last executing test programs:

3m58.75460246s ago: executing program 3 (id=34):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4c4c3294abd26aaf3fb0066bad004b000f303c70fae6e2fc0c00f2d130f01f1260f01ca660f3881b4493c000000c4c2459d78ad", 0x3d}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m56.487794839s ago: executing program 3 (id=38):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0x2e, 0x2, 0x7, 0x3}, 'syz0\x00', 0x2})
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xee)
ioctl$UI_DEV_CREATE(r0, 0x5501)
close_range(r0, 0xffffffffffffffff, 0x0)

3m54.24715964s ago: executing program 3 (id=42):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='illinois\x00', 0x9)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000340)="cf1b", 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c)
shutdown(r0, 0x1)

3m53.211277562s ago: executing program 3 (id=44):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x804810, &(0x7f0000000000)={[{@nogrpid}]}, 0x26, 0x75c, &(0x7f0000000c00)="$eJzs3M9rHGUfAPDvTLNJf+R9Ny+84I+DCC20ULpJmkt7arx4KxQKXmtIJiFkkg3ZTe3Ggq1noTYXBUHUs0evQql/gDcpKHgXRGs8iJeV2WxSG3fjtkm6Jf18YLLPMz+e7/ebGZ7sQGYCeGG9XvxIIoYj4kpElNvr04gYbLWORtza3G/j4c3pYkmi2bz6y9YI5e2xkvbniWgdEi9HxP1SxNn3/xm31lhbmMrzbKXdH60vLo/WGmvn5hen5rK5bGl84uLYhYmJC2MT/1rDSz3Weuqti8fufvvm+vp3X9XvvDZwLonJVt3Rrq3HYZ7I5u+kFJM71i8dRLA+SvqdAAAAPSm+5x+JiIHWt9RyHGm1AAAAgMOkOdQEAAAADr0k+p0BAAAAcLC2/g9g69neg3oOtpuf34iIkU7xB1rPEEccjVJEHN9IHnsyIdk8DPbk1u2IuDe58/r7orjCbu1x7LEd/cefkR7c4+jsh3vF/DPZaf5Jt+ef6DD/DGy9O2GPus9/j+If6TL/XekxxtefvlLqGv92xKsDneIn2/GTLvHf7jH+nfUP7nbb1vw84nTHvz/JY7F2eT/E5Ox8vuvrB+7/eebBbvUf7xY/2b3+5R7rf3fjt4Vuc0kR/8zJ3c9/p/jFNfFhO480Iu62P4v++o4YJxe//2a3+mcimk9z/j/rsf4fvxy60eOuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0JJGxHAkaWW7naaVSsSJiPh/HE/zaq1+dra6ujRTbIsYiVI6O59nYxFR3uwnRX+81X7UP7+jPxER//vh2GbQ+TyrTFfzmX4XDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLYTETEcSVqJiDQifi+naaUSMdDDsUPPID8AAABgn4z0OwEAAADgwLn/BwAAgMPvae//k33OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjUrly+XCzNjYc3p4v+zPXG6kL1+rmZrLZQWVydrkxXV5Yrc9XqXJ5VpquLfz92sMN4ebW6PH4xVm+M1rNafbTWWLu2WF1dql+bX5yay65lpWdWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE9iuLUkaSUi0lY7TSuViP9ExEiUktn5PBuLiP9GxINyaajoj/c7aQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPZdrbG2MJXn2YrG89Q41j49z0s+GvvceO+5P7l9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiLWmNtYSrPs5VavzMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgv9KfkogoltPlU8M7tw4mf5RbnxHxzidXP7oxVa+vjBfrf91eX/+4vf58P/IHAACAF8KlJ9l56z596z4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV7XG2sJUnmcre2tcisZaM+myT79rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAns5fAQAA///1GMHr")
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
chdir(&(0x7f0000000240)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x28c41, 0xd828c3d9e725608d)

3m49.377867091s ago: executing program 3 (id=50):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000180)={{@host}, 0x0, 0xffffffffffffffff})

3m47.633606868s ago: executing program 3 (id=54):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000140)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d7, &(0x7f0000000240)="$eJzs3c9vHGcdB+DPrNcbb6iK0yY0QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYUgBQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8Qh6mXRzM6ud+11vE78I4Hnicbv+8477zvfeeedGe86qw3wf+vymTTvp8jlM2/cLcvrawud9bWFI3V1J0mZbyTNXpLiZlI8SBbL+mJoyVC6xccrl9767OH6571Ss16q7acG7WYmCnnMPu7VS+bq/ubGtpyeqP9eX1V4eSHJlTod1Zq0r5ENy0E7Xadw6Lpb3NtN822vd+DZ1386Fb3n5hazydH6yVz9TlDfHRoHF+H+2NVdDgAAAJ5Tn9467AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+VN//39RL406zVyKo2XaTFr9denln0GLE295f1/jAAAAAAAAAICD8fVHeZS7ebFf7hbV3/xPVYXj+aKbfCnv506WcztnczdLWc1qbud8ktmhjlp3l1ZXb58ftCyNb3lhbMsLB3XEAAAAAAAAAPA/6Zdpb/z9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngVFMtVLquV4nWY2jWY26nIv+WeS1mHHuwvFuJX3Dz4OAAAAeCozT9Dmy4/yKHfzYr/cLarX/F+pXi/P5P3czGpWsppOlnO1fg1dvupvrK8tdNbXFm6US1ke7ff7/95VGK26h6mqNG7PJ6st2rmWlWrN2VypgrmaRm/fp5OT/XiG4hryURlT8b3ahJE162Etd/b77d5F2BOjb0U0HrNleyO4ZDAi83VsZctjvREoqjdqks0jsePZaY6UZqtepwd7Op/G4J2f4/sw5kfrtDye3+zrmO/WYCQaqUbiQn/2ldfM40ci+cZf//T29c7Nd69fu3Pm2TmkHUxts37znFgYGolXnuuRaO5y+/lqJE4Mypfzo/wkZzKXN3M7K/lplrKa5XTr+qV6Ppc/Zx8/UosjpTd3iqRVn5feOZskprn8sMot5VTV9sWspMitXM1yXq/+Xcj5fDsXczGXhs7wiW3jro6tuuobm6/6/pn+29jgT3+zzpR3t99u3OUWH3fE283OvdK795fjemxoXHuz/uFgq2ND18H80Ci91B+d6bGdP8m9sfnVOlPu41c7PCcO1mw9EuUF1H9K9KN7uTcSzepZtHWe/6FbtkvnZrd7fem9bfq/t6n8Wp2W02rtaztt3Tf+VOytcr68lJn6TjI6O8q6lwd3maG67sZc7tWNPnHLdiequqLoX6k/zq1qAmy9Ulv173Bbe7pQ1b0ytm6hqjs5VDfy+1ZupZOrBzB+ADyJf7w9yM7maKv9r/an7U/av25fb78x84Mj3znyaivTf5/+bnN+6rXGq8Vf8kl+vvH6HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHJ3Pvjw3aVOZ/n2+Exj+6qRTDub12zX85Eq08qmqqL+Qp8J9vVcZGaSjKypvufowMNobw5jS6b7i2w+F/uf6X+J4Phtfldmmltm1LjM4siaP2/t8KNdRlhMdl3sY6aRg93pVMZPgEO8KQEH4tzqjffO3fngw2+t3Fh6Z/md5ZvTFy9emr908fWFc9dWOsvzvZ+HHSWwHzYe+ocdCQAAAAAAAAAAADCpcR8MOPXCTh8amegzHv5nIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAnLp9J836KnJ8/O1+W19cWOuXSz29s2UzSaCTFz5LiQbKY3pLZoe6K/PFBumP28/HKpbc+e7j++UZfzd72SaNOt/f42iT36iVzSabq9CmM9Hflqfsr/tM/hnLAvuh2u4tPFx/sjf8GAAD///yV89E=")
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="201104060000000101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m42.905262161s ago: executing program 32 (id=54):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000140)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d7, &(0x7f0000000240)="$eJzs3c9vHGcdB+DPrNcbb6iK0yY0QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYUgBQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8Qh6mXRzM6ud+11vE78I4Hnicbv+8477zvfeeedGe86qw3wf+vymTTvp8jlM2/cLcvrawud9bWFI3V1J0mZbyTNXpLiZlI8SBbL+mJoyVC6xccrl9767OH6571Ss16q7acG7WYmCnnMPu7VS+bq/ubGtpyeqP9eX1V4eSHJlTod1Zq0r5ENy0E7Xadw6Lpb3NtN822vd+DZ1386Fb3n5hazydH6yVz9TlDfHRoHF+H+2NVdDgAAAJ5Tn9467AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+VN//39RL406zVyKo2XaTFr9denln0GLE295f1/jAAAAAAAAAICD8fVHeZS7ebFf7hbV3/xPVYXj+aKbfCnv506WcztnczdLWc1qbud8ktmhjlp3l1ZXb58ftCyNb3lhbMsLB3XEAAAAAAAAAPA/6Zdpb/z9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngVFMtVLquV4nWY2jWY26nIv+WeS1mHHuwvFuJX3Dz4OAAAAeCozT9Dmy4/yKHfzYr/cLarX/F+pXi/P5P3czGpWsppOlnO1fg1dvupvrK8tdNbXFm6US1ke7ff7/95VGK26h6mqNG7PJ6st2rmWlWrN2VypgrmaRm/fp5OT/XiG4hryURlT8b3ahJE162Etd/b77d5F2BOjb0U0HrNleyO4ZDAi83VsZctjvREoqjdqks0jsePZaY6UZqtepwd7Op/G4J2f4/sw5kfrtDye3+zrmO/WYCQaqUbiQn/2ldfM40ci+cZf//T29c7Nd69fu3Pm2TmkHUxts37znFgYGolXnuuRaO5y+/lqJE4Mypfzo/wkZzKXN3M7K/lplrKa5XTr+qV6Ppc/Zx8/UosjpTd3iqRVn5feOZskprn8sMot5VTV9sWspMitXM1yXq/+Xcj5fDsXczGXhs7wiW3jro6tuuobm6/6/pn+29jgT3+zzpR3t99u3OUWH3fE283OvdK795fjemxoXHuz/uFgq2ND18H80Ci91B+d6bGdP8m9sfnVOlPu41c7PCcO1mw9EuUF1H9K9KN7uTcSzepZtHWe/6FbtkvnZrd7fem9bfq/t6n8Wp2W02rtaztt3Tf+VOytcr68lJn6TjI6O8q6lwd3maG67sZc7tWNPnHLdiequqLoX6k/zq1qAmy9Ulv173Bbe7pQ1b0ytm6hqjs5VDfy+1ZupZOrBzB+ADyJf7w9yM7maKv9r/an7U/av25fb78x84Mj3znyaivTf5/+bnN+6rXGq8Vf8kl+vvH6HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHJ3Pvjw3aVOZ/n2+Exj+6qRTDub12zX85Eq08qmqqL+Qp8J9vVcZGaSjKypvufowMNobw5jS6b7i2w+F/uf6X+J4Phtfldmmltm1LjM4siaP2/t8KNdRlhMdl3sY6aRg93pVMZPgEO8KQEH4tzqjffO3fngw2+t3Fh6Z/md5ZvTFy9emr908fWFc9dWOsvzvZ+HHSWwHzYe+ocdCQAAAAAAAAAAADCpcR8MOPXCTh8amegzHv5nIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAnLp9J836KnJ8/O1+W19cWOuXSz29s2UzSaCTFz5LiQbKY3pLZoe6K/PFBumP28/HKpbc+e7j++UZfzd72SaNOt/f42iT36iVzSabq9CmM9Hflqfsr/tM/hnLAvuh2u4tPFx/sjf8GAAD///yV89E=")
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="201104060000000101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m7.208656942s ago: executing program 4 (id=126):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000480)=""/170, 0xaa}], 0x1, 0x9, 0x0)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000200)={0x0, 0x6, 0x13, 0x1})

3m6.305075745s ago: executing program 4 (id=128):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006400000002509"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050000000000000000f22d"], 0x1c}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)

2m21.250632202s ago: executing program 4 (id=128):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006400000002509"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050000000000000000f22d"], 0x1c}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)

1m42.267408437s ago: executing program 4 (id=128):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006400000002509"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050000000000000000f22d"], 0x1c}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)

1m32.42044699s ago: executing program 5 (id=318):
unshare(0x22020400)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = epoll_create(0x3)
epoll_pwait2(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

1m31.616983727s ago: executing program 5 (id=321):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r1)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000045c0)={0x38, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x38}}, 0x0)

1m30.705255279s ago: executing program 5 (id=324):
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x1, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0xb00, 0x0, 0x5, 0x0, 0x0)

1m29.891339317s ago: executing program 5 (id=328):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00')

1m29.042757353s ago: executing program 5 (id=329):
r0 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x1885, 0x0, 0x2}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0xb516, 0xc2de, 0x8, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x5, &(0x7f0000000080)="d1d2e7ce393d27ef0de09bb9b12f4059f3654b8d09ce", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r2 = io_uring_setup(0x67bb, &(0x7f0000000280))
io_uring_enter(r2, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18)

1m28.244591627s ago: executing program 5 (id=332):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezTXrpao/tlO7IYbUXamXTNf9TQ9tOb7XXazU4eXFJDfq9aCJvfY1ULEctPP1Go5cZ4uV/TTfz3ULHDO9p1PRfW5uMZWcSDJZ/x6Q+u7QGF2Eh2NfdzkAAAB4Tn1676gjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdP/f3/Rb006nWmU/S+/3+it61OH0Nze6758FDjAAAAAAAAAIDR+PqTPMlyTvbynaL6m/+5KnM6X3SSL+X9PMhC7udiljOfpSzlfi4nmerraGJ5fmnp/uX1lqXhLa8MbXllVEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgOCiSse6qWk7X60yl0cxGWVaSfyaZOOp496EYtvHh6OMAAACAZzL5FG2+/CRPspyTvXynqF7zf6V6vTyZ93M3S1nMUtpZyM36NXT5qr+xtjrbXludvVMuZX6w3+//e19hTNQ9jFW5YXs+W9Vo5VYWqy0Xc6MK5mYa3X2fT8724umLq89HZUzF92p7jKxZD2u5s99v9y7CgRh8K6KxQ83WRnDJ+ojM1LGVLU91R6Co3qhJNo/ErmenOZCbqnodX9/T5TTW3/k5fQhjfqJel8fzm0Md8/1aH4lGqpG40pt95TWz80gk3/jrn96+3b777u1bDy4cn0Paxdg22zfPidm+kXjluR6J5j7rz1QjcWY9fz0/yk9yIdN5M/ezmJ9mPktZSKcun6/nc/lzaueRmhvIvblbJBP1eemes73ENJ0fVqn5nKvansxiitzLzSzk9erflVzOt3M1V3Ot7wyf2Tbu6tiqq76x+arvnem/DQ3+/DfrRHl3++3GXW5upyPebnYelO69vxzXU33j2p31j9drneq7Dmb6Ruml3uiMD+38ae6Nza/WiXIfv9rlOTFaU/VIlBdQ7ynRi+7l7kg0q2fR1nn+h07ZLu27nc7t+fe26X9lU/61el1Oq9Wv7Va7Z/ipOFjlfHkpk/WdZHB2lGUvr99l+so6G3O5Wzb4xC3bnanKiqJ3pf4496oJsPVKnah/h9va05Wq7JWhZbNV2dm+soHft3Iv7dwcwfgB8DT+8fZ6cionJlr/an3a+qT169bt1huTP3jhOy+8OpHxv49/tzkz9lrj1eIv+SQ/33j9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL0HH3z47ny7vXB/eKKxfdFAopXNW3breVOiqL/QZ3+tjm9iMsnAlup7jkYeRmtzGFsSnV8kIx+f3pcIDq/zuzLR3DKjhiXmBrb8eWuHH+0zwmJv18UhJhoZ7U7HMnwCHOFNCRiJS0t33rv04IMPv7V4Z/6dhXcW7o5fvXpt5trV12cv3VpsL8x0fx51lMBh2HjoH3UkAAAAAAAAAAAAwF4N+2DAuRd3+9DInj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfi+oU0H6bI5ZmLM2V+bXW2XS699EbNZpJGIyl+lhSPkrl0l0z1dVfkj4/SGbKfjxevvfXZ47XPN/pqdusnjXq9vZ1Lk6zUS6aTjNXrZzDQ341n7q/4T+8YygH7otPpzD1bfHAw/hsAAP//msX1EQ==")
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
chmod(&(0x7f0000000180)='./file0\x00', 0x140)
write$binfmt_elf32(r0, &(0x7f0000000c00)=ANY=[@ANYBLOB="7f454c46007d9f04050000000000000003000300155aef2e97000000380000000b030000070000080900200002"], 0x78)
close(r0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

1m24.754569344s ago: executing program 33 (id=332):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezTXrpao/tlO7IYbUXamXTNf9TQ9tOb7XXazU4eXFJDfq9aCJvfY1ULEctPP1Go5cZ4uV/TTfz3ULHDO9p1PRfW5uMZWcSDJZ/x6Q+u7QGF2Eh2NfdzkAAAB4Tn1676gjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdP/f3/Rb006nWmU/S+/3+it61OH0Nze6758FDjAAAAAAAAAIDR+PqTPMlyTvbynaL6m/+5KnM6X3SSL+X9PMhC7udiljOfpSzlfi4nmerraGJ5fmnp/uX1lqXhLa8MbXllVEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgOCiSse6qWk7X60yl0cxGWVaSfyaZOOp496EYtvHh6OMAAACAZzL5FG2+/CRPspyTvXynqF7zf6V6vTyZ93M3S1nMUtpZyM36NXT5qr+xtjrbXludvVMuZX6w3+//e19hTNQ9jFW5YXs+W9Vo5VYWqy0Xc6MK5mYa3X2fT8724umLq89HZUzF92p7jKxZD2u5s99v9y7CgRh8K6KxQ83WRnDJ+ojM1LGVLU91R6Co3qhJNo/ErmenOZCbqnodX9/T5TTW3/k5fQhjfqJel8fzm0Md8/1aH4lGqpG40pt95TWz80gk3/jrn96+3b777u1bDy4cn0Paxdg22zfPidm+kXjluR6J5j7rz1QjcWY9fz0/yk9yIdN5M/ezmJ9mPktZSKcun6/nc/lzaueRmhvIvblbJBP1eemes73ENJ0fVqn5nKvansxiitzLzSzk9erflVzOt3M1V3Ot7wyf2Tbu6tiqq76x+arvnem/DQ3+/DfrRHl3++3GXW5upyPebnYelO69vxzXU33j2p31j9drneq7Dmb6Ruml3uiMD+38ae6Nza/WiXIfv9rlOTFaU/VIlBdQ7ynRi+7l7kg0q2fR1nn+h07ZLu27nc7t+fe26X9lU/61el1Oq9Wv7Va7Z/ipOFjlfHkpk/WdZHB2lGUvr99l+so6G3O5Wzb4xC3bnanKiqJ3pf4496oJsPVKnah/h9va05Wq7JWhZbNV2dm+soHft3Iv7dwcwfgB8DT+8fZ6cionJlr/an3a+qT169bt1huTP3jhOy+8OpHxv49/tzkz9lrj1eIv+SQ/33j9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL0HH3z47ny7vXB/eKKxfdFAopXNW3breVOiqL/QZ3+tjm9iMsnAlup7jkYeRmtzGFsSnV8kIx+f3pcIDq/zuzLR3DKjhiXmBrb8eWuHH+0zwmJv18UhJhoZ7U7HMnwCHOFNCRiJS0t33rv04IMPv7V4Z/6dhXcW7o5fvXpt5trV12cv3VpsL8x0fx51lMBh2HjoH3UkAAAAAAAAAAAAwF4N+2DAuRd3+9DInj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfi+oU0H6bI5ZmLM2V+bXW2XS699EbNZpJGIyl+lhSPkrl0l0z1dVfkj4/SGbKfjxevvfXZ47XPN/pqdusnjXq9vZ1Lk6zUS6aTjNXrZzDQ341n7q/4T+8YygH7otPpzD1bfHAw/hsAAP//msX1EQ==")
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
chmod(&(0x7f0000000180)='./file0\x00', 0x140)
write$binfmt_elf32(r0, &(0x7f0000000c00)=ANY=[@ANYBLOB="7f454c46007d9f04050000000000000003000300155aef2e97000000380000000b030000070000080900200002"], 0x78)
close(r0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

1m1.864765212s ago: executing program 4 (id=128):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006400000002509"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050000000000000000f22d"], 0x1c}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)

35.790299999s ago: executing program 6 (id=416):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0xfb, 0x4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)

35.028236067s ago: executing program 6 (id=419):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x2, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)

30.964925619s ago: executing program 6 (id=428):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'sit0\x00', <r2=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x100, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x1, r2, 0x36}, 0x10)

29.69643186s ago: executing program 6 (id=431):
r0 = socket(0x2, 0x3, 0x6)
bind$inet(r0, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000240)="490000800081a8fba96f00ef95da0c9f0f09d841", 0x14, 0x4840, &(0x7f0000002400)={0x2, 0x4e20, @multicast2}, 0x10)
syz_extract_tcp_res(&(0x7f0000000380), 0x0, 0x10000)

28.991165245s ago: executing program 6 (id=434):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x105042, 0x1f9)
read$FUSE(r0, &(0x7f0000000d80)={0x2020}, 0x2020)

28.473872126s ago: executing program 4 (id=128):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000064000000060a010400000000000000000100000008000b40000000003c00048038000180080001006e6174002c00028008000540000000000800014000000000080006400000000d08000240ffff000a080006400000002509"], 0xd8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050000000000000000f22d"], 0x1c}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0)

24.572541017s ago: executing program 6 (id=440):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000040000000800000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r2}, &(0x7f0000000080), &(0x7f00000000c0)=r1}, 0x20)

23.460522872s ago: executing program 34 (id=440):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000040000000800000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r2}, &(0x7f0000000080), &(0x7f00000000c0)=r1}, 0x20)

11.312262919s ago: executing program 1 (id=466):
ioctl$HIDIOCGFEATURE(0xffffffffffffffff, 0xc0404807, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204c08, &(0x7f0000000300)={[{@acl}, {@clear_cache}, {@flushoncommit}, {@skip_balance}, {@noautodefrag}, {@ssd_spread}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000c40)={0xa, 0x0, {0x1d8, @usage=0x3, 0x0, 0x0, 0x8001, 0x3, 0x0, 0x1, 0x0, @usage=0x9, 0x4000, 0x0, [0x0, 0x0, 0x5, 0x0, 0x80000000]}, {0x80000000, @usage=0x40, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, @struct={0x0, 0xe1ba}, 0xd92, 0x20000000, [0x0, 0x0, 0x5, 0x0, 0x0, 0x9]}, {0x39cf, @struct={0xbffffd}, 0x0, 0x81d3, 0x8, 0xfffffffffffffffe, 0x0, 0x0, 0xa7, @struct={0x2, 0x90000000}, 0x3, 0x4, [0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000, 0x3]}, {0x0, 0xfffffffffffffffc}})

8.945594295s ago: executing program 1 (id=469):
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x1, @dev, 0x4}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r0 = socket$xdp(0x2c, 0x3, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x201000, 0x1000}, 0x1c)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

8.043487435s ago: executing program 2 (id=471):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000000380)='\a', 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001880)=""/246, 0xf6}, 0x2}], 0x1, 0x12141, 0x0)

7.447309978s ago: executing program 2 (id=474):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x84\x14n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\x00\x00', 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000b00), 0x91)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
splice(r1, 0x0, r0, &(0x7f0000000140)=0x8008, 0x4, 0x0)

6.769035215s ago: executing program 2 (id=476):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0xc0}]}, &(0x7f0000001680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000001c0)="9e36d449b388dd965f7ade1a96dd", 0x0, 0x10700, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.542458608s ago: executing program 1 (id=477):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10)
io_setup(0x3, &(0x7f0000000340))

5.929473978s ago: executing program 0 (id=478):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffffff, 0x2, 0xe1db, 0x1101, 0xff})
r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x9c0e, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2df0, 0x0, 0x0, 0x0, 0x0)

5.194903788s ago: executing program 1 (id=479):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000180008"], 0x7}, 0x1, 0x0, 0x0, 0x44040}, 0x6080)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

5.040034534s ago: executing program 0 (id=480):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESOCT=r1])

4.973488443s ago: executing program 2 (id=481):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000000580)={[], 0xf000}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x200, 0x105)

4.337314361s ago: executing program 1 (id=482):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@discard}, {@abort}, {@dioread_lock}, {@norecovery}, {@nombcache}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}, {@resuid}, {@init_itable_val}, {@jqfmt_vfsv1}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000040)='./bus\x00', 0x1c7c42, 0x18c)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file1\x00', 0x2)

3.443410043s ago: executing program 0 (id=483):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ppoll(&(0x7f0000000000)=[{r0, 0x2030}], 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, &(0x7f00000005c0)={0x8, 0x70, 0x80000, {r0}}, 0x20)

3.177097492s ago: executing program 2 (id=484):
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020000)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x920421, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf}, 0x20)

2.746395327s ago: executing program 1 (id=485):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
epoll_pwait(r1, 0x0, 0x0, 0x10001, &(0x7f0000000180)={[0xffffffffe277652b]}, 0x8)

2.689509776s ago: executing program 0 (id=486):
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
close(r0)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020)

2.474167076s ago: executing program 2 (id=487):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x141, 0x80, 0x73, 0x98, 0x20, 0x2eca, 0xc101, 0x7df, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x10, 0x0, [{{0x9, 0x4, 0xf2, 0x4, 0x2, 0xff, 0xf0, 0x12, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x12, 0x4, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0xfe, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000500)={0x14, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000200)=ANY=[], 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001380)={0x84, &(0x7f0000000e40)={0x0, 0x11, 0x3, "d51f7a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.538234342s ago: executing program 0 (id=488):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c8540ec28c519", '\x00', "b200"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x4, &(0x7f0000000000)=@ccm_128={{0x303}, "a89b05ebc671ec5a", "80cecc3ee027ee88efb6663ea7cc309a", "31b4c9cc", "bb3ab446dad41233"}, 0x28)

0s ago: executing program 0 (id=489):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x820061, &(0x7f0000000200)={[{@uid={'uid', 0x3d, 0xee00}}]})
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
pread64(r0, &(0x7f0000001b80)=""/4084, 0xff4, 0x0)

kernel console output (not intermixed with test programs):

7ec7d4412cf
[  369.968563][ T6527] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm
[  369.978080][ T6527] BTRFS info (device loop1): disk space caching is enabled
[  369.985780][ T6527] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  370.023875][ T6514] chnl_net:caif_netlink_parms(): no params data found
[  370.471444][ T6552] kernel read not supported for file /file1 (pid: 6552 comm: syz.0.141)
[  370.482663][   T30] audit: type=1800 audit(1747873025.662:17): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.141" name="file1" dev="mqueue" ino=7949 res=0 errno=0
[  370.641330][ T6527] BTRFS info (device loop1): rebuilding free space tree
[  370.682585][ T6527] BTRFS info (device loop1): disabling free space tree
[  370.690057][ T6527] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  370.700300][ T6527] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  371.318267][ T5795] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  371.329622][ T6559] mmap: syz.2.142 (6559) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  371.753037][ T5798] Bluetooth: hci4: command tx timeout
[  372.766372][ T6514] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.774574][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.783219][ T6514] bridge_slave_0: entered allmulticast mode
[  372.793309][ T6514] bridge_slave_0: entered promiscuous mode
[  372.934157][ T6514] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.942232][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.950061][ T6514] bridge_slave_1: entered allmulticast mode
[  372.962166][ T6514] bridge_slave_1: entered promiscuous mode
[  373.062314][ T4843] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  373.070571][ T4843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  373.542646][   T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  373.601742][ T6514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.654566][ T3930] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  373.664089][ T3930] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  373.742488][ T6514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  373.778382][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  373.790160][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  373.801328][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  373.815363][   T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  373.824999][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.873715][ T5798] Bluetooth: hci4: command tx timeout
[  373.943495][   T24] usb 2-1: config 0 descriptor??
[  374.494602][ T6514] team0: Port device team_slave_0 added
[  374.516958][   T24] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  374.537919][ T6588] input: syz1 as /devices/virtual/input/input8
[  374.624384][ T6514] team0: Port device team_slave_1 added
[  374.637461][   T24] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  374.873936][   T24] usb 2-1: USB disconnect, device number 3
[  375.544478][ T6514] batman_adv: batadv0: Adding interface: batadv_slave_0
[  375.552091][ T6514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.587482][ T6514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  375.911873][ T5798] Bluetooth: hci4: command tx timeout
[  376.330414][ T6514] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.338082][ T6514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.364750][ T6514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.700049][ T6590] loop2: detected capacity change from 0 to 65536
[  376.841988][ T6590] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  376.921002][ T6591] fido_id[6591]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  377.247630][ T6590] XFS (loop2): Ending clean mount
[  377.371208][ T5017] Bluetooth: hci5: Frame reassembly failed (-84)
[  377.567438][ T6514] hsr_slave_0: entered promiscuous mode
[  377.578495][ T6514] hsr_slave_1: entered promiscuous mode
[  377.588532][ T6514] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  377.597274][ T6514] Cannot create hsr debugfs directory
[  377.638782][ T5794] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  378.604650][ T6616] overlayfs: invalid origin (000000790065762f6d697865720000000000000000000000000000000000000000000000000000000000000000000000)
[  379.454216][ T5803] Bluetooth: hci5: command 0x1003 tx timeout
[  379.470003][ T5798] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  380.139448][ T6630] input: syz1 as /devices/virtual/input/input9
[  380.148015][ T5852] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  380.542229][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.553795][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.564043][ T5852] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  380.573585][ T5852] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.861146][ T5852] usb 3-1: config 0 descriptor??
[  381.253369][ T6632] loop0: detected capacity change from 0 to 32768
[  381.363768][ T6514] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  381.414787][ T6632] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  381.427537][ T6514] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  381.474181][ T6632] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  381.474181][ T6632]   allowing incompatible features above 0.0: (unknown version)
[  381.497485][ T6632] bcachefs (loop0): initializing new filesystem
[  381.517052][ T6632] bcachefs (loop0): going read-write
[  381.563529][ T6632] bcachefs (loop0): marking superblocks
[  381.564538][ T6514] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  381.648677][ T6632] bcachefs (loop0): initializing freespace
[  381.667851][ T6632] bcachefs (loop0): done initializing freespace
[  381.690502][ T6632] bcachefs (loop0): reading snapshots table
[  381.697258][ T6632] bcachefs (loop0): reading snapshots done
[  381.907812][ T6514] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  381.966180][ T6632] bcachefs (loop0): done starting filesystem
[  382.594258][ T6632] syz.0.158 (6632) used greatest stack depth: 960 bytes left
[  382.699385][ T6649] loop5: detected capacity change from 0 to 32768
[  382.782859][ T5804] bcachefs (loop0): shutting down
[  382.788605][ T5804] bcachefs (loop0): going read-only
[  382.792360][ T6649] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.160 (6649)
[  382.795160][ T5804] bcachefs (loop0): finished waiting for writes to stop
[  382.889973][ T6649] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  382.901299][ T6649] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  382.913691][ T6649] BTRFS info (device loop5): using free-space-tree
[  382.929434][ T5852] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #100: -71
[  382.942780][ T5852] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71
[  382.951212][ T5852] uclogic 0003:256C:006D.0003: failed probing pen v1 parameters: -71
[  382.960704][ T5852] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[  382.969174][ T5852] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71
[  383.033629][ T5852] usb 3-1: USB disconnect, device number 4
[  383.156824][ T5804] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  383.392343][ T5804] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  383.445482][ T5804] bcachefs (loop0): clean shutdown complete, journal seq 4
[  383.501427][ T5804] bcachefs (loop0): marking filesystem clean
[  383.748380][ T6220] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  383.809184][ T5804] bcachefs (loop0): shutdown complete
[  384.220249][ T6514] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.449456][ T6142] udevd[6142]: failed to send result of seq 12092 to main daemon: Connection refused
[  384.499096][ T6514] 8021q: adding VLAN 0 to HW filter on device team0
[  384.569246][ T4113] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.577033][ T4113] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.816007][ T4113] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.823777][ T4113] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.166885][ T6687] loop2: detected capacity change from 0 to 128
[  387.720357][ T6695] loop5: detected capacity change from 0 to 32768
[  387.735442][ T6695] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.164 (6695)
[  387.761029][ T6695] BTRFS info (device loop5): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  387.773196][ T6695] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  387.783649][ T6695] BTRFS info (device loop5): using free-space-tree
[  387.996501][ T6514] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.111831][ T6695] BTRFS info (device loop5): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  389.025712][ T6720] loop2: detected capacity change from 0 to 1024
[  390.118104][ T6734] futex_wake_op: syz.1.175 tries to shift op by -1; fix this program
[  390.240236][ T6734] warning: `syz.1.175' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  391.445585][ T6739] sctp: failed to load transform for md5: -2
[  391.815670][ T6514] veth0_vlan: entered promiscuous mode
[  391.960962][ T6514] veth1_vlan: entered promiscuous mode
[  392.223696][   T46] libceph: connect (1)[c::]:6789 error -101
[  392.230261][   T46] libceph: mon0 (1)[c::]:6789 connect error
[  392.299007][ T6514] veth0_macvtap: entered promiscuous mode
[  392.438871][ T6514] veth1_macvtap: entered promiscuous mode
[  392.581058][   T46] libceph: connect (1)[c::]:6789 error -101
[  392.587686][   T46] libceph: mon0 (1)[c::]:6789 connect error
[  392.616986][ T6514] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.718683][ T6772] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  392.725578][ T6772] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  392.734317][ T6772] vhci_hcd vhci_hcd.0: Device attached
[  392.779705][ T6514] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.853020][ T6514] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.862377][ T6514] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  392.871447][ T6514] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  392.884205][ T6514] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  392.934644][ T6759] ceph: No mds server is up or the cluster is laggy
[  392.962810][ T6775] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(6)
[  392.969698][ T6775] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  392.982154][ T6775] vhci_hcd vhci_hcd.0: Device attached
[  393.001983][ T5855] vhci_hcd: vhci_device speed not set
[  393.063026][ T6772] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(5)
[  393.070006][ T6772] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  393.080408][ T6772] vhci_hcd vhci_hcd.0: Device attached
[  393.093529][ T6775] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(8)
[  393.100388][ T6775] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  393.109081][ T6775] vhci_hcd vhci_hcd.0: Device attached
[  393.135164][ T5855] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  393.256434][ T6787] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  393.375898][ T6789] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(10)
[  393.382882][ T6789] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  393.395261][ T6789] vhci_hcd vhci_hcd.0: Device attached
[  393.558103][ T6776] vhci_hcd: connection closed
[  393.561115][ T6773] vhci_hcd: connection reset by peer
[  393.573573][ T6781] vhci_hcd: connection closed
[  393.574186][ T6783] vhci_hcd: connection closed
[  393.574735][ T6790] vhci_hcd: connection closed
[  393.587309][ T1120] vhci_hcd: stop threads
[  393.602439][ T1120] vhci_hcd: release socket
[  393.607144][ T1120] vhci_hcd: disconnect device
[  393.658582][ T1120] vhci_hcd: stop threads
[  393.663405][ T1120] vhci_hcd: release socket
[  393.668285][ T1120] vhci_hcd: disconnect device
[  393.721853][ T1120] vhci_hcd: stop threads
[  393.726384][ T1120] vhci_hcd: release socket
[  393.731183][ T1120] vhci_hcd: disconnect device
[  393.799927][ T1120] vhci_hcd: stop threads
[  393.804841][ T1120] vhci_hcd: release socket
[  393.809784][ T1120] vhci_hcd: disconnect device
[  393.855700][ T1120] vhci_hcd: stop threads
[  393.860258][ T1120] vhci_hcd: release socket
[  393.865534][ T1120] vhci_hcd: disconnect device
[  394.016263][ T6798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.186'.
[  394.025973][ T6798] netlink: 'syz.0.186': attribute type 5 has an invalid length.
[  394.064279][ T6796] loop5: detected capacity change from 0 to 512
[  394.110948][ T6796] EXT4-fs: Ignoring removed nomblk_io_submit option
[  394.134606][ T6798] vxlan2: entered promiscuous mode
[  394.260505][ T6796] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.274486][ T6796] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  394.555965][   T30] audit: type=1800 audit(1747873049.722:18): pid=6796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.187" name="file2" dev="loop5" ino=16 res=0 errno=0
[  394.983685][ T6220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.520954][ T5798] Bluetooth: hci0: command 0x0406 tx timeout
[  395.528975][ T5798] Bluetooth: hci1: command 0x0406 tx timeout
[  395.543565][ T5803] Bluetooth: hci3: command 0x0406 tx timeout
[  395.863955][ T6819] can0: slcan on ttyS3.
[  396.202474][ T6820] can0 (unregistered): slcan off ttyS3.
[  396.229048][ T6814] loop0: detected capacity change from 0 to 32768
[  396.266122][ T6819] can0: slcan on ttyS3.
[  396.429787][ T6814] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  396.482842][ T6814] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  396.482842][ T6814]   allowing incompatible features above 0.0: (unknown version)
[  396.513859][ T6814] bcachefs (loop0): initializing new filesystem
[  396.526365][ T6814] bcachefs (loop0): going read-write
[  396.592348][   T30] audit: type=1326 audit(1747873051.742:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  396.615332][ T6816] can0 (unregistered): slcan off ttyS3.
[  396.621304][   T30] audit: type=1326 audit(1747873051.742:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  396.649756][ T6814] bcachefs (loop0): marking superblocks
[  396.726861][ T6814] bcachefs (loop0): initializing freespace
[  396.745673][ T6814] bcachefs (loop0): done initializing freespace
[  396.772363][ T6814] bcachefs (loop0): reading snapshots table
[  396.778904][ T6814] bcachefs (loop0): reading snapshots done
[  396.876743][   T30] audit: type=1326 audit(1747873051.932:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  396.905390][   T30] audit: type=1326 audit(1747873052.092:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  396.929166][   T30] audit: type=1326 audit(1747873052.092:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  397.036401][ T6814] bcachefs (loop0): done starting filesystem
[  397.117180][   T30] audit: type=1326 audit(1747873052.162:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  397.140633][   T30] audit: type=1326 audit(1747873052.162:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  397.163649][   T30] audit: type=1326 audit(1747873052.162:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  397.188817][   T30] audit: type=1326 audit(1747873052.192:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6822 comm="syz.1.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef99d8e969 code=0x7ffc0000
[  397.478051][ T5804] bcachefs (loop0): shutting down
[  397.485964][ T5804] bcachefs (loop0): going read-only
[  397.491438][ T5804] bcachefs (loop0): finished waiting for writes to stop
[  397.640122][ T5804] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  398.128166][ T5804] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  398.481141][ T6840] loop2: detected capacity change from 0 to 32768
[  398.492190][ T6840] btrfs: Deprecated parameter 'usebackuproot'
[  398.498582][ T6840] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  398.582363][ T6840] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.196 (6840)
[  398.832242][ T5804] bcachefs (loop0): clean shutdown complete, journal seq 4
[  398.911705][ T5804] bcachefs (loop0): marking filesystem clean
[  399.136428][ T6842] loop1: detected capacity change from 0 to 32768
[  399.148012][ T5855] vhci_hcd: vhci_device speed not set
[  399.171784][ T6840] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  399.183123][ T6840] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm
[  399.196444][ T6840] BTRFS info (device loop2): disk space caching is enabled
[  399.206008][ T6840] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  399.273968][ T5804] bcachefs (loop0): shutdown complete
[  399.500123][ T6840] BTRFS info (device loop2): rebuilding free space tree
[  399.545490][ T6840] BTRFS info (device loop2): disabling free space tree
[  399.553030][ T6840] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  399.563258][ T6840] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  399.866228][ T6842] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  399.927806][ T6842] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  399.927806][ T6842]   allowing incompatible features above 0.0: (unknown version)
[  399.955258][ T6842] bcachefs (loop1): initializing new filesystem
[  399.967596][ T6842] bcachefs (loop1): going read-write
[  399.987091][ T6842] bcachefs (loop1): marking superblocks
[  400.060378][ T6842] bcachefs (loop1): initializing freespace
[  400.079188][ T6842] bcachefs (loop1): done initializing freespace
[  400.101771][ T6842] bcachefs (loop1): reading snapshots table
[  400.108401][ T6842] bcachefs (loop1): reading snapshots done
[  400.207870][ T6842] bcachefs (loop1): done starting filesystem
[  400.586455][ T5794] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  401.638440][ T6842] syz.1.198 (6842) used greatest stack depth: 240 bytes left
[  401.806525][ T6878] loop5: detected capacity change from 0 to 32768
[  401.821820][ T5795] bcachefs (loop1): shutting down
[  401.827229][ T5795] bcachefs (loop1): going read-only
[  401.833187][ T5795] bcachefs (loop1): finished waiting for writes to stop
[  401.923932][ T5795] bcachefs (loop1): flushing journal and stopping allocators, journal seq 4
[  402.056758][ T6878] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  402.068763][ T6878] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open
[  402.078767][ T6878] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete
[  402.448380][ T5795] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[  402.585260][ T5795] bcachefs (loop1): clean shutdown complete, journal seq 5
[  402.627194][ T6878] bcachefs: bch2_fs_get_tree() error: EINVAL
[  402.687977][ T5795] bcachefs (loop1): marking filesystem clean
[  403.110105][ T5795] bcachefs (loop1): shutdown complete
[  405.835281][ T3930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.844386][ T3930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.200290][ T3930] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.208871][ T3930] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.662354][ T6921] loop0: detected capacity change from 0 to 512
[  406.777316][ T6921] EXT4-fs error (device loop0): ext4_iget_extra_inode:4693: inode #15: comm syz.0.197: corrupted in-inode xattr: invalid ea_ino
[  406.884629][ T6921] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.197: couldn't read orphan inode 15 (err -117)
[  406.922363][ T6921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  407.187391][ T3540] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.406313][ T3540] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.582958][ T3540] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.606036][ T5804] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.852949][ T3540] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.353424][ T3540] bridge_slave_1: left allmulticast mode
[  408.359413][ T3540] bridge_slave_1: left promiscuous mode
[  408.366601][ T3540] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.399717][ T3540] bridge_slave_0: left allmulticast mode
[  408.406425][ T3540] bridge_slave_0: left promiscuous mode
[  408.413353][ T3540] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.122727][ T3540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  409.153844][ T3540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  409.157839][ T6935] loop1: detected capacity change from 0 to 2048
[  409.182979][ T3540] bond0 (unregistering): Released all slaves
[  409.224628][ T6935] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  409.854637][ T3540] hsr_slave_0: left promiscuous mode
[  409.902137][ T3540] hsr_slave_1: left promiscuous mode
[  409.910709][ T3540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  409.918850][ T3540] batman_adv: batadv0: Removing interface: batadv_slave_0
[  409.935444][ T3540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  409.943871][ T3540] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.006568][ T3540] veth1_macvtap: left promiscuous mode
[  410.014374][ T3540] veth0_macvtap: left promiscuous mode
[  410.020440][ T3540] veth1_vlan: left promiscuous mode
[  410.026277][ T3540] veth0_vlan: left promiscuous mode
[  411.070479][ T3540] team0 (unregistering): Port device team_slave_1 removed
[  411.078824][ T6945] netlink: 44 bytes leftover after parsing attributes in process `syz.1.212'.
[  411.233422][ T3540] team0 (unregistering): Port device team_slave_0 removed
[  412.366682][ T5808] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  412.396166][ T5808] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  412.411843][ T5808] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  412.427338][ T6957] loop2: detected capacity change from 0 to 512
[  412.441740][ T5808] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  412.455530][ T5808] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  412.775450][ T6957] fscrypt (loop2, inode 2): Error -61 getting encryption context
[  412.813033][ T6957] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61
[  412.881301][ T6957] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945729 > max in inode 13
[  412.892828][ T6957] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945730 > max in inode 13
[  413.035706][ T6957] EXT4-fs (loop2): 1 truncate cleaned up
[  413.044397][ T6957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  413.579569][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.735619][ T6977] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  413.971583][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  413.978570][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  414.498765][ T6986] loop0: detected capacity change from 0 to 2048
[  414.555028][ T5796] Bluetooth: hci4: command tx timeout
[  414.584932][ T6960] chnl_net:caif_netlink_parms(): no params data found
[  414.654753][ T6991] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  414.797163][ T6992] loop5: detected capacity change from 0 to 512
[  415.050649][ T6992] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  415.066225][ T6992] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  415.164044][ T5808] block nbd2: Receive control failed (result -32)
[  415.164720][ T6989] block nbd2: shutting down sockets
[  415.564030][ T7005] netlink: 'syz.1.229': attribute type 3 has an invalid length.
[  415.572747][ T7005] netlink: 'syz.1.229': attribute type 3 has an invalid length.
[  415.936662][ T6220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.988563][ T6960] bridge0: port 1(bridge_slave_0) entered blocking state
[  416.006174][ T6960] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.019469][ T6960] bridge_slave_0: entered allmulticast mode
[  416.030074][ T7011] loop2: detected capacity change from 0 to 256
[  416.031026][ T6960] bridge_slave_0: entered promiscuous mode
[  416.143419][ T6960] bridge0: port 2(bridge_slave_1) entered blocking state
[  416.151106][ T6960] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.159564][ T6960] bridge_slave_1: entered allmulticast mode
[  416.170345][ T6960] bridge_slave_1: entered promiscuous mode
[  416.190950][ T7011] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[  416.419322][ T6960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  416.480235][ T7014] ip6gre1: entered allmulticast mode
[  416.547687][ T6960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  416.633827][ T5808] Bluetooth: hci4: command tx timeout
[  417.022595][ T6960] team0: Port device team_slave_0 added
[  417.072649][ T6960] team0: Port device team_slave_1 added
[  417.483167][ T6960] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.490418][ T6960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.517553][ T6960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  417.711182][ T6960] batman_adv: batadv0: Adding interface: batadv_slave_1
[  417.718786][ T6960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.746021][ T6960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  418.423738][ T6960] hsr_slave_0: entered promiscuous mode
[  418.434638][ T6960] hsr_slave_1: entered promiscuous mode
[  418.444023][ T6960] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  418.452001][ T6960] Cannot create hsr debugfs directory
[  418.712374][ T5808] Bluetooth: hci4: command tx timeout
[  418.936282][ T7044] loop0: detected capacity change from 0 to 164
[  418.996633][ T7044] rock: directory entry would overflow storage
[  419.004491][ T7044] rock: sig=0x4543, size=28, remaining=18
[  420.866681][ T5808] Bluetooth: hci4: command tx timeout
[  421.110052][ T7062] loop5: detected capacity change from 0 to 32768
[  421.121255][ T7066] loop0: detected capacity change from 0 to 256
[  421.352452][ T6960] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  421.465981][ T6960] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  421.504562][ T6960] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  421.513901][ T7062] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  421.543555][ T6960] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  421.593870][ T7062] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  421.593870][ T7062]   allowing incompatible features above 0.0: (unknown version)
[  421.616775][ T7062] bcachefs (loop5): initializing new filesystem
[  421.629188][ T7062] bcachefs (loop5): going read-write
[  421.669902][ T7062] bcachefs (loop5): marking superblocks
[  421.739577][ T7062] bcachefs (loop5): initializing freespace
[  421.766309][ T7062] bcachefs (loop5): done initializing freespace
[  421.788669][ T7062] bcachefs (loop5): reading snapshots table
[  421.795432][ T7062] bcachefs (loop5): reading snapshots done
[  421.866713][ T7062] bcachefs (loop5):  loop5: Superblock write was silently dropped! (seq 0 expected 42)
[  421.888207][ T7062] bcachefs (loop5): done starting filesystem
[  422.501792][ T6220] bcachefs (loop5): shutting down
[  422.507112][ T6220] bcachefs (loop5): going read-only
[  422.512911][ T6220] bcachefs (loop5): finished waiting for writes to stop
[  422.657737][ T6220] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  422.765051][ T6960] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.130878][ T6220] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  423.154452][ T7089] loop0: detected capacity change from 0 to 2048
[  423.261952][ T6960] 8021q: adding VLAN 0 to HW filter on device team0
[  423.335644][ T7089] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  423.377211][ T6220] bcachefs (loop5): clean shutdown complete, journal seq 4
[  423.433276][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.441143][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.456320][ T6220] bcachefs (loop5): marking filesystem clean
[  423.672060][ T7097] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  423.746922][ T7090] loop1: detected capacity change from 0 to 32768
[  423.769781][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.777593][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.840727][ T6220] bcachefs (loop5): shutdown complete
[  423.934656][ T7090] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  424.350263][ T7090] XFS (loop1): Ending clean mount
[  424.556664][ T5795] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  425.115398][   T11] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  425.318823][   T11] usb 3-1: Using ep0 maxpacket: 32
[  425.396511][   T11] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  425.408621][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  425.419962][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  425.430281][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  425.443801][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  425.613868][   T11] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  425.623886][   T11] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.632463][   T11] usb 3-1: Product: syz
[  425.637009][   T11] usb 3-1: Manufacturer: syz
[  425.644414][   T11] usb 3-1: SerialNumber: syz
[  425.763519][   T11] usb 3-1: config 0 descriptor??
[  426.252932][   T11] iforce 3-1:0.0: usb_submit_urb failed: -32
[  426.262448][   T11] input input10: Device does not respond to id packet M
[  426.302578][   T11] iforce 3-1:0.0: usb_submit_urb failed: -32
[  426.309065][   T11] input input10: Device does not respond to id packet P
[  426.395455][   T11] iforce 3-1:0.0: usb_submit_urb failed: -32
[  426.402073][   T11] input input10: Device does not respond to id packet B
[  426.435250][ T6960] 8021q: adding VLAN 0 to HW filter on device batadv0
[  426.637784][   T11] iforce 3-1:0.0: usb_submit_urb failed: -71
[  426.658331][   T11] iforce 3-1:0.0: usb_submit_urb failed: -71
[  426.717501][ T7121] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  426.725229][ T7121] overlayfs: failed to set xattr on upper
[  426.731205][ T7121] overlayfs: ...falling back to redirect_dir=nofollow.
[  426.738460][ T7121] overlayfs: ...falling back to index=off.
[  426.744632][ T7121] overlayfs: ...falling back to uuid=null.
[  426.750904][ T7121] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  426.763782][   T11] iforce 3-1:0.0: usb_submit_urb failed: -71
[  426.811339][   T11] iforce 3-1:0.0: usb_submit_urb failed: -71
[  426.822108][   T11] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input10
[  426.977700][   T11] usb 3-1: USB disconnect, device number 5
[  428.072056][   T46] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  428.307632][   T46] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  428.321302][   T46] usb 2-1: config 0 interface 0 has no altsetting 0
[  428.328418][   T46] usb 2-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  428.337966][   T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.483158][   T46] usb 2-1: config 0 descriptor??
[  429.384937][   T46] nintendo 0003:057E:200E.0004: hidraw0: USB HID v81.03 Device [HID 057e:200e] on usb-dummy_hcd.1-1/input0
[  429.508805][   T46] nintendo 0003:057E:200E.0004: Failed charging grip handshake
[  429.519838][   T46] nintendo 0003:057E:200E.0004: Failed to initialize controller; ret=-110
[  429.554525][   T46] nintendo 0003:057E:200E.0004: probe - fail = -110
[  429.562297][   T46] nintendo 0003:057E:200E.0004: probe with driver nintendo failed with error -110
[  429.605074][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  429.611091][   T46] usb 2-1: USB disconnect, device number 4
[  430.047266][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  430.267170][ T7155] netlink: 8 bytes leftover after parsing attributes in process `syz.5.250'.
[  430.506965][ T7155] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.777498][ T7155] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.902188][ T6960] veth0_vlan: entered promiscuous mode
[  430.992363][ T7155] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.227258][ T7155] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.304933][ T5852] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  431.312113][ T6960] veth1_vlan: entered promiscuous mode
[  431.513395][ T5852] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  431.524122][ T5852] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  431.606741][ T5852] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  431.617898][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.626466][ T5852] usb 3-1: Product: syz
[  431.630902][ T5852] usb 3-1: Manufacturer: syz
[  431.635879][ T5852] usb 3-1: SerialNumber: syz
[  431.734125][ T6960] veth0_macvtap: entered promiscuous mode
[  431.857868][ T7155] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  431.901816][ T7155] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  431.978907][ T6960] veth1_macvtap: entered promiscuous mode
[  432.049880][ T7155] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  432.158637][ T7155] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  432.241107][ T5852] usb 3-1: 0:2 : does not exist
[  432.302844][ T6960] batman_adv: batadv0: Interface activated: batadv_slave_0
[  432.343861][ T5852] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  432.490119][ T6960] batman_adv: batadv0: Interface activated: batadv_slave_1
[  432.623486][ T5852] usb 3-1: USB disconnect, device number 6
[  432.665542][ T6960] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  432.675239][ T6960] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  432.684560][ T6960] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  432.693812][ T6960] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  433.533038][ T7184] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  434.968613][ T7204] loop2: detected capacity change from 0 to 256
[  435.209011][ T7195] loop1: detected capacity change from 0 to 4096
[  435.483475][ T7209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.276'.
[  437.354011][ T7234] loop1: detected capacity change from 0 to 128
[  437.430438][ T7234] EXT4-fs: Ignoring removed bh option
[  437.500534][ T7234] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  437.526708][ T7234] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  437.575359][ T7243] loop5: detected capacity change from 0 to 512
[  437.585336][ T7243] EXT4-fs: Ignoring removed orlov option
[  437.717139][ T7243] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #15: comm syz.5.283: pblk 0 bad header/extent: invalid magic - magic 7973, entries 1402, max 27648(0), depth 25964(25964)
[  437.819244][ T7243] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.283: couldn't read orphan inode 15 (err -117)
[  437.923682][ T7243] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  438.212955][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  438.613554][ T6220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.545817][ T7261] netlink: 'syz.2.288': attribute type 3 has an invalid length.
[  439.554299][ T7261] netlink: 'syz.2.288': attribute type 1 has an invalid length.
[  439.562466][ T7261] netlink: 'syz.2.288': attribute type 7 has an invalid length.
[  439.572722][ T7261] netlink: 191172 bytes leftover after parsing attributes in process `syz.2.288'.
[  439.631817][ T7254] loop1: detected capacity change from 0 to 32768
[  439.644629][ T7254] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.285 (7254)
[  439.685854][ T7254] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  439.697272][ T7254] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm
[  439.706791][ T7254] BTRFS info (device loop1): disk space caching is enabled
[  439.714482][ T7254] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  439.928997][ T7260] xt_CT: No such helper "snmp"
[  439.984736][ T7254] BTRFS info (device loop1): rebuilding free space tree
[  440.038164][ T7254] BTRFS info (device loop1): disabling free space tree
[  440.045835][ T7254] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  440.056666][ T7254] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  440.313118][ T5795] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  441.188502][   T11] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  441.421379][   T11] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  441.431258][   T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.608962][   T11] usb 1-1: config 0 descriptor??
[  441.758758][ T7295] loop5: detected capacity change from 0 to 32768
[  443.710442][ T7300] loop2: detected capacity change from 0 to 40427
[  443.745091][ T7300] F2FS-fs (loop2): invalid crc value
[  444.181196][   T11] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[  444.201924][   T11] usb 1-1: USB disconnect, device number 3
[  444.299396][ T7300] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  444.313833][ T1120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  444.322111][ T1120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  444.470627][ T4113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  444.478922][ T4113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  444.610065][ T5794] syz-executor: attempt to access beyond end of device
[  444.610065][ T5794] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  444.624996][ T5794] CPU: 1 UID: 0 PID: 5794 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  444.625165][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  444.625253][ T5794] Call Trace:
[  444.625315][ T5794]  <TASK>
[  444.625370][ T5794]  __dump_stack+0x26/0x30
[  444.625559][ T5794]  dump_stack_lvl+0x1df/0x270
[  444.625757][ T5794]  dump_stack+0x1e/0x25
[  444.625938][ T5794]  f2fs_handle_critical_error+0xa6f/0xc20
[  444.626170][ T5794]  f2fs_stop_checkpoint+0x60/0x70
[  444.626371][ T5794]  f2fs_write_end_io+0xd98/0x1e20
[  444.626609][ T5794]  ? f2fs_write_end_io+0xaa1/0x1e20
[  444.626819][ T5794]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  444.627021][ T5794]  bio_endio+0xe05/0xf60
[  444.627219][ T5794]  submit_bio_noacct+0x214/0x2710
[  444.627472][ T5794]  submit_bio+0x5a9/0x5d0
[  444.627674][ T5794]  f2fs_submit_write_bio+0x92/0x250
[  444.627854][ T5794]  __submit_merged_bio+0x16f/0x6a0
[  444.628038][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  444.628272][ T5794]  __submit_merged_write_cond+0x458/0x9a0
[  444.628476][ T5794]  f2fs_write_data_pages+0x509a/0x58e0
[  444.628672][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  444.628995][ T5794]  ? __update_load_avg_cfs_rq+0xc30/0x1010
[  444.629271][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  444.629497][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  444.629712][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  444.629950][ T5794]  ? __update_load_avg_cfs_rq+0xe9/0x1010
[  444.630144][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  444.630374][ T5794]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  444.630593][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  444.630816][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  444.631046][ T5794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  444.631239][ T5794]  do_writepages+0x448/0xcb0
[  444.631452][ T5794]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  444.631684][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  444.631934][ T5794]  filemap_fdatawrite+0x207/0x260
[  444.632191][ T5794]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[  444.632429][ T5794]  f2fs_write_checkpoint+0xfe2/0x2b00
[  444.632787][ T5794]  kill_f2fs_super+0x2ff/0x970
[  444.633024][ T5794]  ? __pfx_kill_f2fs_super+0x10/0x10
[  444.633230][ T5794]  deactivate_locked_super+0xcb/0x3c0
[  444.633428][ T5794]  deactivate_super+0x12f/0x140
[  444.633614][ T5794]  cleanup_mnt+0x6fb/0x780
[  444.633820][ T5794]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  444.634050][ T5794]  ? __pfx___cleanup_mnt+0x10/0x10
[  444.634266][ T5794]  __cleanup_mnt+0x22/0x30
[  444.634471][ T5794]  task_work_run+0x209/0x2b0
[  444.634637][ T5794]  resume_user_mode_work+0x105/0x160
[  444.634819][ T5794]  syscall_exit_to_user_mode+0x7b/0xb0
[  444.635051][ T5794]  do_syscall_64+0xe6/0x1b0
[  444.635266][ T5794]  ? irqentry_exit+0x16/0x60
[  444.635459][ T5794]  ? clear_bhb_loop+0x40/0x90
[  444.635629][ T5794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.635795][ T5794] RIP: 0033:0x7f88a738fc97
[  444.635910][ T5794] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  444.636050][ T5794] RSP: 002b:00007ffd6e28cf08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  444.636195][ T5794] RAX: 0000000000000000 RBX: 00007f88a741089d RCX: 00007f88a738fc97
[  444.636299][ T5794] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6e28cfc0
[  444.636396][ T5794] RBP: 00007ffd6e28cfc0 R08: 0000000000000000 R09: 0000000000000000
[  444.636501][ T5794] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6e28e050
[  444.636602][ T5794] R13: 00007f88a741089d R14: 000000000006c861 R15: 00007ffd6e28e090
[  444.636745][ T5794]  </TASK>
[  445.010407][ T5794] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  445.171287][ T7310] loop1: detected capacity change from 0 to 512
[  445.776444][ T7310] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.290: casefold flag without casefold feature
[  445.802422][ T7310] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.290: couldn't read orphan inode 15 (err -117)
[  445.850756][ T7310] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  446.207759][ T3719] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.504017][ T3719] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.728080][ T3719] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.753800][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  446.985920][ T3719] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.258864][ T7319] loop5: detected capacity change from 0 to 4096
[  447.383723][ T7323] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  447.482632][ T3719] bridge_slave_1: left allmulticast mode
[  447.488597][ T3719] bridge_slave_1: left promiscuous mode
[  447.495611][ T3719] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.522917][ T3719] bridge_slave_0: left allmulticast mode
[  447.528879][ T3719] bridge_slave_0: left promiscuous mode
[  447.536754][ T3719] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.277544][ T3719] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  448.335023][ T3719] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  448.383139][ T3719] bond0 (unregistering): Released all slaves
[  449.052062][ T3719] hsr_slave_0: left promiscuous mode
[  449.076991][ T3719] hsr_slave_1: left promiscuous mode
[  449.093103][ T3719] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  449.100896][ T3719] batman_adv: batadv0: Removing interface: batadv_slave_0
[  449.144995][ T3719] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  449.153771][ T3719] batman_adv: batadv0: Removing interface: batadv_slave_1
[  449.284197][ T3719] veth1_macvtap: left promiscuous mode
[  449.290124][ T3719] veth0_macvtap: left promiscuous mode
[  449.298832][ T3719] veth1_vlan: left promiscuous mode
[  449.304827][ T3719] veth0_vlan: left promiscuous mode
[  450.294708][ T3719] team0 (unregistering): Port device team_slave_1 removed
[  450.444640][ T3719] team0 (unregistering): Port device team_slave_0 removed
[  451.996852][ T5796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  452.078659][ T5796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  452.193643][ T5796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  452.332685][ T5796] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  452.345602][ T5796] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  453.715707][ T7365] loop5: detected capacity change from 0 to 4096
[  453.757251][ T7358] chnl_net:caif_netlink_parms(): no params data found
[  453.802600][ T7365] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  454.393031][ T5796] Bluetooth: hci4: command tx timeout
[  454.611675][ T7386] input: syz0 as /devices/virtual/input/input11
[  454.704885][ T7385] loop0: detected capacity change from 0 to 2048
[  454.779459][ T7378] loop2: detected capacity change from 0 to 32768
[  454.933114][ T7378] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  454.974297][ T7385] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  455.075702][ T7365] ntfs3(loop5): ino=1a, mi_enum_attr
[  455.081383][ T7365] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  455.148491][ T7365] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  455.178749][ T7385] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  455.301326][ T7385] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28
[  455.315149][ T7385] EXT4-fs (loop0): This should not happen!! Data will be lost
[  455.315149][ T7385] 
[  455.325251][ T7385] EXT4-fs (loop0): Total free blocks count 0
[  455.331637][ T7385] EXT4-fs (loop0): Free/Dirty block details
[  455.340409][ T7385] EXT4-fs (loop0): free_blocks=2415919104
[  455.347417][ T7385] EXT4-fs (loop0): dirty_blocks=32
[  455.353677][ T7385] EXT4-fs (loop0): Block reservation details
[  455.359929][ T7385] EXT4-fs (loop0): i_reserved_data_blocks=2
[  455.411149][ T7365] ntfs3(loop5): ino=5, "/" ntfs_readdir
[  455.532897][ T7378] XFS (loop2): Ending clean mount
[  455.636237][ T7378] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0xaf/0x2d0, xfs_finobt block 0x20 
[  455.652121][ T7378] XFS (loop2): Unmount and run xfs_repair
[  455.658973][ T7378] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  455.666773][ T7378] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  455.676214][ T7378] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40  ....... .......@
[  455.685464][ T7378] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  455.694781][ T7378] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37  .......F......@7
[  455.704301][ T7378] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  455.713906][ T7378] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00  ................
[  455.722602][ T7403] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  455.724182][ T7378] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  455.744866][ T7378] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  455.757743][ T7378] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x20 len 8 error 74
[  455.770257][ T7378] XFS (loop2): Failed to initialize disk quotas, err -117.
[  455.981238][ T5794] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  456.055769][ T5794] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair.
[  456.472051][ T5808] Bluetooth: hci4: command tx timeout
[  456.616698][ T7358] bridge0: port 1(bridge_slave_0) entered blocking state
[  456.624623][ T7358] bridge0: port 1(bridge_slave_0) entered disabled state
[  456.632600][ T7358] bridge_slave_0: entered allmulticast mode
[  456.642770][ T7358] bridge_slave_0: entered promiscuous mode
[  456.727741][ T7358] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.735907][ T7358] bridge0: port 2(bridge_slave_1) entered disabled state
[  456.744001][ T7358] bridge_slave_1: entered allmulticast mode
[  456.754462][ T7358] bridge_slave_1: entered promiscuous mode
[  456.979056][ T5808] Bluetooth: hci2: command 0x0406 tx timeout
[  457.058773][ T7358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  457.210165][ T7358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  457.665540][ T7358] team0: Port device team_slave_0 added
[  457.756744][ T7358] team0: Port device team_slave_1 added
[  458.192267][ T7358] batman_adv: batadv0: Adding interface: batadv_slave_0
[  458.199732][ T7358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.229276][ T7358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  458.373105][ T7358] batman_adv: batadv0: Adding interface: batadv_slave_1
[  458.380479][ T7358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.407244][ T7358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.423728][   T11] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  458.552767][ T5796] Bluetooth: hci4: command tx timeout
[  458.592038][   T11] usb 2-1: Using ep0 maxpacket: 16
[  458.624645][   T11] usb 2-1: unable to get BOS descriptor or descriptor too short
[  458.638938][   T11] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9
[  458.651313][   T11] usb 2-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024
[  458.663417][   T11] usb 2-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  458.677047][   T11] usb 2-1: config 1 interface 0 has no altsetting 0
[  458.810382][ T7436] loop0: detected capacity change from 0 to 512
[  458.928864][   T11] usb 2-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  458.938806][   T11] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.947404][   T11] usb 2-1: Product: syz
[  458.952100][   T11] usb 2-1: Manufacturer: syz
[  458.957060][   T11] usb 2-1: SerialNumber: syz
[  459.083920][ T7358] hsr_slave_0: entered promiscuous mode
[  459.094986][ T7358] hsr_slave_1: entered promiscuous mode
[  459.104487][ T7358] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  459.112581][ T7358] Cannot create hsr debugfs directory
[  459.204001][ T7433] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  459.205202][ T7436] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.326: invalid indirect mapped block 256 (level 2)
[  459.314080][ T7436] EXT4-fs (loop0): 2 truncates cleaned up
[  459.325103][ T7436] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  459.482121][   T11] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input12
[  459.974471][ T5804] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  460.088396][ T5137] bcm5974 2-1:1.0: could not read from device
[  460.097071][   T46] usb 2-1: USB disconnect, device number 5
[  460.131334][ T5137] bcm5974 2-1:1.0: could not read from device
[  460.199029][ T3540] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.421890][ T3540] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.634451][ T5796] Bluetooth: hci4: command tx timeout
[  460.671927][ T3540] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.736244][ T7452] Driver unsupported XDP return value 0 on prog  (id 37) dev N/A, expect packet loss!
[  460.987785][ T3540] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.309338][ T7449] loop2: detected capacity change from 0 to 32768
[  461.495483][ T7449] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  461.633157][ T7449] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  461.768679][ T3540] bridge_slave_1: left allmulticast mode
[  461.776662][ T3540] bridge_slave_1: left promiscuous mode
[  461.786369][ T3540] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.805940][ T7457] (syz.2.331,7457,0):ocfs2_read_blocks:239 ERROR: status = -12
[  461.816563][ T7457] (syz.2.331,7457,0):ocfs2_xattr_block_find:2831 ERROR: status = -12
[  461.872984][ T3540] bridge_slave_0: left allmulticast mode
[  461.880377][ T3540] bridge_slave_0: left promiscuous mode
[  461.889838][ T3540] bridge0: port 1(bridge_slave_0) entered disabled state
[  462.444591][ T3540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  462.473693][ T3540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  462.512109][ T3540] bond0 (unregistering): Released all slaves
[  463.348309][ T7358] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  463.463854][ T7358] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  463.635533][ T3540] hsr_slave_0: left promiscuous mode
[  463.677391][ T3540] hsr_slave_1: left promiscuous mode
[  463.686362][ T3540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  463.688015][ T5794] ocfs2: Unmounting device (7,2) on (node local)
[  463.694440][ T3540] batman_adv: batadv0: Removing interface: batadv_slave_0
[  463.747243][ T3540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  463.755579][ T3540] batman_adv: batadv0: Removing interface: batadv_slave_1
[  463.935876][ T3540] veth1_macvtap: left promiscuous mode
[  463.946436][ T3540] veth0_macvtap: left promiscuous mode
[  463.952598][ T3540] veth1_vlan: left promiscuous mode
[  463.958350][ T3540] veth0_vlan: left promiscuous mode
[  464.013732][ T7466] loop1: detected capacity change from 0 to 1024
[  465.088583][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  465.103079][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  465.119705][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  465.259258][ T3540] team0 (unregistering): Port device team_slave_1 removed
[  465.298331][ T3540] team0 (unregistering): Port device team_slave_0 removed
[  465.438154][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  465.527844][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  465.902367][ T7358] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  465.996564][ T7358] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  467.595373][ T5808] Bluetooth: hci2: command tx timeout
[  467.701707][ T7358] 8021q: adding VLAN 0 to HW filter on device bond0
[  467.739546][ T7474] chnl_net:caif_netlink_parms(): no params data found
[  467.847771][ T7358] 8021q: adding VLAN 0 to HW filter on device team0
[  467.978031][ T1120] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.985806][ T1120] bridge0: port 1(bridge_slave_0) entered forwarding state
[  468.148765][ T1120] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.156560][ T1120] bridge0: port 2(bridge_slave_1) entered forwarding state
[  469.646151][ T7474] bridge0: port 1(bridge_slave_0) entered blocking state
[  469.654745][ T7474] bridge0: port 1(bridge_slave_0) entered disabled state
[  469.663016][ T7474] bridge_slave_0: entered allmulticast mode
[  469.674683][ T7474] bridge_slave_0: entered promiscuous mode
[  469.691313][ T5808] Bluetooth: hci2: command tx timeout
[  469.737336][ T7474] bridge0: port 2(bridge_slave_1) entered blocking state
[  469.745319][ T7474] bridge0: port 2(bridge_slave_1) entered disabled state
[  469.754521][ T7474] bridge_slave_1: entered allmulticast mode
[  469.764700][ T7474] bridge_slave_1: entered promiscuous mode
[  469.977009][ T7474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  470.036349][ T7474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  470.518964][ T7358] 8021q: adding VLAN 0 to HW filter on device batadv0
[  470.908756][ T7526] loop1: detected capacity change from 0 to 32768
[  470.923026][ T7526] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.349 (7526)
[  470.942192][ T5852] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  470.973572][ T7526] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  470.984416][ T7526] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  470.997167][ T7526] BTRFS info (device loop1): using free-space-tree
[  471.113116][   T46] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  471.179816][ T7474] team0: Port device team_slave_0 added
[  471.188429][ T5852] usb 3-1: Using ep0 maxpacket: 32
[  471.216398][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  471.228939][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  471.229431][ T7474] team0: Port device team_slave_1 added
[  471.239314][ T5852] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  471.254681][ T5852] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.323061][ T5852] usb 3-1: config 0 descriptor??
[  471.331998][   T46] usb 1-1: Using ep0 maxpacket: 32
[  471.337818][ T5852] hub 3-1:0.0: USB hub found
[  471.394825][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  471.406896][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  471.420771][   T46] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  471.431262][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.513529][ T7526] BTRFS info (device loop1): rebuilding free space tree
[  471.536267][   T46] usb 1-1: config 0 descriptor??
[  471.594017][ T7526] BTRFS info (device loop1): checking UUID tree
[  471.666232][ T7474] batman_adv: batadv0: Adding interface: batadv_slave_0
[  471.676893][ T7474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  471.704043][ T7474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  471.772323][ T5852] hub 3-1:0.0: 1 port detected
[  471.780570][ T5808] Bluetooth: hci2: command tx timeout
[  471.807739][ T7474] batman_adv: batadv0: Adding interface: batadv_slave_1
[  471.815423][ T7474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  471.844717][ T7474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  472.176076][ T5795] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  472.185442][   T46] input: HID 054c:03d5 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:03D5.0005/input/input13
[  472.272771][ T7474] hsr_slave_0: entered promiscuous mode
[  472.283904][ T7474] hsr_slave_1: entered promiscuous mode
[  472.297992][ T7474] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  472.307269][ T7474] Cannot create hsr debugfs directory
[  472.354245][   T46] sony 0003:054C:03D5.0005: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.0-1/input0
[  472.383724][   T46] usb 1-1: USB disconnect, device number 4
[  472.399842][ T5852] hub 3-1:0.0: activate --> -90
[  472.864807][   T46] usb 3-1: USB disconnect, device number 7
[  473.814846][ T7358] veth0_vlan: entered promiscuous mode
[  473.863601][ T7474] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  473.866561][ T5808] Bluetooth: hci2: command tx timeout
[  474.004128][ T7358] veth1_vlan: entered promiscuous mode
[  474.027325][ T7474] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  474.130620][ T7474] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  474.212759][ T7474] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  474.281317][ T7558] loop0: detected capacity change from 0 to 64
[  474.499316][ T7358] veth0_macvtap: entered promiscuous mode
[  474.749342][ T7358] veth1_macvtap: entered promiscuous mode
[  474.909843][ T7358] batman_adv: batadv0: Interface activated: batadv_slave_0
[  475.005256][ T7358] batman_adv: batadv0: Interface activated: batadv_slave_1
[  475.044017][ T5855] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  475.158959][ T7358] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  475.168275][ T7358] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  475.177536][ T7358] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  475.186898][ T7358] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  475.252420][ T5855] usb 3-1: Using ep0 maxpacket: 8
[  475.344716][ T5855] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  475.381917][ T5855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.383914][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  475.390154][ T5855] usb 3-1: Product: syz
[  475.397235][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  475.401333][ T5855] usb 3-1: Manufacturer: syz
[  475.401636][ T5855] usb 3-1: SerialNumber: syz
[  475.804855][ T5855] usb 3-1: config 0 descriptor??
[  476.193683][ T7474] 8021q: adding VLAN 0 to HW filter on device bond0
[  476.368017][ T5855] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  476.456783][ T5855] gspca_sunplus: reg_w_riv err -71
[  476.466236][ T5855] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  476.549996][ T7474] 8021q: adding VLAN 0 to HW filter on device team0
[  476.579588][ T5855] usb 3-1: USB disconnect, device number 8
[  476.597219][ T7576] netlink: 16 bytes leftover after parsing attributes in process `syz.0.358'.
[  476.705290][ T4843] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.713132][ T4843] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.934415][ T4843] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.942943][ T4843] bridge0: port 2(bridge_slave_1) entered forwarding state
[  478.587201][ T7586] loop0: detected capacity change from 0 to 2048
[  478.769681][ T7586] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  478.962524][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  478.962618][   T30] audit: type=1800 audit(1747873134.132:34): pid=7586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.360" name="file1" dev="loop0" ino=1346 res=0 errno=0
[  480.063224][   T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  480.144858][ T7474] 8021q: adding VLAN 0 to HW filter on device batadv0
[  481.315876][ T7599] loop0: detected capacity change from 0 to 40427
[  481.403673][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  481.415433][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  481.425759][   T24] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  481.429309][ T7602] loop1: detected capacity change from 0 to 40427
[  481.435883][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.459523][ T7599] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3fffff
[  481.487543][ T7602] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(0) root(83886083)
[  481.494439][ T7599] F2FS-fs (loop0): invalid crc value
[  481.496269][ T7602] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  481.510855][ T7602] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x3fffff
[  481.522273][ T7602] F2FS-fs (loop1): heap/no_heap options were deprecated
[  481.530206][ T7602] F2FS-fs (loop1): Image doesn't support compression
[  481.542873][ T7602] F2FS-fs (loop1): invalid crc value
[  481.929589][ T7599] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  481.966233][   T24] usb 3-1: config 0 descriptor??
[  482.345426][ T7602] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  482.355744][ T7602] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  482.390236][ T5804] syz-executor: attempt to access beyond end of device
[  482.390236][ T5804] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  482.412017][ T5804] CPU: 0 UID: 0 PID: 5804 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  482.412195][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  482.412287][ T5804] Call Trace:
[  482.412347][ T5804]  <TASK>
[  482.412403][ T5804]  __dump_stack+0x26/0x30
[  482.412595][ T5804]  dump_stack_lvl+0x1df/0x270
[  482.412804][ T5804]  dump_stack+0x1e/0x25
[  482.412985][ T5804]  f2fs_handle_critical_error+0xa6f/0xc20
[  482.413227][ T5804]  f2fs_stop_checkpoint+0x60/0x70
[  482.413418][ T5804]  f2fs_write_end_io+0xd98/0x1e20
[  482.413628][ T5804]  ? f2fs_write_end_io+0xaa1/0x1e20
[  482.413841][ T5804]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  482.414032][ T5804]  bio_endio+0xe05/0xf60
[  482.414221][ T5804]  submit_bio_noacct+0x214/0x2710
[  482.414471][ T5804]  submit_bio+0x5a9/0x5d0
[  482.414683][ T5804]  f2fs_submit_write_bio+0x92/0x250
[  482.414871][ T5804]  __submit_merged_bio+0x16f/0x6a0
[  482.415041][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  482.415277][ T5804]  __submit_merged_write_cond+0x458/0x9a0
[  482.415482][ T5804]  f2fs_write_data_pages+0x509a/0x58e0
[  482.415850][ T5804]  ? kmsan_get_metadata+0x105/0x1b0
[  482.416065][ T5804]  ? kmsan_get_metadata+0x105/0x1b0
[  482.416273][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  482.416503][ T5804]  ? folios_put_refs+0x1/0xb10
[  482.416688][ T5804]  ? filter_irq_stacks+0x13f/0x190
[  482.416925][ T5804]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  482.417136][ T5804]  ? kmsan_get_metadata+0x105/0x1b0
[  482.417350][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  482.417577][ T5804]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  482.417772][ T5804]  do_writepages+0x448/0xcb0
[  482.417986][ T5804]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  482.418220][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  482.418478][ T5804]  filemap_fdatawrite+0x207/0x260
[  482.418738][ T5804]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[  482.418988][ T5804]  f2fs_write_checkpoint+0xfe2/0x2b00
[  482.419348][ T5804]  kill_f2fs_super+0x2ff/0x970
[  482.419576][ T5804]  ? __pfx_kill_f2fs_super+0x10/0x10
[  482.419786][ T5804]  deactivate_locked_super+0xcb/0x3c0
[  482.419993][ T5804]  deactivate_super+0x12f/0x140
[  482.420167][ T5804]  cleanup_mnt+0x6fb/0x780
[  482.420373][ T5804]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  482.420599][ T5804]  ? __pfx___cleanup_mnt+0x10/0x10
[  482.420818][ T5804]  __cleanup_mnt+0x22/0x30
[  482.421031][ T5804]  task_work_run+0x209/0x2b0
[  482.421200][ T5804]  resume_user_mode_work+0x105/0x160
[  482.421367][ T5804]  syscall_exit_to_user_mode+0x7b/0xb0
[  482.421583][ T5804]  do_syscall_64+0xe6/0x1b0
[  482.421786][ T5804]  ? irqentry_exit+0x16/0x60
[  482.421977][ T5804]  ? clear_bhb_loop+0x40/0x90
[  482.422148][ T5804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.422314][ T5804] RIP: 0033:0x7f8f5eb8fc97
[  482.422428][ T5804] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  482.422566][ T5804] RSP: 002b:00007fff327b2278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  482.422717][ T5804] RAX: 0000000000000000 RBX: 00007f8f5ec1089d RCX: 00007f8f5eb8fc97
[  482.422820][ T5804] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff327b2330
[  482.422927][ T5804] RBP: 00007fff327b2330 R08: 0000000000000000 R09: 0000000000000000
[  482.423026][ T5804] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff327b33c0
[  482.423127][ T5804] R13: 00007f8f5ec1089d R14: 0000000000075b5c R15: 00007fff327b3400
[  482.423270][ T5804]  </TASK>
[  482.787950][ T5804] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  483.175612][   T24] usb 3-1: language id specifier not provided by device, defaulting to English
[  483.388994][   T24] uclogic 0003:256C:006D.0006: failed retrieving Huion firmware version: -71
[  483.404169][   T24] uclogic 0003:256C:006D.0006: failed probing parameters: -71
[  483.413981][   T24] uclogic 0003:256C:006D.0006: probe with driver uclogic failed with error -71
[  483.507117][   T24] usb 3-1: USB disconnect, device number 9
[  483.557856][ T5795] syz-executor: attempt to access beyond end of device
[  483.557856][ T5795] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  483.572848][ T5795] CPU: 0 UID: 0 PID: 5795 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  483.573021][ T5795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  483.573108][ T5795] Call Trace:
[  483.573160][ T5795]  <TASK>
[  483.573214][ T5795]  __dump_stack+0x26/0x30
[  483.573404][ T5795]  dump_stack_lvl+0x1df/0x270
[  483.573600][ T5795]  dump_stack+0x1e/0x25
[  483.573771][ T5795]  f2fs_handle_critical_error+0xa6f/0xc20
[  483.574012][ T5795]  f2fs_stop_checkpoint+0x60/0x70
[  483.574205][ T5795]  f2fs_write_end_io+0xd98/0x1e20
[  483.574437][ T5795]  ? f2fs_write_end_io+0xaa1/0x1e20
[  483.574649][ T5795]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  483.574870][ T5795]  bio_endio+0xe05/0xf60
[  483.575074][ T5795]  submit_bio_noacct+0x214/0x2710
[  483.575331][ T5795]  submit_bio+0x5a9/0x5d0
[  483.575530][ T5795]  f2fs_submit_write_bio+0x92/0x250
[  483.575709][ T5795]  __submit_merged_bio+0x16f/0x6a0
[  483.575893][ T5795]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  483.576133][ T5795]  __submit_merged_write_cond+0x458/0x9a0
[  483.576333][ T5795]  f2fs_write_data_pages+0x509a/0x58e0
[  483.576618][ T5795]  ? __update_load_avg_cfs_rq+0xc30/0x1010
[  483.576891][ T5795]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  483.577116][ T5795]  ? kmsan_get_metadata+0x105/0x1b0
[  483.577335][ T5795]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  483.577569][ T5795]  ? __update_load_avg_cfs_rq+0xe9/0x1010
[  483.577773][ T5795]  ? kmsan_get_metadata+0x105/0x1b0
[  483.578015][ T5795]  ? kmsan_get_metadata+0x105/0x1b0
[  483.578231][ T5795]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  483.578450][ T5795]  ? kmsan_get_metadata+0x105/0x1b0
[  483.578662][ T5795]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  483.578900][ T5795]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  483.579098][ T5795]  do_writepages+0x448/0xcb0
[  483.579302][ T5795]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  483.579523][ T5795]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  483.579756][ T5795]  filemap_fdatawrite+0x207/0x260
[  483.580022][ T5795]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[  483.580300][ T5795]  f2fs_write_checkpoint+0xfe2/0x2b00
[  483.580655][ T5795]  kill_f2fs_super+0x2ff/0x970
[  483.580885][ T5795]  ? __pfx_kill_f2fs_super+0x10/0x10
[  483.581084][ T5795]  deactivate_locked_super+0xcb/0x3c0
[  483.581277][ T5795]  deactivate_super+0x12f/0x140
[  483.581441][ T5795]  cleanup_mnt+0x6fb/0x780
[  483.581641][ T5795]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  483.581864][ T5795]  ? __pfx___cleanup_mnt+0x10/0x10
[  483.582067][ T5795]  __cleanup_mnt+0x22/0x30
[  483.582273][ T5795]  task_work_run+0x209/0x2b0
[  483.582444][ T5795]  resume_user_mode_work+0x105/0x160
[  483.582610][ T5795]  syscall_exit_to_user_mode+0x7b/0xb0
[  483.582837][ T5795]  do_syscall_64+0xe6/0x1b0
[  483.583046][ T5795]  ? irqentry_exit+0x16/0x60
[  483.583235][ T5795]  ? clear_bhb_loop+0x40/0x90
[  483.583415][ T5795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.583585][ T5795] RIP: 0033:0x7fef99d8fc97
[  483.583702][ T5795] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  483.583848][ T5795] RSP: 002b:00007ffd2ad18e78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  483.583999][ T5795] RAX: 0000000000000000 RBX: 00007fef99e1089d RCX: 00007fef99d8fc97
[  483.584107][ T5795] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2ad18f30
[  483.584204][ T5795] RBP: 00007ffd2ad18f30 R08: 0000000000000000 R09: 0000000000000000
[  483.584304][ T5795] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd2ad19fc0
[  483.584409][ T5795] R13: 00007fef99e1089d R14: 0000000000075df3 R15: 00007ffd2ad1a000
[  483.584555][ T5795]  </TASK>
[  483.952616][ T5795] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  485.677730][ T3642] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  485.686197][ T3642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  485.893854][ T7629] loop2: detected capacity change from 0 to 32768
[  485.931254][ T3642] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  485.939674][ T3642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.207009][ T7629] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  486.256437][ T7629] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=gzip,erasure_code,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow
[  486.256437][ T7629]   allowing incompatible features above 0.0: (unknown version)
[  486.288431][ T7629] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  486.299531][ T7629] bcachefs (loop2): Version upgrade required:
[  486.299531][ T7629] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  486.299531][ T7629] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags
[  486.299531][ T7629]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  486.377047][ T7629] bcachefs (loop2): dropping and reconstructing all alloc info
[  486.440462][ T7629] bcachefs (loop2): accounting_read... done
[  486.474110][ T7629] bcachefs (loop2): alloc_read... done
[  486.480132][ T7629] bcachefs (loop2): snapshots_read... done
[  486.495025][ T7629] bcachefs (loop2): done starting filesystem
[  486.603524][ T3540] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.757215][ T5794] bcachefs (loop2): shutting down
[  486.868645][ T3540] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.906621][ T5794] bcachefs (loop2): shutdown complete
[  487.046267][ T3540] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.099911][ T7474] veth0_vlan: entered promiscuous mode
[  487.288826][ T3540] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.399626][ T7474] veth1_vlan: entered promiscuous mode
[  487.758092][ T7474] veth0_macvtap: entered promiscuous mode
[  487.827103][ T7474] veth1_macvtap: entered promiscuous mode
[  487.967097][ T3540] bridge_slave_1: left allmulticast mode
[  487.973905][ T3540] bridge_slave_1: left promiscuous mode
[  487.980649][ T3540] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.044135][ T3540] bridge_slave_0: left allmulticast mode
[  488.050121][ T3540] bridge_slave_0: left promiscuous mode
[  488.057975][ T3540] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.965365][ T3540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  489.014069][ T3540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  489.053002][ T3540] bond0 (unregistering): Released all slaves
[  489.161089][ T7474] batman_adv: batadv0: Interface activated: batadv_slave_0
[  489.237106][ T7474] batman_adv: batadv0: Interface activated: batadv_slave_1
[  489.309080][ T7474] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  489.318477][ T7474] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  489.328136][ T7474] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  489.341156][ T7474] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  489.955504][ T3540] hsr_slave_0: left promiscuous mode
[  489.975547][ T3540] hsr_slave_1: left promiscuous mode
[  489.984416][ T3540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  489.992681][ T3540] batman_adv: batadv0: Removing interface: batadv_slave_0
[  490.013771][ T3540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  490.021950][ T3540] batman_adv: batadv0: Removing interface: batadv_slave_1
[  490.056310][ T3540] veth1_macvtap: left promiscuous mode
[  490.062662][ T3540] veth0_macvtap: left promiscuous mode
[  490.068776][ T3540] veth1_vlan: left promiscuous mode
[  490.076797][ T3540] veth0_vlan: left promiscuous mode
[  490.938614][ T7653] loop1: detected capacity change from 0 to 8
[  490.947601][ T5808] Bluetooth: hci1: unexpected event for opcode 0x0803
[  491.004387][ T7653] SQUASHFS error: Corrupted symlink
[  491.182929][ T3540] team0 (unregistering): Port device team_slave_1 removed
[  491.249950][ T3540] team0 (unregistering): Port device team_slave_0 removed
[  492.022689][ T7656] netlink: 830 bytes leftover after parsing attributes in process `syz.1.371'.
[  492.328656][ T5796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  492.353412][ T5796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  492.413495][ T5796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  492.438518][ T5796] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  492.450638][ T5796] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  492.551956][ T3642] Bluetooth: hci5: Frame reassembly failed (-84)
[  493.242408][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  493.420314][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 111, changing to 10
[  493.436838][   T24] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  493.447931][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.492442][   T24] usb 2-1: config 0 descriptor??
[  493.972780][ T7660] chnl_net:caif_netlink_parms(): no params data found
[  493.980503][   T24] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0
[  494.053372][   T24] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0007/input/input14
[  494.212922][   T24] cm6533_jd 0003:0D8C:0022.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  494.264785][   T24] usb 2-1: USB disconnect, device number 6
[  494.552863][ T5796] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  494.564758][ T5808] Bluetooth: hci4: command tx timeout
[  495.538037][ T7684] loop2: detected capacity change from 0 to 40427
[  495.561705][ T7684] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x3fffff
[  495.586590][ T7684] F2FS-fs (loop2): invalid crc value
[  495.962756][ T7684] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  496.237352][ T5794] syz-executor: attempt to access beyond end of device
[  496.237352][ T5794] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  496.252348][ T5794] CPU: 1 UID: 0 PID: 5794 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  496.252523][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  496.252613][ T5794] Call Trace:
[  496.252672][ T5794]  <TASK>
[  496.252727][ T5794]  __dump_stack+0x26/0x30
[  496.252928][ T5794]  dump_stack_lvl+0x1df/0x270
[  496.253126][ T5794]  dump_stack+0x1e/0x25
[  496.253291][ T5794]  f2fs_handle_critical_error+0xa6f/0xc20
[  496.253518][ T5794]  f2fs_stop_checkpoint+0x60/0x70
[  496.253711][ T5794]  f2fs_write_end_io+0xd98/0x1e20
[  496.253946][ T5794]  ? f2fs_write_end_io+0xaa1/0x1e20
[  496.254157][ T5794]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  496.254352][ T5794]  bio_endio+0xe05/0xf60
[  496.254552][ T5794]  submit_bio_noacct+0x214/0x2710
[  496.254833][ T5794]  submit_bio+0x5a9/0x5d0
[  496.255034][ T5794]  f2fs_submit_write_bio+0x92/0x250
[  496.255215][ T5794]  __submit_merged_bio+0x16f/0x6a0
[  496.255405][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  496.255646][ T5794]  __submit_merged_write_cond+0x458/0x9a0
[  496.255862][ T5794]  f2fs_write_data_pages+0x509a/0x58e0
[  496.256213][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  496.256429][ T5794]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  496.256635][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  496.256861][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  496.257098][ T5794]  ? free_unref_folios+0x26a7/0x2710
[  496.257300][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  496.257557][ T5794]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  496.257882][ T5794]  ? kmsan_get_metadata+0x105/0x1b0
[  496.258098][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  496.258327][ T5794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  496.258525][ T5794]  do_writepages+0x448/0xcb0
[  496.258744][ T5794]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  496.258977][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  496.259223][ T5794]  filemap_fdatawrite+0x207/0x260
[  496.259482][ T5794]  f2fs_sync_dirty_inodes+0x2ab/0x9e0
[  496.259730][ T5794]  f2fs_write_checkpoint+0xfe2/0x2b00
[  496.260101][ T5794]  kill_f2fs_super+0x2ff/0x970
[  496.260348][ T5794]  ? __pfx_kill_f2fs_super+0x10/0x10
[  496.260556][ T5794]  deactivate_locked_super+0xcb/0x3c0
[  496.260763][ T5794]  deactivate_super+0x12f/0x140
[  496.260943][ T5794]  cleanup_mnt+0x6fb/0x780
[  496.261165][ T5794]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  496.261393][ T5794]  ? __pfx___cleanup_mnt+0x10/0x10
[  496.261607][ T5794]  __cleanup_mnt+0x22/0x30
[  496.261822][ T5794]  task_work_run+0x209/0x2b0
[  496.261992][ T5794]  resume_user_mode_work+0x105/0x160
[  496.262160][ T5794]  syscall_exit_to_user_mode+0x7b/0xb0
[  496.262377][ T5794]  do_syscall_64+0xe6/0x1b0
[  496.262581][ T5794]  ? irqentry_exit+0x16/0x60
[  496.262784][ T5794]  ? clear_bhb_loop+0x40/0x90
[  496.262954][ T5794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.263122][ T5794] RIP: 0033:0x7f88a738fc97
[  496.263237][ T5794] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  496.263364][ T5794] RSP: 002b:00007ffd6e28cf08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  496.263514][ T5794] RAX: 0000000000000000 RBX: 00007f88a741089d RCX: 00007f88a738fc97
[  496.263618][ T5794] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6e28cfc0
[  496.263726][ T5794] RBP: 00007ffd6e28cfc0 R08: 0000000000000000 R09: 0000000000000000
[  496.263834][ T5794] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6e28e050
[  496.263948][ T5794] R13: 00007f88a741089d R14: 00000000000791db R15: 00007ffd6e28e090
[  496.264093][ T5794]  </TASK>
[  496.629064][ T5794] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  496.665826][ T5796] Bluetooth: hci4: command tx timeout
[  496.712273][ T5855] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  497.146307][ T7660] bridge0: port 1(bridge_slave_0) entered blocking state
[  497.154362][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.162373][ T7660] bridge_slave_0: entered allmulticast mode
[  497.172494][ T7660] bridge_slave_0: entered promiscuous mode
[  497.245608][ T7660] bridge0: port 2(bridge_slave_1) entered blocking state
[  497.253669][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.261722][ T7660] bridge_slave_1: entered allmulticast mode
[  497.272965][ T7660] bridge_slave_1: entered promiscuous mode
[  497.977653][ T7702] loop1: detected capacity change from 0 to 32768
[  498.074216][ T7660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  498.092368][ T5855] usb 1-1: Using ep0 maxpacket: 32
[  498.114635][ T5855] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  498.126412][ T5855] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  498.142194][ T5855] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  498.152191][ T5855] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.163892][ T7702] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  498.191316][ T5855] usb 1-1: config 0 descriptor??
[  498.199501][ T7698] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  498.251834][ T7660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  498.265731][ T5855] hub 1-1:0.0: USB hub found
[  498.327686][ T7702] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  498.501022][ T5855] hub 1-1:0.0: 1 port detected
[  498.677004][ T7660] team0: Port device team_slave_0 added
[  498.703884][ T5795] ocfs2: Unmounting device (7,1) on (node local)
[  498.720570][ T7660] team0: Port device team_slave_1 added
[  498.729730][ T5796] Bluetooth: hci4: command tx timeout
[  499.067758][ T7660] batman_adv: batadv0: Adding interface: batadv_slave_0
[  499.075367][ T7660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  499.102512][ T7660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  499.361217][ T5855] hub 1-1:0.0: hub_ext_port_status failed (err = -71)
[  499.363590][   T24] usb 1-1: USB disconnect, device number 5
[  499.384897][ T3605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.393192][ T3605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.469725][ T7660] batman_adv: batadv0: Adding interface: batadv_slave_1
[  499.481906][ T7660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  499.509947][ T7660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  499.682390][ T3719] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.690547][ T3719] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  500.008687][ T7660] hsr_slave_0: entered promiscuous mode
[  500.019962][ T7660] hsr_slave_1: entered promiscuous mode
[  500.029379][ T7660] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  500.037347][ T7660] Cannot create hsr debugfs directory
[  500.792683][ T5796] Bluetooth: hci4: command tx timeout
[  500.902267][ T5855] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  501.082106][ T5855] usb 2-1: Using ep0 maxpacket: 16
[  501.139536][ T5855] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  501.152465][ T5855] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  501.199048][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802a5cc200: rx timeout, send abort
[  501.236487][ T5855] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  501.246377][ T5855] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  501.254837][ T5855] usb 2-1: Product: syz
[  501.259358][ T5855] usb 2-1: Manufacturer: syz
[  501.264375][ T5855] usb 2-1: SerialNumber: syz
[  501.379401][ T5855] usb 2-1: config 0 descriptor??
[  501.428194][ T5855] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  501.438445][ T5855] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  501.466834][ T7723] netlink: 8 bytes leftover after parsing attributes in process `syz.6.386'.
[  501.471759][ T7660] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  501.476733][ T7723] netlink: 'syz.6.386': attribute type 5 has an invalid length.
[  501.491132][ T7723] netlink: 20 bytes leftover after parsing attributes in process `syz.6.386'.
[  501.537706][ T7660] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  501.587150][ T7660] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  501.639532][   T46] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  501.689094][ T7660] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  501.707940][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802a5cc200: abort rx timeout. Force session deactivation
[  501.813005][   T46] usb 1-1: Using ep0 maxpacket: 32
[  501.895514][   T46] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  501.905437][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.974378][   T46] usb 1-1: config 0 descriptor??
[  502.011724][   T46] gspca_main: nw80x-2.14.0 probing 055f:d001
[  502.055904][ T5855] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  502.088378][ T5855] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  502.302981][ T5855] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  502.310575][ T5855] em28xx 2-1:0.0: No AC97 audio processor
[  502.358142][ T5855] usb 2-1: USB disconnect, device number 7
[  502.366566][ T5855] em28xx 2-1:0.0: Disconnecting em28xx
[  502.422850][ T5855] em28xx 2-1:0.0: Freeing device
[  503.126178][ T7660] 8021q: adding VLAN 0 to HW filter on device bond0
[  503.308066][   T46] gspca_nw80x: reg_w err -71
[  503.313628][   T46] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[  503.349897][ T7660] 8021q: adding VLAN 0 to HW filter on device team0
[  503.383332][   T46] usb 1-1: USB disconnect, device number 6
[  503.451706][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.459446][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  503.562219][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.569909][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  503.773078][ T7740] loop2: detected capacity change from 0 to 256
[  504.108686][ T7740] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  504.323689][ T7744] netlink: 12 bytes leftover after parsing attributes in process `syz.1.393'.
[  505.650239][ T7660] 8021q: adding VLAN 0 to HW filter on device batadv0
[  505.700093][ T7760] 9pnet: p9_errstr2errno: server reported unknown error ������������$

[  505.946945][ T7768] input: syz1 as /devices/virtual/input/input15
[  506.842404][   T46] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  507.436662][ T7776] loop1: detected capacity change from 0 to 32768
[  507.447321][ T7776] btrfs: Deprecated parameter 'usebackuproot'
[  507.453816][ T7776] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  507.569161][ T7776] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.405 (7776)
[  507.668816][ T7781] loop0: detected capacity change from 0 to 2048
[  507.854442][ T7781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  507.879328][ T7778] loop2: detected capacity change from 0 to 32768
[  507.897713][ T7778] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.406 (7778)
[  507.913222][   T46] usb 7-1: Using ep0 maxpacket: 16
[  507.924386][ T7776] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  507.935576][ T7776] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  507.944419][ T7778] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  507.947381][ T7776] BTRFS info (device loop1): using free-space-tree
[  507.955240][ T7778] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  507.978861][ T7778] BTRFS info (device loop2): using free-space-tree
[  508.000817][   T46] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  508.013228][   T46] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  508.054037][   T46] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  508.063802][   T46] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.078361][   T46] usb 7-1: Product: syz
[  508.084165][   T46] usb 7-1: Manufacturer: syz
[  508.089184][   T46] usb 7-1: SerialNumber: syz
[  508.109944][   T46] usb 7-1: config 0 descriptor??
[  508.130026][   T46] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  508.140692][   T46] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  508.185017][ T7781] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  508.407652][   T46] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  508.437424][   T46] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  508.499149][ T7776] BTRFS info (device loop1): rebuilding free space tree
[  508.553937][   T46] em28xx 7-1:0.0: AC97 chip type couldn't be determined
[  508.561248][   T46] em28xx 7-1:0.0: No AC97 audio processor
[  508.758418][ T7660] veth0_vlan: entered promiscuous mode
[  508.802608][   T46] usb 7-1: USB disconnect, device number 2
[  508.811215][   T46] em28xx 7-1:0.0: Disconnecting em28xx
[  508.824530][   T46] em28xx 7-1:0.0: Freeing device
[  508.845310][ T5794] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  508.957607][ T7660] veth1_vlan: entered promiscuous mode
[  509.034577][ T5804] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.049082][ T5795] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  509.357566][ T7660] veth0_macvtap: entered promiscuous mode
[  509.488470][ T7660] veth1_macvtap: entered promiscuous mode
[  509.687500][ T7660] batman_adv: batadv0: Interface activated: batadv_slave_0
[  509.789337][ T7660] batman_adv: batadv0: Interface activated: batadv_slave_1
[  509.899267][ T7660] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  509.908691][ T7660] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  509.920795][ T7660] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  509.930831][ T7660] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  511.540094][ T7823] loop0: detected capacity change from 0 to 40427
[  511.576234][ T7823] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3fffff
[  511.615093][ T7823] F2FS-fs (loop0): invalid crc value
[  511.974040][ T7823] F2FS-fs (loop0): Start checkpoint disabled!
[  511.998098][ T7823] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  512.178268][   T35] kworker/u8:2: attempt to access beyond end of device
[  512.178268][   T35] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  512.193129][   T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  512.193299][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  512.193437][   T35] Workqueue: writeback wb_workfn (flush-7:0)
[  512.193691][   T35] Call Trace:
[  512.193747][   T35]  <TASK>
[  512.193805][   T35]  __dump_stack+0x26/0x30
[  512.193995][   T35]  dump_stack_lvl+0x1df/0x270
[  512.194194][   T35]  dump_stack+0x1e/0x25
[  512.194365][   T35]  f2fs_handle_critical_error+0xa6f/0xc20
[  512.194612][   T35]  f2fs_stop_checkpoint+0x60/0x70
[  512.194800][   T35]  f2fs_write_end_io+0xd98/0x1e20
[  512.195033][   T35]  ? f2fs_write_end_io+0xaa1/0x1e20
[  512.195243][   T35]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  512.195434][   T35]  bio_endio+0xe05/0xf60
[  512.195654][   T35]  submit_bio_noacct+0x214/0x2710
[  512.195905][   T35]  submit_bio+0x5a9/0x5d0
[  512.196115][   T35]  f2fs_submit_write_bio+0x92/0x250
[  512.196296][   T35]  __submit_merged_bio+0x16f/0x6a0
[  512.196468][   T35]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  512.196704][   T35]  __submit_merged_write_cond+0x458/0x9a0
[  512.196910][   T35]  f2fs_write_data_pages+0x509a/0x58e0
[  512.197279][   T35]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  512.197485][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.197700][   T35]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  512.197932][   T35]  ? __update_load_avg_cfs_rq+0xd7f/0x1010
[  512.198138][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.198354][   T35]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  512.198588][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.198800][   T35]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  512.199019][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.199229][   T35]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  512.199439][   T35]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  512.199632][   T35]  do_writepages+0x448/0xcb0
[  512.199839][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.200059][   T35]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  512.200298][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.200529][   T35]  __writeback_single_inode+0x101/0x1190
[  512.200710][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.200936][   T35]  writeback_sb_inodes+0xaa9/0x1c90
[  512.201212][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.201485][   T35]  wb_writeback+0x4ce/0xc00
[  512.201661][   T35]  ? queue_io+0x431/0x790
[  512.201829][   T35]  wb_workfn+0x397/0x1910
[  512.202045][   T35]  ? kmsan_get_metadata+0x105/0x1b0
[  512.202289][   T35]  ? __pfx_wb_workfn+0x10/0x10
[  512.202495][   T35]  process_scheduled_works+0xb9a/0x1d90
[  512.202755][   T35]  worker_thread+0xedf/0x1590
[  512.202994][   T35]  kthread+0xd5c/0xf00
[  512.203182][   T35]  ? __pfx_worker_thread+0x10/0x10
[  512.203400][   T35]  ? __pfx_kthread+0x10/0x10
[  512.203599][   T35]  ret_from_fork+0x71/0x90
[  512.203792][   T35]  ? __pfx_kthread+0x10/0x10
[  512.204004][   T35]  ret_from_fork_asm+0x1a/0x30
[  512.204233][   T35]  </TASK>
[  512.503288][   T35] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  515.291764][ T7865] tap0: tun_chr_ioctl cmd 1074025675
[  515.297400][ T7865] tap0: persist disabled
[  515.739737][ T7870] loop1: detected capacity change from 0 to 2048
[  515.986353][ T7870] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  516.117521][ T7875] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  516.703594][ T7874] loop2: detected capacity change from 0 to 32768
[  516.814230][ T7874] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.425 (7874)
[  517.620697][ T7874] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  517.631820][ T7874] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm
[  517.641150][ T7874] BTRFS info (device loop2): using free-space-tree
[  517.671009][ T7882] loop1: detected capacity change from 0 to 128
[  518.066322][ T7882] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  518.462754][   T30] audit: type=1800 audit(1747873173.622:35): pid=7874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.425" name="file1" dev="loop2" ino=260 res=0 errno=0
[  518.780766][ T5794] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  518.793858][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  518.802439][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  518.919223][ T7904] input: syz0 as /devices/virtual/input/input16
[  519.015937][ T3540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  519.024571][ T3540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  519.624362][ T7911] netlink: 24 bytes leftover after parsing attributes in process `syz.0.433'.
[  519.846457][ T7913] loop6: detected capacity change from 0 to 512
[  519.944345][ T7913] EXT4-fs: Ignoring removed bh option
[  520.008761][ T4113] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.019944][ T7913] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  520.110734][ T7913] EXT4-fs (loop6): 1 truncate cleaned up
[  520.119732][ T7913] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  520.281015][ T4113] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.312550][   T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  520.314433][ T7913] overlayfs: upper fs needs to support d_type.
[  520.439612][ T4113] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.486466][ T3719] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 4
[  520.503192][   T24] usb 2-1: Using ep0 maxpacket: 16
[  520.539895][   T30] audit: type=1800 audit(1747873175.722:36): pid=7913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.434" name="file1" dev="overlay" ino=15 res=0 errno=0
[  520.586804][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  520.600482][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  520.610200][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.636987][ T4113] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.736151][   T24] usb 2-1: config 0 descriptor??
[  521.076002][ T7474] EXT4-fs error (device loop6): ext4_lookup:1789: inode #14: comm syz-executor: invalid fast symlink length 39
[  521.107988][ T7474] EXT4-fs error (device loop6): ext4_lookup:1789: inode #14: comm syz-executor: invalid fast symlink length 39
[  521.156805][ T4113] bridge_slave_1: left allmulticast mode
[  521.163224][ T4113] bridge_slave_1: left promiscuous mode
[  521.170141][ T4113] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.215321][ T4113] bridge_slave_0: left allmulticast mode
[  521.221854][ T4113] bridge_slave_0: left promiscuous mode
[  521.228564][ T4113] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.332429][   T24] redragon 0003:0C45:760B.0008: unknown main item tag 0x6
[  521.340011][   T24] redragon 0003:0C45:760B.0008: unknown main item tag 0x0
[  521.348185][   T24] redragon 0003:0C45:760B.0008: unknown main item tag 0x0
[  521.355966][   T24] redragon 0003:0C45:760B.0008: unknown main item tag 0x0
[  521.363898][   T24] redragon 0003:0C45:760B.0008: unknown main item tag 0x5
[  521.371884][   T24] redragon 0003:0C45:760B.0008: reserved main item tag 0xd
[  521.379504][   T24] redragon 0003:0C45:760B.0008: item fetching failed at offset 39/69
[  521.651874][   T24] redragon 0003:0C45:760B.0008: probe with driver redragon failed with error -22
[  521.729077][   T24] usb 2-1: USB disconnect, device number 8
[  521.865627][ T4113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  521.914007][ T4113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  521.945244][ T4113] bond0 (unregistering): Released all slaves
[  522.334348][ T7474] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  522.685684][ T4113] hsr_slave_0: left promiscuous mode
[  522.710165][ T4113] hsr_slave_1: left promiscuous mode
[  522.723298][ T4113] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  522.731261][ T4113] batman_adv: batadv0: Removing interface: batadv_slave_0
[  522.755780][ T4113] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  522.763995][ T4113] batman_adv: batadv0: Removing interface: batadv_slave_1
[  522.826072][ T4113] veth1_macvtap: left promiscuous mode
[  522.833858][ T4113] veth0_macvtap: left promiscuous mode
[  522.839910][ T4113] veth1_vlan: left promiscuous mode
[  522.846007][ T4113] veth0_vlan: left promiscuous mode
[  523.613202][ T4113] team0 (unregistering): Port device team_slave_1 removed
[  523.887313][ T4113] team0 (unregistering): Port device team_slave_0 removed
[  524.346266][ T7928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.437'.
[  525.153372][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  525.182762][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  525.202787][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  525.272843][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  525.303761][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  525.676319][ T4113] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.845182][ T4113] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.133954][ T4113] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.153334][ T5796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  526.220898][ T5796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  526.239503][ T5796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  526.271324][ T5796] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  526.297682][ T5796] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  526.387884][ T4113] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.997106][ T4113] bridge_slave_1: left allmulticast mode
[  527.003546][ T4113] bridge_slave_1: left promiscuous mode
[  527.010322][ T4113] bridge0: port 2(bridge_slave_1) entered disabled state
[  527.048236][ T4113] bridge_slave_0: left allmulticast mode
[  527.054815][ T4113] bridge_slave_0: left promiscuous mode
[  527.061700][ T4113] bridge0: port 1(bridge_slave_0) entered disabled state
[  527.360863][ T5796] Bluetooth: hci2: command tx timeout
[  527.663606][ T4113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  528.472838][ T5796] Bluetooth: hci4: command tx timeout
[  528.580451][ T4113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  528.615331][ T4113] bond0 (unregistering): Released all slaves
[  529.432482][ T5796] Bluetooth: hci2: command tx timeout
[  529.906633][ T7933] chnl_net:caif_netlink_parms(): no params data found
[  530.047297][ T4113] hsr_slave_0: left promiscuous mode
[  530.105002][ T4113] hsr_slave_1: left promiscuous mode
[  530.114081][ T4113] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  530.122168][ T4113] batman_adv: batadv0: Removing interface: batadv_slave_0
[  530.242576][ T4113] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  530.250671][ T4113] batman_adv: batadv0: Removing interface: batadv_slave_1
[  530.436086][ T4113] veth1_macvtap: left promiscuous mode
[  530.442260][ T4113] veth0_macvtap: left promiscuous mode
[  530.448369][ T4113] veth1_vlan: left promiscuous mode
[  530.454222][ T4113] veth0_vlan: left promiscuous mode
[  530.485012][ T7970] loop2: detected capacity change from 0 to 32768
[  530.572948][ T5796] Bluetooth: hci4: command tx timeout
[  531.323633][ T7970] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  531.374080][ T7970] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  531.374080][ T7970]   allowing incompatible features above 0.0: (unknown version)
[  531.397011][ T7970] bcachefs (loop2): initializing new filesystem
[  531.409318][ T7970] bcachefs (loop2): going read-write
[  531.442485][ T4113] team0 (unregistering): Port device team_slave_1 removed
[  531.476906][ T4113] team0 (unregistering): Port device team_slave_0 removed
[  531.511887][ T5796] Bluetooth: hci2: command tx timeout
[  531.922292][ T7970] bcachefs (loop2): marking superblocks
[  531.996604][ T7970] bcachefs (loop2): initializing freespace
[  532.014885][ T7970] bcachefs (loop2): done initializing freespace
[  532.040746][ T7970] bcachefs (loop2): reading snapshots table
[  532.052013][ T7970] bcachefs (loop2): reading snapshots done
[  532.330592][ T7970] bcachefs (loop2): done starting filesystem
[  532.637430][ T5796] Bluetooth: hci4: command tx timeout
[  533.395875][ T5794] bcachefs (loop2): shutting down
[  533.401201][ T5794] bcachefs (loop2): going read-only
[  533.407141][ T5794] bcachefs (loop2): finished waiting for writes to stop
[  533.553484][ T5794] bcachefs (loop2): flushing journal and stopping allocators, journal seq 5
[  533.592873][ T5796] Bluetooth: hci2: command tx timeout
[  533.852190][ T5794] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 5
[  533.865529][ T7945] chnl_net:caif_netlink_parms(): no params data found
[  533.910437][ T5794] bcachefs (loop2): clean shutdown complete, journal seq 6
[  534.007643][ T5794] bcachefs (loop2): marking filesystem clean
[  534.199356][ T5794] bcachefs (loop2): shutdown complete
[  534.624023][ T7933] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.635514][ T7933] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.643519][ T7933] bridge_slave_0: entered allmulticast mode
[  534.653656][ T7933] bridge_slave_0: entered promiscuous mode
[  534.720015][ T5808] Bluetooth: hci4: command tx timeout
[  534.764634][ T7933] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.772459][ T7933] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.780386][ T7933] bridge_slave_1: entered allmulticast mode
[  534.790462][ T7933] bridge_slave_1: entered promiscuous mode
[  535.183960][ T7933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.288855][ T7933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.302147][ T7945] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.309915][ T7945] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.319493][ T7945] bridge_slave_0: entered allmulticast mode
[  535.329585][ T7945] bridge_slave_0: entered promiscuous mode
[  535.457547][ T7945] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.465782][ T7945] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.473868][ T7945] bridge_slave_1: entered allmulticast mode
[  535.484087][ T7945] bridge_slave_1: entered promiscuous mode
[  535.665174][ T7933] team0: Port device team_slave_0 added
[  535.850774][ T7945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.892485][ T7933] team0: Port device team_slave_1 added
[  536.151017][ T7945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.481913][ T8015] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  536.510210][ T7933] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.517729][ T7933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.545669][ T7933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.723663][ T7945] team0: Port device team_slave_0 added
[  536.749240][ T7933] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.756673][ T7933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.783558][ T7933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.891523][ T7945] team0: Port device team_slave_1 added
[  536.926583][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  536.933687][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  537.295927][ T7945] batman_adv: batadv0: Adding interface: batadv_slave_0
[  537.303322][ T7945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  537.330147][ T7945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  537.348316][ T7945] batman_adv: batadv0: Adding interface: batadv_slave_1
[  537.355905][ T7945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  537.386826][ T7945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  537.762864][ T7933] hsr_slave_0: entered promiscuous mode
[  537.779618][ T7933] hsr_slave_1: entered promiscuous mode
[  537.788895][ T7933] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  537.796904][ T7933] Cannot create hsr debugfs directory
[  537.868345][ T7945] hsr_slave_0: entered promiscuous mode
[  537.884792][ T7945] hsr_slave_1: entered promiscuous mode
[  537.894048][ T7945] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  537.902040][ T7945] Cannot create hsr debugfs directory
[  538.526016][ T8017] loop1: detected capacity change from 0 to 32768
[  538.538190][ T8017] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.466 (8017)
[  538.590226][ T8017] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  538.601029][ T8017] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  538.612358][ T8017] BTRFS info (device loop1): using free-space-tree
[  539.074820][ T8017] BTRFS info (device loop1): rebuilding free space tree
[  539.254883][ T8017] BTRFS info (device loop1): balance: start -f -sprofiles=data|system|metadata|raid0|raid10|raid5|raid6|0x3800,usage=12582909,devid=0,limit=10376293541461622786,stripes=3..4
[  539.273198][ T8017] BTRFS info (device loop1): balance: ended with status: 0
[  539.455276][ T5795] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  539.895769][ T8039] loop2: detected capacity change from 0 to 8
[  540.814835][ T7933] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  540.865216][ T7945] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  540.920246][ T7933] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  541.004188][ T7945] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  541.049014][ T7933] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  541.093462][ T7945] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  541.143084][ T7933] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  541.188879][ T7945] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  542.534134][ T7945] 8021q: adding VLAN 0 to HW filter on device bond0
[  542.572193][ T7933] 8021q: adding VLAN 0 to HW filter on device bond0
[  542.795675][ T7945] 8021q: adding VLAN 0 to HW filter on device team0
[  542.826566][ T7933] 8021q: adding VLAN 0 to HW filter on device team0
[  542.883136][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.890858][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  543.015758][ T3540] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.023550][ T3540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  543.041042][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.048858][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  543.310340][ T3540] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.318160][ T3540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  543.497346][ T7933] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  543.512717][ T7933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  543.653314][ T8066] Bluetooth: hci0: invalid length 0, exp 2 for type 8
[  543.751313][ T7945] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  544.548954][ T8077] loop1: detected capacity change from 0 to 1024
[  544.757408][ T8077] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  545.237680][   T30] audit: type=1800 audit(1747873456.398:37): pid=8077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.482" name="bus" dev="overlay" ino=20 res=0 errno=0
[  545.402683][ T7933] 8021q: adding VLAN 0 to HW filter on device batadv0
[  545.699226][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  545.759290][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  545.793662][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  545.853874][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  545.924043][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  545.990531][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  546.034103][ T7945] 8021q: adding VLAN 0 to HW filter on device batadv0
[  546.045972][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  546.094185][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  546.145357][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  546.204541][ T5795] EXT4-fs error (device loop1): ext4_empty_dir:3077: inode #11: comm syz-executor: invalid size
[  546.446204][ T8095] xt_CT: No such helper "snmp"
[  546.462697][   T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  546.662392][   T24] usb 3-1: Using ep0 maxpacket: 32
[  546.703474][   T24] usb 3-1: config 1 has an invalid interface number: 242 but max is 0
[  546.713217][   T24] usb 3-1: config 1 has no interface number 0
[  546.719624][   T24] usb 3-1: config 1 interface 242 has no altsetting 0
[  546.844712][   T24] usb 3-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df
[  546.854469][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.863603][   T24] usb 3-1: Product: syz
[  546.868075][   T24] usb 3-1: Manufacturer: syz
[  546.879937][   T24] usb 3-1: SerialNumber: syz
[  548.360354][   T24] aqc111 3-1:1.242 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  548.390588][   T24] aqc111 3-1:1.242 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  548.402006][   T24] =====================================================
[  548.418942][   T24] BUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390
[  548.432843][   T24]  usbnet_probe+0x2e57/0x4390
[  548.437914][   T24]  usb_probe_interface+0xd01/0x1310
[  548.443673][   T24]  really_probe+0x4d4/0xd90
[  548.448444][   T24]  __driver_probe_device+0x268/0x380
[  548.454231][   T24]  driver_probe_device+0x70/0x8b0
[  548.459537][   T24]  __device_attach_driver+0x4ee/0x950
[  548.465358][   T24]  bus_for_each_drv+0x3e0/0x680
[  548.471541][   T24]  __device_attach+0x3c8/0x5c0
[  548.476702][   T24]  device_initial_probe+0x33/0x40
[  548.482128][   T24]  bus_probe_device+0x3ba/0x5e0
[  548.487191][   T24]  device_add+0x12a9/0x1c10
[  548.492189][   T24]  usb_set_configuration+0x3493/0x3b70
[  548.497899][   T24]  usb_generic_driver_probe+0xfc/0x290
[  548.504045][   T24]  usb_probe_device+0x38d/0x690
[  548.509177][   T24]  really_probe+0x4d4/0xd90
[  548.516162][   T24]  __driver_probe_device+0x268/0x380
[  548.522095][   T24]  driver_probe_device+0x70/0x8b0
[  548.527389][   T24]  __device_attach_driver+0x4ee/0x950
[  548.538405][   T24]  bus_for_each_drv+0x3e0/0x680
[  548.544865][   T24]  __device_attach+0x3c8/0x5c0
[  548.549909][   T24]  device_initial_probe+0x33/0x40
[  548.555371][   T24]  bus_probe_device+0x3ba/0x5e0
[  548.560447][   T24]  device_add+0x12a9/0x1c10
[  548.565324][   T24]  usb_new_device+0x104b/0x20c0
[  548.570392][   T24]  hub_event+0x5588/0x7580
[  548.576772][   T24]  process_scheduled_works+0xb9a/0x1d90
[  548.582877][   T24]  worker_thread+0xedf/0x1590
[  548.587810][   T24]  kthread+0xd5c/0xf00
[  548.592576][   T24]  ret_from_fork+0x71/0x90
[  548.597537][   T24]  ret_from_fork_asm+0x1a/0x30
[  548.602764][   T24] 
[  548.605319][   T24] Uninit was stored to memory at:
[  548.610690][   T24]  dev_addr_mod+0xb0/0x550
[  548.615524][   T24]  aqc111_bind+0x35f/0x1150
[  548.620312][   T24]  usbnet_probe+0xbe9/0x4390
[  548.631017][   T24]  usb_probe_interface+0xd01/0x1310
[  548.637850][   T24]  really_probe+0x4d4/0xd90
[  548.644792][   T24]  __driver_probe_device+0x268/0x380
[  548.650533][   T24]  driver_probe_device+0x70/0x8b0
[  548.657253][   T24]  __device_attach_driver+0x4ee/0x950
[  548.663048][   T24]  bus_for_each_drv+0x3e0/0x680
[  548.668134][   T24]  __device_attach+0x3c8/0x5c0
[  548.673335][   T24]  device_initial_probe+0x33/0x40
[  548.678599][   T24]  bus_probe_device+0x3ba/0x5e0
[  548.683871][   T24]  device_add+0x12a9/0x1c10
[  548.688613][   T24]  usb_set_configuration+0x3493/0x3b70
[  548.694491][   T24]  usb_generic_driver_probe+0xfc/0x290
[  548.700199][   T24]  usb_probe_device+0x38d/0x690
[  548.705465][   T24]  really_probe+0x4d4/0xd90
[  548.710262][   T24]  __driver_probe_device+0x268/0x380
[  548.716593][   T24]  driver_probe_device+0x70/0x8b0
[  548.722020][   T24]  __device_attach_driver+0x4ee/0x950
[  548.733103][   T24]  bus_for_each_drv+0x3e0/0x680
[  548.738186][   T24]  __device_attach+0x3c8/0x5c0
[  548.744710][   T24]  device_initial_probe+0x33/0x40
[  548.750090][   T24]  bus_probe_device+0x3ba/0x5e0
[  548.755330][   T24]  device_add+0x12a9/0x1c10
[  548.760079][   T24]  usb_new_device+0x104b/0x20c0
[  548.765277][   T24]  hub_event+0x5588/0x7580
[  548.769955][   T24]  process_scheduled_works+0xb9a/0x1d90
[  548.776097][   T24]  worker_thread+0xedf/0x1590
[  548.781040][   T24]  kthread+0xd5c/0xf00
[  548.785627][   T24]  ret_from_fork+0x71/0x90
[  548.790338][   T24]  ret_from_fork_asm+0x1a/0x30
[  548.797659][   T24] 
[  548.800116][   T24] Uninit was stored to memory at:
[  548.806831][   T24]  aqc111_bind+0x794/0x1150
[  548.811743][   T24]  usbnet_probe+0xbe9/0x4390
[  548.816750][   T24]  usb_probe_interface+0xd01/0x1310
[  548.822435][   T24]  really_probe+0x4d4/0xd90
[  548.832622][   T24]  __driver_probe_device+0x268/0x380
[  548.838180][   T24]  driver_probe_device+0x70/0x8b0
[  548.845022][   T24]  __device_attach_driver+0x4ee/0x950
[  548.851196][   T24]  bus_for_each_drv+0x3e0/0x680
[  548.856667][   T24]  __device_attach+0x3c8/0x5c0
[  548.862041][   T24]  device_initial_probe+0x33/0x40
[  548.867319][   T24]  bus_probe_device+0x3ba/0x5e0
[  548.873584][   T24]  device_add+0x12a9/0x1c10
[  548.878316][   T24]  usb_set_configuration+0x3493/0x3b70
[  548.884690][   T24]  usb_generic_driver_probe+0xfc/0x290
[  548.890412][   T24]  usb_probe_device+0x38d/0x690
[  548.895773][   T24]  really_probe+0x4d4/0xd90
[  548.900563][   T24]  __driver_probe_device+0x268/0x380
[  548.906287][   T24]  driver_probe_device+0x70/0x8b0
[  548.911820][   T24]  __device_attach_driver+0x4ee/0x950
[  548.917491][   T24]  bus_for_each_drv+0x3e0/0x680
[  548.923163][   T24]  __device_attach+0x3c8/0x5c0
[  548.928370][   T24]  device_initial_probe+0x33/0x40
[  548.939921][   T24]  bus_probe_device+0x3ba/0x5e0
[  548.947780][   T24]  device_add+0x12a9/0x1c10
[  548.955019][   T24]  usb_new_device+0x104b/0x20c0
[  548.960101][   T24]  hub_event+0x5588/0x7580
[  548.968739][   T24]  process_scheduled_works+0xb9a/0x1d90
[  548.974712][   T24]  worker_thread+0xedf/0x1590
[  548.979644][   T24]  kthread+0xd5c/0xf00
[  548.984153][   T24]  ret_from_fork+0x71/0x90
[  548.988842][   T24]  ret_from_fork_asm+0x1a/0x30
[  548.994195][   T24] 
[  548.996687][   T24] Local variable buf.i created at:
[  549.002127][   T24]  aqc111_bind+0x221/0x1150
[  549.006902][   T24]  usbnet_probe+0xbe9/0x4390
[  549.012171][   T24] 
[  549.014655][   T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  549.027118][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  549.043734][   T24] Workqueue: usb_hub_wq hub_event
[  549.049195][   T24] =====================================================
[  549.058536][   T24] Disabling lock debugging due to kernel taint
[  549.065061][   T24] Kernel panic - not syncing: kmsan.panic set ...
[  549.071759][   T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Tainted: G    B               6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(undef) 
[  549.085786][   T24] Tainted: [B]=BAD_PAGE
[  549.090115][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  549.100389][   T24] Workqueue: usb_hub_wq hub_event
[  549.105688][   T24] Call Trace:
[  549.109224][   T24]  <TASK>
[  549.112307][   T24]  __dump_stack+0x26/0x30
[  549.116906][   T24]  dump_stack_lvl+0x53/0x270
[  549.121862][   T24]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  549.127995][   T24]  dump_stack+0x1e/0x25
[  549.132405][   T24]  panic+0x4bd/0xd50
[  549.136626][   T24]  kmsan_report+0x29d/0x2a0
[  549.141441][   T24]  ? __netdev_printk+0x677/0xa00
[  549.146840][   T24]  ? __msan_warning+0x96/0x120
[  549.152004][   T24]  ? usbnet_probe+0x2e57/0x4390
[  549.157120][   T24]  ? usb_probe_interface+0xd01/0x1310
[  549.162766][   T24]  ? really_probe+0x4d4/0xd90
[  549.167721][   T24]  ? __driver_probe_device+0x268/0x380
[  549.173456][   T24]  ? driver_probe_device+0x70/0x8b0
[  549.178949][   T24]  ? __device_attach_driver+0x4ee/0x950
[  549.184770][   T24]  ? bus_for_each_drv+0x3e0/0x680
[  549.190112][   T24]  ? __device_attach+0x3c8/0x5c0
[  549.195301][   T24]  ? device_initial_probe+0x33/0x40
[  549.200749][   T24]  ? bus_probe_device+0x3ba/0x5e0
[  549.206013][   T24]  ? device_add+0x12a9/0x1c10
[  549.210934][   T24]  ? usb_set_configuration+0x3493/0x3b70
[  549.216892][   T24]  ? usb_generic_driver_probe+0xfc/0x290
[  549.222768][   T24]  ? usb_probe_device+0x38d/0x690
[  549.228128][   T24]  ? really_probe+0x4d4/0xd90
[  549.233047][   T24]  ? __driver_probe_device+0x268/0x380
[  549.238754][   T24]  ? driver_probe_device+0x70/0x8b0
[  549.244227][   T24]  ? __device_attach_driver+0x4ee/0x950
[  549.250052][   T24]  ? bus_for_each_drv+0x3e0/0x680
[  549.255377][   T24]  ? __device_attach+0x3c8/0x5c0
[  549.260573][   T24]  ? device_initial_probe+0x33/0x40
[  549.266021][   T24]  ? bus_probe_device+0x3ba/0x5e0
[  549.271256][   T24]  ? device_add+0x12a9/0x1c10
[  549.276168][   T24]  ? usb_new_device+0x104b/0x20c0
[  549.281400][   T24]  ? hub_event+0x5588/0x7580
[  549.286232][   T24]  ? process_scheduled_works+0xb9a/0x1d90
[  549.292204][   T24]  ? worker_thread+0xedf/0x1590
[  549.297295][   T24]  ? kthread+0xd5c/0xf00
[  549.301797][   T24]  ? ret_from_fork+0x71/0x90
[  549.306734][   T24]  ? ret_from_fork_asm+0x1a/0x30
[  549.311960][   T24]  ? kmsan_get_metadata+0x105/0x1b0
[  549.317531][   T24]  ? kmsan_get_metadata+0x105/0x1b0
[  549.323013][   T24]  ? kmsan_internal_memmove_metadata+0x91/0x230
[  549.329534][   T24]  ? kmsan_get_metadata+0x105/0x1b0
[  549.335021][   T24]  __msan_warning+0x96/0x120
[  549.339873][   T24]  usbnet_probe+0x2e57/0x4390
[  549.344795][   T24]  ? pm_runtime_enable+0x3b2/0x4d0
[  549.350291][   T24]  ? __pfx_usbnet_probe+0x10/0x10
[  549.355556][   T24]  usb_probe_interface+0xd01/0x1310
[  549.361049][   T24]  ? __pfx_usb_probe_interface+0x10/0x10
[  549.366951][   T24]  really_probe+0x4d4/0xd90
[  549.371729][   T24]  __driver_probe_device+0x268/0x380
[  549.377379][   T24]  driver_probe_device+0x70/0x8b0
[  549.382701][   T24]  ? kmsan_get_metadata+0x105/0x1b0
[  549.388182][   T24]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  549.394285][   T24]  __device_attach_driver+0x4ee/0x950
[  549.399954][   T24]  bus_for_each_drv+0x3e0/0x680
[  549.405010][   T24]  ? __pfx___device_attach_driver+0x10/0x10
[  549.411192][   T24]  __device_attach+0x3c8/0x5c0
[  549.416218][   T24]  device_initial_probe+0x33/0x40
[  549.421493][   T24]  bus_probe_device+0x3ba/0x5e0
[  549.426679][   T24]  device_add+0x12a9/0x1c10
[  549.431470][   T24]  usb_set_configuration+0x3493/0x3b70
[  549.437463][   T24]  usb_generic_driver_probe+0xfc/0x290
[  549.443259][   T24]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[  549.449598][   T24]  usb_probe_device+0x38d/0x690
[  549.454705][   T24]  ? __pfx_usb_probe_device+0x10/0x10
[  549.460319][   T24]  really_probe+0x4d4/0xd90
[  549.465098][   T24]  __driver_probe_device+0x268/0x380
[  549.470818][   T24]  driver_probe_device+0x70/0x8b0
[  549.476096][   T24]  ? kmsan_get_metadata+0x105/0x1b0
[  549.481582][   T24]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  549.487685][   T24]  __device_attach_driver+0x4ee/0x950
[  549.493336][   T24]  bus_for_each_drv+0x3e0/0x680
[  549.498393][   T24]  ? __pfx___device_attach_driver+0x10/0x10
[  549.504679][   T24]  __device_attach+0x3c8/0x5c0
[  549.509740][   T24]  device_initial_probe+0x33/0x40
[  549.515013][   T24]  bus_probe_device+0x3ba/0x5e0
[  549.520184][   T24]  device_add+0x12a9/0x1c10
[  549.524948][   T24]  usb_new_device+0x104b/0x20c0
[  549.530044][   T24]  hub_event+0x5588/0x7580
[  549.534760][   T24]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  549.540969][   T24]  ? pwq_dec_nr_in_flight+0x1678/0x1d80
[  549.546772][   T24]  ? kmsan_get_metadata+0x105/0x1b0
[  549.552300][   T24]  ? __pfx_hub_event+0x10/0x10
[  549.557296][   T24]  process_scheduled_works+0xb9a/0x1d90
[  549.563167][   T24]  worker_thread+0xedf/0x1590
[  549.568134][   T24]  kthread+0xd5c/0xf00
[  549.572466][   T24]  ? __pfx_worker_thread+0x10/0x10
[  549.577866][   T24]  ? __pfx_kthread+0x10/0x10
[  549.582718][   T24]  ret_from_fork+0x71/0x90
[  549.587399][   T24]  ? __pfx_kthread+0x10/0x10
[  549.592437][   T24]  ret_from_fork_asm+0x1a/0x30
[  549.597526][   T24]  </TASK>
[  549.601011][   T24] Kernel Offset: disabled
[  549.605430][   T24] Rebooting in 86400 seconds..