last executing test programs:

3m47.875702073s ago: executing program 1 (id=352):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
bind$inet6(r1, 0x0, 0x0)
listen(r0, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r5, &(0x7f0000000280)=@target={'target ', {'PCI:', '4', ':', '5', ':', '17', '.', '15'}}, 0x15)

3m45.225331225s ago: executing program 1 (id=357):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x40d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0)

3m44.194494836s ago: executing program 1 (id=359):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000240)={0x20, 0xc, 0x1, "97"}, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f00000002c0)={0x20, 0x30, 0x6, "141b93b8b9f9"}, 0x0, 0x0, 0x0, 0x0, 0x0})

3m40.199488031s ago: executing program 1 (id=371):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdir(&(0x7f0000000100)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(r0, &(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000200)='./bus/file0\x00', 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/105, 0x69)

3m39.582717873s ago: executing program 1 (id=376):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a46100"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

3m36.794570176s ago: executing program 1 (id=383):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

3m36.440893703s ago: executing program 32 (id=383):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

14.539611537s ago: executing program 0 (id=1224):
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0)

12.919668706s ago: executing program 0 (id=1226):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x15, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})

12.756500211s ago: executing program 0 (id=1228):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c000a0000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000500090000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)

11.615037995s ago: executing program 0 (id=1230):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x1}, 0x8)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, 0x0, 0x0)

11.111822318s ago: executing program 0 (id=1234):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000200)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

9.005037218s ago: executing program 4 (id=1236):
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0)

8.383616956s ago: executing program 2 (id=1237):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f0000000140)=0x5, 0x4)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r3}, 0x20)
sendto$inet(r3, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf408, 0x0, 0xf06)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, 0x0, &(0x7f0000000040)=0xffffffffffffffba)

8.130585574s ago: executing program 5 (id=1238):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x15, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})

7.266594185s ago: executing program 2 (id=1239):
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
r0 = socket(0x2a, 0x2, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newtfilter={0x74, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_EMATCHES={0x40, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x3, 0x7, 0x400}, {{0x4, 0x1, 0x1, 0x1}, {0x4, 0x0, 0x1, 0x1}}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0xff, 0x3, 0xc28}, {0x7, 0x6, 0x8, 0x9}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xed}}]}]}}]}, 0x74}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x38}}, 0x0)

7.261510031s ago: executing program 3 (id=1240):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmsg$can_j1939(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2)

7.260676548s ago: executing program 4 (id=1241):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(0xffffffffffffffff, 0x4068aea3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020506050e020409430009003f000c000a0000000d0085a168d0bf46d32345653600648d0a00120002000a0000005ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000500090000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)

7.221648098s ago: executing program 2 (id=1242):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./bus\x00', 0x300000a, &(0x7f0000000680)={[{@nodatacow}, {@thread_pool={'thread_pool', 0x3d, 0x3}}, {@nodiscard}, {@datacow}, {@ref_verify}, {@clear_cache}, {@nobarrier}, {@thread_pool={'thread_pool', 0x3d, 0x8}}, {@nodiscard}, {@enospc_debug}, {@ssd_spread}, {@nossd}]}, 0x3, 0x55a3, &(0x7f000000e0c0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
syz_open_dev$dri(0x0, 0x0, 0x80000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
setxattr$security_ima(&(0x7f0000000380)='./file0\x00', &(0x7f0000000100), 0x0, 0x2, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x57e00}], 0x2, 0x1200, 0x41001, 0x3)

6.559695669s ago: executing program 0 (id=1243):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x2080, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x521, 0x3e, 0x0, 0x7ffc0002}]})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
mkdir(0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)=@v1={0x0, @aes128, 0x4, @desc3})

6.559362732s ago: executing program 3 (id=1244):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x88ca}, @void, @eth={@broadcast, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "8a2d55", 0x8, 0x0, 0xff, @dev, @dev, {[@routing={0x29, 0x0, 0x1, 0x8}]}}}}}}, 0x42)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r5, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r7], 0x84}}, 0xc895)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r8, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r10, &(0x7f0000000200), 0xf000)
r11 = socket(0xa, 0x3, 0x1)
getsockopt(r11, 0xff, 0x24, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0)

6.471366494s ago: executing program 5 (id=1245):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x3, [@var={0x2, 0x0, 0x0, 0xe, 0x4, 0x1}, @int={0xf, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, 0x17, 0x7}]}, {0x0, [0x30]}}, &(0x7f0000000180)=""/248, 0x3b, 0xf8, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x8)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f80)=@newtaction={0x48, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x34, 0x1, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4, 0x21}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)

6.470651242s ago: executing program 4 (id=1246):
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[], 0x2c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xc, 0xfffffffffffff800}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r4, 0x40309439, 0x0)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xb)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@gettaction={0x100, 0x32, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x24, 0x1, [{0x14, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1000}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}, @action_gd=@TCA_ACT_TAB={0x30, 0x1, [{0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10}}]}, @action_gd=@TCA_ACT_TAB={0x54, 0x1, [{0x14, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7fffffff}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0x100}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', <r7=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0xe, r7, 0x1f, r5}, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r8, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)

4.116085646s ago: executing program 5 (id=1247):
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
ioprio_set$pid(0x2, 0x0, 0x6000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x38)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

4.060840178s ago: executing program 4 (id=1248):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x6, 0x810, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
r1 = socket$nl_audit(0x10, 0x3, 0x9)
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x200000, &(0x7f0000000440)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB=',dir_umask=00000000000000000000007,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c747970653d9d1191982c636f6465706167653d63703935302c71756965742c696f636861727365743d63703836342c66696c655f756d61736b3d30303030303030303030303030303030301e06", @ANYRESDEC=r1, @ANYRES64=r0, @ANYRESOCT=r1], 0x4, 0x337, &(0x7f0000000540)="$eJzs3U1r1EAYB/D/ZN9tqbGtVDxWC55KWw+KCIr05hfwIMXabqE0VrAVrChWzyLeBMGjN8+iX0Ev4hfQUw/Fk16KSCMzmWRntzPZTV82u/T/g+7rPJlnkkwysxIDIjq2bsz+eH9xS/6JEoACgCuAB6AKFAGcxlj14er68npQX0xbUEFFyD+BKFLsKbOwWreFyjgVofnyXRGD5md0NMIwDH+2LfW7K7lQfkTU9/fwgIruner7atcz25fNDgpUupNKDzG2sNjBDh5hKM90iIgof/r87+mzxKAev3seMKHH4f10/o+ZM4im8c0O8ORk9/PpGcn534veh0KuH7VGRGO+p6Zwch168SzRtizrPhE2VncZ0Z7VtAFEu1mlysWrLS0H9clNtYAXuKYZxUbV4yLihiiubMvR07hlbpoire3pBlQbSrINJUf+I5lr/LyNN/bq5r52kJP4Ir6JOeHjLRaT8V8xFHLlqPXjAzUzIMp/yr1E1Uo/KtXUykbvO6UqORtvgU8fGq2sudZrFQWZi41cimgdv/txnq/L7igMNx8UdOum3a1TUSPWqJnk/V9r1GhrVG2pFNQnF+4HqT+lHBrrjE68ErfEOH7hI2aN8b8nS0/A3TOberlQJfWekdqeoirp2I5NVAe+l6lnEvAvjGQMe4m7uIyhtY3HK/NBUH+Q/4u4q/RIPtGOqHdH+Yl8NsqgKl+UABxapbthGFq/KuIQqijHqbpyLqmmXnqXNFkdZvVPKQerHZvROjS+uu4u3Dhsyk/iI0LGSlX4syRKni2yhP/Rta9t2HdIYWRYPtodMq5qPgjOJBuugEpHPaW2j0pvPl2ZD/ZzLKJ+Y/SXsdvbV/NOh7pPjrtENP8z5itT6qgjH/yU2UjbUYexxGnHDGhYPZ7obAaXLNY5ThyIXwT1mbQ517kLwPmWGj3ENT5vXayv80Qv/qtkxZZWLS1CzOI77vD3fyIiIiIiIiIiIiIiIiIiIiIiIiKifpP1agT35QS7+jok+5UYDVvH8D/eICIiIiIiIiIiIiIiIiIiIiIiIiIiIiI6GOP+v0BB3TGmnPv9fwsd3P9XtL3FJxG18T8AAP//uTRlfg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r5, 0xc0044dff, &(0x7f0000001480))
open(&(0x7f0000000000)='./file2\x00', 0x0, 0x0)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r6 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x4000, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRESOCT=0x0, @ANYRES64, @ANYRES8=0x0, @ANYRES16], 0x1, 0x2a6, &(0x7f0000000800)="$eJzs3U9rY1UUAPDz0jRJdZEsXEnBB7pwVdpu3aRIC8WslCzUhRbbgjRBaKHgH4xduXXjsp9AENz5OfwGglthdtNF4Q0veW+SdtJMMyTTGeb32/T2vnPuO/fy0tJCTr5e758cpnF88dO/0WgkUWnHWlwl0YpKlH6JG9q/BQDwOrvKsniUjcyTl0REY3llAQBLNPfv/7+WXhIAsGSfff7FJzudzu6nadqIvf6v5938L/v86+j6znF8G704is1oxnVE9tRovJdl2aCa5lrxQX9w3s0z+18lxfo7/0cM87eiGa3h1M38/c7uVjoykT/I63iruH87z9+OZrwz5f77nd3tKfnRrcWH70/UvxHN+Oeb+C56cTgsYpz/81aafpz9/vjHL/Py8vxkcN6tD+PGspWIuPQ/DwAAAAAAAAAAAAAAAAAAAAAAFmGj6J1Tj2H/nnyq6L+zcp1/sxppqXWzP88ov+zzc7s/0CCLy7K/zmaaplkROM6vxrvVqD7MrgEAAAAAAAAAAAAAAAAAAODVcvb9DycHvd7R6UIGZTeA8m39L7pOe2LmvZgdXB/fq1IMZ6wcK2VMEjGzjHwTCzqWqYPK+HzW7qr5jz/nXbnx/JjVWeezmEH5dJ0cJNPPsB7lTKM8hL8nY2pxz3vV7rq0XpRwv3VqUy8159577e3hYDAjJpJZr4uP/huVXcwkt19EteGpTk1fLQYT6beejbme52d/ViS6dQAAAAAAAAAAAAAAAAAAwFKN3/Q75eLFzNRKVl9aWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwUo0//3+OwaBIvkdwLU7PHniLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvAGeBAAA//9nmF1U")
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r6, 0x40047211, &(0x7f0000000040)=0x20)

3.420596508s ago: executing program 5 (id=1249):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x3a, 0x40, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000139209f422ca2f1d3568c599f830b1f821bc25fa46eaf53917fbae01ac86e06a0af31a9167ac93666cbfce317f4d89438ada20492c7e787769ae367b057e255f9fc7fcd3678acf258357e1e5a90d17a85ed2bb685014e05fe9dd53656818b650ff910557ae37262d1202049fd3e46740a84e730119514262213ed7957fbdbfb2aa975531396fdcd06430f49d3102697a185091e299fd98504173205364a390622b72d5b169249a81bc558643f18c"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r0, 0x1)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
set_mempolicy(0x4000, &(0x7f0000000000)=0x7, 0x7f00000000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)

3.291869693s ago: executing program 3 (id=1250):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f0000000140)=0x5, 0x4)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r3}, 0x20)
sendto$inet(r3, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf408, 0x0, 0xf06)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, 0x0, &(0x7f0000000040)=0xffffffffffffffba)

2.975370737s ago: executing program 4 (id=1251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = add_key(&(0x7f0000000140)='rxrpc_s\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$update(0x2, r1, &(0x7f0000000800), 0x0)
openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0xa, 0x6)
r2 = syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x206200)
r3 = socket(0x840000000002, 0x3, 0xfa)
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0)
ioctl$NBD_DISCONNECT(r4, 0xab08)
setns(0xffffffffffffffff, 0x24020000)
epoll_create1(0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_clone(0x37000520, 0x0, 0x0, 0x0, 0x0, 0x0)

1.292738801s ago: executing program 5 (id=1252):
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b63d25a80648c2594f90124fc60350c030b022e0009083582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x3000}, 0x0)

1.29229958s ago: executing program 2 (id=1253):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

965.151239ms ago: executing program 3 (id=1254):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={0x1c, 0x2a, 0x821, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@nested={0x4, 0xe}, @typed={0x4, 0xf}]}, 0x1c}, 0x1, 0x3000000, 0x0, 0x11}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = getpid()
getpgrp(r2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001a40)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x1e8}, 0x1, 0x0, 0x0, 0x2000c801}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
fsmount(r3, 0x0, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000680)={0x1, 0xdf, "a0b1dc0e9d902a42960475cccba6ce5039aab3ad313156b0d05400ed30ccdf22786bf39d50cc9c73b10e04186991b25162b1f26183ddab92729ffd493851a54b6865b523af47a85793e2c53bbc7bd6a0b3a0627073853efa9a0e0a4b150061d3a4c117229d808e4ab44e24ada511385fe3f6e80aea254293083b5bc7517d0d01801bffacd727fd1292fba6ec489946aa67c2e6aa768a8b6d3daa9fed7c3fea8dd727e885f40b8e12f37ab969cbd98b505d40ae889598d2d138212da1841f8677521b4b8ecb2af610446b799ca71940a42566a87272e65d3cf8724a4ffea574"})
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xd8)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$sock(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}}], 0x1, 0x0)
bind$l2tp6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x3, &(0x7f00000005c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
connect$l2tp6(r4, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r4, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x17fd147c801ae9ab, 0x0)

279.758154ms ago: executing program 2 (id=1255):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000978f0049a148090018110001", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

279.398961ms ago: executing program 3 (id=1256):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x15, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})

111.80547ms ago: executing program 5 (id=1257):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
syz_usb_connect(0x2, 0x52, &(0x7f0000000040)=ANY=[@ANYBLOB="120110034ed635400b042165113c01020301090240000140ff40000904100603f93252080a2401b4f203020102052405fffb49e0"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x15555555555557c3})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000009c0))
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000680)=""/93, &(0x7f0000000700)=""/83})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000001c0)=0x1)

69.038555ms ago: executing program 3 (id=1258):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r4, 0x29, 0x1a, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x1a, &(0x7f0000000240)=ANY=[@ANYBLOB="180510f1a1d739470d00"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018", @ANYRES32, @ANYBLOB="00000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$UHID_CREATE2(r5, &(0x7f00000002c0)=ANY=[], 0x118)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r6, 0xc0481273, &(0x7f0000000000))
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0xfffffffc}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

37.779158ms ago: executing program 4 (id=1259):
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
ioprio_set$pid(0x2, 0x0, 0x6000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x38)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

0s ago: executing program 2 (id=1260):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000ebff1f20"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'bond_slave_0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x31, 0x5, 0x4, {0x12, @tcp_ip4_spec={@multicast1, @broadcast, 0x4e24, 0x4e21, 0x1}, {0x0, @multicast, 0x400, 0x81, [0x7ff, 0x400]}, @esp_ip4_spec={@multicast2, @remote, 0x7, 0xfd}, {0x0, @broadcast, 0x5, 0x7, [0x10001, 0x897]}, 0xd7, 0x4}, 0x8, [0x5, 0xd7b, 0x3, 0x4, 0x7, 0x6, 0x9, 0x3547]}})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
keyctl$session_to_parent(0x12)
signalfd(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r4=>0xffffffffffffffff})
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r4, 0x0, r5, 0x0, 0x80, 0x0)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r6, &(0x7f0000000080), 0xc)
r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r7, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
sendmsg$sock(r6, &(0x7f0000001540)={0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

ed filesystem due to reason: 3
[   88.096987][ T6131] syz.3.47 (6131): drop_caches: 2
[   88.156248][ T6127] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   88.392085][ T6138] fuse: Bad value for 'fd'
[   88.838048][ T5852] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   89.020475][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   89.055097][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   89.083119][ T5852] usb 3-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[   89.102631][ T5852] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.318786][ T5852] usb 3-1: config 0 descriptor??
[   90.218658][ T6150] loop4: detected capacity change from 0 to 32768
[   90.226215][ T6150] XFS: ikeep mount option is deprecated.
[   90.232027][ T6150] XFS: ikeep mount option is deprecated.
[   90.273581][ T6150] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.487499][ T6150] XFS (loop4): Ending clean mount
[   90.511280][ T6150] XFS (loop4): Quotacheck needed: Please wait.
[   90.537471][ T6150] XFS (loop4): Quotacheck: Done.
[   91.449476][ T5852] usbhid 3-1:0.0: can't add hid device: -71
[   91.458193][ T5852] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   91.486325][ T5846] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.559611][ T6182] fuse: Bad value for 'fd'
[   91.587493][ T6184] fuse: Bad value for 'fd'
[   91.606981][ T6184] loop1: detected capacity change from 0 to 512
[   91.643738][ T6182] loop2: detected capacity change from 0 to 512
[   91.656291][ T5852] usb 3-1: USB disconnect, device number 3
[   91.884680][ T6184] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.66: invalid indirect mapped block 256 (level 2)
[   91.903745][ T6182] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.65: invalid indirect mapped block 256 (level 2)
[   91.965933][ T6182] EXT4-fs (loop2): 2 truncates cleaned up
[   91.976123][ T6184] EXT4-fs (loop1): 2 truncates cleaned up
[   91.989195][ T6182] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.013251][ T6184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.261522][ T6191] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[   93.732161][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.528106][ T6218] input: syz1 as /devices/virtual/input/input5
[   94.662565][ T5899] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   95.624468][ T5864] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   95.639728][ T5864] Bluetooth: hci0: Injecting HCI hardware error event
[   95.648964][ T5864] Bluetooth: hci0: hardware error 0x00
[   95.668560][ T6210] loop3: detected capacity change from 0 to 32768
[   95.698080][ T5899] usb 2-1: Using ep0 maxpacket: 8
[   95.706699][ T6220] loop4: detected capacity change from 0 to 40427
[   95.718436][ T5899] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   95.741166][ T5899] usb 2-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[   95.750682][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.758990][ T5899] usb 2-1: Product: syz
[   95.763393][ T5899] usb 2-1: Manufacturer: syz
[   95.770206][ T5899] usb 2-1: SerialNumber: syz
[   95.783130][ T6210] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   95.788477][ T5899] usb 2-1: config 0 descriptor??
[   95.811146][ T6210] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   95.818629][ T6220] F2FS-fs (loop4): Found nat_bits in checkpoint
[   95.911324][ T6220] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   95.962644][ T6210] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[   95.982744][ T5899] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   95.995883][ T5899] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   96.019923][ T6191] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[   96.042084][    T9] usb 2-1: USB disconnect, device number 3
[   96.232819][ T5899] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 236ms
[   96.266527][ T5899] gfs2: fsid=syz:syz.0: jid=0: Done
[   96.280312][ T6210] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   96.346771][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.620130][ T5852] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   96.912409][ T5846] syz-executor: attempt to access beyond end of device
[   96.912409][ T5846] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   96.930315][ T5846] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[   97.877616][ T5846] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[   97.893424][ T5864] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[   97.921385][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.932569][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.641751][ T5852] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[   98.650922][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.663804][ T5852] usb 1-1: config 0 descriptor??
[   98.782600][ T5852] usbhid 1-1:0.0: can't add hid device: -71
[   98.790856][ T5852] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   98.800819][ T5852] usb 1-1: USB disconnect, device number 2
[  100.347584][ T6269] loop2: detected capacity change from 0 to 64
[  100.381981][ T6269] hfs: Bad value for 'file_umask'
[  100.427642][ T6269] loop2: detected capacity change from 0 to 8
[  100.579557][ T6273] loop3: detected capacity change from 0 to 1024
[  100.601203][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  100.860249][ T6280] SQUASHFS error: Failed to read block 0x8f: -5
[  100.870445][ T6280] SQUASHFS error: Failed to read block 0xc00090: -5
[  100.877404][ T6280] SQUASHFS error: Failed to read block 0x8f: -5
[  100.884049][ T6280] SQUASHFS error: Failed to read block 0x8f: -5
[  100.891179][ T6280] SQUASHFS error: Failed to read block 0x8f: -5
[  100.897765][ T6280] SQUASHFS error: Failed to read block 0x8f: -5
[  100.905875][ T6280] SQUASHFS error: Failed to read block 0x8f: -5
[  101.339993][   T29] audit: type=1800 audit(1730321024.792:3): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.85" name="file2" dev="loop2" ino=6 res=0 errno=0
[  101.537071][ T6273] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.679870][ T6287] loop2: detected capacity change from 0 to 24
[  101.705172][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.768037][    T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  102.629986][    T8] usb 5-1: Using ep0 maxpacket: 8
[  102.640544][    T8] usb 5-1: config 0 has an invalid interface number: 185 but max is 0
[  102.648884][    T8] usb 5-1: config 0 has no interface number 0
[  102.655285][    T8] usb 5-1: config 0 interface 185 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  102.702165][    T8] usb 5-1: config 0 interface 185 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  102.815487][    T8] usb 5-1: New USB device found, idVendor=0763, idProduct=1033, bcdDevice=50.8f
[  102.828982][ T6292] loop3: detected capacity change from 0 to 64
[  102.835467][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.844533][ T6292] hfs: Bad value for 'file_umask'
[  102.852170][    T8] usb 5-1: Product: syz
[  102.857791][ T6292] loop3: detected capacity change from 0 to 8
[  102.864489][    T8] usb 5-1: Manufacturer: syz
[  102.869277][    T8] usb 5-1: SerialNumber: syz
[  103.143853][    T8] usb 5-1: config 0 descriptor??
[  103.160146][ T6284] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  103.252117][ T6300] SQUASHFS error: Failed to read block 0x8f: -5
[  103.261461][ T6300] SQUASHFS error: Failed to read block 0xc00090: -5
[  103.268529][ T6300] SQUASHFS error: Failed to read block 0x8f: -5
[  103.275046][ T6300] SQUASHFS error: Failed to read block 0x8f: -5
[  103.281824][ T6300] SQUASHFS error: Failed to read block 0x8f: -5
[  103.289594][ T6300] SQUASHFS error: Failed to read block 0x8f: -5
[  103.296260][ T6300] SQUASHFS error: Failed to read block 0x8f: -5
[  103.592291][   T29] audit: type=1800 audit(1730321027.192:4): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.89" name="file2" dev="loop3" ino=6 res=0 errno=0
[  104.152116][    T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  104.236275][ T6306] loop2: detected capacity change from 0 to 1024
[  104.962320][ T6318] Zero length message leads to an empty skb
[  105.448258][    T8] usb 5-1: USB disconnect, device number 2
[  105.696534][ T6324] udevd[6324]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.185/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  105.770843][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  106.089477][ T6337] loop2: detected capacity change from 0 to 1024
[  106.128830][ T6336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.101'.
[  106.151575][ T6336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.101'.
[  106.196006][ T6337] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.287194][ T6315] loop3: detected capacity change from 0 to 32768
[  106.302415][ T6337] overlayfs: missing 'lowerdir'
[  106.508714][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.213660][ T6355] delete_channel: no stack
[  107.880854][ T6369] netlink: 8 bytes leftover after parsing attributes in process `syz.4.107'.
[  107.968430][ T5899] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  108.195232][ T5899] usb 2-1: Using ep0 maxpacket: 8
[  108.204292][ T6376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.112'.
[  108.219357][ T5899] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  108.250241][ T5899] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  108.320665][ T5899] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  108.330156][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.338667][ T5899] usb 2-1: Product: syz
[  108.342853][ T5899] usb 2-1: Manufacturer: syz
[  108.347460][ T5899] usb 2-1: SerialNumber: syz
[  108.477420][ T6382] loop4: detected capacity change from 0 to 1024
[  108.652936][ T6382] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.719311][ T6382] overlayfs: missing 'lowerdir'
[  109.281349][ T5899] usb 2-1: cannot find UAC_HEADER
[  109.336434][ T5846] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.445747][ T6391] bridge_slave_0: left allmulticast mode
[  109.456135][ T6391] bridge_slave_0: left promiscuous mode
[  109.465676][ T6391] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.467489][ T5899] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  109.522260][ T6391] bridge_slave_1: left allmulticast mode
[  109.538517][ T6391] bridge_slave_1: left promiscuous mode
[  109.544542][ T5899] usb 2-1: USB disconnect, device number 4
[  109.545439][ T6391] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.782928][ T6391] bond0: (slave bond_slave_0): Releasing backup interface
[  109.806797][ T6391] bond0: (slave bond_slave_1): Releasing backup interface
[  110.034269][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.524217][ T6401] input: syz1 as /devices/virtual/input/input7
[  110.579056][ T6391] team0: Port device team_slave_0 removed
[  110.635221][ T6391] team0: Port device team_slave_1 removed
[  110.668990][ T6391] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.721131][ T6391] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.753972][ T6391] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.788886][ T6391] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.891947][ T6392] team0: Mode changed to "activebackup"
[  112.617297][ T6410] loop1: detected capacity change from 0 to 32768
[  112.655242][ T6410] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.121 (6410)
[  113.048999][ T6410] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  113.104960][ T6410] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  113.366209][ T6410] BTRFS info (device loop1): disk space caching is enabled
[  113.511435][ T6410] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  113.818144][ T6410] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  113.820621][ T6410] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  113.891037][ T6410] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  113.928553][ T6410] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  113.939334][ T6410] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  113.949827][ T6410] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  114.969500][ T6410] BTRFS error (device loop1): open_ctree failed
[  115.609885][ T6469] netlink: 24 bytes leftover after parsing attributes in process `syz.1.133'.
[  116.224462][ T6450] loop2: detected capacity change from 0 to 32768
[  116.429192][ T6450] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.131 (6450)
[  116.513377][ T6450] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  116.524168][ T6450] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  116.533254][ T6450] BTRFS info (device loop2): using free-space-tree
[  116.793102][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  116.869342][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  117.163142][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  117.228323][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  117.340274][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  117.379716][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  117.447549][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  117.480788][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  117.508473][ T6450] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  117.616243][ T6450] BTRFS error (device loop2): open_ctree failed
[  118.042726][ T6519] fuse: Unknown parameter 'group_i00000000000000000000'
[  119.261501][ T6517] loop1: detected capacity change from 0 to 32768
[  121.682192][ T6553] overlayfs: missing 'lowerdir'
[  121.711863][ T6555] fuse: Unknown parameter 'group_i00000000000000000000'
[  124.028453][ T6567] loop1: detected capacity change from 0 to 40427
[  124.045560][ T6567] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  124.053691][ T6567] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  124.076710][ T6567] F2FS-fs (loop1): invalid crc value
[  124.091972][ T6567] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  124.177597][ T6567] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  124.184794][ T6567] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  124.468113][   T25] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  124.728190][   T25] usb 5-1: Using ep0 maxpacket: 8
[  124.807806][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.116932][   T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  125.129907][   T25] usb 5-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  125.139238][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.152167][   T25] usb 5-1: config 0 descriptor??
[  125.587395][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.594491][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.603633][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.613800][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.620681][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.627553][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.634552][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.683560][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.703849][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.718028][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.734201][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.747991][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.764981][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.775140][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.789181][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.807211][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.824894][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.836244][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.853085][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.868075][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.879856][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.894803][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.908043][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.926649][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.942620][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.952298][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.968007][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.983964][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  125.998000][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.012955][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.028014][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.045091][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.065389][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.075578][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.089872][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.099333][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.210844][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.218037][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.254083][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.268115][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.285500][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.298260][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.315486][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.328359][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.338002][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.355450][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.367991][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.383069][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.391087][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.397839][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.404648][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.411461][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.418310][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.426098][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.432883][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.439665][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.446565][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.453485][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.460391][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.467127][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.474012][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.481341][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.489218][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.499920][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.506681][   T25] nti 0003:0757:0A00.0002: unknown main item tag 0x0
[  126.521029][   T25] nti 0003:0757:0A00.0002: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.4-1/input0
[  127.251484][   T25] usb 5-1: USB disconnect, device number 3
[  127.513096][ T6593] loop3: detected capacity change from 0 to 512
[  129.524423][ T6609] fuse: Unknown parameter 'group_i00000000000000000000'
[  129.807701][ T6613] fuse: Bad value for 'fd'
[  130.421915][ T6613] loop4: detected capacity change from 0 to 512
[  130.491516][ T6613] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.171: invalid indirect mapped block 256 (level 2)
[  130.566272][ T6613] EXT4-fs (loop4): 2 truncates cleaned up
[  130.573452][ T6613] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.759769][ T6628] overlayfs: failed to resolve './file0': -2
[  131.534598][ T6626] loop1: detected capacity change from 0 to 32768
[  131.633758][ T6619] loop3: detected capacity change from 0 to 40427
[  131.690807][ T6619] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1fffff
[  131.735738][ T6619] F2FS-fs (loop3): invalid crc value
[  131.784109][ T6626] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  131.800446][ T6619] F2FS-fs (loop3): Found nat_bits in checkpoint
[  132.008039][ T6619] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  132.087954][   T29] audit: type=1800 audit(1730321055.952:5): pid=6619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.173" name="bus" dev="loop3" ino=14 res=0 errno=0
[  132.188094][ T5846] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.219506][ T6638] (syz.1.175,6638,1):ocfs2_remount:623 ERROR: Cannot change heartbeat mode on remount
[  132.235268][ T6619] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x195/0xb90
[  132.364320][ T5845] syz-executor: attempt to access beyond end of device
[  132.364320][ T5845] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  132.378875][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  132.385798][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  132.488196][ T5850] ocfs2: Unmounting device (7,1) on (node local)
[  132.841712][   T25] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  133.018675][   T25] usb 5-1: Using ep0 maxpacket: 8
[  133.030251][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.092290][   T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  133.107542][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  133.113955][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  133.148057][   T25] usb 5-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  133.167802][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.192565][   T25] usb 5-1: config 0 descriptor??
[  134.077537][   T25] usbhid 5-1:0.0: can't add hid device: -71
[  134.085845][   T25] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  134.100928][   T25] usb 5-1: USB disconnect, device number 4
[  135.218113][ T6674] fuse: Bad value for 'fd'
[  135.237802][ T6672] loop4: detected capacity change from 0 to 1024
[  135.291653][ T6672] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.313405][ T6672] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  135.322411][ T6672] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  135.414816][ T5846] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.536500][ T6669] loop3: detected capacity change from 0 to 1024
[  135.647209][ T6669] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.828608][ T5852] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  136.230862][ T5852] usb 2-1: Using ep0 maxpacket: 8
[  136.663472][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.903323][ T5852] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.917967][ T5852] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  136.955107][ T5852] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  136.964869][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.973625][ T5852] usb 2-1: Product: syz
[  136.977825][ T5852] usb 2-1: Manufacturer: syz
[  136.983205][ T5852] usb 2-1: SerialNumber: syz
[  137.431061][ T6684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  137.478457][ T6684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.539264][ T6682] loop2: detected capacity change from 0 to 40427
[  137.592979][ T6682] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1fffff
[  137.599576][ T6701] veth0_vlan: entered allmulticast mode
[  137.611255][ T6682] F2FS-fs (loop2): invalid crc value
[  137.630813][ T6682] F2FS-fs (loop2): Found nat_bits in checkpoint
[  137.716358][ T5852] usb 2-1: cannot find UAC_HEADER
[  137.749266][ T5852] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  137.790264][ T5852] usb 2-1: USB disconnect, device number 5
[  137.837799][ T6682] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  137.910093][   T29] audit: type=1800 audit(1730321061.792:6): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.189" name="bus" dev="loop2" ino=14 res=0 errno=0
[  137.991577][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  138.109475][ T6682] F2FS-fs (loop2): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x195/0xb90
[  138.202674][ T5859] syz-executor: attempt to access beyond end of device
[  138.202674][ T5859] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  138.268000][ T5859] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  138.274963][ T5859] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  138.752174][ T6711] loop1: detected capacity change from 0 to 128
[  138.883821][ T6711] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  138.985829][ T6711] ext4 filesystem being mounted at /49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  139.017747][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.168644][ T6720] loop2: detected capacity change from 0 to 64
[  139.175741][ T6720] hfs: Bad value for 'file_umask'
[  139.189101][ T6720] loop2: detected capacity change from 0 to 8
[  139.523460][ T6726] SQUASHFS error: Failed to read block 0x8f: -5
[  139.533488][ T6726] SQUASHFS error: Failed to read block 0xc00090: -5
[  139.540997][ T6726] SQUASHFS error: Failed to read block 0x8f: -5
[  139.547533][ T6726] SQUASHFS error: Failed to read block 0x8f: -5
[  139.554279][ T6726] SQUASHFS error: Failed to read block 0x8f: -5
[  139.560878][ T6726] SQUASHFS error: Failed to read block 0x8f: -5
[  139.567577][ T6726] SQUASHFS error: Failed to read block 0x8f: -5
[  140.032136][ T6728] fscrypt (loop1, inode 12): Direct key flag not allowed with different contents and filenames modes
[  140.480354][   T29] audit: type=1800 audit(1730321063.462:7): pid=6726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.194" name="file2" dev="loop2" ino=6 res=0 errno=0
[  141.115709][ T6732] loop2: detected capacity change from 0 to 1024
[  141.134773][ T5850] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  141.274001][ T6732] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.334883][ T6732] overlayfs: missing 'lowerdir'
[  142.090604][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.611262][ T6743] loop3: detected capacity change from 0 to 40427
[  143.785549][ T6743] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1fffff
[  143.883722][ T6743] F2FS-fs (loop3): invalid crc value
[  143.953662][ T6743] F2FS-fs (loop3): Found nat_bits in checkpoint
[  144.035702][ T6769] netlink: 8 bytes leftover after parsing attributes in process `syz.2.209'.
[  144.190987][ T6743] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  144.255685][ T6774] loop4: detected capacity change from 0 to 64
[  144.263535][   T29] audit: type=1800 audit(1730321068.142:8): pid=6743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.204" name="bus" dev="loop3" ino=14 res=0 errno=0
[  144.292259][ T6774] hfs: Bad value for 'file_umask'
[  144.454923][ T6743] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x195/0xb90
[  144.623083][ T5845] syz-executor: attempt to access beyond end of device
[  144.623083][ T5845] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  144.649847][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  144.657381][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  144.666127][ T6786] overlayfs: failed to resolve './file1': -2
[  146.110850][ T6802] input: syz1 as /devices/virtual/input/input9
[  146.979400][ T6807] fuse: Bad value for 'fd'
[  147.198541][ T6807] loop3: detected capacity change from 0 to 512
[  147.329891][ T6807] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.217: invalid indirect mapped block 256 (level 2)
[  147.364146][ T6807] EXT4-fs (loop3): 2 truncates cleaned up
[  147.371614][ T6807] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.428789][ T6813] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  147.864353][ T5852] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  148.358201][ T5852] usb 3-1: device descriptor read/64, error -71
[  148.608304][ T5852] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  148.609146][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.788217][ T5852] usb 3-1: device descriptor read/64, error -71
[  148.908041][ T6829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.227'.
[  148.917739][ T5852] usb usb3-port1: attempt power cycle
[  149.290765][ T5852] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  149.376814][ T5852] usb 3-1: device descriptor read/8, error -71
[  149.970936][ T5852] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  149.998874][ T5852] usb 3-1: device descriptor read/8, error -71
[  150.110692][ T5852] usb usb3-port1: unable to enumerate USB device
[  150.167040][ T6821] loop1: detected capacity change from 0 to 40427
[  150.177250][ T6821] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  150.185404][ T6821] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  150.221247][ T6821] F2FS-fs (loop1): invalid crc value
[  150.231214][ T6821] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  150.316229][ T6821] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  150.323839][ T6821] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  151.297201][ T6867] loop4: detected capacity change from 0 to 64
[  151.304539][ T6867] hfs: Bad value for 'file_umask'
[  151.377287][ T6867] loop4: detected capacity change from 0 to 8
[  151.796442][ T6871] SQUASHFS error: Failed to read block 0x8f: -5
[  151.806241][ T6871] SQUASHFS error: Failed to read block 0xc00090: -5
[  151.813303][ T6871] SQUASHFS error: Failed to read block 0x8f: -5
[  151.820352][ T6871] SQUASHFS error: Failed to read block 0x8f: -5
[  151.826891][ T6871] SQUASHFS error: Failed to read block 0x8f: -5
[  151.833955][ T6871] SQUASHFS error: Failed to read block 0x8f: -5
[  151.841052][ T6871] SQUASHFS error: Failed to read block 0x8f: -5
[  151.939298][   T29] audit: type=1800 audit(1730321075.742:9): pid=6871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.239" name="file2" dev="loop4" ino=6 res=0 errno=0
[  152.363941][ T6868] loop3: detected capacity change from 0 to 32768
[  152.376945][ T6868] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.238 (6868)
[  152.418650][ T6868] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.498483][ T6868] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  152.820873][ T6883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.240'.
[  153.128182][ T6868] BTRFS info (device loop3): rebuilding free space tree
[  153.193836][ T6903] tipc: Started in network mode
[  153.216858][ T6903] tipc: Node identity ffffffff, cluster identity 4711
[  153.227974][ T6868] BTRFS info (device loop3): disabling free space tree
[  153.235031][ T6868] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  153.255126][ T6903] tipc: Node number set to 4294967295
[  153.272319][ T6868] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  153.777627][ T5845] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  153.861170][ T6914] loop1: detected capacity change from 0 to 256
[  153.918046][ T6914] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  154.168826][ T6916] loop3: detected capacity change from 0 to 1024
[  155.520484][ T6932] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  155.653560][ T6932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.253'.
[  156.609540][ T6949] loop2: detected capacity change from 0 to 1024
[  156.858103][ T6952] raw_sendmsg: syz.0.260 forgot to set AF_INET. Fix it!
[  156.996660][   T25] IPVS: starting estimator thread 0...
[  157.180174][ T6941] loop4: detected capacity change from 0 to 32768
[  157.201603][ T6941] XFS: ikeep mount option is deprecated.
[  157.207835][ T6941] XFS: ikeep mount option is deprecated.
[  157.268200][ T6954] IPVS: using max 16 ests per chain, 38400 per kthread
[  157.316828][   T53] hfsplus: b-tree write err: -5, ino 4
[  157.483343][ T6941] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.584411][ T6970] loop3: detected capacity change from 0 to 256
[  157.670695][ T6970] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  157.780587][ T6941] XFS (loop4): Ending clean mount
[  157.801785][ T6941] XFS (loop4): Quotacheck needed: Please wait.
[  157.955851][ T6941] XFS (loop4): Quotacheck: Done.
[  158.725804][ T5846] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  159.944109][ T6981] loop2: detected capacity change from 0 to 32768
[  160.194272][ T6981] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.266 (6981)
[  160.469540][ T6981] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  160.510936][ T6981] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  160.551073][ T6981] BTRFS info (device loop2): disk space caching is enabled
[  160.640073][ T6981] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  160.801288][ T6981] BTRFS info (device loop2): rebuilding free space tree
[  161.501374][ T6981] BTRFS info (device loop2): disabling free space tree
[  161.511346][ T6981] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  161.545937][ T6981] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  161.621313][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.277'.
[  161.671507][ T5859] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  161.716750][ T7003] loop3: detected capacity change from 0 to 40427
[  161.809075][ T7034] fuse: Bad value for 'fd'
[  161.833702][ T7003] F2FS-fs (loop3): Found nat_bits in checkpoint
[  161.890394][ T7034] loop1: detected capacity change from 0 to 512
[  161.952163][ T7034] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.279: invalid indirect mapped block 256 (level 2)
[  162.040483][ T7034] EXT4-fs (loop1): 2 truncates cleaned up
[  162.083686][ T7003] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  162.106216][ T7034] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.200052][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.978036][ T5845] syz-executor: attempt to access beyond end of device
[  162.978036][ T5845] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  163.043136][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  163.800964][ T7055] delete_channel: no stack
[  164.080193][ T7043] loop1: detected capacity change from 0 to 32768
[  164.107030][ T7043] XFS: ikeep mount option is deprecated.
[  164.113659][ T7043] XFS: ikeep mount option is deprecated.
[  164.426246][ T7043] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.658708][ T7043] XFS (loop1): Ending clean mount
[  164.695249][ T7043] XFS (loop1): Quotacheck needed: Please wait.
[  164.791975][ T7043] XFS (loop1): Quotacheck: Done.
[  165.165218][ T7075] fuse: Unknown parameter 'group_i00000000000000000000'
[  165.726293][ T5850] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  167.557142][ T7087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.289'.
[  168.574430][ T7094] syz.2.291 (7094): drop_caches: 2
[  168.915286][ T7102] input: syz1 as /devices/virtual/input/input10
[  171.548869][ T7135] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'.
[  171.618294][ T7135] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'.
[  171.882885][ T7139] loop1: detected capacity change from 0 to 4096
[  171.992011][ T7143] input: syz1 as /devices/virtual/input/input11
[  173.184745][ T7133] loop3: detected capacity change from 0 to 32768
[  173.232252][ T7133] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.305 (7133)
[  173.296073][ T7133] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  173.318148][ T7133] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  173.337847][ T7133] BTRFS info (device loop3): using free-space-tree
[  173.531689][ T7133] BTRFS info (device loop3): rebuilding free space tree
[  173.801605][   T29] audit: type=1800 audit(1730321097.682:10): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.305" name="bus" dev="loop3" ino=263 res=0 errno=0
[  174.009247][ T7141] loop4: detected capacity change from 0 to 32768
[  174.068136][ T7141] BTRFS: device /dev/loop4 (7:4) using temp-fsid dc603a8c-d5d8-41c7-a4bf-f8a61bb2d106
[  174.094870][ T7141] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.307 (7141)
[  174.172527][ T7182] overlay: ./file1 is not a directory
[  174.299098][ T7141] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  174.418060][ T7141] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  174.927713][ T7141] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  174.931387][ T7141] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  174.945855][ T7141] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  175.315475][ T7141] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  175.549076][ T7141] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  175.622263][ T7141] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  175.902125][ T7141] BTRFS error (device loop4): open_ctree failed
[  176.492187][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.319'.
[  176.502423][ T7217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.319'.
[  176.562009][ T7191] loop2: detected capacity change from 0 to 40427
[  176.641366][ T7191] F2FS-fs (loop2): Found nat_bits in checkpoint
[  177.777850][ T5845] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  178.512285][ T7238] loop3: detected capacity change from 0 to 256
[  180.128118][   T29] audit: type=1804 audit(1730321104.002:11): pid=7252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.322" name="/newroot/47/file0/file0" dev="loop3" ino=1048612 res=1 errno=0
[  180.173349][ T7252] veth0_vlan: entered allmulticast mode
[  180.176450][ T7250] loop2: detected capacity change from 0 to 32768
[  180.188997][ T7250] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.329 (7250)
[  180.194309][   T29] audit: type=1800 audit(1730321104.002:12): pid=7252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.322" name="file0" dev="loop3" ino=1048612 res=0 errno=0
[  180.233831][ T7250] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  180.245049][ T7250] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  180.917542][ T7250] BTRFS info (device loop2): rebuilding free space tree
[  181.003134][ T7250] BTRFS info (device loop2): disabling free space tree
[  181.010678][ T7250] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  181.052547][ T7250] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  181.320192][ T5859] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  181.496576][ T7266] loop4: detected capacity change from 0 to 32768
[  181.529912][ T7266] BTRFS: device /dev/loop4 (7:4) using temp-fsid 485ab744-ed94-44e6-8b5f-c1469a7c17ef
[  181.540046][ T7266] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.333 (7266)
[  182.254005][ T7266] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  182.480464][ T7266] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  182.548098][ T7266] BTRFS info (device loop4): using free-space-tree
[  183.992634][ T7266] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  183.995172][ T7266] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  185.275780][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.3.343'.
[  185.304168][ T7316] loop2: detected capacity change from 0 to 4096
[  185.676751][ T7266] BTRFS error (device loop4): open_ctree failed
[  186.421821][ T7318] loop1: detected capacity change from 0 to 32768
[  186.490818][ T7332] netlink: 'syz.3.347': attribute type 10 has an invalid length.
[  186.509623][ T7318] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.341 (7318)
[  186.603422][ T7318] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  186.661255][ T7318] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  186.684545][ T7318] BTRFS info (device loop1): using free-space-tree
[  186.757503][ T7332] hsr_slave_0 (unregistering): left promiscuous mode
[  186.942517][ T5856] Bluetooth: hci2: command 0x0406 tx timeout
[  186.949488][ T5160] Bluetooth: hci1: command 0x0406 tx timeout
[  187.088043][ T5861] Bluetooth: hci4: command 0x0406 tx timeout
[  187.133519][ T7356] loop2: detected capacity change from 0 to 128
[  188.474001][ T5850] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  188.526915][ T7364] loop2: detected capacity change from 0 to 512
[  190.998017][ T5941] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  191.155714][ T7381] warning: `syz.2.356' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  191.198066][ T5941] usb 4-1: Using ep0 maxpacket: 8
[  191.207809][ T5941] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.227940][ T5941] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  191.256950][ T7366] loop4: detected capacity change from 0 to 40427
[  191.310888][ T7366] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  191.320116][ T7366] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  191.358162][ T7366] F2FS-fs (loop4): invalid crc value
[  191.388042][ T7366] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  191.464059][ T5941] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  191.473541][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.481867][ T5941] usb 4-1: Product: syz
[  191.486471][ T5941] usb 4-1: Manufacturer: syz
[  191.508060][ T5941] usb 4-1: SerialNumber: syz
[  192.318303][ T7393] loop2: detected capacity change from 0 to 1024
[  192.365724][ T7375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.379417][ T7375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.413137][ T7393] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.553428][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.619513][ T5941] usb 4-1: cannot find UAC_HEADER
[  192.628561][   T47] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  192.717396][ T5941] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  193.372444][ T7407] syz.4.360 (7407): drop_caches: 2
[  193.392888][   T47] usb 2-1: device descriptor read/64, error -71
[  193.475858][ T5941] usb 4-1: USB disconnect, device number 2
[  193.658040][   T47] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  193.829066][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  193.860106][   T47] usb 2-1: device descriptor read/64, error -71
[  193.968871][   T47] usb usb2-port1: attempt power cycle
[  194.055886][ T7420] loop3: detected capacity change from 0 to 512
[  195.138962][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  195.145538][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  195.290689][   T47] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  195.319350][   T47] usb 2-1: device descriptor read/8, error -71
[  195.808273][   T47] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  196.132729][   T47] usb 2-1: device descriptor read/8, error -71
[  196.268434][   T47] usb usb2-port1: unable to enumerate USB device
[  196.291873][ T7434] loop1: detected capacity change from 0 to 1024
[  196.435735][ T7434] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.580144][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  196.758660][   T25] usb 1-1: Using ep0 maxpacket: 8
[  196.814923][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  196.930070][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  196.962630][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  196.988847][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.022747][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  197.041957][   T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  197.051315][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.059462][   T25] usb 1-1: Product: syz
[  197.063651][   T25] usb 1-1: Manufacturer: syz
[  197.068341][   T25] usb 1-1: SerialNumber: syz
[  197.151446][ T7449] fuse: Unknown parameter 'group_i00000000000000000000'
[  197.172999][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.299953][ T7432] loop4: detected capacity change from 0 to 40427
[  197.412078][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.443831][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.460083][ T7432] F2FS-fs (loop4): Found nat_bits in checkpoint
[  197.577047][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.607127][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.663138][ T7436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.765144][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  197.800192][ T7436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.967119][ T5850] EXT4-fs error (device loop1): ext4_empty_dir:3084: inode #11: comm syz-executor: invalid size
[  198.035308][ T7432] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  198.170753][   T25] usb 1-1: cannot find UAC_HEADER
[  198.253901][ T7458] netlink: 24 bytes leftover after parsing attributes in process `syz.3.378'.
[  198.340601][ T7446] loop2: detected capacity change from 0 to 32768
[  198.388309][   T25] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  198.399032][   T25] usb 1-1: USB disconnect, device number 3
[  198.419451][ T7446] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.375 (7446)
[  198.842820][ T7462] loop3: detected capacity change from 0 to 256
[  198.894906][ T7462] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  198.942737][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  198.997828][ T7446] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  199.028480][ T5846] syz-executor: attempt to access beyond end of device
[  199.028480][ T5846] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  199.098205][ T5846] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  199.105851][ T5846] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  199.113408][ T7446] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  199.122635][ T7446] BTRFS info (device loop2): using free-space-tree
[  199.495259][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.495996][ T7446] BTRFS info (device loop2): rebuilding free space tree
[  199.732280][   T29] audit: type=1800 audit(1730321123.602:13): pid=7446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.375" name="bus" dev="loop2" ino=263 res=0 errno=0
[  199.775529][ T1135] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.838005][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  200.028083][    T9] usb 4-1: device descriptor read/64, error -71
[  200.151244][ T1135] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.299235][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  200.385899][ T5859] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  200.423708][ T1135] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.438016][    T9] usb 4-1: device descriptor read/64, error -71
[  200.579619][ T7491] netlink: 'syz.0.386': attribute type 29 has an invalid length.
[  200.595760][    T9] usb usb4-port1: attempt power cycle
[  201.316576][ T5861] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  201.329533][ T5861] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  201.357277][ T5861] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  201.374866][ T5861] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  201.388930][ T5861] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  201.405903][ T5861] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  201.650233][ T1135] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.681935][ T7491] netlink: 'syz.0.386': attribute type 29 has an invalid length.
[  201.985611][ T7504] fuse: Unknown parameter 'group_i00000000000000000000'
[  202.187980][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  202.215912][    T9] usb 4-1: device descriptor read/8, error -71
[  203.026131][ T1135] bridge_slave_1: left allmulticast mode
[  203.036155][ T1135] bridge_slave_1: left promiscuous mode
[  203.049484][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.120326][ T1135] bridge_slave_0: left allmulticast mode
[  203.126733][ T1135] bridge_slave_0: left promiscuous mode
[  203.136143][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.488959][ T5861] Bluetooth: hci5: command tx timeout
[  203.782211][ T7516] loop3: detected capacity change from 0 to 40427
[  203.840354][ T7516] F2FS-fs (loop3): Found nat_bits in checkpoint
[  203.965340][ T7516] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  204.919462][ T5845] syz-executor: attempt to access beyond end of device
[  204.919462][ T5845] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  204.976017][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  205.005629][ T5845] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  205.039504][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  205.115204][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  205.173909][ T1135] bond0 (unregistering): Released all slaves
[  205.354382][ T7534] input: syz1 as /devices/virtual/input/input12
[  205.578627][ T5861] Bluetooth: hci5: command tx timeout
[  205.609091][ T5852] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  205.918121][ T5852] usb 1-1: Using ep0 maxpacket: 16
[  206.161120][ T5852] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  206.171822][ T5852] usb 1-1: config 0 has no interfaces?
[  206.177450][ T5852] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  206.186659][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.218906][ T5852] usb 1-1: config 0 descriptor??
[  206.594877][ T7550] fuse: Unknown parameter 'group_i00000000000000000000'
[  206.780395][ T7530] loop2: detected capacity change from 0 to 32768
[  206.820640][ T7530] XFS: ikeep mount option is deprecated.
[  206.827910][ T7530] XFS: ikeep mount option is deprecated.
[  206.885383][ T7494] chnl_net:caif_netlink_parms(): no params data found
[  207.212459][ T7530] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.677318][ T5861] Bluetooth: hci5: command tx timeout
[  207.738295][ T7572] netlink: 'syz.3.400': attribute type 29 has an invalid length.
[  207.748254][ T7530] XFS (loop2): Ending clean mount
[  207.749351][ T7575] netlink: 'syz.3.400': attribute type 29 has an invalid length.
[  207.763423][ T7530] XFS (loop2): Quotacheck needed: Please wait.
[  207.765871][ T7576] loop4: detected capacity change from 0 to 256
[  207.787476][ T7572] netlink: 'syz.3.400': attribute type 29 has an invalid length.
[  207.811531][ T7530] XFS (loop2): Quotacheck: Done.
[  207.834992][ T7576] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  207.921997][ T5859] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.936845][ T7579] netlink: 'syz.3.400': attribute type 29 has an invalid length.
[  208.046166][ T7585] loop4: detected capacity change from 0 to 128
[  208.060382][ T1135] hsr_slave_0: left promiscuous mode
[  208.066579][ T1135] hsr_slave_1: left promiscuous mode
[  208.072848][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.080671][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0
[  208.090304][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.097896][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  208.155637][ T7587] syz.3.404 (7587): drop_caches: 2
[  208.235163][    T8] usb 1-1: USB disconnect, device number 4
[  208.282876][ T7585] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  208.345353][ T7585] ext4 filesystem being mounted at /78/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  208.388630][ T1135] veth1_macvtap: left promiscuous mode
[  208.417150][ T1135] veth0_macvtap: left promiscuous mode
[  208.432353][ T1135] veth1_vlan: left promiscuous mode
[  208.444474][ T1135] veth0_vlan: left promiscuous mode
[  208.826785][ T7596] fscrypt (loop4, inode 12): Direct key flag not allowed with different contents and filenames modes
[  209.696982][ T1135] team0 (unregistering): Port device team_slave_1 removed
[  209.741380][ T5861] Bluetooth: hci5: command tx timeout
[  209.831006][ T1135] team0 (unregistering): Port device team_slave_0 removed
[  209.946289][ T5846] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  211.082738][ T7607] loop2: detected capacity change from 0 to 1024
[  211.153452][ T7611] fuse: Unknown parameter 'group_i00000000000000000000'
[  211.186187][ T7607] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.150411][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.436224][ T7620] loop2: detected capacity change from 0 to 256
[  212.478256][ T7620] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  212.583416][ T7494] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.595657][ T7494] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.609508][ T7494] bridge_slave_0: entered allmulticast mode
[  212.616587][ T7494] bridge_slave_0: entered promiscuous mode
[  212.781926][ T7494] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.816262][ T7494] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.833512][ T7494] bridge_slave_1: entered allmulticast mode
[  212.848698][ T7494] bridge_slave_1: entered promiscuous mode
[  212.947606][ T7494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  212.962991][ T7630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.417'.
[  213.131775][ T7494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.142445][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  213.442719][ T7494] team0: Port device team_slave_0 added
[  213.449948][ T7646] fuse: Unknown parameter 'group_i00000000000000000000'
[  213.503339][ T7494] team0: Port device team_slave_1 added
[  214.588727][ T7494] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.596198][ T7494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.623536][ T7494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.636318][ T7494] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.643365][ T7494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.669641][ T7494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  215.515757][ T7494] hsr_slave_0: entered promiscuous mode
[  215.610948][ T7494] hsr_slave_1: entered promiscuous mode
[  217.347608][ T7695] netlink: 134744 bytes leftover after parsing attributes in process `syz.4.430'.
[  217.357364][ T7695] openvswitch: netlink: Message has 76 unknown bytes.
[  218.607232][ T7703] syz.4.432 uses obsolete (PF_INET,SOCK_PACKET)
[  218.773882][ T7708] fuse: Unknown parameter 'group_i00000000000000000000'
[  219.038391][ T7494] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  219.495976][ T7494] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  219.718967][ T7494] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  219.855310][ T7727] loop3: detected capacity change from 0 to 512
[  219.882161][ T7494] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  220.025889][ T7727] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.437: invalid indirect mapped block 256 (level 2)
[  220.084539][ T7494] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.097175][ T7727] EXT4-fs (loop3): 2 truncates cleaned up
[  220.113558][ T7727] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.186786][ T7494] 8021q: adding VLAN 0 to HW filter on device team0
[  221.343140][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.350330][ T6578] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.380362][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.388999][ T6578] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.419013][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.555875][ T7494] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  221.601542][ T7494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  221.626205][ T7750] netlink: 8 bytes leftover after parsing attributes in process `syz.2.444'.
[  221.643230][ T7750] netlink: 'syz.2.444': attribute type 3 has an invalid length.
[  221.662368][ T7750] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  221.671921][ T7750] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  221.680783][ T7750] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  221.689969][ T7750] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  221.791388][ T7754] overlayfs: failed to resolve './file1': -2
[  222.015818][ T7494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.621863][ T7494] veth0_vlan: entered promiscuous mode
[  223.633011][ T7494] veth1_vlan: entered promiscuous mode
[  223.655390][ T7494] veth0_macvtap: entered promiscuous mode
[  223.666023][ T7494] veth1_macvtap: entered promiscuous mode
[  223.683016][ T7494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  223.693563][ T7494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.703630][ T7494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  223.714438][ T7494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.724485][ T7494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  223.735107][ T7494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.746376][ T7494] batman_adv: batadv0: Interface activated: batadv_slave_0
[  223.756119][ T7494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.766756][ T7494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.776855][ T7494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.787381][ T7494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.797322][ T7494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.808000][ T7494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.819405][ T7494] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.846073][ T7494] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.854950][ T7494] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.864839][ T7494] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.873655][ T7494] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  224.051665][ T7793] netlink: 'syz.4.450': attribute type 3 has an invalid length.
[  224.082189][ T7793] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.450'.
[  224.116943][ T6578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  224.124894][ T6578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.168485][ T7798] netlink: 'syz.4.450': attribute type 1 has an invalid length.
[  224.218715][ T7798] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  224.227094][ T7798] IPv6: NLM_F_CREATE should be set when creating new route
[  224.283150][ T3462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  224.319228][ T3462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.326531][ T7802] loop3: detected capacity change from 0 to 512
[  224.395172][ T7802] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.452: invalid indirect mapped block 256 (level 2)
[  224.464830][ T7802] EXT4-fs (loop3): 2 truncates cleaned up
[  224.495015][ T7802] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.208750][ T7816] macsec1: entered promiscuous mode
[  225.214010][ T7816] vlan0: entered promiscuous mode
[  225.293317][ T7819] netlink: 20 bytes leftover after parsing attributes in process `syz.5.455'.
[  225.360426][ T7816] vlan0: left promiscuous mode
[  225.628061][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.674700][ T7825] Bluetooth: MGMT ver 1.23
[  227.407051][ T7854] loop4: detected capacity change from 0 to 512
[  227.563288][ T7854] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.468: invalid indirect mapped block 256 (level 2)
[  227.611325][ T7854] EXT4-fs (loop4): 2 truncates cleaned up
[  227.628959][ T7854] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.877242][ T5852] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  228.038072][ T5852] usb 3-1: Using ep0 maxpacket: 8
[  228.054594][ T5852] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  228.445369][ T7804] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  228.518811][ T5852] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  228.560803][ T5852] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  228.578025][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.608021][ T5852] usb 3-1: Product: syz
[  228.612247][ T5852] usb 3-1: Manufacturer: syz
[  228.628554][ T5846] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.669452][ T5852] usb 3-1: SerialNumber: syz
[  228.872394][ T7883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.473'.
[  229.228741][ T7852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.238466][ T7852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.456314][ T5852] usb 3-1: cannot find UAC_HEADER
[  230.156847][ T5852] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  230.175414][ T5852] usb 3-1: USB disconnect, device number 8
[  230.319372][ T7900] Driver unsupported XDP return value 0 on prog  (id 65) dev N/A, expect packet loss!
[  230.528168][ T7888] loop3: detected capacity change from 0 to 32768
[  230.535505][ T7888] XFS: ikeep mount option is deprecated.
[  230.541319][ T7888] XFS: ikeep mount option is deprecated.
[  230.780315][ T7911] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  230.798362][ T5864] Bluetooth: hci5: command 0x0405 tx timeout
[  230.899110][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.927925][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.499135][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.515954][ T7888] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  231.882521][ T7888] XFS (loop3): Ending clean mount
[  231.927031][ T7888] XFS (loop3): Quotacheck needed: Please wait.
[  232.011994][ T7888] XFS (loop3): Quotacheck: Done.
[  232.656144][ T7965] netlink: 'syz.0.488': attribute type 10 has an invalid length.
[  232.872900][ T7965] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  234.342531][ T7995] loop5: detected capacity change from 0 to 1024
[  235.147218][   T53] hfsplus: b-tree write err: -5, ino 4
[  235.325099][ T8017] loop5: detected capacity change from 0 to 128
[  235.456722][ T8013] vlan2: entered promiscuous mode
[  235.485049][ T5845] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  235.505224][ T8013] batadv0: entered promiscuous mode
[  235.510820][ T8013] vlan2: entered allmulticast mode
[  235.516138][ T8013] batadv0: entered allmulticast mode
[  235.606931][ T8013] batadv0: left allmulticast mode
[  235.612695][ T8013] batadv0: left promiscuous mode
[  235.988334][ T8028] netlink: 12 bytes leftover after parsing attributes in process `syz.0.504'.
[  237.348577][ T8028] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.357000][ T8028] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.437251][ T8051] netlink: 124 bytes leftover after parsing attributes in process `syz.3.510'.
[  237.839699][ T8028] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  237.910458][ T8028] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  238.464829][ T8028] veth0_vlan: left allmulticast mode
[  238.800106][ T8028] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  238.818190][ T8028] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  238.827352][ T8028] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  238.836911][ T8028] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  239.097399][ T8077] loop4: detected capacity change from 0 to 256
[  239.137367][ T8080] netlink: 'syz.0.517': attribute type 8 has an invalid length.
[  239.155463][ T8077] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  239.185956][ T8080] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  239.616057][ T8092] netlink: 8 bytes leftover after parsing attributes in process `syz.5.524'.
[  240.755800][ T8113] loop2: detected capacity change from 0 to 4096
[  242.088070][   T47] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  242.240210][   T47] usb 1-1: Using ep0 maxpacket: 16
[  242.271343][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  242.297443][   T47] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  242.334826][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.379185][   T47] usb 1-1: Product: syz
[  242.394069][   T47] usb 1-1: Manufacturer: syz
[  242.405290][   T47] usb 1-1: SerialNumber: syz
[  242.417277][   T47] usb 1-1: config 0 descriptor??
[  242.913444][ T8163] netlink: 'syz.5.544': attribute type 10 has an invalid length.
[  242.939568][ T8163] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  243.145436][ T8173] loop5: detected capacity change from 0 to 256
[  243.167593][ T8174] input: syz1 as /devices/virtual/input/input13
[  243.242766][ T8173] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  244.724940][   T47] usb 1-1: USB disconnect, device number 5
[  244.867411][ T8207] ieee802154 phy0 wpan0: encryption failed: -22
[  244.926385][ T8208] tc_dump_action: action bad kind
[  245.182145][ T8222] netlink: 4 bytes leftover after parsing attributes in process `syz.3.562'.
[  245.465474][ T8227] netlink: 32 bytes leftover after parsing attributes in process `syz.3.563'.
[  246.168853][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  246.870551][ T8258] netlink: 'syz.5.571': attribute type 3 has an invalid length.
[  246.986772][ T8262] netlink: 732 bytes leftover after parsing attributes in process `syz.0.576'.
[  247.028469][ T8262] netlink: 732 bytes leftover after parsing attributes in process `syz.0.576'.
[  247.174411][ T8265] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.574'.
[  247.184066][ T8265] openvswitch: netlink: Message has 76 unknown bytes.
[  247.286232][ T8262] xt_SECMARK: invalid mode: 0
[  247.758528][ T8264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.576'.
[  247.893556][ T8272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.578'.
[  247.950244][ T8272] netlink: 332 bytes leftover after parsing attributes in process `syz.4.578'.
[  248.021335][ T8276] netlink: 56 bytes leftover after parsing attributes in process `syz.4.578'.
[  248.038110][ T8276] tipc: Started in network mode
[  248.134764][ T8276] tipc: Node identity 20010000000000000000000000000001, cluster identity 4711
[  248.177569][ T8276] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  248.405239][ T8283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'.
[  250.707949][ T5852] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  250.757153][ T8334] __nla_validate_parse: 5 callbacks suppressed
[  250.757173][ T8334] netlink: 40 bytes leftover after parsing attributes in process `syz.2.596'.
[  250.871258][ T5852] usb 1-1: Using ep0 maxpacket: 16
[  250.921371][ T5852] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  250.941969][ T5852] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  251.018589][ T5852] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  251.038009][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.046332][ T5852] usb 1-1: Product: syz
[  251.084783][ T5852] usb 1-1: Manufacturer: syz
[  251.111772][ T5852] usb 1-1: SerialNumber: syz
[  251.128805][ T5852] usb 1-1: config 0 descriptor??
[  252.533737][ T8373] loop5: detected capacity change from 0 to 128
[  252.571642][ T8374] netlink: 8 bytes leftover after parsing attributes in process `syz.2.602'.
[  252.581692][ T8374] netlink: 'syz.2.602': attribute type 10 has an invalid length.
[  252.689017][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  253.458330][ T8387] netlink: set zone limit has 4 unknown bytes
[  253.500637][ T8374] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  253.536547][    T9] usb 1-1: USB disconnect, device number 6
[  253.799114][ T8397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'.
[  255.218125][ T8425] netlink: 112 bytes leftover after parsing attributes in process `syz.0.616'.
[  255.769972][ T8438] delete_channel: no stack
[  256.132713][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  256.142083][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  256.862073][ T8455] input: syz1 as /devices/virtual/input/input14
[  258.363973][ T8486] netlink: set zone limit has 4 unknown bytes
[  258.914895][ T8500] delete_channel: no stack
[  261.035294][ T8504] loop2: detected capacity change from 0 to 40427
[  261.154234][ T8504] F2FS-fs (loop2): Found nat_bits in checkpoint
[  261.301382][ T8504] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  261.935575][ T8546] openvswitch: netlink: Missing key (keys=40, expected=80)
[  262.365714][ T8554] netlink: set zone limit has 4 unknown bytes
[  262.550740][ T5859] syz-executor: attempt to access beyond end of device
[  262.550740][ T5859] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  262.550837][ T5859] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  262.550872][ T5859] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  264.611413][ T8581] loop3: detected capacity change from 0 to 32768
[  264.703441][ T8588] loop2: detected capacity change from 0 to 40427
[  264.758161][ T8588] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  264.765974][ T8588] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  264.879495][ T8581] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.652 (8581)
[  264.930863][ T8588] F2FS-fs (loop2): invalid crc value
[  264.936350][ T8581] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  264.977984][ T8581] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  265.020343][ T8581] BTRFS info (device loop3): using free-space-tree
[  265.097549][ T8588] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  265.273076][ T8581] BTRFS info (device loop3): rebuilding free space tree
[  265.471757][ T8588] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  265.486438][ T8588] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  265.507277][   T29] audit: type=1800 audit(1730321189.382:14): pid=8581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.652" name="bus" dev="loop3" ino=263 res=0 errno=0
[  266.128131][ T8626] overlay: ./file1 is not a directory
[  266.802638][ T8634] F2FS-fs (loop2): Unrecognized mount option "ÿÿÿ0xffffffffffffffff01777777777777777777777ÿ01777777777777777777777ÿÿÿÿÿÿÿÿÿÿÿÿÿ" or missing value
[  267.268832][ T8628] overlayfs: failed to resolve './bus': -2
[  267.652343][ T5845] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  268.053876][ T8646] loop3: detected capacity change from 0 to 64
[  268.061441][ T8646] hfs: Bad value for 'file_umask'
[  268.070024][ T8646] loop3: detected capacity change from 0 to 8
[  268.378119][ T8648] SQUASHFS error: Failed to read block 0x8f: -5
[  268.385109][ T8648] SQUASHFS error: Failed to read block 0xc00090: -5
[  268.395059][ T8648] SQUASHFS error: Failed to read block 0x8f: -5
[  268.405935][ T8648] SQUASHFS error: Failed to read block 0x8f: -5
[  268.412401][ T8648] SQUASHFS error: Failed to read block 0x8f: -5
[  268.418862][ T8648] SQUASHFS error: Failed to read block 0x8f: -5
[  268.425259][ T8648] SQUASHFS error: Failed to read block 0x8f: -5
[  268.434798][   T29] audit: type=1800 audit(1730321192.322:15): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.660" name="file2" dev="loop3" ino=6 res=0 errno=0
[  270.381277][ T8657] netlink: 12 bytes leftover after parsing attributes in process `syz.3.667'.
[  270.391423][ T8657] netlink: 12 bytes leftover after parsing attributes in process `syz.3.667'.
[  270.406134][ T8657] netlink: 20 bytes leftover after parsing attributes in process `syz.3.667'.
[  270.879248][ T8638] vlan2: entered promiscuous mode
[  270.884329][ T8638] batadv0: entered promiscuous mode
[  270.889851][ T8638] vlan2: entered allmulticast mode
[  270.894988][ T8638] batadv0: entered allmulticast mode
[  270.907936][ T8643] netlink: 'syz.0.664': attribute type 8 has an invalid length.
[  270.917961][ T8659] netlink: 24 bytes leftover after parsing attributes in process `syz.3.668'.
[  271.102416][ T8668] loop5: detected capacity change from 0 to 256
[  271.199891][ T8668] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  271.400685][ T8665] loop2: detected capacity change from 0 to 40427
[  271.574287][ T8665] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  271.582987][ T8665] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  271.667212][ T8665] F2FS-fs (loop2): invalid crc value
[  271.678720][ T8665] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  271.836520][ T8665] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  271.846745][ T8665] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  273.638061][   T25] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  273.683088][ T8702] netlink: 'syz.0.681': attribute type 8 has an invalid length.
[  273.799604][   T25] usb 5-1: Using ep0 maxpacket: 16
[  273.816726][   T25] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  273.854511][   T25] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  273.867627][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.886280][   T25] usb 5-1: Product: syz
[  273.892032][   T25] usb 5-1: Manufacturer: syz
[  273.901580][   T25] usb 5-1: SerialNumber: syz
[  273.921680][   T25] usb 5-1: config 0 descriptor??
[  274.210600][ T8708] netlink: 'syz.3.683': attribute type 9 has an invalid length.
[  274.235472][ T8708] netlink: 244 bytes leftover after parsing attributes in process `syz.3.683'.
[  275.081726][ T8714] loop5: detected capacity change from 0 to 40427
[  275.144838][ T8714] F2FS-fs (loop5): Found nat_bits in checkpoint
[  275.345418][ T8714] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  276.186666][ T7494] syz-executor: attempt to access beyond end of device
[  276.186666][ T7494] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  276.201342][ T7494] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  276.211967][ T7494] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  276.459824][ T5899] usb 5-1: USB disconnect, device number 5
[  279.037016][ T8751] loop4: detected capacity change from 0 to 256
[  279.065117][ T8751] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  280.887412][ T8769] loop3: detected capacity change from 0 to 40427
[  281.044828][ T8804] netlink: 32 bytes leftover after parsing attributes in process `syz.2.709'.
[  281.128467][ T8769] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  281.142513][ T8769] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  281.155515][ T8769] F2FS-fs (loop3): invalid crc value
[  281.180451][ T8769] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  281.506730][ T8769] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  281.515087][ T8769] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  281.656676][ T8821] loop4: detected capacity change from 0 to 128
[  283.323580][ T8846] netlink: 24 bytes leftover after parsing attributes in process `syz.2.719'.
[  283.394817][ T8848] netlink: 32 bytes leftover after parsing attributes in process `syz.4.720'.
[  283.862567][ T8861] loop4: detected capacity change from 0 to 256
[  283.914350][ T8861] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x99a53fd9, utbl_chksum : 0xe619d30d)
[  284.912719][ T8895] loop2: detected capacity change from 0 to 128
[  286.246208][ T8880] loop3: detected capacity change from 0 to 40427
[  286.289105][ T8880] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  286.317004][ T8880] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  286.355433][ T8880] F2FS-fs (loop3): invalid crc value
[  286.593767][ T8880] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  287.043022][ T8880] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  287.068068][ T8880] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  287.348236][ T8934] loop2: detected capacity change from 0 to 512
[  287.798361][ T8945] overlayfs: failed to resolve './bus': -2
[  287.864891][ T8934] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.737: invalid indirect mapped block 256 (level 2)
[  288.003003][ T8934] EXT4-fs (loop2): 2 truncates cleaned up
[  288.039989][ T8934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.889222][ T8965] loop3: detected capacity change from 0 to 128
[  289.035286][ T8946] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  289.596404][ T8975] netlink: 12 bytes leftover after parsing attributes in process `syz.4.749'.
[  290.074582][ T5859] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.303397][ T8988] netlink: 'syz.5.755': attribute type 8 has an invalid length.
[  290.318058][ T8988] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  290.515194][ T8995] loop3: detected capacity change from 0 to 64
[  290.548872][ T8995] hfs: Bad value for 'file_umask'
[  290.558962][ T8995] loop3: detected capacity change from 0 to 8
[  290.722129][ T9002] netlink: 12 bytes leftover after parsing attributes in process `syz.2.761'.
[  290.838144][ T9004] SQUASHFS error: Failed to read block 0x8f: -5
[  290.845470][ T9004] SQUASHFS error: Failed to read block 0xc00090: -5
[  290.852316][ T9004] SQUASHFS error: Failed to read block 0x8f: -5
[  290.858730][ T9004] SQUASHFS error: Failed to read block 0x8f: -5
[  290.865060][ T9004] SQUASHFS error: Failed to read block 0x8f: -5
[  290.871442][ T9004] SQUASHFS error: Failed to read block 0x8f: -5
[  290.877929][ T9004] SQUASHFS error: Failed to read block 0x8f: -5
[  290.884553][   T29] audit: type=1800 audit(1730321214.762:16): pid=9004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.758" name="file2" dev="loop3" ino=6 res=0 errno=0
[  290.918579][ T9008] loop5: detected capacity change from 0 to 512
[  291.157524][ T9008] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.762: invalid indirect mapped block 256 (level 2)
[  291.180516][ T9008] EXT4-fs (loop5): 2 truncates cleaned up
[  291.187322][ T9008] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  292.052321][ T9040] netlink: 4 bytes leftover after parsing attributes in process `syz.4.774'.
[  292.295499][ T9051] netlink: 24 bytes leftover after parsing attributes in process `syz.4.779'.
[  292.758110][ T7494] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.231860][ T9073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.789'.
[  294.268535][ T9092] loop5: detected capacity change from 0 to 512
[  294.628456][ T9092] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.795: invalid indirect mapped block 256 (level 2)
[  294.646870][ T9092] EXT4-fs (loop5): 2 truncates cleaned up
[  294.654381][ T9092] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.793727][ T9108] loop4: detected capacity change from 0 to 128
[  294.828557][ T9105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.800'.
[  296.048008][ T9099] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  296.123277][ T9123] netlink: 24 bytes leftover after parsing attributes in process `syz.4.805'.
[  296.430165][ T7494] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.441831][ T9186] pimreg: entered allmulticast mode
[  300.585639][ T9194] loop2: detected capacity change from 0 to 512
[  301.076631][ T9207] syz.2.827[9207] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  301.076736][ T9207] syz.2.827[9207] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  301.088311][ T9207] syz.2.827[9207] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  301.737297][ T9212] loop3: detected capacity change from 0 to 128
[  302.450302][    T8] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  302.980581][    T8] usb 3-1: Using ep0 maxpacket: 16
[  303.303175][ T9231] overlayfs: failed to resolve './file1': -2
[  303.321552][    T8] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  303.334047][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  303.363618][    T8] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  303.389903][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.402233][    T8] usb 3-1: Product: syz
[  303.406519][    T8] usb 3-1: Manufacturer: syz
[  303.411845][    T8] usb 3-1: SerialNumber: syz
[  303.470390][    T8] usb 3-1: config 0 descriptor??
[  303.509356][    T8] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  303.528674][    T8] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  304.378534][    T8] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  304.578187][    T8] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  304.799258][ T9252] loop3: detected capacity change from 0 to 512
[  305.023659][    T8] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  305.036030][    T8] em28xx 3-1:0.0: No AC97 audio processor
[  305.058337][    T8] usb 3-1: USB disconnect, device number 9
[  305.064985][    T8] em28xx 3-1:0.0: Disconnecting em28xx
[  305.182996][ T9256] syz.3.843[9256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  305.183224][ T9256] syz.3.843[9256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  305.194831][ T9256] syz.3.843[9256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  306.058872][    T8] em28xx 3-1:0.0: Freeing device
[  306.255096][ T9264] loop4: detected capacity change from 0 to 128
[  306.655289][ T9271] netlink: 'syz.2.849': attribute type 10 has an invalid length.
[  308.678194][   T47] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  309.207999][    T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  309.248075][   T47] usb 3-1: Using ep0 maxpacket: 8
[  309.257721][   T47] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  309.269001][   T47] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  310.126939][   T47] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  310.136876][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.155146][   T47] usb 3-1: Product: syz
[  310.166266][   T47] usb 3-1: Manufacturer: syz
[  310.182048][   T47] usb 3-1: SerialNumber: syz
[  310.321913][    T8] usb 1-1: Using ep0 maxpacket: 16
[  310.333635][    T8] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  310.348024][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  310.389720][    T8] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  310.399165][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.407191][    T8] usb 1-1: Product: syz
[  310.411724][    T8] usb 1-1: Manufacturer: syz
[  310.416348][    T8] usb 1-1: SerialNumber: syz
[  310.538251][ T9319] loop3: detected capacity change from 0 to 512
[  310.647622][    T8] usb 1-1: config 0 descriptor??
[  310.655769][    T8] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  310.665405][    T8] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  311.018686][ T9322] syz.3.865[9322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  311.019569][ T9322] syz.3.865[9322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  311.032002][ T9322] syz.3.865[9322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  311.329512][ T9296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  311.364268][ T9296] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  311.565372][ T9325] netlink: 'syz.4.867': attribute type 10 has an invalid length.
[  311.582579][ T9325] mac80211_hwsim hwsim8 wlan1: left allmulticast mode
[  311.617480][   T47] usb 3-1: cannot find UAC_HEADER
[  311.666780][   T47] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  311.679391][    T8] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  311.688844][   T47] usb 3-1: USB disconnect, device number 10
[  311.699929][    T8] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  311.704807][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  311.726867][ T9325] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  311.746819][ T9327] netlink: 8 bytes leftover after parsing attributes in process `syz.5.868'.
[  311.915050][    T8] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  311.937924][    T8] em28xx 1-1:0.0: No AC97 audio processor
[  311.969204][    T8] usb 1-1: USB disconnect, device number 7
[  311.975619][    T8] em28xx 1-1:0.0: Disconnecting em28xx
[  311.995571][    T8] em28xx 1-1:0.0: Freeing device
[  312.225196][ T9340] netlink: 24 bytes leftover after parsing attributes in process `syz.3.873'.
[  312.342934][ T9343] loop2: detected capacity change from 0 to 128
[  312.373422][ T9343] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  312.421376][ T9343] ext4 filesystem being mounted at /175/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  314.010221][ T9360] netlink: 'syz.4.879': attribute type 10 has an invalid length.
[  314.020263][ T9359] netlink: 8 bytes leftover after parsing attributes in process `syz.5.880'.
[  314.029566][    T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  314.084064][ T9360] bridge0: port 1(team0) entered blocking state
[  314.111326][ T9360] bridge0: port 1(team0) entered disabled state
[  314.141781][ T9360] team0: entered allmulticast mode
[  314.175000][ T9360] team0: entered promiscuous mode
[  314.188020][    T8] usb 1-1: Using ep0 maxpacket: 16
[  314.206955][ T5859] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  314.216294][    T8] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  314.257738][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.270795][ T9362] netlink: 'syz.3.881': attribute type 10 has an invalid length.
[  314.297477][    T8] usb 1-1: config 0 descriptor??
[  314.316356][    T8] gspca_main: sonixj-2.14.0 probing 0471:0327
[  314.336256][ T9364] loop5: detected capacity change from 0 to 512
[  314.413961][ T9362] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  314.694472][ T9375] syz.5.882[9375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  314.694886][ T9375] syz.5.882[9375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  314.706890][ T9375] syz.5.882[9375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  315.176967][ T9376] netlink: set zone limit has 4 unknown bytes
[  315.433628][    T8] gspca_sonixj: reg_r err -32
[  315.438820][    T8] sonixj 1-1:0.0: probe with driver sonixj failed with error -32
[  315.739417][ T5899] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  316.658796][ T5899] usb 5-1: Using ep0 maxpacket: 8
[  316.665372][ T5899] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  316.687144][ T5899] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  316.726213][ T5899] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  316.764653][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.786536][ T5899] usb 5-1: Product: syz
[  316.791020][ T5899] usb 5-1: Manufacturer: syz
[  316.795648][ T5899] usb 5-1: SerialNumber: syz
[  316.827623][ T9399] netlink: 'syz.3.895': attribute type 8 has an invalid length.
[  316.842579][ T9399] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  316.899255][ T5852] usb 1-1: USB disconnect, device number 8
[  316.981878][ T9402] netlink: 'syz.3.897': attribute type 10 has an invalid length.
[  317.081203][ T9407] netlink: set zone limit has 4 unknown bytes
[  317.222025][ T9370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.265225][ T9370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.418180][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  317.425173][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  318.282539][ T5899] usb 5-1: cannot find UAC_HEADER
[  318.297200][ T5899] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  318.322035][ T5899] usb 5-1: USB disconnect, device number 6
[  318.484612][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'.
[  319.089857][ T6225] udevd[6225]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  319.336730][ T9430] netlink: 'syz.3.908': attribute type 8 has an invalid length.
[  319.355876][ T9430] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  319.408014][ T9436] netlink: 'syz.2.910': attribute type 10 has an invalid length.
[  319.491487][ T9438] netlink: set zone limit has 4 unknown bytes
[  319.852810][ T5929] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  319.932363][ T9448] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.913'.
[  319.941791][ T9448] openvswitch: netlink: Message has 76 unknown bytes.
[  320.487446][ T9446] loop2: detected capacity change from 0 to 1024
[  320.581301][ T9454] netlink: 'syz.4.918': attribute type 9 has an invalid length.
[  320.597933][ T9454] netlink: 244 bytes leftover after parsing attributes in process `syz.4.918'.
[  320.673338][ T5929] usb 1-1: Using ep0 maxpacket: 16
[  320.721607][ T5929] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  320.740801][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.961774][ T5929] usb 1-1: config 0 descriptor??
[  321.007217][ T5929] gspca_main: sonixj-2.14.0 probing 0471:0327
[  321.352124][ T9465] syz.4.922 (9465): drop_caches: 2
[  322.655219][ T9477] netlink: set zone limit has 4 unknown bytes
[  322.768016][   T53] hfsplus: b-tree write err: -5, ino 4
[  322.917923][ T5929] gspca_sonixj: reg_w1 err -71
[  322.922796][ T5929] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  323.198411][ T5929] usb 1-1: USB disconnect, device number 9
[  323.491489][ T9510] loop2: detected capacity change from 0 to 1024
[  324.656123][ T5861] Bluetooth: hci5: command 0x0405 tx timeout
[  324.873622][ T1135] hfsplus: b-tree write err: -5, ino 4
[  325.204879][ T9546] loop3: detected capacity change from 0 to 512
[  325.227711][ T9546] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.949: invalid indirect mapped block 256 (level 2)
[  325.299011][ T9549] netlink: 168 bytes leftover after parsing attributes in process `syz.0.950'.
[  325.303431][ T9546] EXT4-fs (loop3): 2 truncates cleaned up
[  325.475883][ T9546] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  326.058074][ T9548] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  327.198959][ T9563] loop2: detected capacity change from 0 to 1024
[  327.589015][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  329.898517][   T35] hfsplus: b-tree write err: -5, ino 4
[  331.255332][ T9617] input: syz1 as /devices/virtual/input/input15
[  333.085119][ T9646] netlink: set zone limit has 4 unknown bytes
[  334.154430][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  335.116772][ T9676] netlink: 4 bytes leftover after parsing attributes in process `syz.4.979'.
[  335.175284][ T9677] loop5: detected capacity change from 0 to 512
[  335.620509][ T9683] syz.5.980[9683] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  335.620607][ T9683] syz.5.980[9683] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  335.632176][ T9683] syz.5.980[9683] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  336.970387][ T9697] netlink: set zone limit has 4 unknown bytes
[  337.239717][ T9695] netlink: 28 bytes leftover after parsing attributes in process `syz.3.986'.
[  338.947964][    T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  339.178028][    T9] usb 4-1: Using ep0 maxpacket: 16
[  339.229366][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  339.454636][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.557783][    T9] usb 4-1: config 0 descriptor??
[  339.793464][    T9] gspca_main: sonixj-2.14.0 probing 0471:0327
[  339.838013][ T9728] input: syz1 as /devices/virtual/input/input16
[  340.568061][ T9743] netlink: set zone limit has 4 unknown bytes
[  340.694932][ T9747] loop5: detected capacity change from 0 to 512
[  341.023512][ T9754] syz.5.999[9754] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  341.024350][ T9754] syz.5.999[9754] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  341.036837][ T9754] syz.5.999[9754] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  341.916129][ T9757] netlink: 'syz.4.1000': attribute type 10 has an invalid length.
[  341.952214][ T9757] bridge0: port 1(team0) entered disabled state
[  341.976636][ T9757] team0: left allmulticast mode
[  341.981780][ T9757] team0: left promiscuous mode
[  341.986679][ T9757] bridge0: port 1(team0) entered disabled state
[  341.994836][ T9757] batman_adv: batadv0: Adding interface: team0
[  342.001059][ T9757] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  342.026201][ T9757] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  342.948581][ T4882] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  343.249807][ T4882] usb 5-1: Using ep0 maxpacket: 16
[  343.284532][ T4882] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  343.312088][ T4882] usb 5-1: config 0 has no interface number 0
[  343.319643][ T5852] usb 4-1: USB disconnect, device number 7
[  343.358053][ T4882] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  343.425425][ T4882] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  343.479700][ T4882] usb 5-1: config 0 interface 41 has no altsetting 0
[  343.529933][ T4882] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  343.545532][ T4882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.555142][ T4882] usb 5-1: Product: syz
[  343.565681][ T4882] usb 5-1: Manufacturer: syz
[  343.570629][ T4882] usb 5-1: SerialNumber: syz
[  344.197387][ T4882] usb 5-1: config 0 descriptor??
[  344.203227][ T9778] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  344.210893][ T9778] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  344.409215][ T5852] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  344.644259][ T5852] usb 4-1: Using ep0 maxpacket: 32
[  344.913790][ T5852] usb 4-1: New USB device found, idVendor=04dd, idProduct=8006, bcdDevice=62.d8
[  344.928849][ T5852] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.937217][ T5852] usb 4-1: Product: syz
[  345.145894][ T5852] usb 4-1: Manufacturer: syz
[  345.145919][ T5852] usb 4-1: SerialNumber: syz
[  345.158909][ T5852] usb 4-1: config 0 descriptor??
[  345.245455][ T5852] usb 4-1: unsupported MDLM descriptors
[  345.525994][ T4882] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  345.548376][ T5852] usb 4-1: USB disconnect, device number 8
[  345.608355][ T4882] usb 5-1: USB disconnect, device number 7
[  345.677309][ T9816] input: syz1 as /devices/virtual/input/input17
[  345.718582][ T5899] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  345.867934][ T5899] usb 1-1: Using ep0 maxpacket: 16
[  345.894951][ T5899] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  345.904614][ T5899] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.941294][ T5899] usb 1-1: config 0 descriptor??
[  345.958284][ T5899] gspca_main: sonixj-2.14.0 probing 0471:0327
[  346.878406][ T5899] gspca_sonixj: reg_w1 err -110
[  346.883752][ T5899] sonixj 1-1:0.0: probe with driver sonixj failed with error -110
[  347.309880][ T9845] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1034'.
[  347.592946][ T9857] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1039'.
[  348.302041][ T9872] netlink: set zone limit has 4 unknown bytes
[  348.444559][ T9876] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1047'.
[  348.498408][   T29] audit: type=1326 audit(1730321272.362:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  348.590068][   T29] audit: type=1326 audit(1730321272.472:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  348.621412][   T47] usb 1-1: USB disconnect, device number 10
[  348.642489][ T9887] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1052'.
[  348.688551][   T29] audit: type=1326 audit(1730321272.492:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  348.846760][   T29] audit: type=1326 audit(1730321272.492:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  349.158868][   T29] audit: type=1326 audit(1730321272.492:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  349.877940][ T4882] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  349.958114][   T29] audit: type=1326 audit(1730321272.512:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  350.014840][   T29] audit: type=1326 audit(1730321272.512:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  350.014886][   T29] audit: type=1326 audit(1730321272.512:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  350.014921][   T29] audit: type=1326 audit(1730321272.522:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  350.014954][   T29] audit: type=1326 audit(1730321272.522:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9879 comm="syz.3.1048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x7ffc0000
[  350.085201][ T4882] usb 3-1: Using ep0 maxpacket: 32
[  350.090395][ T4882] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  350.096700][ T4882] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  350.096733][ T4882] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  350.096755][ T4882] usb 3-1: Product: syz
[  350.096772][ T4882] usb 3-1: Manufacturer: syz
[  350.096788][ T4882] usb 3-1: SerialNumber: syz
[  350.100748][ T4882] usb 3-1: config 0 descriptor??
[  350.101430][ T9885] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  350.303030][ T9906] netlink: set zone limit has 4 unknown bytes
[  350.357480][ T5899] usb 3-1: USB disconnect, device number 11
[  351.435919][ T9926] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1064'.
[  351.445476][ T9925] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1065'.
[  351.599310][ T9932] netlink: set zone limit has 4 unknown bytes
[  353.068423][ T9949] loop3: detected capacity change from 0 to 1024
[  353.212316][ T9955] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1076'.
[  353.238312][ T9957] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1077'.
[  354.106224][   T12] hfsplus: b-tree write err: -5, ino 4
[  354.952340][ T5851] Bluetooth: hci5: command 0x0405 tx timeout
[  355.935276][ T9996] block nbd3: NBD_DISCONNECT
[  356.766859][T10005] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1089'.
[  357.201941][T10011] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1090'.
[  357.350455][T10017] netlink: 'syz.2.1092': attribute type 5 has an invalid length.
[  357.742587][T10020] loop3: detected capacity change from 0 to 1024
[  358.828019][T10041] VFS: could not find a valid V7 on nullb0.
[  358.838026][T10041] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1097'.
[  359.226905][ T3006] hfsplus: b-tree write err: -5, ino 4
[  362.244581][T10055] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1102'.
[  362.494409][T10070] random: crng reseeded on system resumption
[  362.783149][   T29] kauditd_printk_skb: 32 callbacks suppressed
[  362.783162][   T29] audit: type=1326 audit(1730321286.662:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10075 comm="syz.3.1109" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7663f7e719 code=0x0
[  362.820083][T10079] loop5: detected capacity change from 0 to 1024
[  363.722255][T10074] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1103'.
[  363.745820][ T3006] hfsplus: b-tree write err: -5, ino 4
[  363.843383][T10086] loop5: detected capacity change from 0 to 64
[  363.852282][T10086] hfs: Bad value for 'file_umask'
[  363.939505][T10086] loop5: detected capacity change from 0 to 8
[  364.371112][T10095] SQUASHFS error: Failed to read block 0x8f: -5
[  364.378514][T10095] SQUASHFS error: Failed to read block 0xc00090: -5
[  364.385199][T10095] SQUASHFS error: Failed to read block 0x8f: -5
[  364.391697][T10095] SQUASHFS error: Failed to read block 0x8f: -5
[  364.398127][T10095] SQUASHFS error: Failed to read block 0x8f: -5
[  364.404694][T10095] SQUASHFS error: Failed to read block 0x8f: -5
[  364.411350][T10095] SQUASHFS error: Failed to read block 0x8f: -5
[  364.453658][   T29] audit: type=1800 audit(1730321288.302:60): pid=10095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1111" name="file2" dev="loop5" ino=6 res=0 errno=0
[  364.705246][T10097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1115'.
[  366.433365][T10108] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1119'.
[  371.376525][T10137] input: syz0 as /devices/virtual/input/input18
[  371.923667][T10155] netlink: 'syz.0.1134': attribute type 5 has an invalid length.
[  373.539876][T10169] netlink: 'syz.2.1136': attribute type 10 has an invalid length.
[  375.925996][T10200] netlink: 'syz.5.1147': attribute type 5 has an invalid length.
[  376.529948][T10215] syz.5.1151 (10215): drop_caches: 2
[  377.192810][ T5864] Bluetooth: hci1: unexpected event for opcode 0x0c25
[  378.778746][T10232] netlink: 'syz.4.1156': attribute type 10 has an invalid length.
[  378.983218][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  378.990048][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  379.074795][T10239] fuse: Bad value for 'fd'
[  379.407514][T10239] loop5: detected capacity change from 0 to 512
[  379.722143][T10239] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1159: invalid indirect mapped block 256 (level 2)
[  379.972633][T10239] EXT4-fs (loop5): 2 truncates cleaned up
[  379.984014][T10239] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.219111][ T7494] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.075034][T10282] fuse: Bad value for 'fd'
[  384.591005][T10282] loop3: detected capacity change from 0 to 512
[  384.693484][T10282] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1174: invalid indirect mapped block 256 (level 2)
[  385.303733][T10282] EXT4-fs (loop3): 2 truncates cleaned up
[  385.310557][T10282] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  386.589944][T10279] loop2: detected capacity change from 0 to 40427
[  386.938605][T10279] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  387.047949][T10279] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  387.369788][T10279] F2FS-fs (loop2): invalid crc value
[  387.388998][T10279] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-4)
[  388.241340][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.920013][T10354] loop2: detected capacity change from 0 to 64
[  391.986992][T10354] hfs: Bad value for 'file_umask'
[  392.032780][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1196'.
[  392.076364][T10354] loop2: detected capacity change from 0 to 8
[  392.129562][T10359] fuse: Bad value for 'fd'
[  392.189151][T10359] loop3: detected capacity change from 0 to 512
[  392.207448][T10362] loop5: detected capacity change from 0 to 128
[  392.240127][T10359] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1198: invalid indirect mapped block 256 (level 2)
[  392.260105][T10359] EXT4-fs (loop3): 2 truncates cleaned up
[  392.266726][T10359] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.275264][T10362] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  392.328031][T10365] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  392.383877][T10362] ext4 filesystem being mounted at /152/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  393.226733][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.704463][T10350] loop4: detected capacity change from 0 to 40427
[  393.721276][T10350] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  393.748758][T10350] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  393.773464][T10375] SQUASHFS error: Failed to read block 0x8f: -5
[  393.795884][T10375] SQUASHFS error: Failed to read block 0xc00090: -5
[  393.819493][T10375] SQUASHFS error: Failed to read block 0x8f: -5
[  393.842096][T10350] F2FS-fs (loop4): invalid crc value
[  393.931200][T10375] SQUASHFS error: Failed to read block 0x8f: -5
[  393.937604][T10375] SQUASHFS error: Failed to read block 0x8f: -5
[  393.944586][T10375] SQUASHFS error: Failed to read block 0x8f: -5
[  393.958541][T10350] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  394.045602][T10375] SQUASHFS error: Failed to read block 0x8f: -5
[  394.726982][   T29] audit: type=1800 audit(1730321318.602:61): pid=10375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1195" name="file2" dev="loop2" ino=6 res=0 errno=0
[  394.731464][T10362] fscrypt (loop5, inode 12): Direct key flag not allowed with different contents and filenames modes
[  394.964423][T10387] netlink: 'syz.0.1202': attribute type 5 has an invalid length.
[  395.504686][T10391] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  398.249041][ T7494] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  400.025359][T10418] netlink: 'syz.0.1213': attribute type 10 has an invalid length.
[  400.072513][T10418] bond0: (slave bond_slave_0): Releasing backup interface
[  400.537294][T10435] ecryptfs_parse_options: eCryptfs: unrecognized option [&@]
[  400.544838][T10435] ecryptfs_parse_options: eCryptfs: unrecognized option []
[  400.552497][T10435] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  400.566166][T10435] Error parsing options; rc = [-22]
[  401.437346][T10445] nbd: couldn't find a device at index 7143424
[  401.632655][T10447] loop5: detected capacity change from 0 to 64
[  401.699000][T10447] hfs: Bad value for 'file_umask'
[  401.777291][T10447] loop5: detected capacity change from 0 to 8
[  401.785181][T10449] loop2: detected capacity change from 0 to 128
[  401.908270][T10421] loop3: detected capacity change from 0 to 40427
[  401.981673][T10421] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  402.094014][T10449] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  402.112172][T10421] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  402.158386][T10421] F2FS-fs (loop3): invalid crc value
[  402.176836][T10449] ext4 filesystem being mounted at /238/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  402.602173][T10421] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[  402.820463][T10470] fscrypt (loop2, inode 12): Direct key flag not allowed with different contents and filenames modes
[  403.660999][T10480] SQUASHFS error: Failed to read block 0x8f: -5
[  403.701175][T10480] SQUASHFS error: Failed to read block 0xc00090: -5
[  403.747047][T10480] SQUASHFS error: Failed to read block 0x8f: -5
[  404.425844][T10485] netlink: 'syz.0.1228': attribute type 5 has an invalid length.
[  404.660487][T10480] SQUASHFS error: Failed to read block 0x8f: -5
[  404.827944][T10480] SQUASHFS error: Failed to read block 0x8f: -5
[  404.847897][T10480] SQUASHFS error: Failed to read block 0x8f: -5
[  404.854486][T10480] SQUASHFS error: Failed to read block 0x8f: -5
[  404.871375][   T29] audit: type=1800 audit(1730321328.752:62): pid=10480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1221" name="file2" dev="loop5" ino=6 res=0 errno=0
[  405.213919][ T5859] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  407.320638][ T5941] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  407.476469][T10505] block nbd3: NBD_DISCONNECT
[  407.518034][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.599983][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  407.683009][ T5941] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  407.724586][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.904230][ T5941] usb 1-1: config 0 descriptor??
[  409.237852][ T5941] usbhid 1-1:0.0: can't add hid device: -71
[  409.281582][T10527] netlink: 'syz.4.1241': attribute type 5 has an invalid length.
[  409.379315][ T5941] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  409.421334][ T5941] usb 1-1: USB disconnect, device number 11
[  412.362318][T10547] loop4: detected capacity change from 0 to 64
[  412.419379][T10547] hfs: Bad value for 'file_umask'
[  412.635829][T10546] syz.5.1247 (10546): drop_caches: 2
[  412.774953][T10550] loop4: detected capacity change from 0 to 256
[  414.352083][T10559] mmap: syz.5.1249 (10559) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  414.656498][   T29] audit: type=1326 audit(1730321338.112:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10551 comm="syz.5.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f290b77e719 code=0x7ffc0000
[  414.678952][   T29] audit: type=1326 audit(1730321338.122:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10551 comm="syz.5.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f290b77e719 code=0x7ffc0000
[  415.097927][   T29] audit: type=1326 audit(1730321338.132:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10551 comm="syz.5.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f290b77e719 code=0x7ffc0000
[  415.349101][   T29] audit: type=1326 audit(1730321338.392:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10551 comm="syz.5.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f290b77e719 code=0x7ffc0000
[  415.371557][   T29] audit: type=1326 audit(1730321338.392:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10551 comm="syz.5.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f290b77e719 code=0x7ffc0000
[  415.844150][T10569] block nbd4: NBD_DISCONNECT
[  416.839527][T10590] syz.4.1259 (10590): drop_caches: 2
[  416.875507][T10592] 
[  416.877877][T10592] ======================================================
[  416.884916][T10592] WARNING: possible circular locking dependency detected
[  416.891946][T10592] 6.12.0-rc5-next-20241030-syzkaller #0 Not tainted
[  416.898539][T10592] ------------------------------------------------------
[  416.905558][T10592] syz.3.1258/10592 is trying to acquire lock:
[  416.911631][T10592] ffff8880217b29e0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaa/0x120
[  416.920522][T10592] 
[  416.920522][T10592] but task is already holding lock:
[  416.927965][T10592] ffff888142b3d680 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xb0/0x1e0
[  416.937286][T10592] 
[  416.937286][T10592] which lock already depends on the new lock.
[  416.937286][T10592] 
[  416.947690][T10592] 
[  416.947690][T10592] the existing dependency chain (in reverse order) is:
[  416.956778][T10592] 
[  416.956778][T10592] -> #3 (&q->debugfs_mutex){+.+.}-{4:4}:
[  416.964591][T10592]        lock_acquire+0x1ed/0x550
[  416.969616][T10592]        __mutex_lock+0x1ac/0xee0
[  416.974652][T10592]        blk_mq_init_sched+0x3fa/0x830
[  416.980215][T10592]        elevator_init_mq+0x1d8/0x2d0
[  416.985587][T10592]        add_disk_fwnode+0x10d/0xf80
[  416.990866][T10592]        sd_probe+0xba6/0x1100
[  416.995624][T10592]        really_probe+0x2b8/0xad0
[  417.000665][T10592]        __driver_probe_device+0x1a2/0x390
[  417.006466][T10592]        driver_probe_device+0x50/0x430
[  417.012004][T10592]        __device_attach_driver+0x2d6/0x530
[  417.017889][T10592]        bus_for_each_drv+0x24e/0x2e0
[  417.023248][T10592]        __device_attach_async_helper+0x22d/0x300
[  417.029656][T10592]        async_run_entry_fn+0xa8/0x420
[  417.035113][T10592]        process_scheduled_works+0xa63/0x1850
[  417.041186][T10592]        worker_thread+0x870/0xd30
[  417.046639][T10592]        kthread+0x2f0/0x390
[  417.051218][T10592]        ret_from_fork+0x4b/0x80
[  417.056146][T10592]        ret_from_fork_asm+0x1a/0x30
[  417.061431][T10592] 
[  417.061431][T10592] -> #2 (&q->q_usage_counter(io)#66){++++}-{0:0}:
[  417.070033][T10592]        lock_acquire+0x1ed/0x550
[  417.075050][T10592]        blk_mq_submit_bio+0x1510/0x2490
[  417.080673][T10592]        __submit_bio+0x2c2/0x560
[  417.085693][T10592]        submit_bio_noacct_nocheck+0x4d3/0xe30
[  417.091850][T10592]        ext4_bio_write_folio+0x123a/0x1d70
[  417.097734][T10592]        mpage_submit_folio+0x1af/0x230
[  417.103297][T10592]        ext4_do_writepages+0x1d1d/0x3d20
[  417.109028][T10592]        ext4_writepages+0x213/0x3c0
[  417.114318][T10592]        do_writepages+0x35d/0x870
[  417.119438][T10592]        __writeback_single_inode+0x14f/0x10d0
[  417.125589][T10592]        writeback_sb_inodes+0x80c/0x1370
[  417.131312][T10592]        __writeback_inodes_wb+0x11b/0x260
[  417.137132][T10592]        wb_writeback+0x42f/0xbd0
[  417.142246][T10592]        wb_workfn+0xba1/0x1090
[  417.147089][T10592]        process_scheduled_works+0xa63/0x1850
[  417.153238][T10592]        worker_thread+0x870/0xd30
[  417.158350][T10592]        kthread+0x2f0/0x390
[  417.163027][T10592]        ret_from_fork+0x4b/0x80
[  417.167969][T10592]        ret_from_fork_asm+0x1a/0x30
[  417.173259][T10592] 
[  417.173259][T10592] -> #1 (jbd2_handle){++++}-{0:0}:
[  417.180555][T10592]        lock_acquire+0x1ed/0x550
[  417.185578][T10592]        start_this_handle+0x1eb4/0x2110
[  417.191208][T10592]        jbd2__journal_start+0x2da/0x5d0
[  417.196834][T10592]        __ext4_journal_start_sb+0x239/0x600
[  417.202804][T10592]        ext4_dirty_inode+0x92/0x110
[  417.208086][T10592]        __mark_inode_dirty+0x2ee/0xe90
[  417.213629][T10592]        touch_atime+0x413/0x690
[  417.218568][T10592]        ext4_file_mmap+0x18c/0x540
[  417.223763][T10592]        __mmap_region+0x2204/0x2cd0
[  417.229055][T10592]        mmap_region+0x226/0x2c0
[  417.233996][T10592]        do_mmap+0x8f0/0x1000
[  417.238667][T10592]        vm_mmap_pgoff+0x214/0x430
[  417.243838][T10592]        ksys_mmap_pgoff+0x4eb/0x720
[  417.249238][T10592]        do_syscall_64+0xf3/0x230
[  417.254267][T10592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.260689][T10592] 
[  417.260689][T10592] -> #0 (&mm->mmap_lock){++++}-{4:4}:
[  417.268245][T10592]        validate_chain+0x18ef/0x5920
[  417.273612][T10592]        __lock_acquire+0x1397/0x2100
[  417.278982][T10592]        lock_acquire+0x1ed/0x550
[  417.284007][T10592]        __might_fault+0xc6/0x120
[  417.289024][T10592]        _copy_from_user+0x2c/0xe0
[  417.294301][T10592]        blk_trace_setup+0xd2/0x1e0
[  417.299493][T10592]        sg_ioctl+0xa46/0x2e80
[  417.304248][T10592]        __se_sys_ioctl+0xf9/0x170
[  417.309353][T10592]        do_syscall_64+0xf3/0x230
[  417.314455][T10592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.320863][T10592] 
[  417.320863][T10592] other info that might help us debug this:
[  417.320863][T10592] 
[  417.331078][T10592] Chain exists of:
[  417.331078][T10592]   &mm->mmap_lock --> &q->q_usage_counter(io)#66 --> &q->debugfs_mutex
[  417.331078][T10592] 
[  417.345164][T10592]  Possible unsafe locking scenario:
[  417.345164][T10592] 
[  417.352604][T10592]        CPU0                    CPU1
[  417.357958][T10592]        ----                    ----
[  417.363316][T10592]   lock(&q->debugfs_mutex);
[  417.367898][T10592]                                lock(&q->q_usage_counter(io)#66);
[  417.375785][T10592]                                lock(&q->debugfs_mutex);
[  417.382892][T10592]   rlock(&mm->mmap_lock);
[  417.387299][T10592] 
[  417.387299][T10592]  *** DEADLOCK ***
[  417.387299][T10592] 
[  417.395449][T10592] 1 lock held by syz.3.1258/10592:
[  417.400545][T10592]  #0: ffff888142b3d680 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xb0/0x1e0
[  417.410293][T10592] 
[  417.410293][T10592] stack backtrace:
[  417.416179][T10592] CPU: 0 UID: 0 PID: 10592 Comm: syz.3.1258 Not tainted 6.12.0-rc5-next-20241030-syzkaller #0
[  417.426411][T10592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  417.436462][T10592] Call Trace:
[  417.439735][T10592]  <TASK>
[  417.442676][T10592]  dump_stack_lvl+0x241/0x360
[  417.447417][T10592]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.452615][T10592]  ? __pfx__printk+0x10/0x10
[  417.457212][T10592]  print_circular_bug+0x13a/0x1b0
[  417.462236][T10592]  check_noncircular+0x36a/0x4a0
[  417.467169][T10592]  ? __pfx_check_noncircular+0x10/0x10
[  417.472630][T10592]  ? lockdep_lock+0x123/0x2b0
[  417.477308][T10592]  validate_chain+0x18ef/0x5920
[  417.482150][T10592]  ? __pfx_lock_release+0x10/0x10
[  417.487193][T10592]  ? 0xffffffffa0003b40
[  417.491348][T10592]  ? __pfx_validate_chain+0x10/0x10
[  417.496538][T10592]  ? kernel_text_address+0xa7/0xe0
[  417.501682][T10592]  ? __kernel_text_address+0xd/0x40
[  417.506895][T10592]  ? mark_lock+0x9a/0x360
[  417.511225][T10592]  ? __lock_acquire+0x1397/0x2100
[  417.516248][T10592]  ? mark_lock+0x9a/0x360
[  417.520568][T10592]  __lock_acquire+0x1397/0x2100
[  417.525422][T10592]  lock_acquire+0x1ed/0x550
[  417.530033][T10592]  ? __might_fault+0xaa/0x120
[  417.534827][T10592]  ? __pfx_lock_acquire+0x10/0x10
[  417.539876][T10592]  ? __pfx___might_resched+0x10/0x10
[  417.545167][T10592]  ? blk_trace_setup+0xb0/0x1e0
[  417.550032][T10592]  ? __pfx___mutex_lock+0x10/0x10
[  417.555055][T10592]  ? __pfx_lock_release+0x10/0x10
[  417.560071][T10592]  ? __might_fault+0xaa/0x120
[  417.564743][T10592]  __might_fault+0xc6/0x120
[  417.569239][T10592]  ? __might_fault+0xaa/0x120
[  417.573908][T10592]  _copy_from_user+0x2c/0xe0
[  417.578585][T10592]  blk_trace_setup+0xd2/0x1e0
[  417.583263][T10592]  ? __pfx_blk_trace_setup+0x10/0x10
[  417.588565][T10592]  sg_ioctl+0xa46/0x2e80
[  417.592825][T10592]  ? __pfx_sg_ioctl+0x10/0x10
[  417.597514][T10592]  ? __fget_files+0x29/0x470
[  417.602106][T10592]  ? __fget_files+0x3f3/0x470
[  417.606784][T10592]  ? __pfx_sg_ioctl+0x10/0x10
[  417.611460][T10592]  __se_sys_ioctl+0xf9/0x170
[  417.616049][T10592]  do_syscall_64+0xf3/0x230
[  417.620550][T10592]  ? clear_bhb_loop+0x35/0x90
[  417.625215][T10592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.631114][T10592] RIP: 0033:0x7f7663f7e719
[  417.635521][T10592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.655220][T10592] RSP: 002b:00007f7664d12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  417.663726][T10592] RAX: ffffffffffffffda RBX: 00007f7664136058 RCX: 00007f7663f7e719
[  417.671698][T10592] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000007
[  417.679758][T10592] RBP: 00007f7663ff132e R08: 0000000000000000 R09: 0000000000000000
[  417.687722][T10592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  417.695691][T10592] R13: 0000000000000000 R14: 00007f7664136058 R15: 00007ffd57ecf498
[  417.703679][T10592]  </TASK>