fs_initialize(): error EINTR
[  767.844976][T11948] bcachefs (loop4): bch2_fs_start(): error starting filesystem EINTR
[  767.853160][T11948] bcachefs (loop4): shutting down
[  767.873432][T11948] bcachefs (loop4): shutdown complete
[  767.891535][ T5872] ==================================================================
[  767.899716][ T5872] BUG: KASAN: slab-use-after-free in bch2_do_discards+0x319/0x570
[  767.907553][ T5872] Write of size 8 at addr ffff888060282040 by task kworker/u9:2/5872
[  767.915619][ T5872] 
[  767.918027][ T5872] CPU: 1 UID: 0 PID: 5872 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  767.918069][ T5872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  767.918094][ T5872] Workqueue: bcachefs_journal journal_write_done
[  767.918141][ T5872] Call Trace:
[  767.918156][ T5872]  <TASK>
[  767.918170][ T5872]  dump_stack_lvl+0x116/0x1f0
[  767.918221][ T5872]  print_report+0xcd/0x630
[  767.918252][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918295][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918337][ T5872]  ? __phys_addr+0xe8/0x180
[  767.918386][ T5872]  ? bch2_do_discards+0x319/0x570
[  767.918431][ T5872]  kasan_report+0xe0/0x110
[  767.918464][ T5872]  ? bch2_do_discards+0x319/0x570
[  767.918516][ T5872]  kasan_check_range+0x100/0x1b0
[  767.918556][ T5872]  bch2_do_discards+0x319/0x570
[  767.918606][ T5872]  journal_write_done+0xee4/0x1430
[  767.918655][ T5872]  ? __pfx_journal_write_done+0x10/0x10
[  767.918697][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918739][ T5872]  ? debug_object_deactivate+0x1ec/0x3a0
[  767.918777][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918823][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918868][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918912][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.918954][ T5872]  ? rcu_is_watching+0x12/0xc0
[  767.919003][ T5872]  process_one_work+0x9cf/0x1b70
[  767.919050][ T5872]  ? __pfx_process_one_work+0x10/0x10
[  767.919089][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.919137][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.919183][ T5872]  ? assign_work+0x1a0/0x250
[  767.919219][ T5872]  worker_thread+0x6c8/0xf10
[  767.919267][ T5872]  ? __pfx_worker_thread+0x10/0x10
[  767.919305][ T5872]  kthread+0x3c5/0x780
[  767.919338][ T5872]  ? __pfx_kthread+0x10/0x10
[  767.919373][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  767.919415][ T5872]  ? rcu_is_watching+0x12/0xc0
[  767.919458][ T5872]  ? __pfx_kthread+0x10/0x10
[  767.919493][ T5872]  ret_from_fork+0x5d7/0x6f0
[  767.919525][ T5872]  ? __pfx_kthread+0x10/0x10
[  767.919559][ T5872]  ret_from_fork_asm+0x1a/0x30
[  767.919613][ T5872]  </TASK>
[  767.919624][ T5872] 
[  768.127495][ T5872] Allocated by task 11948:
[  768.131902][ T5872]  kasan_save_stack+0x33/0x60
[  768.136607][ T5872]  kasan_save_track+0x14/0x30
[  768.141301][ T5872]  __kasan_kmalloc+0xaa/0xb0
[  768.145912][ T5872]  __bch2_dev_alloc+0xb5/0xff0
[  768.150674][ T5872]  bch2_dev_alloc+0xb8/0x190
[  768.155262][ T5872]  bch2_fs_alloc+0x19ca/0x23f0
[  768.160028][ T5872]  bch2_fs_open+0x838/0xc50
[  768.164537][ T5872]  bch2_fs_get_tree+0xcb0/0x1b70
[  768.169492][ T5872]  vfs_get_tree+0x8e/0x340
[  768.173923][ T5872]  path_mount+0x1513/0x2000
[  768.178436][ T5872]  __x64_sys_mount+0x28d/0x310
[  768.183209][ T5872]  do_syscall_64+0xcd/0x4c0
[  768.187729][ T5872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.193632][ T5872] 
[  768.195942][ T5872] Freed by task 11948:
[  768.199996][ T5872]  kasan_save_stack+0x33/0x60
[  768.204692][ T5872]  kasan_save_track+0x14/0x30
[  768.209388][ T5872]  kasan_save_free_info+0x3b/0x60
[  768.214424][ T5872]  __kasan_slab_free+0x60/0x70
[  768.219211][ T5872]  kfree+0x2b4/0x4d0
[  768.223117][ T5872]  kobject_put+0x1e7/0x5a0
[  768.227557][ T5872]  bch2_fs_free+0x225/0x420
[  768.232086][ T5872]  bch2_fs_get_tree+0xd5e/0x1b70
[  768.237039][ T5872]  vfs_get_tree+0x8e/0x340
[  768.241533][ T5872]  path_mount+0x1513/0x2000
[  768.246047][ T5872]  __x64_sys_mount+0x28d/0x310
[  768.250816][ T5872]  do_syscall_64+0xcd/0x4c0
[  768.255341][ T5872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.261239][ T5872] 
[  768.263557][ T5872] The buggy address belongs to the object at ffff888060282000
[  768.263557][ T5872]  which belongs to the cache kmalloc-4k of size 4096
[  768.277606][ T5872] The buggy address is located 64 bytes inside of
[  768.277606][ T5872]  freed 4096-byte region [ffff888060282000, ffff888060283000)
[  768.291406][ T5872] 
[  768.293720][ T5872] The buggy address belongs to the physical page:
[  768.300115][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60280
[  768.308878][ T5872] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  768.317376][ T5872] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  768.325296][ T5872] page_type: f5(slab)
[  768.329278][ T5872] raw: 00fff00000000040 ffff88801b842140 ffffea0001834600 dead000000000003
[  768.337867][ T5872] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  768.346458][ T5872] head: 00fff00000000040 ffff88801b842140 ffffea0001834600 dead000000000003
[  768.355130][ T5872] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  768.363808][ T5872] head: 00fff00000000003 ffffea000180a001 00000000ffffffff 00000000ffffffff
[  768.372567][ T5872] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  768.381230][ T5872] page dumped because: kasan: bad access detected
[  768.387633][ T5872] page_owner tracks the page as allocated
[  768.393336][ T5872] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7265, tgid 7265 (kworker/u8:28), ts 669118896857, free_ts 669061194650
[  768.414366][ T5872]  post_alloc_hook+0x1c0/0x230
[  768.419157][ T5872]  get_page_from_freelist+0x132b/0x38e0
[  768.424723][ T5872]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  768.430637][ T5872]  alloc_pages_mpol+0x1fb/0x550
[  768.435518][ T5872]  new_slab+0x247/0x330
[  768.439687][ T5872]  ___slab_alloc+0xcf2/0x1740
[  768.444379][ T5872]  __slab_alloc.constprop.0+0x56/0xb0
[  768.449770][ T5872]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  768.456209][ T5872]  kmalloc_reserve+0xef/0x2c0
[  768.460909][ T5872]  __alloc_skb+0x166/0x380
[  768.465338][ T5872]  nsim_dev_trap_report_work+0x2b1/0xcf0
[  768.470996][ T5872]  process_one_work+0x9cf/0x1b70
[  768.475946][ T5872]  worker_thread+0x6c8/0xf10
[  768.480565][ T5872]  kthread+0x3c5/0x780
[  768.484634][ T5872]  ret_from_fork+0x5d7/0x6f0
[  768.489226][ T5872]  ret_from_fork_asm+0x1a/0x30
[  768.494002][ T5872] page last free pid 11328 tgid 11325 stack trace:
[  768.500527][ T5872]  __free_frozen_pages+0x7d5/0x10f0
[  768.505745][ T5872]  qlist_free_all+0x4d/0x120
[  768.510359][ T5872]  kasan_quarantine_reduce+0x195/0x1e0
[  768.515843][ T5872]  __kasan_slab_alloc+0x69/0x90
[  768.520722][ T5872]  kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[  768.526552][ T5872]  __d_alloc+0x32/0xae0
[  768.530713][ T5872]  d_alloc_parallel+0x111/0x1480
[  768.535667][ T5872]  __lookup_slow+0x193/0x460
[  768.540272][ T5872]  lookup_noperm+0xe1/0x110
[  768.544798][ T5872]  simple_start_creating+0xd1/0x1b0
[  768.550209][ T5872]  start_creating.part.0+0x82/0x190
[  768.555409][ T5872]  __debugfs_create_file+0xa7/0x6b0
[  768.560613][ T5872]  debugfs_create_file_full+0x41/0x60
[  768.565987][ T5872]  blk_mq_debugfs_register_hctx+0x1f7/0x570
[  768.571896][ T5872]  blk_mq_debugfs_register+0x1c4/0x2b0
[  768.577369][ T5872]  blk_register_queue+0x1a0/0x4e0
[  768.582423][ T5872] 
[  768.584736][ T5872] Memory state around the buggy address:
[  768.590365][ T5872]  ffff888060281f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  768.598446][ T5872]  ffff888060281f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  768.606533][ T5872] >ffff888060282000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  768.614587][ T5872]                                            ^
[  768.620729][ T5872]  ffff888060282080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  768.628788][ T5872]  ffff888060282100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  768.636842][ T5872] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  768.733975][ T5872] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  768.741725][ T5872] CPU: 1 UID: 0 PID: 5872 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[  768.751184][ T5872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  768.761246][ T5872] Workqueue: bcachefs_journal journal_write_done
[  768.767588][ T5872] Call Trace:
[  768.770850][ T5872]  <TASK>
[  768.773769][ T5872]  dump_stack_lvl+0x3d/0x1f0
[  768.778368][ T5872]  vpanic+0x6e8/0x7a0
[  768.782389][ T5872]  ? __pfx_vpanic+0x10/0x10
[  768.786926][ T5872]  ? mark_held_locks+0x49/0x80
[  768.791739][ T5872]  ? bch2_do_discards+0x319/0x570
[  768.796797][ T5872]  panic+0xca/0xd0
[  768.800559][ T5872]  ? __pfx_panic+0x10/0x10
[  768.805009][ T5872]  ? bch2_do_discards+0x319/0x570
[  768.810083][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.815725][ T5872]  ? preempt_schedule_thunk+0x16/0x30
[  768.821114][ T5872]  end_report+0x159/0x170
[  768.825708][ T5872]  kasan_report+0xee/0x110
[  768.830158][ T5872]  ? bch2_do_discards+0x319/0x570
[  768.835200][ T5872]  kasan_check_range+0x100/0x1b0
[  768.840146][ T5872]  bch2_do_discards+0x319/0x570
[  768.845008][ T5872]  journal_write_done+0xee4/0x1430
[  768.850155][ T5872]  ? __pfx_journal_write_done+0x10/0x10
[  768.855707][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.861347][ T5872]  ? debug_object_deactivate+0x1ec/0x3a0
[  768.866981][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.872624][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.878294][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.883932][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.889576][ T5872]  ? rcu_is_watching+0x12/0xc0
[  768.894357][ T5872]  process_one_work+0x9cf/0x1b70
[  768.899333][ T5872]  ? __pfx_process_one_work+0x10/0x10
[  768.904965][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.910953][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.916609][ T5872]  ? assign_work+0x1a0/0x250
[  768.921216][ T5872]  worker_thread+0x6c8/0xf10
[  768.925817][ T5872]  ? __pfx_worker_thread+0x10/0x10
[  768.930929][ T5872]  kthread+0x3c5/0x780
[  768.934995][ T5872]  ? __pfx_kthread+0x10/0x10
[  768.939584][ T5872]  ? srso_alias_return_thunk+0x5/0xfbef5
[  768.945219][ T5872]  ? rcu_is_watching+0x12/0xc0
[  768.949991][ T5872]  ? __pfx_kthread+0x10/0x10
[  768.954606][ T5872]  ret_from_fork+0x5d7/0x6f0
[  768.959207][ T5872]  ? __pfx_kthread+0x10/0x10
[  768.963793][ T5872]  ret_from_fork_asm+0x1a/0x30
[  768.968572][ T5872]  </TASK>
[  768.971776][ T5872] Kernel Offset: disabled
[  768.976090][ T5872] Rebooting in 86400 seconds..