last executing test programs:

5m57.395308457s ago: executing program 32 (id=275):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4000009}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040810)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', <r1=>0x0})
syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000380), &(0x7f0000000200))
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304000000d9ff00000000000400", @ANYRES32=r1, @ANYBLOB="60bc010004a701003c00128009000100626f6e64000000002c"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)

5m34.06224688s ago: executing program 33 (id=396):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000640)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

4m55.329517233s ago: executing program 34 (id=616):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
write$UHID_DESTROY(r0, &(0x7f0000000080), 0x4)
read$char_usb(r1, 0x0, 0x0)

4m47.652605721s ago: executing program 35 (id=647):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x409c884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @local}, 0x1c)
syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000080)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x2)

4m7.989642934s ago: executing program 36 (id=816):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6})

3m41.2623944s ago: executing program 37 (id=981):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ad060000", 0x4)
sendmsg$alg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000000c0)="439db57e36375ae9e2", 0x9}], 0x1, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}, 0x14}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000005c0)=""/103, 0x67}], 0x1}, 0xe}], 0x2, 0x2021, 0x0)

2m58.152909197s ago: executing program 38 (id=1305):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x0, @remote, 'veth0_to_batadv\x00'}}, 0x1e)

2m45.067590231s ago: executing program 8 (id=1400):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)

2m44.596592578s ago: executing program 8 (id=1405):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4)
r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x40000000, 0x10100, 0x0, 0x4}, &(0x7f0000000600)=<r1=>0x0, &(0x7f0000000480)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}})
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x4866, 0x0, 0xb, 0x0, 0x0)

2m44.100884797s ago: executing program 8 (id=1412):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

2m43.594168134s ago: executing program 8 (id=1417):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
r1 = syz_io_uring_setup(0x239, &(0x7f0000001080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)

2m43.282346186s ago: executing program 8 (id=1420):
syz_mount_image$bcachefs(&(0x7f00000058c0), &(0x7f0000005900)='./file0\x00', 0x10000, &(0x7f0000000240)=ANY=[@ANYBLOB='fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,acl,no_splitbrain_check,hash,uid=', @ANYRESDEC=0x0, @ANYRES32], 0x0, 0x58b4, &(0x7f0000005980)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJIgEFCCCy4UYKGlpagf0EJq0WhRBatESuRlE1ZRitWltpBa3UU/+BTykBLIQ1k+5qmZvqfTc6fv3J7unpDA71fJ3D6nb//PueeevtP/Mz3TAQAAgNeE3ddv2XvOUR/41RdHX7rmwz/bcG3oL4/XV+MOA+n2ileqhxxIvZVF49vsvHjTVT/489DF7/vl3X3ff3nXmmPX/v79h118/2fO3Hnbtx96ce69/3ymKG6cTyfuLyfPJSFUf77n61/a9diRY3VJCKGcDGwPYUGy8KEFSSbE8N9DCGvSwqLMnfe8dMrase21N/VOqJ+f2c98f22rpvNs297LTwp/eO+q636z+Mc/6tnx7Pb9uyTVhvkUwrwLGx/fE0KYnf4fE2dbnI9x0q4MIfQ1PO6Mgn4d12L/l+WUj063s9Jtf0GceP+STLmU2S9bjnoy276C9jqV14929ysyJ1POXow6ldfPWL8g3f403Z44zfjl+D8JpSRU6t1fn+yfI6HhvCUhGT+X1Xq5VD+3IT3+TDnJlEuZcrknc1zj7aYTrZwkE+vjfpn6eDmupPXHNl6rmzg3p/716baaPlFfjuWQvVHTP+lG/bjGxX7tmaIvB0Kp4RrUrL5+4tOT0Z/W9ScLJz1mXxPxvl2rbl5aXv3w7oGcfiR3J2n8pK342369YM6nfnjjZdnv6/X4F5bS+KW24v/xrMefP//G730rN/6tMX65rfgnP9D33FmPXL8kd3z2xPGptBV/5JlHb1l8+EU7cvt/e4xfbSv+ip2P987d+8CDuf0fjuMzu634T7/zg3+668n7ns2NH2L8vrbir9656cu9g3tPyI3/YByf/vbmzws7Tn9qcPAvQ3nxn4jx57YV/87tt73jjvk3nZl7flfG8RloK/7Zx99/3Zy99x2Td+1Mbu/Wd06A16bD0tdYN6TldvPMTjXkC98cqtRe881J/8/tZkMZY+3Mm8H4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALw2HXHS//zQ///4wHOVtNyb3ni6VNvG+lkhJLNDCFu2jmzeum7jJUOfufSyzRtH1g+NbB0a3bh185VDp75laPPopvUjV47dO/zWU2qPWxiS2jY5ZlLb+/bt21camFgX2/tPx+/4w9Iz/uWvIQwf8bvBSm7/l9224Y7Dm3zNSFbse8+Gy8753WnfTY9rIO3XQE6/Qk6//vW8f9zx1T1/PiGE4ddN1a9Hn373LyZ0aLxif5xUqTfUOtSb9DXtR73XaX/ieFXWrls/Olw8vuWc4/jPVz3797VXfOUftfGt5h5Hi+M7e8W+9aVvrDr7379xda3iYD3vReMdjyL2L45fNR3veelxzcs5rkrOcV3/mwef/PlRN764PQxXXlg8ue2i4+pJJ0BP8vqW2o0t9CULJtRX0/3jGY+PW7Z1w6ZlW67c9tZ1G0YuGb1kdOPbl5+6/PTh004/bdn4kS/r8vHH9t/Y4vEfmPk0/3Pbfxq/tjafivpVNB5j/Soej8Ye5T3/+s790tfeftsj59QqiuZ53Lt+PUm3fWPneXlomG+Tx6rZcRWNQwhhqNk4PP/imeHI/7PuuqLrUOOZafyakazY99iSv333jO8selet4oBc5xs71OZ1vt7r/f0ZH69qej4O1vHtDeX0uPqb9mv5Y4/03Lz7r5+v92/WrHDFyNatm5fXvs5JezonObppv7K18bgWj38th3RYQn2aNpmvY3pCrX/Z62fcPTuq/el9/cnCpseVFe/btermpeXVD+/OG+nk7lqLs8Pc2jZ5Q86e6zMPLNc73Kz9Q3V+DH7oO/d+/N6fnDppfpxc+1p0XEnOcf34yTu/9v2v/NefdO+4PvTuxwf+9n8/vbRWcahcV+q9TvuTNF5XTg6h6Pm3ODQ/jtznX6n58RQ9/7Lt7N+/ebyhTLk/lNt6vp78QN9zZz1y/ZLc5+ueVp+vV08olQuerwfL/Hnlnl8TJkqyYt8vbzhs+0PXrDyqVlE0r+t7N5vXp7SQf+Qc1y/Of2rw0qH/8r+7d934wVvuueD3Iyu+UKs4WM57NR3fas741nsd887G8X3bxZeuX1OrP3hf/6bbgvwnXkq2XLntsyPr149u3tLacbX6/TS2kx3ldr+fxqvbwoLjKk06rpm70cp4tfp8i/1f0/Z4TXy+9Yekre8L2369YM6nfnjjZQOTHpU2dGEpjV9qK/4fz3r8+fNv/N63cuPfGuNX2oo/8syjtyw+/KIdufFvT9L41bbir9j5eO/cvQ88mBt/OPZ/dlvxn37nB/9015P3PZsbP8T4/e2N/ws7Tn9qcPAvufGfSNJ2xl4jhXDPS6esrZWT0JM+32I/eib0K2TLSaZcypTLjeVSba213kA5SSbWx/3S+mMb+tLMJ3Lq46uw6qLa9uVYDtkbU9cfbEoN1/5m9UWvUwEAXu3iz//ja9D48//R9IVS/koD7NdpHrYoJ27Mw/av58yacP+iNH58fFwHHHxbGB7bXjtUe6E/3XXO+HzIrnPGdk44bmKMdtc5i9bfl2TKsV+19fJKQx6ampzXVEIL6++T25l6/T1z+MXr40M3TOrWUMO6Vfb89aQrZs3e75Dpb2UsQt78yK6LxfdzDM4LK8fba3F+ZN9HE89D9n00sZ2jMhfOdt9H0+n8iN2eYn6Md7n45xuTz1+YYnz3n7/m0bLnbxrnuzq2/0z/fPbQXzec2Z+HWZfMiZ8+wQ72dcNYH4+j0uJ64sdz6ru1nhgvF7Ffe6boy4FgPRF4tYr5f/weMZb/j70A/7fMfkWvQ7OvGmO83PcJlZv3pyjvmPw+vb62vo+v3rnpy72De0/IfZ3zYKvv+9k0odRX8L6fonFcmikXjmPOAk1Rvpdtp2jcs+/L6A9z2xr3O7ff9o475t90Zu64r6x9Iy0e969NKM0tGHf5Qk58+cJBkS/M9PrZK5aPpG98mql85GM59dPNR/om3agf17hDLh/pObD9AgAOHTH/r//8LM3//19mv6K89cRMOcbLzVtzXp/k5a0fSbdXZPbvT3+jYrqvm88+/v7r5uy975jcvOX2VvPQ/zahNFCYh3aWN+fmESu7837x3Dyinmd1lifm9r+eJ3aWp+fGr+fpneXRueNTz6M7WwfIjV9fBzjU89yZXa971ebR6a/PzlQefW5O/XTz6P5JN+rHNU4eDQDwyor5f3wZF/P/RzL7dfq6PTcv6NLr9uzfA6nHf+JA5ZUznffNdN4603n9TK9LHOp58UyvC83sOpm8OC2H7I0aeTEAAAeDmP/PTsv5+X9n+Ulu/lbPT+TnTePLzw+S/PxQX/+S/8v/i8n/AQBe3WL+H3/tMf79v/+RlrN/t16enhNfni5Pn2r+tJynz/Q6m3UA6wDFrAMAALy69IxnSpN/z/6T6Tb7e/Z5v5d/fs7+raqM/459CBdt3Tw6esFlm9aMbB29YOOla0a3XHD55nVbt45urO3Xad6Ym7ekeWNPqKTj0Xy/bN42P/17CPNz/h5Cdv8Y9ujxG5P/HkK22dkFf0dg//lrrb955680xf7N5kfe+c6L/4mc/aP6+b/40ydfsHbLBes2rtu6bmT9um2jE/cby1r7pvG5mXFYpvW5mZkvk5Sm//md3elHaVI/etLxyPt89iTTjwVpTxbkff5BTr9/9b+++rnj9/3jrhCGjyi/oaPxS1bs++/njX5k6+7fbRrrf2nK/tf3TPtV9Hml2f3j8VTWX7pl60lrL71sY/YTJdsT1zNK9fIMrWekT/9yi+sTq3Pqp7s+UZ504+DU8voEAAATxJ//x9ez8eeHX0lfQMX61vP0zn5+nJunD7eWp2c/l6woT8/uH4+31Ty92mGenm2/KE9vtn+zPD0v786L/7Gc/aer9XnS2fs8cufJha3Nk+znGRTNk+z+050nSYfzJNt+0Txptn+zeZJ33vPifzRn/zytz4fO3peTOx9ubW0+vDlTLpoP2f2nOx9KHc6HbPtF86HZ/s3mQ975zYt/Ts7+rZo4P8Ymxvi8GL3g8ks3f7Zhv5n+/IvO+zezn//Rrtb7P7Pv+5r5/s/s+8pmvv+dva8st/9PdLYS1nr/Z/bzXdp1wNZr0zebFb3/rGgdd1VO/XTXcWdNunFwso4Lr5yY/8cf98T8/6Z02+0fAx36n5Pmc8yaxu/S55gVvY7x/XyKxg4Cvp8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtKa3smh8u/v6LXvPOeoDv/ri6EvXfPhnG65901U/+PPQxe/75d19339515pj1/7+/YddfP9nztx527cfenHuvf98pjDwQG1zYlqshpA8l4RQ/fmer39p12NHjtUlIYRyMrA9hAXJwocWJJkIw38PIayp93Pinfe8dMrase21N/VOqJ+fCZI9rtBfjv2Z0M9wReERcQiqpvNs297LTwp/eO+q636z+Mc/6tnx7Pb9uyTVhvkUwrwLGx/fE0KYnf4fE2fbovjgdLsyhNDX8LgzCvp1XIv9X5ZTPjrdzkq3/QVx4v1LMuVSZr9sOerJbPsK2utUXj/a3a/InEw5ezHqVF4/Y/2CdPvTdHviNOOX4/8klJJQqXd/fbJ/joSG85aEZPxcVuvlUv3chvT4M+UkUy5lyuWezHGNt5tOtHKSTKyP+2Xq4+W4ktYf23itbuLcnPrXp9tq+kR9OZZD9kZN/6Qb9eMaF/u1Z4q+HAilhmtQs/r6iU9PRn9a158snPSYfU3E+3atunlpefXDuwdy+pHcnaTxk7bib/v1gjmf+uGNly3Ki39hKY1faiv+H896/Pnzb/zet3Lj3xrjl9uKf/IDfc+d9cj1S3LHZ08cn0pb8UeeefSWxYdftCO3/7fH+NW24q/Y+Xjv3L0PPJjb/+E4PrPbiv/0Oz/4p7uevO/Z3Pghxu9rK/7qnZu+3Du494Tc+A/G8elvb/68sOP0pwYH/zKUF/+JGH9uW/Hv3H7bO+6Yf9OZued3ZRyfgbbin338/dfN2XvfMXnXzuT2bn3nBHhtOix9jXVDWm43z+xUQ77wzaFK7TXfnPT/3G42lDHWzrwZjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKvTb68+9ZPnveejqypJCEnOPvuaiPeVZ61YMdRGuyPPPHrL4sMv2tFYt6iNOAAAAECxmIeX6jXVsChcnswORzfdP64RHB1LycT67BpCjJNdI2g3TqlLccpdilPpUpyeLsWZ1aU4vV2KUy2IUw2txZk9ZZxSy/3p61Kc/i7FmdOlOHO7FGdel+LM71KcgSnjtD4PF3QpzsIuxTmsS3EO71KcI7oU53VdinNkl+Jk15SnOw/npnselRdn/Ea5ME4lKdfvaLaeHts5psN2+ltsJ/f7cYvtzG6xneMyjytNs51qi+28scN2khbbeXOH7ZQK2onz9ops/2I7sdTi/L+yS3G2dSnOVV2Kc3WX4ny+S3G+0KU413QYB6BVMf/fn+8NhN7Ku0JfesXJrgLEfHfx+NfJ3+/yLkgx3hsy9bOy8bJhsol6Jt7i6fYvu4CQibckU98zIV6lno9MEa/aGG9p5s5Jx5vtX3ZBIdO/EzP1vUXxsgsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCDfnv1qZ887z0fXRWSMPavqX1NxPvKs1asGGqj3V2rbl5aXv3w7sa63kobgQAAAIBCMQ/vqddUQ29leehNZk3Yr5quA1TTcnmgth2cF1aObZOh0ni5L1kw5eMq6eOWbd2wadmWK7e9dd2GkUtGLxnd+Pblpy4/ffi0009btnbd+tHh2tcQegvihRDGlx+2XLntsyPr149u3lKrzPZ/Ufq4RWk5SR83+LYwPLa9Nu3/woL2SpPam7kbxWcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2DX/kLdPOs4gD9vkpNkZ6uN7F9W1tPQP6Pq0LZm0ulYXhAcbG3pYSDJ9DiKa3F4upatHXXGreA2WxRho1AqvanU4ebwZn/cEPeHQmVWC55aZBu6C71QNp10oxfSEek5eXOSNGlO41i37vO5eN/keX7P88uTiwPf9wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA/WVL08Ua2M10ajEKI+NY0ekrl0No5LQ/T9+vNbf5wbO7m8fSyXGWIjAAAAYKAkh4+0RvIhl0mHdLhq+t3i0DYRZnM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw8TNVL09UK+O1i6MQoj41jR6SuXQ2jktD9H3jnSe/8OrY2D/ax4pD7AMAAAAMluTwVGskH4phSRiJruqoS54NLOha312X7LNwjnXdzw761S2ZY901c6z71IC6dc37jgAAAAAffUn+z7RGCiGXmdc3/w/K9Undoq66dPM+zG8FAAAAgP9Pkv9zrZFiyGWKrbw+17y/uKsuWT/o//bJ+mV91g/6f/7a5t3/6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgo2OqXp6oVsZr6SiEqE9No4dkLp2N49IQfVe9MPqvWw49tLh9LJcZYiMAAABgoCSHz0bvfMhlRsNIuHg694/dtP/prz79bDmEMBPzs9mwY8O2bXevmrkmdSuPHBr50eG3vndG3cqZ63k7IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8L6ZqpcnqpXx2kVRCFGfmkYPyVw6G8elIfq+/qWv/O3x48+92T5WHGIfAAAAYLAkh89m/3wohmzIhium37Vn/dNSXev7PTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhz3fOe+b2+YnNx4txdeeOFF68X5/ssEAAC83xaFKDTO0ZXrz/enBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgym6uWJamW8lo9CiPrUNHpI5tLZOC4N0Td+/mhu3skXXmofKw6xDwAAADBYksNns38+FMNIGAmXT7/r9UxgOv8XPsAPCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHyoTNXLE9XKeG1eFELUp6bRQzKXzsZxaYi+j+3c98WD8394c/tYLjPERgAAAMBASQ7PtkbyIZf5dMiFq5vvJzsXROnmvfdzgdl1WzuWjc55Xb1jXXrO63Z1nSzTPM3MunyyX2Hm3lpXOnNdqW1dMbTalzrWhT0dq+YN+JwBAAAAzqMk/+daI4WQy+Tacu7PO+oLci4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0MdUvTxRrYzXoiiEqE9No4dkLp2N49IQfe/7/Scv+cYvdm9vHysOsQ8AAAAwWJLDZ7N/PhTDwvCJsHA694dCZ31S9+/qqYOP/ufvy0NYccWxsUzf/X/7+o0vdl9CSHUWpUKY3+wX9en3uz8+eu/SxqnHQ1hxefrqc+3XuWXceKa6ce22w8e2nuWLAQAAgAtIkv9HWiOFkMvc1Tf/J8n7nPL//Ht3/uqy5rWZyLtWpArNfqk+/b689Mm/Llv9z7dO5/+z9fvcvs0HL+toODPSJYoblc3b1x277kAqOfVM/3RX/+R7+dp33/zvph2PnJrpnw/55viCTK/+Z167XBQ3JlN7a2ve21vv7J/pc/6H/vDS8d8s2P3u6f7vLBpt9b/mLOc/e//RWx/ec/2+Q+s6+4cQSr36v/3uzeHKP9/5YPf5R7s2bv/m269dorhxZPGJA6v3F2/o7B919U++/18ef2zPzx75wbNJ/+S3IsuXzLV/qqv/K7su3fnyA+sXdPZP9Tn/i7e9Oral9P0/dZ//jqHP/8S1T93+2ob4/u4pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8tUvTxRrYzXUlEIUZ+aRg/JXDobx6Uh+r5xy9G3b9v905+0jxWH2AcAAAAYLMnhs9k/H4ohG7JhdDr3P1PduHbb4WNbQ2FmNmreM5Nb7tn2mU1btt91x3n65AAAAMBcJfk/0xophFxmaRhp5v/K5u3rjl13IJXk/1SS/zfdOblxRWjVvbLr0p0vP7B+Qes5QQjTPwvIn677/GzdTTceLZz4y7eW9axbNVt3ZPGJA6v3F29I6kJ73crQej7xxLVP3f7ahvj+1udrr/vsN7dMNh9PJPuO3vrwnuv3HVrXOkfzPtrcN6mbTO2trXlvbz2pSzfv+ea5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAzTdXLE9XKeC2kQ4j61DR6SObS2TguDdF3zdJfP3jJyecWto/lMkNsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8jx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs101oHVUfB+Bz7k3e3OYmbdK+YFRM06oodWFRENGNioq0IgVXlSLV1i5EQRBR6sJUWrFUxY1gdVNEBTVKQcHGYmmVVPwqblyooFBdCKUY0IbiQiXJObc304xXJ1VQnweGc8+Zmd/8Z87J5F4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4R+npGpppD++4f+qWc2746NG7Tjxy0zv3brvo4Ve/G9l03Yd7e186ObF5xZYvr1+2af/da8Z3P3/op/63fjnaMfih2WZV6jZCiMdjCI13J595bOLjs6bHYgihHgdGQxiMSw8NxkLC6p9DCJtbdc7d+eaJy7dMt9t29cwZX1IIKd5XaNZzPbMG5tbLv0sjrbOtUw9eEr6+dv32T5e/8Xr32LHRU4fERtt6CmHxxvbzu0MIi9I2La+2oXxyateFEHrbzruyQ13n/8H6Ly3pn5va/6W22SEn719Z6NcKxxX7WXeh7e1wvYUqq6PqcZ30FfrFl9FCldWZxwdT+3ZqV/3J/HreYqjF0NUq/554ao2EtnmLIc7MZaPVr7XmNqT7L/RjoV8r9OvdhfuauW5aaPUY547n4wrj+XXclcZXtL+r53FryfjZqW2kP9STuR+KH2Y1T/vQuq8Zua7J36nl71BrewfNN96a+DQZzTTWjEtPO+fXeeR9E+ufuLC+4b3DAyV1xL0x5cdK+Vs/Gey7/bWdDwyV5W+spfxapfxv1h754badLzxXmv90zq9Xyr/sQO/xte/vWFn6fCbz8+mqlH/H0Q+eXP7/O8dK69+T8xuV8q8ZP9LTP3XgYGn9q/PzWVQp/6urb/z2lc/3HSvNDzm/t1L+hvH7nuoZnrq4NP9gfj7Nauvnx7Ervhge/n6kLP+znN9fKf/l0d1Xvbhk15rS+V2Xn89ApfybL9i/vW9q33ll786450z95wT4b1qWvmM9nvpVf2cuVNvvhWdHuma/8/Wlrf9MXqhg+jqL/8J8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd24IAEAAAAQND/1+0IFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//pkA1WQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x101100, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r1, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x4010bc14, &(0x7f0000000200)={0x10, 0x10005, 0xffffffffffff8ab7, 0x2, 0x86b, 0x6})

2m40.758428028s ago: executing program 8 (id=1432):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmmsg$alg(r1, &(0x7f00000018c0)=[{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f00000006c0)="b639a948cc16d1059cb9a2ae0ed0d1d85b86c8901cf825bc0cc34e47d4a76510cbc80d10c339d758c89d57ee9784743be7c2952da06429a73c0df7f6b5d82e9fc66799190f5082230743ab45c320cc3210731ee9402cfff9c918ee2f5356686806e401393b4499a6f41c5484731619b9d271e5e1f4a9c3aa", 0x78}], 0x1, 0x0, 0x0, 0x4}], 0x1, 0x24000010)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000004c0)=""/86, 0x56}, {&(0x7f00000002c0)=""/73, 0x49}], 0x2}, 0x40002141)

2m30.619494925s ago: executing program 0 (id=1511):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000700)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000003000)=[{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000000)="c7ed8f769bb970e49d79a77aa58d49b75041ea1576f494aac07fe9f402057e04ce", 0x21}, {&(0x7f0000000800)="b0cf050edf62093c5569b42585349130898e35d9b1ccab55151918fecf0e957ef6c0e6957d04ea6f01b5af9bcea5c636dea38f4b506376d5288858bbac5f95be08a9a4c92cc35c042e359e92fd5ca620acd9dbb4ee", 0x55}], 0x2, 0x0, 0x0, 0x4000}], 0x1, 0x800)
recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000000380)=""/4, 0x4}, {&(0x7f0000000540)=""/113, 0x71}], 0x2}, 0x40000000)

2m30.429595718s ago: executing program 0 (id=1513):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, "ff00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000200)={0xfffe, 0x7f, 0x4, 0x8, 0x15})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0xc)

2m30.273670527s ago: executing program 0 (id=1517):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
set_mempolicy(0x2002, &(0x7f0000000040)=0x10001, 0x89)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/217, 0xd9}], 0x1, 0x0)

2m30.00775802s ago: executing program 0 (id=1519):
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x185093, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x185093, 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x80000, 0x0)
r1 = open_tree(r0, &(0x7f0000000080)='\x00', 0x89901)
move_mount(r1, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x160)

2m29.754359344s ago: executing program 0 (id=1522):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x52a, &(0x7f0000000a80)="$eJzs3c9vW0kdAPDvc+Lmx6abLuwBELBlWSioqpO4u9FqL3QvIFRVQlScOLQhcaModh3FrmhCD+mReyUqcQL+A24ckHriwI0b3LiUA1KBCtQgcTB6zy+pm9hJoE7cxJ+P9PLezDj+zsSdGb+p7AlgaF2MiK2IOBcRtyNiOs9P8iOutY/0cS+eP1jcfv5gMYlW6+bfk6w8zYuO30m9lT/neER8/zsRP0r2x21sbK4uVKuV9Tw906ytzTQ2Nq+sFPKc8vzc/OzHVz8q962t79V+/ezbK9d/8NvffOnpH7a++ZO0WlM/PZ+Vdbajn9pNL8ZUR95oRFw/jmADMpr/++H0SXvbZyLi/az/T8dI9moCAGdZqzUdrenONABw1qX3/1ORFEr5WsBUFAqlUnsN792YLFTrjebl6fq9u0uRrWFdiGLhzkq1MpuvFV6IYpKm57Lrl+nyK+lHlasR8U5EPBqbyMpLi/Xq0iDf+ADAEHtrz/z/r7H2/N+pOKjKAQDHZ3zQFQAATpz5HwCGj/kfAIbP/zD/+3QgAJwR7v8BYPiY/wFg+Bw6/z88mXoAACfiezdupEdru/391zvf1H1lqdJYLdXuLZYW6+trpeV6fblaKS22Woc9X7VeX5v7cDfZ2Ni8Vavfu9u8tVJbWK7cqvguAQAYvHfee/KndNLf+mQiO6JjLwdzNZxthUFXABiYkUFXABgYn+eB4XWEe3zLAHDGddmity1fIEh6PeCxzV/htLr0eev/MKxeZ/3f2gGcbv/f+v+3+l4P4OSZw2F4tVqJPf8BYMhY4wd6/v9/rudXhDzuf10AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgtJjKjqRQyvYC30p/FkqliPMRcSGKyZ2VamU2It6OiD+OFcfS9NygKw0AvKbCX5N8/69L0x9M7S09l/x7LDtHxI9/fvNn9xeazfW5NP8fu/nNx2n+RHO9fG4QDQAAOl3bn5XN3+X83HEj/+L5g8Wd4ySr+OzT9uaiadzt/GiXjMZodh6PYkRM/jPJ023p+5WRPsTfehgRn9tp/3jc74gwla2BtHc+3Rs/jX2+7/E7//574xdeaW8hK0vPxexv8dnYUzngUE8+bY+Ted9Lu3je/wpxMTt37//j2Qj1+tLxL+2u2/vGv8Lu+DeyL36S9fmLu+mDa/Lsw999d19ma7pd9jDiC6Pd4ie78ZPu42/xgyO28c9f/PL7vcpav4i41LX9OztS17JhdqZZW5tpbGxeWaktLFeWK3fL5fm5+dmPr35UnsnWqNs/f98txt8+ufx2r/hp+yd7xB8/uP3xtSO2/5f/uf3DrxwQ/xtf7f76v3tA/HRO/PoR4y9MXuu5fXcaf6lH+zte/4lu7b98xPhP/7K5dMSHAgAnoLGxubpQrVbWD7lI32u+kjMWEYf+loteF+m9/RtQjewitvr3UmaLEhHR9THpO+o3o8nHdZEMLPqv+v2Egx6ZgOP2stMPuiYAAAAAAAAAAAAAAEAvjY3N1bHun9bq28Wg2wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDZ9d8AAAD//wmFwqI=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r1, 0x0)
fallocate(r0, 0x8, 0x4000, 0x4000)

2m29.296232663s ago: executing program 0 (id=1525):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
landlock_restrict_self(r0, 0x1)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r1, &(0x7f0000000640)=@file={0x1}, 0x6e)

2m28.70691584s ago: executing program 39 (id=1525):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
landlock_restrict_self(r0, 0x1)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r1, &(0x7f0000000640)=@file={0x1}, 0x6e)

2m25.750844219s ago: executing program 40 (id=1432):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmmsg$alg(r1, &(0x7f00000018c0)=[{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f00000006c0)="b639a948cc16d1059cb9a2ae0ed0d1d85b86c8901cf825bc0cc34e47d4a76510cbc80d10c339d758c89d57ee9784743be7c2952da06429a73c0df7f6b5d82e9fc66799190f5082230743ab45c320cc3210731ee9402cfff9c918ee2f5356686806e401393b4499a6f41c5484731619b9d271e5e1f4a9c3aa", 0x78}], 0x1, 0x0, 0x0, 0x4}], 0x1, 0x24000010)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000004c0)=""/86, 0x56}, {&(0x7f00000002c0)=""/73, 0x49}], 0x2}, 0x40002141)

2m11.767270021s ago: executing program 2 (id=1625):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

2m11.230979996s ago: executing program 2 (id=1630):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa1, 0x12, 0x17, 0x10, 0xb95, 0x172a, 0xf7f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xfb, 0x0, 0x2, 0x6c, 0x5d, 0x65, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20008884)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x13, 0x6, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000008c0)={0x84, 0x0, &(0x7f0000000400)={0x0, 0xa, 0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x40, 0x21, 0x1, 0x9}})

2m8.686837699s ago: executing program 2 (id=1655):
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6d61703d61636f726e2c626c6f636b3d30783030303030303030303030303034303000756e686964652c756e686964652c6d61703d6e6f726d616c2c6d61703d6f66664173686f776173736f632c646f6e745f686173682c646566636f6e746578743d756e636f6e66696e658500752c00"], 0x0, 0x633, &(0x7f0000000280)="$eJzs3U1v28gdx/EfZdlWXCAo2mIRBNlkNukCDpoqkrxxYKSHstTI5lYSBZIubKDAIt3YiyBytk1SoPFl4UsfgO0b6KXYSw99EQV67rvoscCivRXoRQVJ0U96dCLb3e73IzgckX/O/Id0OKAlkgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHK8eqVSddT025tbZjSvHgatMcuz2uZ1Nyvcndiu5CQ/KpV0LZt17TtHi99J/rmtG9m7Gyolk5L2v/HONx99u1jI1x+T0JvQWSt8+Xr/2eNud+fFjBO5YI812HMVplhx3bb9KPBb7ro1fhSYtdXVyv2NRmQaftNG21FsW8YLbSEOQrPs3TXVtbUVY8vbwWZ7ve42bT7z4fdrlcqq+XCxv/vvf1iOvA2/2fTb62lMsjiJeWg+/2kWYt2WMbtPuzsrk5JMgqrTBNUmBdUqtVq1WqtVVx+sPXhYqRQHZlRO0UDEzH9p8RUzu4M38JYKyfj/d0dqqqS2NrUlM/Tlqa5QgVojlvfl4//79+3Ydo+P//kof+1o8XWl4//N7N3NUeP/iFyMTLrCsCXOiPlv9nqp19rXMz1WV13t6MVs6r01uwzP8VWQ1qWi5CtSIF8tuVqXlenPMVrTqlZV0UfaUEORjBry1ZRVpG1FimXVSvdJKCtXsQKFMlqWp7syqmpNa1qRkVVZ2wq0qbbWVZerf/d6vV09Tbf7ypg8lQdVpwmqjQkaNf7/7LPs95Tx/+suP35NEwNcul7//P+Mbp1PNgAAAAAA4Dw46V/fnfSz+3cl9dTwm7Zy2WkBAAAAAIAZSj/5v5FM5pPSu3JGnP/3Lj43AAAAAAAwG056jZ0jaWm+Pyu/EmqaLwHMnXN6AAAAAABgBtLP/28uSL303mu35Jzp/B8AAAAAAHwF/PbYPfaL+T12e/nH+gVJUWfR+cs/FxXOOwedre86e26yxN3rxwx8AyBuXHeu9m/Um04WJKXvPDvvHD0YwEl/StmbL3cn3evfCU8lsDCX//liUgKrxf47fa73spj3+u0+2S8oXZK1stTwm7bsBc1HVbnu1UJst+JfPn/6Kyk87Ofu0+5O+eNPu0/SXA6SWQd7SR6fnUinMCmXV+n9FtJrLob1+IoaeZO/a7eWnLTdSt7/Obl7heMNTdf/X+t2FnN7KZsu7ed7IO1/Kel/tZzusqPep3eHcI6yqJ7u+bAdMSKLUprFnSzmzvKdbJLn18/ie3NSrTy4D8LjWdSOZzF5Wzj/GtgWE7JItsVKksVfk4pGZLFytiwG9ggAXJbdo1EovYn54D32T4+7b3KUmzy6//BkK6/+0MsuOJyTiv3PJsa2UlJyRF/OYhaUHliL14cc0Sv9caWkEUf0yluMbklbfz56BlI/7YEs/tPr9R5V03Z/f2pU/SJZ4YuR7UbN2lyyCe+/2vt5egP8xCc7n+w8r9VWVisfVCoPappPu9GfMPYAAIaY/IydiRHOB4dn1U/+8X5WOjHifevwKwVlfaxP1dUT3csfIXBreK1Lx76GcG/wrDWJvSKdiv3jvO6NPKtLx9Jj9dYOY/MLH06fAR7FrpzzXgAA4GLdnjAOTzP+38vPu5evDz3vPjmWn35C8KjY6gVvCQAAvj5s+KWzFP/GCUO/81F1ba3qxhvWhIH3YxP69XVr/HZsQ2/Dba9b0wmDOPCCpumEWvTrNjLRZqcThLFpBKHpBJG/lT753fQf/R7ZltuOfS/qNK0bWeMF7dj1YlP3I890Nn/U9KMNG6YrRx3r+Q3fc2M/aJso2Aw9WzYmsvZYoF+37dhv+EmxbTqh33LDbfOToLnZsqZuIy/0O3GQVZi35bcbQdhKqy2rd+YHHQIA8P/o5ev9Z4+73Z0XYwoHmhzTLywMq/Cy+wgAAE5ilAYAAAAAAAAAAAAAAAAAAAAA4H/fNNf/nakwP+xiQelwzi+uTlWPo1kndpZC4c1X/9uYmCuHc/LNfzzm4BJ6qqxQnH3NV6TpLxudQeEHu9kWHRmTLBy6aPFwXxRn/98hKTz/04hFvV6vN371xZPbcGFcB08WipJeLLzFLric4xGAi/PfAAAA//8Us0P7")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
creat(&(0x7f0000000080)='./file1\x00', 0x0)

2m8.344509909s ago: executing program 2 (id=1657):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x2e)

2m8.036982404s ago: executing program 2 (id=1660):
r0 = io_uring_setup(0x664c, &(0x7f0000000480)={0x0, 0x0, 0x1, 0x8000004})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
listen(r1, 0x1)
accept4$bt_l2cap(r1, 0x0, 0x0, 0x80800)
close_range(r0, r0, 0x0)

2m7.310521459s ago: executing program 2 (id=1666):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r0, &(0x7f000000a400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/38, 0x26}, 0x322}], 0x1, 0x0, 0x0)

2m6.67050933s ago: executing program 41 (id=1666):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000080)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r0, &(0x7f000000a400)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/38, 0x26}, 0x322}], 0x1, 0x0, 0x0)

1m45.323657135s ago: executing program 9 (id=1805):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000000400)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}, {@nodiscard}, {@quota}]}, 0x1, 0x564, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvjH82SesEeoAKSIBCQFF2400bVb20XECoqoSoOCAOqbE3lsluNmTXpTaRcP8GkEDiBH8CByQOSD1xgBNHJA6AKAekAhEoRuph0MyO7Y29Jou93iXez0eazI83M9/3djPz3r5dzwtgYl2KiK2ImI2INyNiodyelFO82p3y/R4+uL+8/eD+chJZ9sbfkyI93xY9x+TOluecj4ivfinim8nBuO2NzdtLjUb9Xrle7TTvVtsbm1fXmkur9dX6nVrtxuKNay9df7E2tLJebP7s/S+uvfa1X/7i4+/9duvz382zda5M6y3HMHWLPrMbJzcdEa+dRLAxmCrns2POB0eTRsSHIuJTxfW/EFPF/04A4DTLsoXIFnrXAYDTLi36wJK0EhFpWjYCKt0+vGfjTNpotTtXbrXW76x0+8rOx0x6a61Rv3Zh7vffLnaeSfL1xSKtSC/Wa/vWr0fEhYj4wdxTxXpludVYGU+TBwAm3tne+j8i/jWXppXKQIf2+VYPAHhizI87AwDAyKn/AWDyqP8BYPIMUP+XX/ZvnXheAIDR8PkfACaP+h8AJo/6HwAmyldefz2fsu3y+dcrb22s3269dXWl3r5daa4vV5Zb9+5WVlut1eKZPc3Hna/Rat1dfCHW36526u1Otb2xebPZWr/TuVk81/tmfWYkpQIA/psLF9/9XRIRWy8/VUzRM5aDuhpOt3SIewFPlqnjHKyBAE80o33B5BqoCi8aCb8+8bwA49H3Yd7zfRcf9aP/IYjfGcH/lcsfHbz/3xjPcLrs69n/IBtXRoCRO1r//ytDzwcwekfu///jcPMBjF6WJfvH/J/dTQIATqVj/IQv+96wGiHAWD1uMO+hfP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp8y5iPhWJGmlGAs8zf9NK5WIpyPifMwkt9Ya9WsR8UxcjIiZuXx9cdyZBgCOKf1rUo7/dXnh+XP7U2eTf88V84j4zo/f+OHbS53OvcV8+z92t8/tDB9W2zvuGOMKAgCD+/MgOxX1d62c93yQf/jg/vLOdIJ5POD9L+wOPrq8/eB+MXVTpiPLsixivmhLnPlnEtPlMfMR8VxETA0h/tY7EfGRfuVPir6R8+XIp73xo4z99Ejjp4/ET4u07jx/+T48hLzApHk3v/+82u/6S+NSMe9//c8Xd6jjK+5/8xE7977tnvjTZaSpPvHza/7SoDFe+NWXD2zMFrpp70Q8N90vfrIbPzkk/vMDxv/Dxz7x/VcOSct+EnE5+sfvjVXtNO9W2xubV9eaS6v11fqdWu3G4o1rL11/sVYt+qirOz3VB/3t5SvPHJa3vPxnDonffefP7iv/7O6xnxmw/D/94M1vfHJvdW5//M99uv/7/2wRsf/rn9eJnx0w/tKZnx86fHcef+WQ8j/u/b8yYPz3/rK5MuCuAMAItDc2by81GvV7x1rIP4UO4zwHFvIsDrbzTnPxeEH/FMXC3suSRBJHPuFM/6S8MTbQ4Sf1qp74wvRuW3G4Z/56fsYRFycdeimOshDny4WHowo6vnsSMBp7F31E/GbcuQEAAAAAAAAAAAAAAPoZxd8wjbuMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF7/CQAA///bV8Ru")
syz_mount_image$exfat(0x0, &(0x7f0000000440)='./file0\x00', 0x1080800, 0x0, 0x0, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

1m44.499017654s ago: executing program 9 (id=1810):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd=r0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
io_uring_enter(r1, 0x26c3, 0xfffffffb, 0x4c, 0x0, 0x0)

1m44.129102143s ago: executing program 9 (id=1815):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)

1m43.949830844s ago: executing program 9 (id=1817):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0)
chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00')

1m43.802944638s ago: executing program 9 (id=1820):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f00000001c0))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0x586abc7b6f5091ec, 0xfa00, {0x0, 0x0, 0x13f}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r2, 0x40184150, &(0x7f0000000300)={0x0, 0x0})

1m43.386387361s ago: executing program 9 (id=1823):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000580)="17", 0x1}], 0x1, 0x0, 0x0, 0x8800}}], 0x1, 0x8041)

1m42.822659333s ago: executing program 42 (id=1823):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000580)="17", 0x1}], 0x1, 0x0, 0x0, 0x8800}}], 0x1, 0x8041)

1m14.313691845s ago: executing program 7 (id=2050):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6161, 0x4d15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000d80)={0x24, 0x0, &(0x7f0000000200)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x807}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x18, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x4, @string={0x4, 0x3, "a500"}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x4, @string={0x4, 0x3, "5414"}}, 0x0, 0x0, 0x0}, 0x0)

1m11.594417004s ago: executing program 7 (id=2088):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

1m11.0601293s ago: executing program 7 (id=2094):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0xe5, 0x4)
listen(r1, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000840)={r0, &(0x7f0000000240), &(0x7f0000000080)=@tcp=r1}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000900)={r0, &(0x7f00000008c0)}, 0x20)

1m10.07440329s ago: executing program 7 (id=2101):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

45.563450509s ago: executing program 7 (id=2101):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

17.059004669s ago: executing program 7 (id=2101):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

8.067629166s ago: executing program 5 (id=2479):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000054000000030a01030000000000000000050000000900010073797a30000000000900030073797a30000000002800048008000240000000001400030073797a5f74756e000000000000000000080001400000000014000000110001"], 0x9c}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r3], 0x20}}, 0x0)

3.845571948s ago: executing program 3 (id=2488):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6(0xa, 0x3, 0x7)
r1 = socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2, r0}, 0x2)
sendmsg$inet6(r1, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x3f}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b00000000000007120000000000000029"], 0x30}, 0x0)

3.735148676s ago: executing program 5 (id=2490):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x30, 0x1f, 0x301, 0xfffffffc, 0x0, "", [@nested={0x20, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @generic="f400a489160a", @generic="50bb2d6f67d29d6fabad"]}]}, 0x30}], 0x1, 0x0, 0x0, 0x4048000}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x6f, &(0x7f0000000080)={@broadcast, @multicast, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x35, 0x3a, 0x0, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "18b088", 0x0, 0x0, 0x0, @local, @local, [], "fafb17c133"}}}}}}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)

3.581103137s ago: executing program 3 (id=2492):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000180)={[{@allow_utime={'allow_utime', 0x3d, 0xc4}}, {@namecase}, {@utf8}, {@utf8}, {@fmask={'fmask', 0x3d, 0x5}}, {@iocharset={'iocharset', 0x3d, 'cp775'}}, {@gid}, {@umask={'umask', 0x3d, 0x3}}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}, {}, {@allow_utime={'allow_utime', 0x3d, 0x400000}}]}, 0x1, 0x152a, &(0x7f0000000340)="$eJzs3AuYjtXaOPD7Xms9Y0h6m+QwrLXuhzc5LJMkOSTJIUmSJMkpIWmSLQmJIaekIQnJYUgOQ0gOE5PG+ZDzKSFJmiQJySlZ/2vC327X/vbe3+7Lvvbcv+t6r1n3u557Pet57/ewnuedmW+7DK3ZuFa1hkQE/xa88CMJAGIBYCAAXAMAAQCUiysXl9WfU2LSv7cT9sd6KPVKz4BdSVz/7I3rn71x/bM3rn/2xvXP3rj+2RvXP3vj+jOWnW2aXvBavmXfG1//z8748/+/SGbpsV+uLX19V4CYfzaF65+9cf3/awX/zEZc/+yN659dxV7pCbD/APz6zw5y/N0ern/2xvVnLDv7c683y/+47xsg8uc+Bgqu/DH/6vgZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLE/wWl/mQKAS+0rPS/GGGOMMcYYY4z9cXyOKz0DxhhjjDHGGGOM/d9DECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+b/KfwF6wIvQE3pBEvSGPvAS9IV+0B8GwEB4GQbBKzAYXoVkGAJD4TUYBq/DcHgDRsBIGAVvwmh4C8bAWBgH4yEFJsBEeBsmwTswGabAVJgGqTAdZsC7MBNmwWx4D+bA+zAX5sF8WABp8AEshEWQDh/CYvgIMmAJLIVlsBxWwEpYBathDayFj2EdrIcNsBE2wWbYAlthG2yHHfAJ7IRPYRfshj3wGeyFz//F/FN/k98VAQEFClSoMAZjMBZjMRfmwtyYG/NgHoxgBOMwDvNiXsyH+bAAFsB4jMfCWBgNGiQkLIJFMIpRLIbFsDgWx5JYEh06TMAELIM3Y1ksi+WwHJbH8lgBK2JFrIyVsQpWwapYFathNayO1bEm1sS78W7sjXWwDtbFulgP6126PIUNsSE2wkbYGBtjE2yCTbEpNsfm2BJbYitsha2xNbbFttgO22F7bI+JmIgdsAN2xI7YCTthZ+yMXbALdsVu2C3zhRyAL+KL2Auri97YB/tgX0zO0R8H4AB8GQfhK/gKvorJOASH4mv4Gr6Ow/EkjsCROApHYRXxFo7BsUhiPKZgCk7EiTgJJ+FknIJTcBqm4nScgTNwJs7CWfgezsH38X2ch/NwAaZhGi7ERZiO6bgYT2EGLsGluAyX4wpcjqtwNa7CtfgxrsX1uB434kbcjJtxK27F7bgdP0EFgJ/ibtyNybgX9+I+3If7cT8ewAOYiZl4EA/iITyEh/EwHsEjeBSP4XE8hifwBJ7EU3gaT+NZPIvn8Ln4rxt9UmJNMogsSigRI2JErIgVuUQukVvkFnlEHhEREREn4kRekVfkE/lEAVFAxIt4UVgUFkYYQSKMAQARFVFRTBQTxUVxUVKUFE44kSASRBlRRpQVZUU5casoL24TFURF0cZJUVlUEW1dVXGnqCaqieqihqgpaolaoraoLeqIOqKuqCvqiXqivnhANBC9sT8+JLIq01gMwSZiKDYVzYS8+A7WSgzH1qKNaCueECNxBLYXrVyieFp0EGOwo/iLGIvPis5iPHYRz4uuopvoLl4QPURr11P0EpOxt+gjpmFf0U/0FwPETKwh3sM5OWuKV0WyGCKGitfEAnxdDBdviBFipBgl3hSjxVtijBgrxonxIkVMEBPF22KSeEdMFlPEVDFNpIrpYoZ4V8wUs8Rs8Z6YI94Xc8U8MV8sEGniA7FQLBLp4kOxWHwkMsQSsVQsE8vFCrFSrBKrxRqxVnws1on1YoPYKDaJzWKL2Cq2ie1ih/hE7BSfil1it9gjPhN7xedin/hC7BdfigPiK5EpvhYHxTfikPhWHBbfiSPie3FUHBPHxQ/ihPhRnBSnxGlxRpwVP4lz4mdxXngBEqWQUioZyBiZQ8bKnDKXvErmlsHFR/daGSevk3nl9TKfzC8LyIIyXhaShaWWRlpJMpRFZFEZlTfIYvJGWVyWkCVlKelkaZkgb5Jl5M2yrLxFlpO3yvLyNllBVpSVZGV5u6wi75AQubCP6rKGrClrybtlEtwj68h7ZV15n6wn75f15QOygXxQNpQPyUbyYdlYPiKbyEdlU9lMNpctZEv5mGwlH5etZRvZVj4h28knZXv5lEyUT8sO0l98ijwrO8vnZBf5vOwqu8nu8md5XnrZU/aS0BtkH/mS7Cv7yf5ygBwoX5aD5CtysHxVJsshcqh8TQ6Tr8vh8g05Qo6Uo+SbcrR8S46RY+U4OV6myAlyonxbTpLvyMlyipwqp8lUOV32vzjSbCn/Yf7bv5M/+Je9b5Sb5Ga5RW6V2+R2uUN+InfKnXKX3CX3yD1yr9wr98l9cr/cLw/IAzJTZsqD8qA8JA/Jw/KwPCKPyKPymDwjf5An5I/ypDwlT8kz8qw8K89dfAxAoRJKKqUCFaNyqFiVU+VSV6nc6mqVR12jIupaFaeuU3nV9Sqfyq8KqIIqXhVShZVWRllFKlRFVFEVVTfgxSeMKqlKKadKqwR107+Sr4qpG1VxVeJX+Zfml/R35tdStVStVCvVWrVWbVVb1U61U+1Ve5WoElUH1UF1VB1VJ9VJdVadVRfVRXVVXVV31V31UD1UT9VTJakk1Ue9pPqqfqq/GqAGqpfVIDVIDVaDVbJKVkPVUDVMDVPD1XA1Qo1Qo9QoNVqNVmPUGDVOjVMpKkVNVBPVJDVJTVaT1VQ1VaWqVDVDzVAz1Uw1W81Wc9QcNVfNVfPVfJWm0tRCtVClq3S1WC1WGWqJWqKWqWVqhVqhVqlVao1ao7LWX+vVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nLfsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBtcH+QL8gcFgoJBfFAoKBzowAQ2EBeLHg1uCIoFNwbFgxJByaBU4ILSQUJwU1AmuDkoG9wSlAtuDcoHtwUVgopBpaBycHtQJbgjqBrcGVQL7gqqBzWCmkGt4O6gdnBPUCe4N6gb3BfUC+4P6gcPBA2CB4OGwUNBo+DhoHHwSNAkeDRoGjQLmgctgpZ/6Pjen8z/uOupe+kk3Vv30S/pvrqf7q8H6IH6ZT1Iv6IH61d1sh6ih+rX9DD9uh6u39Aj9Eg9Sr+pR+u39Bg9Vo/T43WKnqAn6rf1JP2Onqyn6Kl6mk7V0/UM/a6eqWfp2fo9PUe/r+fqeXq+XqDT9Ad6oV6k0/WHerH+SGfoJXqpXqaX6xV6pV6lV+s1eq3+WK/T6/UGvVFv0pv1Fr1Vb9Pb9Q79id6pP9W79G69R3+m9+rP9T79hd6vv9QH9Fc6U3+tD+pv9CH9rT6sv9NH9Pf6qD6mj+sf9An9oz6pT+nT+ow+q3/S5/TP+rz2WYv7rI93o4wyMSbGxJpYk8vkMrlNbpPH5DEREzFxJs7kNXlNPpPPFDAFTLyJN4VNYZOFDJkipoiJmqgpZoqZ4qa4KWlKGmecSTAJpowpY8qasqacKWfKm/KmgqlgKplK5nZzu7nD3GHuNHeau8xdpoapYWqZWqa2qW3qmDqmrqlr6pl6pr6pbxqYBqahaWgamUamsWlsmpgmpqlpapqb5qalaWlamVamtWlt2pq2pp1pZ9qb9ibRJJoOpoPpaDqaTqaT6Ww6my6mi+lqupruprvpYXqYnqanSTJJpo/pY/qavqa/6W8GmoFmkBlkBpvBJtkkm6FmqBlmhpnhZrgZYUaaUVkLVfOWGWPGmnFmvEkxKWaimWgmmUlmsplsppqpJtWkmhlmhplpZprZZraZY+aYuWaumW/mmzSTZhaahSbdpJvFZrHJMBlmqVlqlpvlZqVZaVab1WatWWvWwTqzwWwwm8wms8VsMdvMNrPD7DA7zU6zy+wye8wes9fsNfvMPrPf7DcHzAGTaTLNQXPQHDKHzGFz2BwxR8xRc9QcN8fNCXPCnDQnzWlz2pw1+S9+XnoTa3PaXPYqm9tebfPYa+zfxgVsQRtvC9nCVtt8Nv+vYmOtLW5L2JK2lHW2tE2wN/0mrmAr2kq2sr3dVrF32Kq/iWvbe2wde6+ta++ztezdv4rr2fttffuIbYAIYJvZRraFbWwfsU3so7apbWab2xa2nX3StrdP2UT7tO1gn/lNvNAusqvtGrvWfmx32d32tD1jD9lv7Vn7k+1pe9mB9mU7yL5iB9tXbbId8pt4lH3TjrZv2TF2rB1nx/8mnmqn2VQ73c6w79qZdtZv4jT7gZ1j0+1cO8/Otwt+ibPmlG4/tIvtRzbDBrDULrPL7Qq70q76/3NdZtfbDXaj3Wk/tVvsVrvNbrc7Li2E7W67x35m99rP7UH7jd1vv7QH7GGbab/+Jc46vsP2O3vEfm+P2mP2uP3BnrA/qkvZWcf+g/3ZnrfeAiEBSVIUUAzloFjKSbnoKspNV1MeuoYidC3F0XWUl66nfJSfClBBiqdCVJg0GbJEFFIRKkpRuoEuTa8klSJHpSmBbqIydDOVpVuoHN1K5ek2qkAVqRJVptupCt1BVelOqkZ3UXWqQTWpFt1NtekeqkP3Ul26j+rR/VSfHqAG9CA1pIeoET1MjekRakKPUlNqRs2pBbWkx6gVPU6tqQ21pSeoHT1J7ekpSqSnqQM9Qx3pL9SJnqXO9Bx1oeepK3Wj7vQC9aAXqSf1oiTqTX3oJepL/ag/DaCB9DINoldoML1KyTSEhtJrNIxep+H0Bo2gkTSK3qTR9BaNobE0jsZTCk2gifQ2TaJ3aDJNoak0jVJpOs2gd2kmzaLZ9B7NofdpLs2j+bSA0ugDWkiLKJ0+pMX0EWXQElpKy2g5raCVtIpW0xpaSx/TOlpPG2gjbaLNtIW20jbaTjvoE9pJn9Iu2k176DPaS5/TPvqC9tOXdIC+okz6mg7SN3SIvqXD9J3vRd/TUTpGx+kHOkE/0kk6RafpDJ2ln+gc/UznyROEGIpQhioMwpgwRxgb5gxzhVeFucOrwzzhNWEkvDaMC68L84bXh/nC/GGBsGAYHxYKC4c6NKENKQzDImHRMBreEBYLbwyLhyXCkmGp0IWlw4TwprBMeHNYNrwlLBfeGpYPbwsrhBXDR+6rHN4eVgnvCKuGd4bVwrvC6mGNsGZYK7w7rB3eE9YJ7w3rhveFZcP7w/rhA2GD8MGwYfhQ2Ch8OGwcPhI2CR8Nm4bNwuZhi7Bl+FjYKnw8bB22CduGT4TtwifD9uFTYWL4dNghfOaX/vsX/f3+pLB32Cd8KXwp9P5eOT+6IJoW/SC6MLoomh79MLo4+lE0I7okujS6LLo8uiK6Mroqujq6Jro2+nF0XXR9dEN0Y9T7WjnAoRNOOuUCF+NyuFiX0+VyV7nc7mqXx13jIu5aF+euc3nd9S6fy+8KuIIu3hVyhZ12xllHLnRFXFEXdTe4Yu5GV9yVcCVdKedcaZfgWriWrqVr5R53rV0b19Y94Z5wT7on3VPuKfe06+CecR3dX1wn96zr7J5zz7nnXVfXzXV3L7gebkKeC6/JJNfH9XF9XV/X3/V3A91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfVTXWpLtXNcDPcTDfTVZl1YS9z3Vw33813aS7NLXRZa8Z0t9gtdhkuwy11S91yt9ytdCvdarfarXVr3Tq3zm1wG9wmt8ltcVvcNrfN7XA73E630+3y11wY1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5MiUyNTItEhqZHpkRuTdyMzIrMjsyHuROZH3I3Mj8yLzIwsiaZEPIgsjiyLpkQ8jiyMfRTIiSyJLI8siyyMrIt4X2hL6Ir6oj/obfDF/oy/uS/iSvpR3vrRP8Df5Mv5mX9bf4sv5W315f5uv4Cv6Sv5R39Q38819C9/SP+Zb+cd9a9/Gt/VP+Hb+Sd/eP+UT/dO+g3/Gd/R/8Z38s76zf8538c/7rr6b7+5f8D38i76n7+WTfG/fx7/k+/p+vr8f4Af6l/0g/4of7F/1yX6IH+pf88P86364f8OP8CP9qJg3/ehLp8gw3qf4CX6if9tP8u/4yX6Kn+qn+VQ/3c/w7/qZfpaf7d/zc/z7fq6f5+f7BT7Nf+AX+kU+3X/oF/uPfIZfcumisl/pV/nVfo1f6z/26/x6v8Fv9Jv8Zr/Fb/Xb/Ha/w3/id/pP/S6/2+/xn/m9/nO/z3/h9/sv/QH/lc/0X/uD/ht/yH/rD/vv/BH/vT/qj/nj/gd/wv/oT/pT/rQ/48/6n/w5/7M/z3+zxhhjjDH2T5lwuSl+3XPhcn7v38kRf7VxHwC4emvBzL/uz1pRrst3od1PxLeLAMDTvbo8dOlWvXpSUtLFbTMkBEXnAVz6JihLDFyOl0BbeBISoQ2U+d359xPdztI/GD96K0Cuv8qJhcvx5fG/AMCk3xn/sSdGLSwfno77H8afB1C86OWcnHA5XgJtf7m+0gbK/p3552/1D+af88sUgNZ/lZMbLseX558Aj8MzkPirLRljjDHGGGOMsQv6iUqdLp1/XvqNz987P49Xl3NywOX4H52fM8YYY4wxxhhj7Mp7tlv3px5LTGzT6V9vVP1fZf3TjSbwfzUyN3634T3ApXsUAPybAwJkNeSfeRSb/5R9JV986fxt1/IzPoD/jFL+EY0r/MbEGGOMMcYY+8NdXvT/+n51pSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ3/GvxO70sfIGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMXWn/LwAA//9+qv+4")
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000380)='./bus\x00')

3.54558007s ago: executing program 5 (id=2493):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0xffffffffffffffef, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x27)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, &(0x7f0000000040)={&(0x7f0000000780)={{@host, 0x6}, {@host, 0x7ff}, 0x10fe8, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38a4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b8317ad07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7d9ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effde3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162f3abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad00"}, 0x418, 0x4})
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r1, &(0x7f00000016c0)="ab", 0x1, 0x18844, &(0x7f0000001440)={0x2, 0x4e22, @local}, 0x10)

3.175005216s ago: executing program 4 (id=2495):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r1, &(0x7f0000000600)="5f0efc", 0xfffffffffffffe4c, 0x44, 0x0, 0x0)

3.061823314s ago: executing program 3 (id=2496):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x2e, 0x760, &(0x7f0000001100)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKJ0kzaZdNW7cFQoFtzUkJyHkJBMyk9qJBVvXQm02CoKoa5duhVL/AHdSUHAviNa4EDcjZ/JRGmemk6+OpL8fnMzznq/nfXIOb+ZA3hPAS+v14kcSMRQR1yOivLk+jYjjrehExN2N/daf3JkqliSazRu/JMVhsd4sb58r2fw8Ha1D4v8R8agUceH9v+etNVbnJ/M8W95sj9QXlkZqjdWLcwuTs9lstjg2fmX08vj45dHx59bwvx5rPfvWlZMPvn1zbe27r+r3Xxu4mMREq+7YrK3H0+zKxu+kFBM71i8eRrI+SvrdAQAAelJ8zz8WEQOtb6nlONaKAAAAgKOkOdgEAAAAjrwk+t0DAAAA4HBt/R/A1tzew5oH28nPb0TEcLv8A605xBEnohQRp9aTZ2YmJBuHwb7cvRcRDyd23n9fFHfY3X2ee3RH+9k50sf3eXYOwsNi/JloN/6k2+NPtBl/BrbenbBPnce/p/mPdRj/rveY4+tPXyl1zH8v4tWBdvmT7fxJh/xv95j//toHDzpta34eca7t35/kmVxd3g8xMTOXd339wKM/zz/uVv+pTvmT7vUv9Vj/u+u/zXcaS4r85890v/7t8hf3xIeb/Ugj4sHmZ9Fe25HjzML333SrfzqiuZfr/1nXqp9ekh+/HLzddVcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYIY2IoUjSynacppVKxOmI+G+cSvNqrX5hprqyOF1sixiOUjozl2ejEVHeaCdFe6wVP21f2tEej4j//HByI+lcnlWmqvl0v4sHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg2+mIGIokrUREGhG/l9O0UokY6OHYwRfQPwAAAOCADPe7AwAAAMCh8/wPAAAAR99en/+TA+4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKRdv3atWJrrT+5MFe3pW42V+eqti9NZbb6ysDJVmaouL1Vmq9XZPKtMVReed768Wl0auxIrt0fqWa0+Umus3lyorizWb84tTM5mN7PSC6kKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3RpqLUlaiYi0FadppRLxr4gYjlIyM5dnoxHx74h4XC4NFu2xfncaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA1drrM5P5nm2vPtgYE9HCQSC/L2I+Ad0owgG2w8FfR6YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoi1pjdX4yz7PlWr97AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH+lPyURUSznymeHdm49nvxRbn1GxDuf3Pjo9mS9vjxWrP91e3394831l/rRfwAAAHgpXN3NzlvP6VvP8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL2qNVbnJ/M8W95fcDUaq82kwz79rhEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANibvwIAAP//UhvDag==")
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x82400, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0xd)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

3.040514489s ago: executing program 5 (id=2497):
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000fc"], 0x30}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))

2.911499791s ago: executing program 4 (id=2498):
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='ip_vti0\x00', 0x10)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0)

2.592718787s ago: executing program 4 (id=2499):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x2, 0x3}, 0xffffff8c})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
write$sndseq(r2, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @time={0x9, 0x4}, {}, {}, @result}], 0x1c)

2.376835747s ago: executing program 3 (id=2500):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)

2.28393678s ago: executing program 4 (id=2501):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x1)
sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x396, @empty}, 0x1c)
readv(r0, &(0x7f0000001480)=[{&(0x7f00000000c0)=""/229, 0xe5}], 0x1)
shutdown(r0, 0x1)

2.211185375s ago: executing program 4 (id=2502):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
shutdown(r0, 0x0)

2.100417573s ago: executing program 6 (id=2504):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x2c, r2, 0x1, 0x270bd2c, 0x5, {0x5}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaac}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

2.014266255s ago: executing program 3 (id=2505):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000600)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r0, 0x0, 0x0, 0x0, 0x2203, 0x0, {0x1}})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.690428389s ago: executing program 6 (id=2507):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0x7000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x1100, 0x0, 0x0, 0x0, 0x0, 0x0)

1.599516355s ago: executing program 1 (id=2508):
socket$unix(0x1, 0x1, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000500)={[0x4]}, 0x8, 0x80000)
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1.370632611s ago: executing program 1 (id=2509):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x1)
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r2, 0x2, 0x0)

1.266285802s ago: executing program 6 (id=2510):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000780)=ANY=[@ANYRES32, @ANYRESOCT, @ANYBLOB="12a4095a2aac12f0bfcb206d982e44066381388d27f14002d8d7431d3947f6399c7ff9f5193fc0398653e5a67bbb319f02bf4ac6f6ccd5acbfe1350cc3a6d2d48c91a9dd79eff6c089ddf67171ffb3b15988e7b394c5daf3e12ca05e4dbdad7edd45f10cbc296a53a530d4c2d203ee650d5fff3a9b5aae78794fe84327e508172cdd72eeff5af4d6db9379bef20dde8e64b91d31a80800a7598bb78cc85108874811fc650f05206b0b96c247a527f3ca6a51676afdd61a1532", @ANYRES32, @ANYBLOB="7b8ae4d950a510a981c78f2246d4825535c37655327112a414ee394162b6e558c36104bc2a1b47a800a92237a6148a222bcace4f74ebf7b4d63ad663b601d02146f21caf496271e9376e3f721e48caaa194f00e137096facebc4e2574ed5d094491b637c93517ded181fdf49e2daceefb5c72f3fef86df384ff03cb9820b35f281ae9b5064199b03e8e689b35f17c7e23647ccaa01c87d80ab00757848", @ANYRES16, @ANYRES16, @ANYRESHEX, @ANYRES8, @ANYRES16], 0x0, 0x0, &(0x7f0000000000))

1.217734808s ago: executing program 1 (id=2511):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x100000)
io_setup(0x6, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0xfffd, r0, 0x0}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
shutdown(r0, 0x0)

1.066973111s ago: executing program 5 (id=2512):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
read$nci(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000b40)=<r2=>0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f00000012c0), r1)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000001300)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20004040)

1.00805356s ago: executing program 6 (id=2513):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x600}}, 0x18)
fallocate(r0, 0x0, 0x1, 0x2000402)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffdffffff})

928.98908ms ago: executing program 3 (id=2514):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
rmdir(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
dup2(r0, r1)

928.007765ms ago: executing program 1 (id=2515):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000140)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r1, 0x0)
ioctl$TCSETS(r0, 0x8926, &(0x7f0000000100)={0xfffffffc, 0x0, 0x0, 0x7ff, 0x0, "5dee0000005940000000000f00"})

359.682188ms ago: executing program 1 (id=2516):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000004180)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x10000, 0x0)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000180)=0x80000001, 0x4)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

357.417521ms ago: executing program 6 (id=2517):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1, 0x1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)="18", 0x1}], 0x1}}], 0x1, 0x48800)
shutdown(r1, 0x1)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)

284.770045ms ago: executing program 4 (id=2518):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x2, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x800, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x0, 0x80000002, 0x0, 0xfffffefc})

169.35031ms ago: executing program 6 (id=2519):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="8d", 0x1}], 0x1)

53.380642ms ago: executing program 1 (id=2520):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @local}, 0x10)

0s ago: executing program 5 (id=2521):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000540)="0ddac400000000000000bfb48c676fab22e2d076fb296526ae98655ee4c429d1f245f7b1cfa5447a76830be1d0cfd34ed8af4ddbcc0b787eb0619e69f27ab98c3754b47c0b61fc44", 0x48}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30, 0x88010}], 0x1, 0x20000010)
recvmsg$can_bcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/88, 0x58}], 0x1}, 0x10000)

kernel console output (not intermixed with test programs):

ed from eth3
[  408.143899][ T5910] usb 6-1: Using ep0 maxpacket: 32
[  408.194995][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  408.223450][T11199] 8021q: adding VLAN 0 to HW filter on device bond0
[  408.230288][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  408.273890][ T5910] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  408.312035][T11199] 8021q: adding VLAN 0 to HW filter on device team0
[  408.323998][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.371272][ T5910] usb 6-1: config 0 descriptor??
[  408.386901][ T5910] hub 6-1:0.0: USB hub found
[  408.395965][ T7486] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.403248][ T7486] bridge0: port 1(bridge_slave_0) entered forwarding state
[  408.456106][ T7496] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.463440][ T7496] bridge0: port 2(bridge_slave_1) entered forwarding state
[  408.594927][ T5910] hub 6-1:0.0: config failed, can't read hub descriptor (err -22)
[  408.667509][ T5910] usbhid 6-1:0.0: can't add hid device: -71
[  408.695296][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  408.745015][ T5910] usb 6-1: USB disconnect, device number 14
[  409.367109][T11199] 8021q: adding VLAN 0 to HW filter on device batadv0
[  409.561407][ T5844] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  409.608667][T11405] loop9: detected capacity change from 0 to 4096
[  409.622950][T11405] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512).
[  409.714085][ T5844] usb 4-1: Using ep0 maxpacket: 16
[  409.729011][ T5844] usb 4-1: descriptor type invalid, skip
[  409.748792][ T5844] usb 4-1: descriptor type invalid, skip
[  409.756978][T11405] ntfs3(loop9): ino=19, mi_enum_attr
[  409.762366][T11405] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  409.769991][ T5844] usb 4-1: descriptor type invalid, skip
[  409.780850][ T5844] usb 4-1: config 0 has too many interfaces: 88, using maximum allowed: 32
[  409.804595][ T5844] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 88
[  409.845009][ T5844] usb 4-1: New USB device found, idVendor=056a, idProduct=0035, bcdDevice= 0.40
[  410.043875][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.051972][ T5844] usb 4-1: Product: syz
[  410.056751][ T5844] usb 4-1: Manufacturer: syz
[  410.061405][ T5844] usb 4-1: SerialNumber: syz
[  410.070524][ T5844] usb 4-1: config 0 descriptor??
[  410.386404][ T5844] usb 4-1: USB disconnect, device number 19
[  410.401196][T11199] veth0_vlan: entered promiscuous mode
[  410.456252][T11199] veth1_vlan: entered promiscuous mode
[  410.529559][T11199] veth0_macvtap: entered promiscuous mode
[  410.571298][T11199] veth1_macvtap: entered promiscuous mode
[  410.645109][T11199] batman_adv: batadv0: Interface activated: batadv_slave_0
[  410.703076][T11199] batman_adv: batadv0: Interface activated: batadv_slave_1
[  410.762666][T11199] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  410.782665][T11199] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  410.807462][T11199] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  410.825319][T11199] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  411.160805][ T7492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.198752][ T7492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.207818][T11438] Bluetooth: hci0: invalid length 0, exp 2 for type 6
[  411.266170][ T5841] kernel read not supported for file /input/event2 (pid: 5841 comm: kworker/0:4)
[  411.283878][ T5849] Bluetooth: hci1: command 0x0405 tx timeout
[  411.362249][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.377922][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.974262][ T5910] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  412.048586][T11462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1769'.
[  412.178117][ T5910] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  412.204362][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.223901][ T5910] usb 6-1: Product: syz
[  412.228165][ T5910] usb 6-1: Manufacturer: syz
[  412.241292][ T5910] usb 6-1: SerialNumber: syz
[  412.275014][ T5910] usb 6-1: config 0 descriptor??
[  412.454267][T11466] loop6: detected capacity change from 0 to 4096
[  412.465957][T11474] netlink: 'syz.1.1773': attribute type 23 has an invalid length.
[  412.537225][ T5910] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  412.683630][   T24] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  412.843378][   T24] usb 10-1: Using ep0 maxpacket: 32
[  412.851008][   T24] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  412.864338][ T5925] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  412.884760][   T24] usb 10-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.906510][   T24] usb 10-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.922752][   T24] usb 10-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  412.938260][   T24] usb 10-1: config 0 interface 0 has no altsetting 0
[  412.946283][   T24] usb 10-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  412.957521][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.989644][   T24] usb 10-1: config 0 descriptor??
[  413.023397][ T5925] usb 4-1: Using ep0 maxpacket: 32
[  413.042385][ T5925] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  413.052130][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.084617][ T5925] usb 4-1: config 0 descriptor??
[  413.096879][ T5925] gspca_main: sunplus-2.14.0 probing 041e:400b
[  413.159891][ T5910] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  413.183823][ T5910] usb 6-1: USB disconnect, device number 15
[  413.446951][   T24] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  413.486398][   T24] hid-thrustmaster 0003:044F:B65D.0012: unknown main item tag 0x0
[  413.505899][   T24] hid-thrustmaster 0003:044F:B65D.0012: item fetching failed at offset 2/5
[  413.546399][   T24] hid-thrustmaster 0003:044F:B65D.0012: parse failed with error -22
[  413.573519][   T24] hid-thrustmaster 0003:044F:B65D.0012: probe with driver hid-thrustmaster failed with error -22
[  413.739298][ T5841] usb 10-1: USB disconnect, device number 2
[  414.389741][ T5925] gspca_sunplus: reg_w_riv err -71
[  414.398153][ T5925] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  414.409780][ T5925] usb 4-1: USB disconnect, device number 20
[  414.891545][T11517] loop7: detected capacity change from 0 to 512
[  414.969824][T11517] EXT4-fs error (device loop7): ext4_orphan_get:1393: inode #15: comm syz.7.1794: casefold flag without casefold feature
[  415.071980][T11517] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.1794: couldn't read orphan inode 15 (err -117)
[  415.083078][T11506] loop6: detected capacity change from 0 to 32768
[  415.116142][T11517] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  415.144252][T11506] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  415.147887][T11528] Bluetooth: hci0: service_discovery: too big uuid_count value 60831
[  415.258648][T11506] XFS (loop6): Ending clean mount
[  415.304617][T11506] XFS (loop6): Quotacheck needed: Please wait.
[  415.322797][T10806] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.440896][T11506] XFS (loop6): Quotacheck: Done.
[  415.737335][T11199] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  415.915577][T11548] loop9: detected capacity change from 0 to 512
[  415.994100][ T5925] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  416.036583][T11548] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.069412][T11548] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  416.156409][T11548] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #2: comm syz.9.1805: corrupted inode contents
[  416.194481][ T5925] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.235073][ T5925] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.251336][ T5925] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  416.265371][T11548] EXT4-fs error (device loop9): ext4_dirty_inode:6459: inode #2: comm syz.9.1805: mark_inode_dirty error
[  416.279044][ T5925] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  416.293481][ T5925] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.331569][T11548] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #2: comm syz.9.1805: corrupted inode contents
[  416.375082][T11548] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #2: comm syz.9.1805: mark_inode_dirty error
[  416.386459][   T24] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  416.400964][ T5925] usb 8-1: config 0 descriptor??
[  416.606398][   T24] usb 6-1: config 0 has an invalid interface number: 205 but max is 0
[  416.618384][   T24] usb 6-1: config 0 has no interface number 0
[  416.624827][T10840] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  416.657905][   T24] usb 6-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=cd.e9
[  416.711867][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.720810][   T24] usb 6-1: Product: syz
[  416.743378][   T24] usb 6-1: Manufacturer: syz
[  416.764139][   T24] usb 6-1: SerialNumber: syz
[  416.780403][   T24] usb 6-1: config 0 descriptor??
[  416.808258][   T24] usb_ehset_test 6-1:0.205: probe with driver usb_ehset_test failed with error -32
[  416.850010][ T5925] plantronics 0003:047F:FFFF.0013: item 0 0 0 11 parsing failed
[  416.858957][ T5925] plantronics 0003:047F:FFFF.0013: parse failed
[  416.878855][ T5925] plantronics 0003:047F:FFFF.0013: probe with driver plantronics failed with error -22
[  417.076638][ T5925] usb 6-1: USB disconnect, device number 16
[  417.100954][ T5841] usb 8-1: USB disconnect, device number 3
[  418.049562][ T7486] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.219432][ T7486] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.392467][ T7486] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.560973][ T7486] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.582296][   T24] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  418.763853][   T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.784379][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  418.825976][   T24] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  418.843416][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  418.873308][   T24] usb 6-1: SerialNumber: syz
[  418.978907][ T5848] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  418.999523][ T5848] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  418.999724][ T7486] bridge_slave_1: left allmulticast mode
[  419.013933][ T5848] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  419.025466][ T5848] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  419.044347][ T5848] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  419.078145][ T7486] bridge_slave_1: left promiscuous mode
[  419.118228][   T24] usb 6-1: 0:2 : does not exist
[  419.125360][ T7486] bridge0: port 2(bridge_slave_1) entered disabled state
[  419.132857][   T24] usb 6-1: 5:0: cannot get min/max values for control 5 (id 5)
[  419.145968][   T24] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  419.180530][   T24] usb 6-1: 5:0: cannot get min/max values for control 5 (id 5)
[  419.194850][ T7486] bridge_slave_0: left allmulticast mode
[  419.196125][   T24] usb 6-1: USB disconnect, device number 17
[  419.200545][ T7486] bridge_slave_0: left promiscuous mode
[  419.200806][ T7486] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.293508][   T30] audit: type=1326 audit(1750360709.846:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.335593][   T30] audit: type=1326 audit(1750360709.846:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.418436][   T30] audit: type=1326 audit(1750360709.886:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.539676][   T30] audit: type=1326 audit(1750360709.886:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.602663][   T30] audit: type=1326 audit(1750360709.886:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.677360][   T30] audit: type=1326 audit(1750360709.886:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.749380][   T30] audit: type=1326 audit(1750360709.886:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.858792][   T30] audit: type=1326 audit(1750360709.886:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  419.955499][   T30] audit: type=1326 audit(1750360709.896:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  420.084602][   T30] audit: type=1326 audit(1750360709.896:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11616 comm="syz.3.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda4738e929 code=0x7ffc0000
[  420.138546][ T5925] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  420.268062][T11638] loop6: detected capacity change from 0 to 4096
[  420.320325][T11638] NILFS (loop6): invalid segment: Checksum error in segment payload
[  420.336332][ T5925] usb 8-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  420.349567][ T5925] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.353569][T11638] NILFS (loop6): trying rollback from an earlier position
[  420.365741][ T5925] usb 8-1: Product: syz
[  420.375149][ T5925] usb 8-1: Manufacturer: syz
[  420.379847][ T5925] usb 8-1: SerialNumber: syz
[  420.404441][ T5925] usb 8-1: config 0 descriptor??
[  420.501974][T11638] NILFS (loop6): recovery complete
[  420.555093][T11648] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  421.147818][ T5848] Bluetooth: hci6: command tx timeout
[  421.576432][ T5925] usb 8-1: non-Atmel transceiver xxxxaa08
[  421.765823][ T7486] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  421.782264][ T5925] usb 8-1: Firmware version (0.0) predates our first public release.
[  421.792516][ T7486] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  421.802228][ T5925] usb 8-1: Please update to version 0.2 or newer
[  421.811011][T11656] loop6: detected capacity change from 0 to 128
[  421.812328][ T5925] usb 8-1: atusb_probe: initialization failed, error = -19
[  421.831756][ T7486] bond0 (unregistering): Released all slaves
[  421.875240][T11656] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  421.903813][ T5925] usb 8-1: USB disconnect, device number 4
[  422.069725][T11656] ext4 filesystem being mounted at /16/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  422.359081][T11668] loop3: detected capacity change from 0 to 256
[  422.611247][T11199] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  423.198794][T11612] chnl_net:caif_netlink_parms(): no params data found
[  423.207188][ T5848] Bluetooth: hci6: command tx timeout
[  423.281596][T11687] input: syz1 as /devices/virtual/input/input21
[  423.460138][T11691] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  423.460138][T11691] �C<+�
[  423.534520][ T7486] hsr_slave_0: left promiscuous mode
[  423.569950][ T7486] hsr_slave_1: left promiscuous mode
[  423.582929][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  423.621499][ T7486] batman_adv: batadv0: Removing interface: batadv_slave_0
[  423.653295][ T7486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  423.723408][ T7486] batman_adv: batadv0: Removing interface: batadv_slave_1
[  423.821225][ T7486] veth1_macvtap: left promiscuous mode
[  423.839701][ T7486] veth0_macvtap: left promiscuous mode
[  423.863072][ T7486] veth1_vlan: left promiscuous mode
[  423.890989][ T7486] veth0_vlan: left promiscuous mode
[  425.298350][ T5848] Bluetooth: hci6: command tx timeout
[  425.300202][T11720] loop7: detected capacity change from 0 to 131072
[  425.337272][T11720] F2FS-fs (loop7): build fault injection rate: 7
[  425.346192][T11720] F2FS-fs (loop7): build fault injection type: 0x40004
[  425.353136][T11720] F2FS-fs (loop7): QUOTA feature is enabled, so ignore qf_name
[  425.404876][T11720] F2FS-fs (loop7): invalid crc value
[  425.413799][T11720] f2fs_printk: 5 callbacks suppressed
[  425.413823][T11720] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  425.432345][T11720] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  425.452899][T11720] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  425.498401][T11720] F2FS-fs (loop7): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  425.539931][T11720] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  425.573735][T11720] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  425.597347][T11720] F2FS-fs (loop7): Bad quota inode 2:255
[  425.603082][T11720] F2FS-fs (loop7): Failed to enable quota tracking (type=2, err=-2). Please run fsck to fix.
[  425.614909][T11720] F2FS-fs (loop7): Cannot turn on quotas: error -2
[  425.621481][T11720] F2FS-fs (loop7): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_recover_fsync_data+0x449/0x8960
[  425.643942][T11720] F2FS-fs (loop7): Mounted with checkpoint version = 1b41e954
[  425.893868][T10806] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0
[  425.923620][T10806] F2FS-fs (loop7): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x589/0x20c0
[  425.963380][T10806] F2FS-fs (loop7): invalid blkaddr: 513, type: 10, run fsck to fix.
[  425.981269][T10806] F2FS-fs (loop7): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0
[  426.031242][T10806] F2FS-fs (loop7): invalid blkaddr: 1025, type: 10, run fsck to fix.
[  426.054489][T10806] F2FS-fs (loop7): invalid blkaddr: 1029, type: 10, run fsck to fix.
[  426.851794][T11745] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  427.363383][ T5848] Bluetooth: hci6: command tx timeout
[  427.920699][ T7486] team0 (unregistering): Port device team_slave_1 removed
[  427.938056][T11761] sctp: [Deprecated]: syz.6.1887 (pid 11761) Use of struct sctp_assoc_value in delayed_ack socket option.
[  427.938056][T11761] Use struct sctp_sack_info instead
[  428.273844][ T7486] team0 (unregistering): Port device team_slave_0 removed
[  429.311355][ T5925] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  429.503421][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  429.510617][ T5925] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  429.561973][ T5925] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.581220][ T5925] usb 7-1: config 0 descriptor??
[  429.607163][ T5925] gspca_main: sunplus-2.14.0 probing 041e:400b
[  430.407099][ T5925] gspca_sunplus: reg_r err -71
[  430.412313][ T5925] sunplus 7-1:0.0: probe with driver sunplus failed with error -71
[  430.434450][ T5925] usb 7-1: USB disconnect, device number 4
[  431.150646][T11810] loop7: detected capacity change from 0 to 1024
[  431.240933][T11612] bridge0: port 1(bridge_slave_0) entered blocking state
[  431.297874][T11612] bridge0: port 1(bridge_slave_0) entered disabled state
[  431.328874][T11612] bridge_slave_0: entered allmulticast mode
[  431.351987][T11612] bridge_slave_0: entered promiscuous mode
[  431.405562][T11612] bridge0: port 2(bridge_slave_1) entered blocking state
[  431.412795][T11612] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.442047][T11612] bridge_slave_1: entered allmulticast mode
[  431.461195][T11612] bridge_slave_1: entered promiscuous mode
[  431.880408][T11612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  431.993932][T11612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  432.193826][T11832] loop7: detected capacity change from 0 to 2048
[  432.236056][T11832] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  432.257366][T11612] team0: Port device team_slave_0 added
[  432.292653][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  432.292676][   T30] audit: type=1800 audit(1750360722.856:379): pid=11832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1916" name="file1" dev="loop7" ino=1346 res=0 errno=0
[  432.400483][T11612] team0: Port device team_slave_1 added
[  432.769736][T11612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  432.787486][T11612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.854559][T11612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  432.895973][T11612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  432.902995][T11612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  432.994412][T11612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  433.006245][T11859] loop3: detected capacity change from 0 to 8
[  433.328960][T11612] hsr_slave_0: entered promiscuous mode
[  433.349420][T11612] hsr_slave_1: entered promiscuous mode
[  433.369227][T11612] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  433.396952][T11612] Cannot create hsr debugfs directory
[  434.083956][T11612] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  434.103345][T11612] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.334422][T11890] loop7: detected capacity change from 0 to 8192
[  434.445700][T11612] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  434.472646][T11612] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.668043][T11901] binder: 11899:11901 ioctl c018620b 200000000180 returned -14
[  434.711698][T11896] loop3: detected capacity change from 0 to 4096
[  434.745924][T11612] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  434.766970][T11612] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.798714][T11903] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  434.869966][   T30] audit: type=1800 audit(1750360725.436:380): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1945" name="file2" dev="loop3" ino=16 res=0 errno=0
[  435.088412][T11612] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  435.133562][T11612] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.266560][T11910] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1949'.
[  435.866935][T11612] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  435.930828][T11612] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  435.984793][T11612] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  436.053543][T11612] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  436.477283][T11612] 8021q: adding VLAN 0 to HW filter on device bond0
[  436.560062][T11612] 8021q: adding VLAN 0 to HW filter on device team0
[  436.632374][ T7484] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.639674][ T7484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  436.742415][ T7503] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.749830][ T7503] bridge0: port 2(bridge_slave_1) entered forwarding state
[  437.162553][T11923] loop7: detected capacity change from 0 to 32768
[  437.196781][T11923] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1956 (11923)
[  437.249410][T11923] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  437.273033][T11923] BTRFS info (device loop7): using crc32c (crc32c-x86_64) checksum algorithm
[  437.303425][T11923] BTRFS info (device loop7): using free-space-tree
[  437.682628][T11612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  437.807557][   T30] audit: type=1800 audit(1750360728.376:381): pid=11986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1970" name="dmabuf" dev="dmabuf" ino=5 res=0 errno=0
[  438.155789][T10806] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  438.260766][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.393369][ T5925] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  438.500716][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.595312][T12009] loop6: detected capacity change from 0 to 128
[  438.603111][T12009] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  438.623602][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.661860][ T5925] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  438.670883][ T5925] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  438.695756][ T5925] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  438.711564][T12009] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  438.773323][ T5925] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  438.796580][ T5925] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  438.832701][ T5925] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  438.844059][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  438.877626][ T5925] usb 4-1: Product: syz
[  438.885879][T11612] veth0_vlan: entered promiscuous mode
[  438.895516][ T5925] usb 4-1: Manufacturer: syz
[  438.965202][ T5925] cdc_wdm 4-1:1.0: skipping garbage
[  438.970520][ T5925] cdc_wdm 4-1:1.0: skipping garbage
[  438.978219][T11612] veth1_vlan: entered promiscuous mode
[  439.030488][ T5925] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  439.053824][ T5925] cdc_wdm 4-1:1.0: Unknown control protocol
[  439.153051][ T5925] usb 4-1: USB disconnect, device number 21
[  439.198601][    C1] vkms_vblank_simulate: vblank timer overrun
[  439.209898][T11612] veth0_macvtap: entered promiscuous mode
[  439.307720][T11612] veth1_macvtap: entered promiscuous mode
[  439.399622][T11612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.481525][    C1] vkms_vblank_simulate: vblank timer overrun
[  439.488657][T12020] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1983'.
[  439.495327][T11612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  439.550713][T11612] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  439.576967][T11612] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  439.596083][T11612] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  439.614874][T12026] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1985'.
[  439.627246][T12027] ref_ctr_offset mismatch. inode: 0xaa0 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  439.639037][T11612] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.661846][T12026] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1985'.
[  439.719364][    C1] vkms_vblank_simulate: vblank timer overrun
[  440.122840][    C1] vkms_vblank_simulate: vblank timer overrun
[  440.164247][ T7484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  440.180871][ T7484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  440.289756][    C1] vkms_vblank_simulate: vblank timer overrun
[  440.310048][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  440.335289][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  440.463528][ T5926] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  440.548609][ T5844] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  440.643931][ T5926] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  440.673566][ T5926] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  440.693591][ T5926] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  440.719545][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.740758][ T5926] usb 4-1: Product: syz
[  440.742251][ T5844] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  440.748790][ T5926] usb 4-1: Manufacturer: syz
[  440.830044][ T5926] usb 4-1: SerialNumber: syz
[  440.846688][ T5926] usb 4-1: config 0 descriptor??
[  440.863029][T12040] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  440.933652][T12040] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  441.211986][T12040] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  441.253759][T12040] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  441.261679][ T5844] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  441.293279][ T5844] usb 8-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  441.302433][ T5844] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.354630][ T5844] usb 8-1: config 0 descriptor??
[  441.675215][ T5926] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  441.704827][T12067] loop4: detected capacity change from 0 to 8192
[  441.812485][ T5844] wacom 0003:056A:0063.0014: unbalanced delimiter at end of report description
[  441.862483][ T5844] wacom 0003:056A:0063.0014: parse failed
[  441.873697][ T5844] wacom 0003:056A:0063.0014: probe with driver wacom failed with error -22
[  442.091292][ T5910] usb 8-1: USB disconnect, device number 5
[  442.334720][ T5926] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[  442.366189][ T5926] dm9601 4-1:0.0 eth13: register 'dm9601' at usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet, 5a:51:38:2f:d4:b1
[  442.382059][ T5926] usb 4-1: USB disconnect, device number 22
[  442.392212][ T5926] dm9601 4-1:0.0 eth13: unregister 'dm9601' usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet
[  443.089250][T12085] loop6: detected capacity change from 0 to 8192
[  443.640766][T12102] loop4: detected capacity change from 0 to 1024
[  443.643378][ T5844] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  443.682305][T12102] EXT4-fs: Ignoring removed i_version option
[  443.717315][T12102] EXT4-fs: Ignoring removed nobh option
[  443.825848][T12102] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  443.841558][ T5844] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.854066][ T5844] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  443.881477][T12102] EXT4-fs warning (device loop4): ext4_rename_delete:3726: inode #12: comm syz.4.2019: Deleting old file: nlink 2, error=-2
[  443.895136][ T5844] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  443.904420][ T5844] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.917268][ T5844] usb 8-1: config 0 descriptor??
[  444.012990][T11612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.372469][ T5844] hid-steam 0003:28DE:1142.0015: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.7-1/input0
[  444.469514][ T5841] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  444.477405][ T5844] hid-steam 0003:28DE:1142.0015: Steam wireless receiver connected
[  444.579908][ T5844] hid-steam 0003:28DE:1142.0016: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.7-1/input0
[  444.643690][ T5841] usb 4-1: Using ep0 maxpacket: 8
[  444.660595][ T5841] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  444.671067][ T5841] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  444.691030][ T5841] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  444.702109][ T5841] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  444.728673][ T5841] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  444.754269][ T5841] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  444.774353][ T5841] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.023130][ T5841] usb 4-1: GET_CAPABILITIES returned 0
[  445.063504][ T5841] usbtmc 4-1:16.0: can't read capabilities
[  445.145722][ T5841] usb 8-1: USB disconnect, device number 6
[  445.196439][ T5841] hid-steam 0003:28DE:1142.0015: Steam wireless receiver disconnected
[  445.230313][ T5844] usb 4-1: USB disconnect, device number 23
[  445.527980][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  445.534728][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  446.266806][T12160] Dead loop on virtual device ipvlan1, fix it urgently!
[  446.804585][T12173] loop4: detected capacity change from 0 to 2048
[  446.813098][T12173] udf: Unknown parameter '18446744073709551615'
[  447.062767][T12160] syz.1.2043 (12160) used greatest stack depth: 10696 bytes left
[  447.133604][   T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  447.133896][ T5926] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  447.223744][T12186] loop4: detected capacity change from 0 to 64
[  447.316705][   T30] audit: type=1804 audit(1750360737.886:382): pid=12191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2056" name="bus" dev="ramfs" ino=34465 res=1 errno=0
[  447.353291][ T5926] usb 8-1: Using ep0 maxpacket: 16
[  447.363411][   T10] usb 7-1: Using ep0 maxpacket: 32
[  447.377023][ T5926] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  447.389606][   T10] usb 7-1: config 0 has no interfaces?
[  447.413098][   T10] usb 7-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  447.439512][ T5926] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  447.450972][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.462100][ T5926] usb 8-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  447.473663][   T10] usb 7-1: Product: syz
[  447.477898][   T10] usb 7-1: Manufacturer: syz
[  447.498280][   T10] usb 7-1: SerialNumber: syz
[  447.499276][ T5926] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.527936][   T10] usb 7-1: config 0 descriptor??
[  447.559903][ T5926] usb 8-1: config 0 descriptor??
[  447.640935][T12197] loop3: detected capacity change from 0 to 512
[  447.695167][T12197] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.2060: casefold flag without casefold feature
[  447.758468][T12197] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.2060: couldn't read orphan inode 15 (err -117)
[  447.782080][   T10] usb 7-1: USB disconnect, device number 5
[  447.807255][T12197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  448.027682][ T8830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.403719][ T5926] letsketch 0003:6161:4D15.0017: Device info: ¥
[  448.595745][ T5926] letsketch 0003:6161:4D15.0017: Device info: ᑔ
[  448.737478][T12242] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2076'.
[  448.845074][ T5926] usb 8-1: Max retries (5) exceeded reading string descriptor 202
[  448.872979][ T5926] letsketch 0003:6161:4D15.0017: probe with driver letsketch failed with error -71
[  448.916872][ T5926] usb 8-1: USB disconnect, device number 7
[  449.204533][   T30] audit: type=1326 audit(1750360739.776:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12257 comm="syz.6.2082" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f036498e929 code=0x0
[  449.515999][T12269] overlayfs: failed to resolve './file0': -2
[  449.658090][T12273] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  449.690231][T12273] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -1
[  449.923387][ T5910] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  450.031342][T12284] ip6tnl1: entered promiscuous mode
[  450.066424][T12284] ip6tnl1: entered allmulticast mode
[  450.102689][T12284] team0: Device ip6tnl1 is of different type
[  450.115358][ T5910] usb 6-1: Using ep0 maxpacket: 32
[  450.145999][ T5910] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  450.184773][ T5910] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  450.222145][ T5910] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  450.262244][ T5910] usb 6-1: config 1 has no interface number 0
[  450.283265][ T5910] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  450.358375][ T5910] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  450.398678][ T5910] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  450.439785][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.488741][    C1] hrtimer: interrupt took 18831 ns
[  450.515349][ T5910] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  450.759159][ T5910] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached
[  451.160747][ T7503] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.248108][ T5925] usb 6-1: USB disconnect, device number 18
[  451.267358][ T5925] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  451.429163][ T7503] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.663609][ T7503] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.069908][ T7503] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.345575][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  452.361403][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  452.380508][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  452.416192][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  452.437269][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  452.638347][ T5925] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  452.707676][ T7503] bridge_slave_1: left allmulticast mode
[  452.735341][ T7503] bridge_slave_1: left promiscuous mode
[  452.741232][ T7503] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.799758][ T7503] bridge_slave_0: left allmulticast mode
[  452.813436][ T7503] bridge_slave_0: left promiscuous mode
[  452.816135][ T5925] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[  452.823685][ T7503] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.843106][ T5925] usb 5-1: config 0 has no interface number 0
[  452.855452][ T5926] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  452.877188][ T5925] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  452.893351][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.910780][ T5925] usb 5-1: Product: syz
[  452.915465][ T5925] usb 5-1: Manufacturer: syz
[  452.920116][ T5925] usb 5-1: SerialNumber: syz
[  452.936950][ T5925] usb 5-1: config 0 descriptor??
[  453.023436][ T5926] usb 7-1: Using ep0 maxpacket: 8
[  453.031683][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  453.096695][ T5939] usb 6-1: new low-speed USB device number 19 using dummy_hcd
[  453.128457][ T5926] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  453.182060][ T5926] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.216683][ T5926] usb 7-1: config 0 descriptor??
[  453.260593][ T5939] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  453.270276][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  453.323242][ T5939] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  453.375911][ T5925] usb 5-1: Firmware: major: 153, minor: 65, hardware type: UNKNOWN (148)
[  453.393506][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  453.430027][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  453.492554][T12337] loop3: detected capacity change from 0 to 32768
[  453.496426][ T5926] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  453.530613][ T5939] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  453.538393][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  453.569492][ T5939] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  453.590617][ T5925] usb 5-1: no permanent extended address found, random address set
[  453.616339][ T5925] usb 5-1: atusb_probe: initialization failed, error = -524
[  453.625749][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  453.637909][ T5925] atusb 5-1:0.128: probe with driver atusb failed with error -524
[  453.647953][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  453.682836][ T5939] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  453.691298][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  453.720495][T12337] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  453.753260][ T5939] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  453.842011][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  453.876136][T12337] XFS (loop3): Ending clean mount
[  453.927819][ T5841] usb 7-1: USB disconnect, device number 6
[  453.946760][ T5939] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  454.020164][ T5926] usb 5-1: USB disconnect, device number 11
[  454.039302][ T5939] usb 6-1: string descriptor 0 read error: -22
[  454.057465][ T8830] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  454.081816][ T5939] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  454.171174][ T5939] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.363839][ T5939] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  454.493517][ T5849] Bluetooth: hci4: command tx timeout
[  454.732359][ T5836] usb 6-1: USB disconnect, device number 19
[  454.909361][T12367] loop3: detected capacity change from 0 to 2048
[  455.130960][T12367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  455.298145][ T7496] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  455.357409][ T7496] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 20 with max blocks 2 with error 28
[  455.422488][ T7496] EXT4-fs (loop3): This should not happen!! Data will be lost
[  455.422488][ T7496] 
[  455.446211][ T7496] EXT4-fs (loop3): Total free blocks count 0
[  455.452288][ T7496] EXT4-fs (loop3): Free/Dirty block details
[  455.491146][ T7496] EXT4-fs (loop3): free_blocks=66060288
[  455.519658][ T7496] EXT4-fs (loop3): dirty_blocks=16
[  455.525650][ T7496] EXT4-fs (loop3): Block reservation details
[  455.531865][ T7496] EXT4-fs (loop3): i_reserved_data_blocks=1
[  455.546558][ T8830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.984891][T12383] loop3: detected capacity change from 0 to 4096
[  456.193146][ T7503] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  456.237038][ T7503] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  456.253957][ T5939] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  456.287769][ T5939] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  456.305978][ T7503] bond0 (unregistering): Released all slaves
[  456.423353][ T5926] srz1: Port: 1 Link DOWN
[  456.563610][ T5849] Bluetooth: hci4: command tx timeout
[  456.787122][T12402] loop6: detected capacity change from 0 to 128
[  456.887695][T12402] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  456.934329][T12402] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  457.142498][T12414] xt_hashlimit: size too large, truncated to 1048576
[  457.198783][T11199] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  457.541695][T12330] chnl_net:caif_netlink_parms(): no params data found
[  458.283282][ T7503] hsr_slave_0: left promiscuous mode
[  458.327713][ T7503] hsr_slave_1: left promiscuous mode
[  458.344352][ T7503] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  458.362351][ T7503] batman_adv: batadv0: Removing interface: batadv_slave_0
[  458.442101][ T7503] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  458.473447][ T7503] batman_adv: batadv0: Removing interface: batadv_slave_1
[  458.602327][ T7503] veth1_macvtap: left promiscuous mode
[  458.637515][ T7503] veth0_macvtap: left promiscuous mode
[  458.643831][ T5849] Bluetooth: hci4: command tx timeout
[  458.654240][ T7503] veth1_vlan: left promiscuous mode
[  458.673388][ T7503] veth0_vlan: left promiscuous mode
[  458.809763][T12417] loop3: detected capacity change from 0 to 40427
[  459.294239][T12417] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  459.878024][ T8830] syz-executor: attempt to access beyond end of device
[  459.878024][ T8830] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  459.933356][ T8830] CPU: 0 UID: 0 PID: 8830 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  459.933395][ T8830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  459.933410][ T8830] Call Trace:
[  459.933420][ T8830]  <TASK>
[  459.933430][ T8830]  dump_stack_lvl+0x189/0x250
[  459.933489][ T8830]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.933525][ T8830]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  459.933572][ T8830]  ? __pfx_queue_work_on+0x10/0x10
[  459.933597][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.933629][ T8830]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  459.933662][ T8830]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  459.933698][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.933725][ T8830]  ? f2fs_hw_is_readonly+0x39b/0x470
[  459.933762][ T8830]  f2fs_handle_critical_error+0x37c/0x540
[  459.933800][ T8830]  f2fs_write_end_io+0x495/0x810
[  459.933836][ T8830]  ? blkg_put+0x22/0x240
[  459.933882][ T8830]  __submit_merged_bio+0x27a/0x6a0
[  459.933918][ T8830]  __submit_merged_write_cond+0x255/0x530
[  459.933955][ T8830]  f2fs_write_data_pages+0x261d/0x3000
[  459.934027][ T8830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  459.934074][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934099][ T8830]  ? is_bpf_text_address+0x292/0x2b0
[  459.934139][ T8830]  ? is_bpf_text_address+0x26/0x2b0
[  459.934198][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934221][ T8830]  ? stack_trace_save+0x9c/0xe0
[  459.934250][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934272][ T8830]  ? stack_depot_save_flags+0x40/0x900
[  459.934320][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934343][ T8830]  ? __lock_acquire+0xab9/0xd20
[  459.934386][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934408][ T8830]  ? do_raw_spin_lock+0x121/0x290
[  459.934440][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934468][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934490][ T8830]  ? do_raw_spin_unlock+0x122/0x240
[  459.934514][ T8830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  459.934548][ T8830]  do_writepages+0x32e/0x550
[  459.934597][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934627][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934653][ T8830]  ? do_raw_spin_unlock+0x122/0x240
[  459.934689][ T8830]  filemap_fdatawrite+0x191/0x230
[  459.934720][ T8830]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  459.934797][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.934830][ T8830]  ? do_raw_spin_unlock+0x122/0x240
[  459.934863][ T8830]  f2fs_sync_dirty_inodes+0x31f/0x830
[  459.934923][ T8830]  f2fs_write_checkpoint+0x94a/0x1de0
[  459.934988][ T8830]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  459.935079][ T8830]  ? kill_f2fs_super+0x298/0x6c0
[  459.935126][ T8830]  kill_f2fs_super+0x2c3/0x6c0
[  459.935170][ T8830]  ? __pfx_kill_f2fs_super+0x10/0x10
[  459.935203][ T8830]  ? radix_tree_delete_item+0x2b6/0x400
[  459.935252][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.935280][ T8830]  ? shrinker_free+0x2ce/0x3e0
[  459.935317][ T8830]  deactivate_locked_super+0xbc/0x130
[  459.935359][ T8830]  cleanup_mnt+0x425/0x4c0
[  459.935397][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.935423][ T8830]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.935469][ T8830]  task_work_run+0x1d4/0x260
[  459.935508][ T8830]  ? __pfx_task_work_run+0x10/0x10
[  459.935541][ T8830]  ? __x64_sys_umount+0x122/0x160
[  459.935572][ T8830]  ? exit_to_user_mode_loop+0x40/0x110
[  459.935616][ T8830]  exit_to_user_mode_loop+0xec/0x110
[  459.935652][ T8830]  do_syscall_64+0x2bd/0x3b0
[  459.935673][ T8830]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.935709][ T8830]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.935730][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  459.935756][ T8830]  ? exc_page_fault+0x9f/0xf0
[  459.935793][ T8830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.935815][ T8830] RIP: 0033:0x7fda4738fc57
[  459.935835][ T8830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  459.935854][ T8830] RSP: 002b:00007ffee934da58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  459.935878][ T8830] RAX: 0000000000000000 RBX: 00007fda47410925 RCX: 00007fda4738fc57
[  459.935894][ T8830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee934db10
[  459.935909][ T8830] RBP: 00007ffee934db10 R08: 0000000000000000 R09: 0000000000000000
[  459.935928][ T8830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee934eba0
[  459.935945][ T8830] R13: 00007fda47410925 R14: 00000000000703f3 R15: 00007ffee934ebe0
[  459.935984][ T8830]  </TASK>
[  459.942750][ T8830] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  460.623982][T12479] Bluetooth: hci0: invalid length 0, exp 2 for type 14
[  460.736998][ T5849] Bluetooth: hci4: command tx timeout
[  462.565290][ T7503] team0 (unregistering): Port device team_slave_1 removed
[  463.258616][ T7503] team0 (unregistering): Port device team_slave_0 removed
[  463.608840][T12517] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  463.900377][T12521] netlink: 'syz.4.2183': attribute type 39 has an invalid length.
[  464.440866][T12519] loop6: detected capacity change from 0 to 32768
[  464.625891][T12519] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  464.846690][T12519] XFS (loop6): Ending clean mount
[  464.981057][T12519] XFS (loop6): Quotacheck needed: Please wait.
[  465.058758][T12519] XFS (loop6): Quotacheck: Done.
[  465.170672][T11199] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  465.965128][ T5926] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  465.993818][ T5926] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  466.864763][T12330] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.894234][T12330] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.910549][T12330] bridge_slave_0: entered allmulticast mode
[  466.947635][T12330] bridge_slave_0: entered promiscuous mode
[  467.010538][T12330] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.053702][T12330] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.083806][T12330] bridge_slave_1: entered allmulticast mode
[  467.135122][T12330] bridge_slave_1: entered promiscuous mode
[  467.368373][T12568] loop3: detected capacity change from 0 to 256
[  467.381380][T12330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  467.434409][T12568] exfat: Deprecated parameter 'namecase'
[  467.435333][T12330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  467.554027][T12568] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  467.671621][T12568] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  467.697481][T12572] input: syz1 as /devices/virtual/input/input22
[  467.819830][T12330] team0: Port device team_slave_0 added
[  467.869523][T12330] team0: Port device team_slave_1 added
[  468.208016][T12330] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.234511][T12330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.312703][T12330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.382675][ T5844] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  468.383677][T12330] batman_adv: batadv0: Adding interface: batadv_slave_1
[  468.423528][T12330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.458923][T12330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.535821][ T5844] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.547912][ T5844] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.582184][T12564] loop6: detected capacity change from 0 to 32768
[  468.584383][T12330] hsr_slave_0: entered promiscuous mode
[  468.589321][ T5844] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  468.603306][T12330] hsr_slave_1: entered promiscuous mode
[  468.610753][T12330] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  468.633319][ T5844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.634892][T12330] Cannot create hsr debugfs directory
[  468.660874][ T5844] usb 5-1: config 0 descriptor??
[  468.693355][T12564] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  468.874961][T12564] XFS (loop6): Ending clean mount
[  469.122417][ T5844] cm6533_jd 0003:0D8C:0022.001A: unknown main item tag 0x0
[  469.147948][ T5844] cm6533_jd 0003:0D8C:0022.001A: unknown main item tag 0x0
[  469.168966][T11199] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  469.189871][ T5844] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.001A/input/input23
[  469.293603][ T5844] cm6533_jd 0003:0D8C:0022.001A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  469.589945][ T5844] usb 5-1: USB disconnect, device number 12
[  469.984597][ T5841] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  470.185258][ T5841] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  470.196524][ T5841] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  470.217992][ T5841] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  470.294079][ T5841] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  470.351996][ T5841] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.416695][ T5841] usb 4-1: config 0 descriptor??
[  470.467413][T12621] input: syz0 as /devices/virtual/input/input24
[  470.858870][ T5841] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving
[  470.922210][ T5841] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  471.104968][T12330] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  471.129206][T12330] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  471.190868][T12330] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  471.214161][T12330] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  471.402336][T12330] 8021q: adding VLAN 0 to HW filter on device bond0
[  471.491579][T12330] 8021q: adding VLAN 0 to HW filter on device team0
[  471.558878][ T7503] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.566170][ T7503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  471.643611][ T7503] bridge0: port 2(bridge_slave_1) entered blocking state
[  471.650956][ T7503] bridge0: port 2(bridge_slave_1) entered forwarding state
[  472.015269][T12638] loop6: detected capacity change from 0 to 32768
[  472.072226][T12638] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  472.223977][T12638] XFS (loop6): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  472.343189][T12638] XFS (loop6): Starting recovery (logdev: internal)
[  472.477327][T12638] XFS (loop6): Ending recovery (logdev: internal)
[  472.595661][T12677] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in;
[  472.595661][T12677]    program syz.5.2237 not setting count and/or reply_len properly
[  472.626260][T12330] 8021q: adding VLAN 0 to HW filter on device batadv0
[  472.739378][T11199] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  473.025225][ T5841] usb 4-1: USB disconnect, device number 24
[  473.329467][T12693] Dead loop on virtual device ipvlan1, fix it urgently!
[  473.633690][ T5841] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  473.691228][T12701] loop6: detected capacity change from 0 to 2048
[  473.720062][T12701] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  473.792383][T12701] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  473.803469][ T5841] usb 4-1: Using ep0 maxpacket: 32
[  473.814297][ T5841] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  473.824261][ T5841] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.849413][T12701] UDF-fs: Scanning with blocksize 512 failed
[  473.883363][T12330] veth0_vlan: entered promiscuous mode
[  473.896860][ T5841] usb 4-1: config 0 descriptor??
[  473.901441][T12701] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  473.913909][   T24] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  473.931953][T12330] veth1_vlan: entered promiscuous mode
[  474.018876][T12330] veth0_macvtap: entered promiscuous mode
[  474.069346][T12330] veth1_macvtap: entered promiscuous mode
[  474.082620][   T24] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  474.094577][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.108858][ T5841] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  474.122775][   T24] usb 6-1: config 0 descriptor??
[  474.145535][ T5841] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  474.161089][ T5841] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  474.169152][ T5841] usb 4-1: media controller created
[  474.203551][ T5841] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  474.203907][   T24] cp210x 6-1:0.0: cp210x converter detected
[  474.234319][T12330] batman_adv: batadv0: Interface activated: batadv_slave_0
[  474.258404][T12330] batman_adv: batadv0: Interface activated: batadv_slave_1
[  474.297627][T12330] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  474.320300][ T5841] az6027: usb out operation failed. (-71)
[  474.346156][ T5841] az6027: usb out operation failed. (-71)
[  474.353559][T12330] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  474.353632][T12330] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  474.353668][T12330] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  474.457761][ T5841] stb0899_attach: Driver disabled by Kconfig
[  474.463933][ T5841] az6027: no front-end attached
[  474.463933][ T5841] 
[  474.478128][ T5841] az6027: usb out operation failed. (-71)
[  474.484606][ T5841] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  474.495621][ T5841] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input25
[  474.509975][ T5841] dvb-usb: schedule remote query interval to 400 msecs.
[  474.517616][ T5841] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  474.528868][ T5841] usb 4-1: USB disconnect, device number 25
[  474.600765][   T24] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  474.680242][   T24] usb 6-1: cp210x converter now attached to ttyUSB0
[  474.732444][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.773331][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.803875][   T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  474.819085][T12718] binder: 12717:12718 ioctl c0306201 200000000080 returned -22
[  474.867867][ T5841] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  474.873421][   T24] usb 6-1: USB disconnect, device number 20
[  474.904791][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.914515][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  474.943506][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.961433][   T24] cp210x 6-1:0.0: device disconnected
[  474.993436][   T10] usb 5-1: Using ep0 maxpacket: 32
[  475.013744][   T10] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  475.026775][T12722] loop6: detected capacity change from 0 to 128
[  475.053890][   T10] usb 5-1: config 0 has no interface number 0
[  475.060094][   T10] usb 5-1: config 0 interface 12 has no altsetting 0
[  475.062348][T12722] syz.6.2256: attempt to access beyond end of device
[  475.062348][T12722] loop6: rw=2049, sector=145, nr_sectors = 43 limit=128
[  475.084373][   T30] audit: type=1804 audit(1750360765.616:384): pid=12722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2256" name="/newroot/94/file0/bus" dev="loop6" ino=1048702 res=1 errno=0
[  475.096178][   T10] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  475.152140][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.162838][   T30] audit: type=1800 audit(1750360765.626:385): pid=12722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2256" name="bus" dev="loop6" ino=1048702 res=0 errno=0
[  475.183253][   T10] usb 5-1: Product: syz
[  475.191224][   T10] usb 5-1: Manufacturer: syz
[  475.206013][   T10] usb 5-1: SerialNumber: syz
[  475.217608][   T10] usb 5-1: config 0 descriptor??
[  475.829979][   T49] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.112994][   T49] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.255539][   T10] f81534 5-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  476.263552][   T10] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  476.270913][   T10] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  476.312751][   T10] f81534 5-1:0.12: probe with driver f81534 failed with error -71
[  476.378257][   T10] usb 5-1: USB disconnect, device number 13
[  476.594791][   T49] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.925114][   T49] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  477.253830][   T49] bridge_slave_1: left allmulticast mode
[  477.262910][   T49] bridge_slave_1: left promiscuous mode
[  477.278096][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  477.294321][ T5841] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  477.302326][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  477.313885][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  477.327335][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  477.335474][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  477.387944][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.438838][   T49] bridge_slave_0: left allmulticast mode
[  477.466885][T12743] loop3: detected capacity change from 0 to 40427
[  477.477311][   T49] bridge_slave_0: left promiscuous mode
[  477.491729][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.502122][T12743] F2FS-fs (loop3): build fault injection rate: 690
[  477.513398][ T5836] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  477.516751][T12743] F2FS-fs (loop3): heap/no_heap options were deprecated
[  477.535510][ T5841] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  477.544005][ T5841] usb 7-1: config 0 has no interface number 0
[  477.544900][T12743] F2FS-fs (loop3): Image doesn't support compression
[  477.557329][ T5841] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  477.591347][ T5841] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  477.593592][T12743] F2FS-fs (loop3): invalid crc value
[  477.616133][ T5841] usb 7-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  477.636783][ T5841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.662695][ T5841] usb 7-1: config 0 descriptor??
[  477.685971][ T5836] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  477.704452][ T5836] usb 5-1: config 0 interface 0 has no altsetting 0
[  477.725637][ T5836] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  477.741916][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.759530][ T5836] usb 5-1: Product: syz
[  477.770723][ T5836] usb 5-1: Manufacturer: syz
[  477.809972][ T5836] usb 5-1: SerialNumber: syz
[  477.832600][ T5836] usb 5-1: config 0 descriptor??
[  477.862237][ T5836] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  477.876818][ T5836] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  477.939178][ T5836] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  477.954587][ T5836] usb 5-1: media controller created
[  477.982092][T12743] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  477.995811][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  478.195589][ T5841] input: HID 04d9:a055 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/0003:04D9:A055.001C/input/input26
[  478.269463][ T5836] DVB: Unable to find symbol tda10046_attach()
[  478.283215][ T5836] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  478.353255][ T5836] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  478.376553][ T8830] syz-executor: attempt to access beyond end of device
[  478.376553][ T8830] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  478.403508][ T8830] CPU: 1 UID: 0 PID: 8830 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  478.403542][ T8830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  478.403557][ T8830] Call Trace:
[  478.403566][ T8830]  <TASK>
[  478.403576][ T8830]  dump_stack_lvl+0x189/0x250
[  478.403630][ T8830]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.403665][ T8830]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  478.403703][ T8830]  ? __pfx_queue_work_on+0x10/0x10
[  478.403726][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.403754][ T8830]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  478.403787][ T8830]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  478.403826][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.403849][ T8830]  ? f2fs_hw_is_readonly+0x39b/0x470
[  478.403884][ T8830]  f2fs_handle_critical_error+0x37c/0x540
[  478.403921][ T8830]  f2fs_write_end_io+0x495/0x810
[  478.403954][ T8830]  ? blkg_put+0x22/0x240
[  478.403997][ T8830]  __submit_merged_bio+0x27a/0x6a0
[  478.404031][ T8830]  __submit_merged_write_cond+0x255/0x530
[  478.404069][ T8830]  f2fs_write_data_pages+0x261d/0x3000
[  478.404098][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404163][ T8830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  478.404213][ T8830]  ? arch_stack_walk+0xfc/0x150
[  478.404270][ T8830]  ? __mod_zone_page_state+0xd7/0x140
[  478.404323][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404349][ T8830]  ? folios_put_refs+0x560/0x640
[  478.404397][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404420][ T8830]  ? __lock_acquire+0xab9/0xd20
[  478.404468][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404494][ T8830]  ? do_raw_spin_lock+0x121/0x290
[  478.404529][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404558][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404581][ T8830]  ? do_raw_spin_unlock+0x122/0x240
[  478.404608][ T8830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  478.404640][ T8830]  do_writepages+0x32e/0x550
[  478.404690][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404718][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404741][ T8830]  ? do_raw_spin_unlock+0x122/0x240
[  478.404776][ T8830]  filemap_fdatawrite+0x191/0x230
[  478.404806][ T8830]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  478.404890][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.404925][ T8830]  ? do_raw_spin_unlock+0x122/0x240
[  478.404960][ T8830]  f2fs_sync_dirty_inodes+0x31f/0x830
[  478.405020][ T8830]  f2fs_write_checkpoint+0x94a/0x1de0
[  478.405091][ T8830]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  478.405187][ T8830]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  478.405223][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.405249][ T8830]  ? kfree+0x18e/0x440
[  478.405297][ T8830]  ? kill_f2fs_super+0x298/0x6c0
[  478.405347][ T8830]  kill_f2fs_super+0x2c3/0x6c0
[  478.405392][ T8830]  ? __pfx_kill_f2fs_super+0x10/0x10
[  478.405425][ T8830]  ? radix_tree_delete_item+0x2b6/0x400
[  478.405478][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.405506][ T8830]  ? shrinker_free+0x2ce/0x3e0
[  478.405546][ T8830]  deactivate_locked_super+0xbc/0x130
[  478.405590][ T8830]  cleanup_mnt+0x425/0x4c0
[  478.405630][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.405657][ T8830]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.405705][ T8830]  task_work_run+0x1d4/0x260
[  478.405744][ T8830]  ? __pfx_task_work_run+0x10/0x10
[  478.405773][ T8830]  ? __x64_sys_umount+0x122/0x160
[  478.405811][ T8830]  ? exit_to_user_mode_loop+0x40/0x110
[  478.405856][ T8830]  exit_to_user_mode_loop+0xec/0x110
[  478.405890][ T8830]  do_syscall_64+0x2bd/0x3b0
[  478.405914][ T8830]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.405950][ T8830]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.405974][ T8830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  478.406002][ T8830]  ? exc_page_fault+0x9f/0xf0
[  478.406044][ T8830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.406069][ T8830] RIP: 0033:0x7fda4738fc57
[  478.406092][ T8830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  478.406114][ T8830] RSP: 002b:00007ffee934da58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  478.406141][ T8830] RAX: 0000000000000000 RBX: 00007fda47410925 RCX: 00007fda4738fc57
[  478.406159][ T8830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee934db10
[  478.406175][ T8830] RBP: 00007ffee934db10 R08: 0000000000000000 R09: 0000000000000000
[  478.406192][ T8830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee934eba0
[  478.406209][ T8830] R13: 00007fda47410925 R14: 0000000000074bc9 R15: 00007ffee934ebe0
[  478.406256][ T8830]  </TASK>
[  478.406267][ T8830] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  479.004066][T12787] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2281'.
[  479.055085][ T5841] holtek_kbd 0003:04D9:A055.001C: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.6-1/input1
[  479.073309][ T5836] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  479.110391][ T5836] usb 5-1: USB disconnect, device number 14
[  479.213831][ T5841] usb 7-1: USB disconnect, device number 7
[  479.369957][T12790] input: syz0 as /devices/virtual/input/input27
[  479.465999][ T5849] Bluetooth: hci4: command tx timeout
[  480.625006][T12812] binder: 12808:12812 ioctl c0306201 200000000540 returned -14
[  481.544113][ T5849] Bluetooth: hci4: command tx timeout
[  483.404809][T12816] loop6: detected capacity change from 0 to 65536
[  483.484873][T12816] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  483.587898][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  483.603844][ T5849] Bluetooth: hci4: command tx timeout
[  483.644583][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  483.656484][T12816] XFS (loop6): Ending clean mount
[  483.681740][T12815] XFS (loop6): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  483.693716][T12815] XFS (loop6): Unmount and run xfs_repair
[  483.699465][T12815] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  483.706946][T12815] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  483.716062][T12815] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  483.725022][T12815] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  483.733997][T12815] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  483.742954][T12815] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  483.751880][T12815] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  483.760975][T12815] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  483.773588][T12815] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  483.783062][T12815] XFS (loop6): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  483.819922][   T49] bond0 (unregistering): Released all slaves
[  483.834416][T12815] XFS (loop6): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  483.849556][T12815] XFS (loop6): Please unmount the filesystem and rectify the problem(s)
[  484.006912][T12847] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q
[  484.028529][T11199] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  484.084095][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.248060][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.346631][T12831] loop4: detected capacity change from 0 to 32768
[  484.396043][T12831] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  484.443411][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.467807][T12831] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  484.599080][T12831] XFS (loop4): Ending clean mount
[  484.634057][T12831] XFS (loop4): Quotacheck needed: Please wait.
[  484.737746][T12831] XFS (loop4): Quotacheck: Done.
[  484.763621][ T5925] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  484.818968][    C1] vkms_vblank_simulate: vblank timer overrun
[  484.930069][T11612] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  484.947431][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.966124][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  484.984512][ T5925] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  485.001748][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.016528][ T5925] usb 4-1: config 0 descriptor??
[  485.163809][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.459125][ T5925] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[  485.475036][ T5925] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving
[  485.492058][ T5925] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  485.634673][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.691500][ T5849] Bluetooth: hci4: command tx timeout
[  485.724459][   T49] hsr_slave_0: left promiscuous mode
[  485.808300][T12879] loop6: detected capacity change from 0 to 2048
[  485.810377][    C1] vkms_vblank_simulate: vblank timer overrun
[  485.831508][   T49] hsr_slave_1: left promiscuous mode
[  485.836524][ T5841] usb 4-1: USB disconnect, device number 26
[  485.839511][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  485.854093][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  485.894425][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  485.902386][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  485.916563][T12879] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  485.974301][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.076549][   T49] veth1_macvtap: left promiscuous mode
[  486.082461][   T49] veth0_macvtap: left promiscuous mode
[  486.121305][   T49] veth1_vlan: left promiscuous mode
[  486.143934][   T49] veth0_vlan: left promiscuous mode
[  486.493472][T12879] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  486.892722][T12882] loop4: detected capacity change from 0 to 40427
[  487.120198][T12882] F2FS-fs (loop4): build fault injection rate: 771
[  487.137656][T11199] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.147079][T12882] F2FS-fs (loop4): invalid crc value
[  487.620536][T12882] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  487.730715][T12890] loop3: detected capacity change from 0 to 131072
[  487.929114][T12890] F2FS-fs (loop3): Bad quota inode 2:2048
[  487.935504][T12890] F2FS-fs (loop3): Failed to enable quota tracking (type=2, err=-2). Please run fsck to fix.
[  487.945850][T12890] F2FS-fs (loop3): Cannot turn on quotas: error -2
[  488.000716][T11612] syz-executor: attempt to access beyond end of device
[  488.000716][T11612] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  488.016179][T12890] F2FS-fs (loop3): Mounted with checkpoint version = 1b41e955
[  488.029219][T11612] CPU: 1 UID: 0 PID: 11612 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  488.029253][T11612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  488.029268][T11612] Call Trace:
[  488.029278][T11612]  <TASK>
[  488.029288][T11612]  dump_stack_lvl+0x189/0x250
[  488.029345][T11612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.029378][T11612]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  488.029416][T11612]  ? __pfx_queue_work_on+0x10/0x10
[  488.029439][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.029468][T11612]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  488.029502][T11612]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  488.029537][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.029564][T11612]  ? f2fs_hw_is_readonly+0x39b/0x470
[  488.029607][T11612]  f2fs_handle_critical_error+0x37c/0x540
[  488.029648][T11612]  f2fs_write_end_io+0x495/0x810
[  488.029686][T11612]  ? blkg_put+0x22/0x240
[  488.029739][T11612]  __submit_merged_bio+0x27a/0x6a0
[  488.029779][T11612]  __submit_merged_write_cond+0x255/0x530
[  488.029825][T11612]  f2fs_write_data_pages+0x261d/0x3000
[  488.029857][T11612]  ? __lock_acquire+0xab9/0xd20
[  488.029947][T11612]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  488.029978][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030075][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030102][T11612]  ? stack_depot_save_flags+0x40/0x900
[  488.030143][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030197][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030225][T11612]  ? __lock_acquire+0xab9/0xd20
[  488.030272][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030299][T11612]  ? do_raw_spin_lock+0x121/0x290
[  488.030340][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030373][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030401][T11612]  ? do_raw_spin_unlock+0x122/0x240
[  488.030431][T11612]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  488.030466][T11612]  do_writepages+0x32e/0x550
[  488.030521][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030555][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030583][T11612]  ? do_raw_spin_unlock+0x122/0x240
[  488.030619][T11612]  filemap_fdatawrite+0x191/0x230
[  488.030645][T11612]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  488.030731][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.030766][T11612]  ? do_raw_spin_unlock+0x122/0x240
[  488.030802][T11612]  f2fs_sync_dirty_inodes+0x31f/0x830
[  488.030870][T11612]  f2fs_write_checkpoint+0x94a/0x1de0
[  488.030943][T11612]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  488.031042][T11612]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  488.031077][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.031105][T11612]  ? kfree+0x18e/0x440
[  488.031152][T11612]  ? kill_f2fs_super+0x298/0x6c0
[  488.031203][T11612]  kill_f2fs_super+0x2c3/0x6c0
[  488.031249][T11612]  ? __pfx_kill_f2fs_super+0x10/0x10
[  488.031283][T11612]  ? radix_tree_delete_item+0x2b6/0x400
[  488.031335][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.031363][T11612]  ? shrinker_free+0x2ce/0x3e0
[  488.031402][T11612]  deactivate_locked_super+0xbc/0x130
[  488.031471][T11612]  cleanup_mnt+0x425/0x4c0
[  488.031509][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.031537][T11612]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.031585][T11612]  task_work_run+0x1d4/0x260
[  488.031627][T11612]  ? __pfx_task_work_run+0x10/0x10
[  488.031656][T11612]  ? __x64_sys_umount+0x122/0x160
[  488.031688][T11612]  ? exit_to_user_mode_loop+0x40/0x110
[  488.031737][T11612]  exit_to_user_mode_loop+0xec/0x110
[  488.031774][T11612]  do_syscall_64+0x2bd/0x3b0
[  488.031796][T11612]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.031836][T11612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.031858][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.031885][T11612]  ? exc_page_fault+0x9f/0xf0
[  488.031923][T11612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.031945][T11612] RIP: 0033:0x7f714738fc57
[  488.031967][T11612] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  488.031987][T11612] RSP: 002b:00007ffe71d0e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  488.032014][T11612] RAX: 0000000000000000 RBX: 00007f7147410925 RCX: 00007f714738fc57
[  488.032031][T11612] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe71d0e220
[  488.032047][T11612] RBP: 00007ffe71d0e220 R08: 0000000000000000 R09: 0000000000000000
[  488.032063][T11612] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe71d0f2b0
[  488.032080][T11612] R13: 00007f7147410925 R14: 00000000000771b1 R15: 00007ffe71d0f2f0
[  488.032124][T11612]  </TASK>
[  488.032134][T11612] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  488.051420][T12904] loop6: detected capacity change from 0 to 4096
[  488.058655][T11612] CPU: 1 UID: 0 PID: 11612 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  488.058690][T11612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  488.058705][T11612] Call Trace:
[  488.058716][T11612]  <TASK>
[  488.058726][T11612]  dump_stack_lvl+0x189/0x250
[  488.058783][T11612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.058829][T11612]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  488.058872][T11612]  ? __pfx_queue_work_on+0x10/0x10
[  488.058897][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.058928][T11612]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  488.058963][T11612]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  488.059000][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059026][T11612]  ? f2fs_hw_is_readonly+0x39b/0x470
[  488.059066][T11612]  f2fs_handle_critical_error+0x37c/0x540
[  488.059107][T11612]  f2fs_write_end_io+0x495/0x810
[  488.059145][T11612]  ? blkg_put+0x22/0x240
[  488.059196][T11612]  __submit_merged_bio+0x27a/0x6a0
[  488.059236][T11612]  __submit_merged_write_cond+0x255/0x530
[  488.059277][T11612]  f2fs_write_data_pages+0x261d/0x3000
[  488.059307][T11612]  ? __lock_acquire+0xab9/0xd20
[  488.059397][T11612]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  488.059427][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059528][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059555][T11612]  ? stack_depot_save_flags+0x40/0x900
[  488.059595][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059650][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059677][T11612]  ? __lock_acquire+0xab9/0xd20
[  488.059724][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059751][T11612]  ? do_raw_spin_lock+0x121/0x290
[  488.059790][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059827][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.059854][T11612]  ? do_raw_spin_unlock+0x122/0x240
[  488.059883][T11612]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  488.059918][T11612]  do_writepages+0x32e/0x550
[  488.059972][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.060005][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.060032][T11612]  ? do_raw_spin_unlock+0x122/0x240
[  488.060067][T11612]  filemap_fdatawrite+0x191/0x230
[  488.060092][T11612]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  488.060179][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.060214][T11612]  ? do_raw_spin_unlock+0x122/0x240
[  488.060250][T11612]  f2fs_sync_dirty_inodes+0x31f/0x830
[  488.060313][T11612]  f2fs_write_checkpoint+0x94a/0x1de0
[  488.060386][T11612]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  488.060484][T11612]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  488.060518][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.060545][T11612]  ? kfree+0x18e/0x440
[  488.060592][T11612]  ? kill_f2fs_super+0x298/0x6c0
[  488.060641][T11612]  kill_f2fs_super+0x2c3/0x6c0
[  488.060686][T11612]  ? __pfx_kill_f2fs_super+0x10/0x10
[  488.060718][T11612]  ? radix_tree_delete_item+0x2b6/0x400
[  488.060770][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.060796][T11612]  ? shrinker_free+0x2ce/0x3e0
[  488.060839][T11612]  deactivate_locked_super+0xbc/0x130
[  488.060882][T11612]  cleanup_mnt+0x425/0x4c0
[  488.060920][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.060947][T11612]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.060997][T11612]  task_work_run+0x1d4/0x260
[  488.061036][T11612]  ? __pfx_task_work_run+0x10/0x10
[  488.061067][T11612]  ? __x64_sys_umount+0x122/0x160
[  488.061099][T11612]  ? exit_to_user_mode_loop+0x40/0x110
[  488.061146][T11612]  exit_to_user_mode_loop+0xec/0x110
[  488.061181][T11612]  do_syscall_64+0x2bd/0x3b0
[  488.061201][T11612]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.061236][T11612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.061265][T11612]  ? srso_alias_return_thunk+0x5/0xfbef5
[  488.061290][T11612]  ? exc_page_fault+0x9f/0xf0
[  488.061329][T11612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.061353][T11612] RIP: 0033:0x7f714738fc57
[  488.061376][T11612] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  488.061396][T11612] RSP: 002b:00007ffe71d0e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  488.061422][T11612] RAX: 0000000000000000 RBX: 00007f7147410925 RCX: 00007f714738fc57
[  488.061439][T11612] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe71d0e220
[  488.061454][T11612] RBP: 00007ffe71d0e220 R08: 0000000000000000 R09: 0000000000000000
[  488.061470][T11612] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe71d0f2b0
[  488.061487][T11612] R13: 00007f7147410925 R14: 00000000000771b1 R15: 00007ffe71d0f2f0
[  488.061531][T11612]  </TASK>
[  488.061541][T11612] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  490.562566][T12927] loop6: detected capacity change from 0 to 512
[  490.593732][T12927] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  490.649285][T12927] EXT4-fs (loop6): 1 truncate cleaned up
[  490.666648][T12927] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  490.918325][T11199] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  491.566685][T12941] loop4: detected capacity change from 0 to 8192
[  491.665014][   T49] team0 (unregistering): Port device team_slave_1 removed
[  491.984892][T12937] loop3: detected capacity change from 0 to 32768
[  492.074922][   T49] team0 (unregistering): Port device team_slave_0 removed
[  492.152979][T12937] ERROR: (device loop3): dbFindCtl: Corrupt dmapctl page
[  492.152979][T12937] 
[  492.212506][T12937] ERROR: (device loop3): remounting filesystem as read-only
[  492.741843][T12947] loop4: detected capacity change from 0 to 32768
[  492.954982][T12947] read_mapping_page failed!
[  493.016005][T12949] loop6: detected capacity change from 0 to 40427
[  493.054624][T12949] F2FS-fs (loop6): build fault injection rate: 690
[  493.061257][T12949] F2FS-fs (loop6): Image doesn't support compression
[  493.073353][T12949] F2FS-fs (loop6): heap/no_heap options were deprecated
[  493.080415][T12949] F2FS-fs (loop6): Image doesn't support compression
[  493.137967][T12949] F2FS-fs (loop6): invalid crc value
[  493.400081][T12949] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  493.496907][T12949] syz.6.2337: attempt to access beyond end of device
[  493.496907][T12949] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  493.543078][T12955] F2FS-fs (loop6): Unexpected flush for atomic writes: ino=10, npages=2
[  493.565793][T12955] syz.6.2337: attempt to access beyond end of device
[  493.565793][T12955] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  493.601909][T12951] loop3: detected capacity change from 0 to 32768
[  493.726404][T12951] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  493.771091][T11199] syz-executor: attempt to access beyond end of device
[  493.771091][T11199] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  493.785386][T11199] CPU: 1 UID: 0 PID: 11199 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  493.785420][T11199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  493.785435][T11199] Call Trace:
[  493.785445][T11199]  <TASK>
[  493.785455][T11199]  dump_stack_lvl+0x189/0x250
[  493.785511][T11199]  ? __pfx_dump_stack_lvl+0x10/0x10
[  493.785549][T11199]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  493.785598][T11199]  ? __pfx_queue_work_on+0x10/0x10
[  493.785623][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.785655][T11199]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  493.785690][T11199]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  493.785727][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.785754][T11199]  ? f2fs_hw_is_readonly+0x39b/0x470
[  493.785793][T11199]  f2fs_handle_critical_error+0x37c/0x540
[  493.785831][T11199]  f2fs_write_end_io+0x495/0x810
[  493.785869][T11199]  ? blkg_put+0x22/0x240
[  493.785915][T11199]  __submit_merged_bio+0x27a/0x6a0
[  493.785955][T11199]  __submit_merged_write_cond+0x255/0x530
[  493.785993][T11199]  f2fs_write_data_pages+0x261d/0x3000
[  493.786069][T11199]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.786117][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786145][T11199]  ? is_bpf_text_address+0x292/0x2b0
[  493.786186][T11199]  ? is_bpf_text_address+0x26/0x2b0
[  493.786255][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786283][T11199]  ? stack_trace_save+0x9c/0xe0
[  493.786314][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786342][T11199]  ? stack_depot_save_flags+0x40/0x900
[  493.786396][T11199]  ? __schedule+0x16fd/0x4d00
[  493.786432][T11199]  ? schedule+0x165/0x360
[  493.786463][T11199]  ? schedule_timeout+0x9a/0x270
[  493.786503][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786530][T11199]  ? __lock_acquire+0xab9/0xd20
[  493.786594][T11199]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  493.786628][T11199]  do_writepages+0x32e/0x550
[  493.786678][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786711][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786738][T11199]  ? do_raw_spin_unlock+0x122/0x240
[  493.786774][T11199]  filemap_fdatawrite+0x191/0x230
[  493.786799][T11199]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  493.786871][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.786904][T11199]  ? do_raw_spin_unlock+0x122/0x240
[  493.786938][T11199]  f2fs_sync_dirty_inodes+0x31f/0x830
[  493.786995][T11199]  f2fs_write_checkpoint+0x94a/0x1de0
[  493.787059][T11199]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  493.787146][T11199]  ? kill_f2fs_super+0x298/0x6c0
[  493.787191][T11199]  kill_f2fs_super+0x2c3/0x6c0
[  493.787231][T11199]  ? __pfx_kill_f2fs_super+0x10/0x10
[  493.787262][T11199]  ? radix_tree_delete_item+0x2b6/0x400
[  493.787310][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.787336][T11199]  ? shrinker_free+0x2ce/0x3e0
[  493.787373][T11199]  deactivate_locked_super+0xbc/0x130
[  493.787415][T11199]  cleanup_mnt+0x425/0x4c0
[  493.787451][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.787478][T11199]  ? lockdep_hardirqs_on+0x9c/0x150
[  493.787524][T11199]  task_work_run+0x1d4/0x260
[  493.787562][T11199]  ? __pfx_task_work_run+0x10/0x10
[  493.787595][T11199]  ? __x64_sys_umount+0x122/0x160
[  493.787625][T11199]  ? exit_to_user_mode_loop+0x40/0x110
[  493.787671][T11199]  exit_to_user_mode_loop+0xec/0x110
[  493.787706][T11199]  do_syscall_64+0x2bd/0x3b0
[  493.787726][T11199]  ? lockdep_hardirqs_on+0x9c/0x150
[  493.787762][T11199]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.787785][T11199]  ? srso_alias_return_thunk+0x5/0xfbef5
[  493.787811][T11199]  ? exc_page_fault+0x9f/0xf0
[  493.787846][T11199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.787867][T11199] RIP: 0033:0x7f036498fc57
[  493.787888][T11199] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  493.787907][T11199] RSP: 002b:00007fffd6838158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  493.787932][T11199] RAX: 0000000000000000 RBX: 00007f0364a10925 RCX: 00007f036498fc57
[  493.787947][T11199] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd6838210
[  493.787961][T11199] RBP: 00007fffd6838210 R08: 0000000000000000 R09: 0000000000000000
[  493.787976][T11199] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffd68392a0
[  493.787991][T11199] R13: 00007f0364a10925 R14: 000000000007882c R15: 00007fffd68392e0
[  493.788026][T11199]  </TASK>
[  493.788035][T11199] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  493.923047][T12951] XFS (loop3): Ending clean mount
[  495.196253][ T8830] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  496.100764][T12988] serio: Serial port ptm0
[  496.233753][T12766] chnl_net:caif_netlink_parms(): no params data found
[  496.821941][T12766] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.841743][T12766] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.850099][T13015] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2360'.
[  496.903816][T12766] bridge_slave_0: entered allmulticast mode
[  496.911907][T12766] bridge_slave_0: entered promiscuous mode
[  496.951220][T13018] loop4: detected capacity change from 0 to 512
[  496.962181][T12766] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.978011][T13018] EXT4-fs: Ignoring removed oldalloc option
[  496.993483][T12766] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.015793][T12766] bridge_slave_1: entered allmulticast mode
[  497.025863][T12766] bridge_slave_1: entered promiscuous mode
[  497.091101][T13018] EXT4-fs (loop4): 1 truncate cleaned up
[  497.099001][T13018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  497.147669][   T30] audit: type=1800 audit(1750360787.716:386): pid=13018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2361" name="file1" dev="loop4" ino=15 res=0 errno=0
[  497.294898][T12766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  497.333445][T13028] EXT4-fs (loop4): shut down requested (1)
[  497.393982][T12766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  497.522760][T11612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  497.591070][T13034] loop3: detected capacity change from 0 to 512
[  497.648551][T12766] team0: Port device team_slave_0 added
[  497.651986][T13034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  497.664859][T12766] team0: Port device team_slave_1 added
[  497.723307][ T5939] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  497.744971][T13034] ext4 filesystem being mounted at /253/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  497.745965][T13032] loop6: detected capacity change from 0 to 4096
[  497.845848][T12766] batman_adv: batadv0: Adding interface: batadv_slave_0
[  497.853829][T12766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  497.855715][T13041] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  497.922482][ T5939] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  497.927033][   T30] audit: type=1800 audit(1750360788.476:387): pid=13042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2366" name="file1" dev="loop3" ino=15 res=0 errno=0
[  497.950988][ T5939] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  497.971802][ T5939] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  497.985820][ T5939] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  497.995002][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.011328][ T5939] usb 6-1: config 0 descriptor??
[  498.032839][T12766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  498.041866][T13042] EXT4-fs error (device loop3): ext4_get_first_dir_block:3533: inode #12: block 32: comm syz.3.2366: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  498.046873][T12766] batman_adv: batadv0: Adding interface: batadv_slave_1
[  498.071715][T12766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  498.133601][T12766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  498.153578][T13042] EXT4-fs (loop3): Remounting filesystem read-only
[  498.441638][ T5939] plantronics 0003:047F:FFFF.001E: reserved main item tag 0xd
[  498.457395][T12766] hsr_slave_0: entered promiscuous mode
[  498.494682][T12766] hsr_slave_1: entered promiscuous mode
[  498.510190][ T5939] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving
[  498.520992][ T8830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.526510][T12766] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  498.558950][T12766] Cannot create hsr debugfs directory
[  498.580065][T13056] loop6: detected capacity change from 0 to 1024
[  498.591016][ T5939] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  498.823730][ T5841] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  498.859451][ T5939] usb 6-1: USB disconnect, device number 21
[  498.983389][ T5841] usb 5-1: Using ep0 maxpacket: 16
[  498.999766][ T5841] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  499.019211][ T5841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.028880][ T5841] usb 5-1: Product: syz
[  499.049448][ T5841] usb 5-1: Manufacturer: syz
[  499.061083][ T5841] usb 5-1: SerialNumber: syz
[  499.106787][ T5841] r8152-cfgselector 5-1: Unknown version 0x0000
[  499.154214][ T5841] r8152-cfgselector 5-1: config 0 descriptor??
[  499.347477][T13075] vcan0: tx drop: invalid da for name 0x00000000000000f5
[  499.592857][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806bbb3800: rx timeout, send abort
[  499.660041][ T1206] r8152-cfgselector 5-1: USB disconnect, device number 15
[  499.765937][T12766] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  499.789956][T12766] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  499.817703][T12766] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  499.854900][T12766] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  499.951318][ T5925] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  500.095520][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806bbb0800: rx timeout, send abort
[  500.104095][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806bbb3800: abort rx timeout. Force session deactivation
[  500.115114][T12766] 8021q: adding VLAN 0 to HW filter on device bond0
[  500.127534][ T5925] usb 4-1: Using ep0 maxpacket: 8
[  500.139830][ T5925] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  500.163557][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.219219][T12766] 8021q: adding VLAN 0 to HW filter on device team0
[  500.227427][ T5925] usb 4-1: config 0 descriptor??
[  500.322048][ T7496] bridge0: port 1(bridge_slave_0) entered blocking state
[  500.329364][ T7496] bridge0: port 1(bridge_slave_0) entered forwarding state
[  500.412044][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  500.419389][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  500.603925][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806bbb0800: abort rx timeout. Force session deactivation
[  500.811449][T13079] overlayfs: overlapping lowerdir path
[  500.918152][ T5836] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  501.022893][T12766] 8021q: adding VLAN 0 to HW filter on device batadv0
[  501.084931][ T5836] usb 7-1: Using ep0 maxpacket: 32
[  501.099087][ T5836] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  501.108220][ T5836] usb 7-1: config 0 has no interface number 0
[  501.118386][ T5836] usb 7-1: config 0 interface 12 has no altsetting 0
[  501.130365][ T5836] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  501.152899][ T5836] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  501.181089][ T5836] usb 7-1: Product: syz
[  501.197719][ T5836] usb 7-1: Manufacturer: syz
[  501.209115][ T5836] usb 7-1: SerialNumber: syz
[  501.227540][ T5836] usb 7-1: config 0 descriptor??
[  501.334951][T12766] veth0_vlan: entered promiscuous mode
[  501.355442][T12766] veth1_vlan: entered promiscuous mode
[  501.451944][T12766] veth0_macvtap: entered promiscuous mode
[  501.458525][ T5925] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  501.470211][ T5925] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  501.493959][ T5925] asix 4-1:0.0: probe with driver asix failed with error -71
[  501.509500][T12766] veth1_macvtap: entered promiscuous mode
[  501.535400][ T5925] usb 4-1: USB disconnect, device number 27
[  501.585186][T12766] batman_adv: batadv0: Interface activated: batadv_slave_0
[  501.623071][T12766] batman_adv: batadv0: Interface activated: batadv_slave_1
[  501.651815][T12766] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  501.673735][T12766] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  501.701556][T12766] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  501.714215][T12766] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.103048][T13124] Dead loop on virtual device ipvlan1, fix it urgently!
[  502.200522][T13126] binder: 13125:13126 ioctl 4018620d 0 returned -22
[  502.475558][T13121] loop4: detected capacity change from 0 to 40427
[  502.517657][T13121] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  502.537848][ T5836] f81534 7-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  502.540689][T13121] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  502.545631][ T5836] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71
[  502.561645][ T5836] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  502.570482][ T5836] f81534 7-1:0.12: probe with driver f81534 failed with error -71
[  502.575808][T13121] F2FS-fs (loop4): invalid crc value
[  502.608023][ T5836] usb 7-1: USB disconnect, device number 8
[  502.754093][T13121] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30
[  502.800581][T13121] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  503.096226][ T7486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.151091][ T7486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.256429][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.305253][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  504.028934][T13153] loop3: detected capacity change from 0 to 256
[  504.081846][T13153] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  504.236190][   T30] audit: type=1800 audit(1750360794.806:388): pid=13153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2412" name="file1" dev="loop3" ino=1048711 res=0 errno=0
[  504.239654][T13153] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008)
[  504.373560][T13153] exFAT-fs (loop3): Filesystem has been set read-only
[  504.401884][T13153] exFAT-fs (loop3): error, failed to bmap (inode : ffff888052aa07c8 iblock : 8, err : -5)
[  504.473879][T13153] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008)
[  504.507557][T13145] loop6: detected capacity change from 0 to 32768
[  504.531506][ T7491] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.621605][T13145] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  504.944559][T13145] XFS (loop6): Ending clean mount
[  504.998204][T13145] XFS (loop6): Quotacheck needed: Please wait.
[  505.156580][T13145] XFS (loop6): Quotacheck: Done.
[  505.199587][ T7491] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.518389][T11199] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  505.573471][ T7491] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.038520][ T7491] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.377318][T13186] netem: change failed
[  506.382022][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  506.395912][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  506.414790][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  506.429282][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  506.441591][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  506.979294][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  506.986754][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  507.022128][ T7486] nci: nci_rsp_packet: unsupported rsp opcode 0xf05
[  507.386797][ T7491] bridge_slave_1: left allmulticast mode
[  507.413652][ T7491] bridge_slave_1: left promiscuous mode
[  507.419559][ T7491] bridge0: port 2(bridge_slave_1) entered disabled state
[  507.460150][ T7491] bridge_slave_0: left allmulticast mode
[  507.482611][ T7491] bridge_slave_0: left promiscuous mode
[  507.493525][ T7491] bridge0: port 1(bridge_slave_0) entered disabled state
[  508.158314][T13237] loop6: detected capacity change from 0 to 256
[  508.205261][T13237] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  508.327382][T13237] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  508.430395][T13237] exFAT-fs (loop6): start_clu is invalid cluster(0xffffffff)
[  508.563478][ T5848] Bluetooth: hci4: command tx timeout
[  509.633355][ T5926] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  509.890197][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  509.908684][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  509.960650][ T5926] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  509.978656][ T5926] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  509.990505][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.052777][ T5926] usb 6-1: config 0 descriptor??
[  510.277305][ T7491] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  510.321344][ T7491] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  510.363029][ T7491] bond0 (unregistering): Released all slaves
[  510.443986][T13187] chnl_net:caif_netlink_parms(): no params data found
[  510.583857][ T5926] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[  510.594479][ T5926] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving
[  510.638575][ T5926] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  510.643645][ T5848] Bluetooth: hci4: command tx timeout
[  510.765765][T13290] loop6: detected capacity change from 0 to 8
[  510.950012][    C0] plantronics 0003:047F:FFFF.001F: hid_field_extract() called with n (132) > 32! (syz-executor)
[  511.164929][   T10] usb 6-1: USB disconnect, device number 22
[  511.436682][T13187] bridge0: port 1(bridge_slave_0) entered blocking state
[  511.485321][T13187] bridge0: port 1(bridge_slave_0) entered disabled state
[  511.531732][T13187] bridge_slave_0: entered allmulticast mode
[  511.574017][T13187] bridge_slave_0: entered promiscuous mode
[  511.775000][T13308] loop6: detected capacity change from 0 to 65536
[  511.797895][T13187] bridge0: port 2(bridge_slave_1) entered blocking state
[  511.812226][T13187] bridge0: port 2(bridge_slave_1) entered disabled state
[  511.823273][ T5841] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  511.836659][T13187] bridge_slave_1: entered allmulticast mode
[  511.855514][T13187] bridge_slave_1: entered promiscuous mode
[  511.868493][T13308] XFS (loop6): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  511.916180][T13308] XFS (loop6): Ending clean mount
[  511.997768][T13308] XFS (loop6): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  512.009582][T13308] XFS (loop6): Unmount and run xfs_repair
[  512.018710][T13308] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  512.027133][T13308] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  512.037293][T13308] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  512.046307][T13308] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  512.058970][T13308] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  512.068064][T13308] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  512.068232][ T7491] hsr_slave_0: left promiscuous mode
[  512.077731][T13308] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  512.095730][T13308] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  512.105483][T13308] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  512.114517][T13308] XFS (loop6): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  512.130261][ T5841] usb 4-1: Using ep0 maxpacket: 32
[  512.143073][ T5841] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  512.150237][ T7491] hsr_slave_1: left promiscuous mode
[  512.151643][T13308] XFS (loop6): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  512.172045][T13308] XFS (loop6): Please unmount the filesystem and rectify the problem(s)
[  512.175439][ T7491] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  512.181771][ T5841] usb 4-1: config 0 has no interface number 0
[  512.196914][ T5841] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  512.206109][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.214172][ T5841] usb 4-1: Product: syz
[  512.218703][ T5841] usb 4-1: Manufacturer: syz
[  512.233462][ T5841] usb 4-1: SerialNumber: syz
[  512.254830][ T7491] batman_adv: batadv0: Removing interface: batadv_slave_0
[  512.291677][ T5841] usb 4-1: config 0 descriptor??
[  512.292044][ T7491] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  512.315778][ T5841] smsc95xx v2.0.0
[  512.324305][ T7491] batman_adv: batadv0: Removing interface: batadv_slave_1
[  512.386516][T11199] XFS (loop6): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  512.472244][ T7491] veth1_macvtap: left promiscuous mode
[  512.482360][ T7491] veth0_macvtap: left promiscuous mode
[  512.492823][ T7491] veth1_vlan: left promiscuous mode
[  512.545189][ T7491] veth0_vlan: left promiscuous mode
[  512.763207][ T5848] Bluetooth: hci4: command tx timeout
[  512.803448][ T5841] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  512.873285][ T5841] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  513.492484][ T5841] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  513.554141][ T5841] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  513.583314][ T5841] usb 4-1: USB disconnect, device number 28
[  513.851299][ T5836] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  514.045500][ T5836] usb 7-1: Using ep0 maxpacket: 8
[  514.054344][ T5836] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  514.066392][ T5836] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  514.076399][ T5836] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 4915, setting to 1024
[  514.121694][ T5836] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  514.132347][ T5836] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  514.145905][ T5836] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  514.200328][ T5836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.463975][ T5836] usb 7-1: GET_CAPABILITIES returned 0
[  514.469597][ T5836] usbtmc 7-1:16.0: can't read capabilities
[  514.738945][ T5841] usb 7-1: USB disconnect, device number 9
[  514.825463][ T5848] Bluetooth: hci4: command tx timeout
[  514.975902][ T7491] team0 (unregistering): Port device team_slave_1 removed
[  515.120118][ T7491] team0 (unregistering): Port device team_slave_0 removed
[  516.728407][    C1] vcan0: j1939_tp_rxtimer: 0xffff888076332800: rx timeout, send abort
[  516.792860][T13187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  516.990926][T13187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  517.236830][    C1] vcan0: j1939_tp_rxtimer: 0xffff888076332800: abort rx timeout. Force session deactivation
[  517.255700][T13187] team0: Port device team_slave_0 added
[  517.277175][T13187] team0: Port device team_slave_1 added
[  517.406906][T13368] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.2490'.
[  517.438285][T13187] batman_adv: batadv0: Adding interface: batadv_slave_0
[  517.453972][T13187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  517.535002][T13187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  517.604628][T13187] batman_adv: batadv0: Adding interface: batadv_slave_1
[  517.621944][T13374] loop3: detected capacity change from 0 to 256
[  517.639943][T13374] exfat: Deprecated parameter 'namecase'
[  517.649080][T13374] exfat: Deprecated parameter 'utf8'
[  517.668491][T13187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  517.710439][T13374] exfat: Deprecated parameter 'utf8'
[  517.712751][   T30] audit: type=1800 audit(1750360808.276:389): pid=13373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2491" name="file1" dev="tmpfs" ino=3312 res=0 errno=0
[  517.734275][T13374] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  517.820292][T13187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  517.842296][ T5926] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  518.037675][ T5926] usb 7-1: config 0 has an invalid interface number: 172 but max is 0
[  518.047309][ T5926] usb 7-1: config 0 has no interface number 0
[  518.058266][ T5926] usb 7-1: New USB device found, idVendor=2304, idProduct=020f, bcdDevice=3b.de
[  518.080277][ T5926] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.114024][ T5926] usb 7-1: Product: syz
[  518.118284][ T5926] usb 7-1: Manufacturer: syz
[  518.125122][ T5926] usb 7-1: SerialNumber: syz
[  518.144195][ T5926] usb 7-1: config 0 descriptor??
[  518.171948][ T5926] dvb-usb: found a 'Pinnacle 400e DVB-S USB2.0' in warm state.
[  518.192743][ T5926] dvb-usb: bulk message failed: -22 (4/0)
[  518.199111][ T5926] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  518.220842][T13187] hsr_slave_0: entered promiscuous mode
[  518.236499][T13187] hsr_slave_1: entered promiscuous mode
[  518.238821][ T5926] dvb-usb: bulk message failed: -22 (5/0)
[  518.248952][ T5926] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  518.267316][ T5926] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  518.274179][T13187] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  518.295070][ T5926] dvb-usb: Pinnacle 400e DVB-S USB2.0 error while loading driver (-19)
[  518.304229][T13187] Cannot create hsr debugfs directory
[  518.317118][T13384] loop3: detected capacity change from 0 to 2048
[  518.378427][ T5926] usb 7-1: USB disconnect, device number 10
[  518.398789][T13384] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  518.413263][T13384] ext4 filesystem being mounted at /282/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  518.444072][ T5841] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  518.464203][T13384] fs-verity: sha512 using implementation "sha512-avx2"
[  518.621639][ T5841] usb 6-1: Using ep0 maxpacket: 8
[  518.638998][ T5841] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  518.657771][ T8830] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  518.669702][ T5841] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  518.695803][ T5841] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  518.713095][ T5841] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  518.728068][ T5841] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  518.769966][ T5841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.032519][ T5841] usb 6-1: GET_CAPABILITIES returned 0
[  519.050177][ T5841] usbtmc 6-1:16.0: can't read capabilities
[  519.288381][ T5849] Bluetooth: hci1: command 0x0405 tx timeout
[  519.346930][ T5939] usb 6-1: USB disconnect, device number 23
[  519.655698][T13187] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  520.078664][T13187] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  520.171248][T13425] loop6: detected capacity change from 0 to 128
[  520.174240][T13187] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  520.220633][T13425] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  520.249189][T13187] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  520.263263][T13425] ext4 filesystem being mounted at /150/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  520.526984][T11199] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  521.046943][   T31] INFO: task syz-executor:8180 blocked for more than 143 seconds.
[  521.064345][   T31]       Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  521.120335][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  521.184308][   T31] task:syz-executor    state:D stack:21192 pid:8180  tgid:8180  ppid:1      task_flags:0x400140 flags:0x00004006
[  521.261551][   T31] Call Trace:
[  521.265367][   T31]  <TASK>
[  521.268357][   T31]  __schedule+0x16f5/0x4d00
[  521.300012][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  521.310177][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  521.330516][   T31]  ? do_raw_spin_lock+0x121/0x290
[  521.355661][   T31]  ? schedule+0x165/0x360
[  521.360106][   T31]  ? __lock_acquire+0xab9/0xd20
[  521.373425][   T31]  ? __pfx___schedule+0x10/0x10
[  521.396672][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  521.403325][ T5841] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  521.473362][   T31]  ? schedule+0x91/0x360
[  521.477742][   T31]  schedule+0x165/0x360
[  521.481963][   T31]  __bch2_fs_stop+0x704/0x900
[  521.522354][T13187] 8021q: adding VLAN 0 to HW filter on device bond0
[  521.551272][   T31]  ? __pfx___bch2_fs_stop+0x10/0x10
[  521.653347][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  521.661854][   T31]  ? __pfx_evict_inodes+0x10/0x10
[  521.694118][   T31]  ? dput+0x37/0x2b0
[  521.698144][   T31]  ? __pfx_bch2_put_super+0x10/0x10
[  521.714044][   T31]  generic_shutdown_super+0x135/0x2c0
[  521.719557][   T31]  bch2_kill_sb+0x41/0x50
[  521.743306][   T31]  deactivate_locked_super+0xbc/0x130
[  521.748807][   T31]  cleanup_mnt+0x425/0x4c0
[  521.767862][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  521.783340][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  521.788677][   T31]  task_work_run+0x1d4/0x260
[  521.793724][   T31]  ? __pfx_task_work_run+0x10/0x10
[  521.798978][   T31]  ? __x64_sys_umount+0x122/0x160
[  521.804790][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  521.810326][   T31]  exit_to_user_mode_loop+0xec/0x110
[  521.816221][   T31]  do_syscall_64+0x2bd/0x3b0
[  521.820871][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  521.829598][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.836128][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  521.841817][   T31]  ? exc_page_fault+0x9f/0xf0
[  521.847134][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.853068][   T31] RIP: 0033:0x7ff509d8fc57
[  521.858076][   T31] RSP: 002b:00007ffe2f873e18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  521.870804][   T31] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff509d8fc57
[  521.880942][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe2f873ed0
[  521.889525][   T31] RBP: 00007ffe2f873ed0 R08: 0000000000000000 R09: 0000000000000000
[  521.898017][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe2f874f60
[  521.906539][   T31] R13: 00007ff509e10925 R14: 0000000000057ec8 R15: 00007ffe2f874fa0
[  521.923339][   T31]  </TASK>
[  521.926545][   T31] 
[  521.926545][   T31] Showing all locks held in the system:
[  521.943849][   T31] 1 lock held by khungtaskd/31:
[  521.948791][   T31]  #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  521.975213][   T31] 2 locks held by getty/5590:
[  521.979963][   T31]  #0: ffff88803055a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  522.013233][   T31]  #1: ffffc90002fee2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  522.023917][   T31] 5 locks held by kworker/0:4/5841:
[  522.029163][   T31]  #0: ffff88801dad7948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  522.041015][   T31]  #1: ffffc90004effbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  522.060279][   T31]  #2: ffff888028156198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  522.088857][   T31]  #3: ffff888028191510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00
[  522.103608][   T31]  #4: ffff888027d7bb68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00
[  522.120188][   T31] 1 lock held by syz-executor/8180:
[  522.125539][   T31]  #0: ffff88805247a0e0 (&type->s_umount_key#70){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[  522.136171][   T31] 1 lock held by syz-executor/11199:
[  522.141481][   T31]  #0: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  522.152601][   T31] 
[  522.173227][   T31] =============================================
[  522.173227][   T31] 
[  522.181726][   T31] NMI backtrace for cpu 1
[  522.181749][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  522.181779][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  522.181796][   T31] Call Trace:
[  522.181806][   T31]  <TASK>
[  522.181816][   T31]  dump_stack_lvl+0x189/0x250
[  522.181866][   T31]  ? __wake_up_klogd+0xd9/0x110
[  522.181899][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.181934][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  522.181974][   T31]  ? __pfx__printk+0x10/0x10
[  522.182017][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  522.182058][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  522.182087][   T31]  ? _printk+0xcf/0x120
[  522.182119][   T31]  ? __pfx__printk+0x10/0x10
[  522.182148][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  522.182190][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  522.182227][   T31]  watchdog+0xfee/0x1030
[  522.182267][   T31]  ? watchdog+0x1de/0x1030
[  522.182311][   T31]  kthread+0x711/0x8a0
[  522.182347][   T31]  ? __pfx_watchdog+0x10/0x10
[  522.182378][   T31]  ? __pfx_kthread+0x10/0x10
[  522.182404][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.182436][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  522.182476][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.182504][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  522.182545][   T31]  ? __pfx_kthread+0x10/0x10
[  522.182574][   T31]  ret_from_fork+0x3fc/0x770
[  522.182619][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  522.182666][   T31]  ? __switch_to_asm+0x39/0x70
[  522.182692][   T31]  ? __switch_to_asm+0x33/0x70
[  522.182716][   T31]  ? __pfx_kthread+0x10/0x10
[  522.182746][   T31]  ret_from_fork_asm+0x1a/0x30
[  522.182792][   T31]  </TASK>
[  522.182802][   T31] Sending NMI from CPU 1 to CPUs 0:
[  522.371809][    C0] NMI backtrace for cpu 0
[  522.371830][    C0] CPU: 0 UID: 0 PID: 12215 Comm: syz.1.2063 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  522.371858][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  522.371873][    C0] RIP: 0010:__free_one_page+0x6e3/0xba0
[  522.371914][    C0] Code: 00 fc ff df 4d 85 e4 0f 95 c0 8b 4c 24 04 44 8b 64 24 1c 44 0f b6 c0 4c 89 f7 48 8b 74 24 20 89 da e8 31 f4 00 00 41 f6 c4 01 <75> 05 0f 1f 44 00 00 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d e9
[  522.371933][    C0] RSP: 0018:ffffc900136a7718 EFLAGS: 00000046
[  522.371954][    C0] RAX: 1ffff11027fff701 RBX: 0000000000000001 RCX: dffffc0000000001
[  522.371971][    C0] RDX: ffffea0000a44f08 RSI: ffff88813fffbd68 RDI: ffffea0000cf6f88
[  522.371988][    C0] RBP: 0000000000033dbc R08: 0000000000000000 R09: 1ffffd400019edfe
[  522.372004][    C0] R10: dffffc0000000000 R11: fffff9400019edff R12: 0000000000000000
[  522.372019][    C0] R13: ffffea0000cf6f00 R14: ffffea0000cf6f80 R15: dffffc0000000000
[  522.372039][    C0] FS:  0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
[  522.372058][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  522.372074][    C0] CR2: 0000563d40601000 CR3: 000000000df38000 CR4: 0000000000350ef0
[  522.372092][    C0] Call Trace:
[  522.372101][    C0]  <TASK>
[  522.372118][    C0]  free_pcppages_bulk+0x40e/0x610
[  522.372155][    C0]  free_frozen_page_commit+0x62c/0x1070
[  522.372189][    C0]  __free_frozen_pages+0x78b/0xe70
[  522.372220][    C0]  vfree+0x25a/0x400
[  522.372245][    C0]  ? __pfx_kcov_close+0x10/0x10
[  522.372279][    C0]  kcov_close+0x28/0x50
[  522.372307][    C0]  __fput+0x44c/0xa70
[  522.372348][    C0]  task_work_run+0x1d4/0x260
[  522.372382][    C0]  ? __pfx_task_work_run+0x10/0x10
[  522.372412][    C0]  ? kmem_cache_free+0x18f/0x400
[  522.372440][    C0]  do_exit+0x6ad/0x22e0
[  522.372468][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.372502][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  522.372530][    C0]  ? do_raw_spin_lock+0x121/0x290
[  522.372557][    C0]  ? __pfx_do_exit+0x10/0x10
[  522.372582][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.372619][    C0]  do_group_exit+0x21c/0x2d0
[  522.372645][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.372671][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  522.372714][    C0]  get_signal+0x1286/0x1340
[  522.372767][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  522.372802][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  522.372842][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  522.372886][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  522.372926][    C0]  exit_to_user_mode_loop+0x75/0x110
[  522.372959][    C0]  do_syscall_64+0x2bd/0x3b0
[  522.372979][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  522.373012][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.373033][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  522.373058][    C0]  ? exc_page_fault+0x9f/0xf0
[  522.373092][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  522.373114][    C0] RIP: 0033:0x7fa5e99c11e5
[  522.373133][    C0] Code: Unable to access opcode bytes at 0x7fa5e99c11bb.
[  522.373144][    C0] RSP: 002b:00007fa5ea8d6f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  522.373166][    C0] RAX: fffffffffffffdfc RBX: 00007fa5e9bb5fa0 RCX: 00007fa5e99c11e5
[  522.373182][    C0] RDX: 00007fa5ea8d6fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  522.373198][    C0] RBP: 00007fa5e9a10b39 R08: 0000000000000000 R09: 0000000000000000
[  522.373213][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  522.373226][    C0] R13: 0000000000000000 R14: 00007fa5e9bb5fa0 R15: 00007ffde1ded018
[  522.373254][    C0]  </TASK>
[  522.965017][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  522.971966][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[  522.983815][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  522.993901][   T31] Call Trace:
[  522.997211][   T31]  <TASK>
[  523.000156][   T31]  dump_stack_lvl+0x99/0x250
[  523.004786][   T31]  ? __asan_memcpy+0x40/0x70
[  523.009415][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  523.014672][   T31]  ? __pfx__printk+0x10/0x10
[  523.019287][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.024964][   T31]  panic+0x2db/0x790
[  523.028890][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.034573][   T31]  ? __pfx_panic+0x10/0x10
[  523.039021][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.044679][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  523.050545][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.056208][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  523.061623][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  523.067821][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.073493][   T31]  watchdog+0x102d/0x1030
[  523.077879][   T31]  ? watchdog+0x1de/0x1030
[  523.082349][   T31]  kthread+0x711/0x8a0
[  523.086462][   T31]  ? __pfx_watchdog+0x10/0x10
[  523.091179][   T31]  ? __pfx_kthread+0x10/0x10
[  523.095804][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.101484][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.106734][   T31]  ? srso_alias_return_thunk+0x5/0xfbef5
[  523.112403][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  523.117644][   T31]  ? __pfx_kthread+0x10/0x10
[  523.122269][   T31]  ret_from_fork+0x3fc/0x770
[  523.126907][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  523.132065][   T31]  ? __switch_to_asm+0x39/0x70
[  523.136856][   T31]  ? __switch_to_asm+0x33/0x70
[  523.141651][   T31]  ? __pfx_kthread+0x10/0x10
[  523.146274][   T31]  ret_from_fork_asm+0x1a/0x30
[  523.151087][   T31]  </TASK>
[  523.154458][   T31] Kernel Offset: disabled
[  523.158791][   T31] Rebooting in 86400 seconds..