last executing test programs:

8.019481196s ago: executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmsg$kcm(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000680)=""/233, 0xe9}], 0x1}, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000d40)=@delqdisc={0x24}, 0x24}}, 0x20048015)
sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000bc0)=ANY=[], 0x40}}, 0x0)

7.69413123s ago: executing program 4:
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000f00)={0x0, 0x2, 0x2, 0x1, 0x0, [@local]}, 0x18)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)='3', 0xffdf}], 0xc)

7.21677494s ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x14, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@ringbuf_output, @printk={@llu, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x50}}]}, &(0x7f0000000080)='GPL\x00'}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x8001000000000000, 0x40, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x16, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan0\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000008007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}, @NFTA_COUNTER_PACKETS={0xc}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x9c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getpid()
sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=@setlink={0x4c, 0x13, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x301}, [@IFLA_GSO_MAX_SEGS={0x8}, @IFLA_OPERSTATE={0x5}, @IFLA_IFNAME={0x14, 0x3, 'macvtap0\x00'}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x1c828}]}, 0x4c}}, 0x24000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x50)
close(0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000600)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x24}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

6.683051329s ago: executing program 2:
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
fanotify_mark(r1, 0x1, 0x8001000, 0xffffffffffffffff, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r3, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x5ee, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7}, 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
getpid()
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
r5 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ftruncate(r6, 0x2000009)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x7ffff000)

6.656859545s ago: executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@mark={0xc, 0x15, {0x35075b}}]}, 0xc4}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x8, &(0x7f0000004000)=ANY=[@ANYBLOB="620af8ff25200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fa093c59d66b5ece9f36c70d0f13905ea23c22624ce214dad32ba3362aee9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415bd1966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b7845e6b607130c89f18c0c1089d8b853289d01aa27ae82e61b0f9223684198e1148f49faf2ad0000000000000026fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364145835108333719acd97cfa107d40224edc5465a932b77e74e80140d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf560fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e68242aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc8734ff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000009711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b0000c15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05d1dbe5d2bc159ce262d9d10a64c1083d5e71b5565b1748ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761036cd3f7ec4e7fb8bc6ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c55609a6e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50984042b3eac1f879b13634c31da2c25cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ece0ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9af04bffb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2b90d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6006e56237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000001600c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b7030c1743d70e3aac9ef6c45c4c49b3bc19faa5449609b0a3dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d122a7cca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710db8f3e5c7ebfd6d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aed7a1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea500000000b4ba686fcdf240430a537a395dc73bda367bf12cb7d81643a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de553101cae9e48b0ed1254a83100e45b2569dc0d90b075225f728d44d0973171ad47d6b70ebc660309e1e245b00001743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933bee24c7e8000f2c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e000000000000037010632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5d6d4523497e4d64f95f08493564a1df87111c9bf3194fef96ccecc467acc45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127cf72748a028daf5fc4d4e6d5265bec44219ee8fbfe86f441c724fa7b3d1ff0555eac445de2815bfdfade63ad00a1c7f9f72f10154f1e109dc3f7dd87ea308a1fb5a983490c6c93610864623613dabec4c0b64461d21f807515d8fadec636c99aa95ff895c25aad5ac0993a65c7668ca2b6d46edbad410df7390d27e4ddc8f47d5a918b14da4ec07c8199259b8e3dd36de9b35ce25d39686f2470afb1b1db18221841cee6e5531280d65f1d28886e0f06856a5ca37a91ea6e19977c517b10fb66858a05b03084d1f3bd5542d2796a33cfe545be3dc03d302e4839492cdc7694142e48f23271787d3a2360996ca3c9b18000000000700000000000000000000004882ce2e7a68512b23b0ab1f7a6c960bd002984955dc620614f97a234c8e1df96d5e7a67c8d26cd7a4bbacc4a08600000000f5fab1f01e2b7cf653f9d25f942b1cff6d738e17df64464fbc9d89911829458645ef2d2d23f55eb1b09855cc74d29cbca2aeff07a9bf56c3fa68a7d71aad094d5d968ad88fdda027c65e434e9a6bc68ec751d6d21fa471c38646d714ce68f1f46f6ec4c1e87d720385be6f3a70fe730ccad42a9051cd07f356023e855e5acd5ec7d990cebcac66cbd3229d18511bfa1e3d2c82af72932cfd875584d0fc2daff4dfebe41c37494b8136a37f12caecba3e09a31a00410ff161089935db303df012b165663cc1f915d65f69f9d2c1d853b0150445d088da47c170155cd0cc863f4efc2bd7e2246916e0322494eb7bbc0f6c4efeac3d49b5318c410ddd8892aae7e22a558acfc4c2c08d54bd8f64469c43feaf6c9d49e701af9471f9d0cc02ed80f05f0a196bf4695cec437bea2d62515882d856c8a70f8f158da96ec472655529a4e87fc743080d59d747d4377e7e9d1d62b1d08eb1f051412b309208c8be79f66271b4ebd6800688955132ecc654d0e3bcb258b1da03b77cb17d2f4c1e557462f0a710b68056f3e272000d3bf4f49631f8d3677e5803ea1e52727c69afe25f0905a1dfaa0ffc168601e0fddaeff35269e24ba5675504f0c4f735cfa668aab6fca35eef66f9dcbabb5710f20a75e99c5bdc0f95deca2efa57ffb35dc5f55541f9b5b1e0c0217bc5a5ccf0268617f9bb26c767cc1215d29e426aaab79f500d53e0be9cd41ad42da2d54a31e0eeab9faac817d99ec2d862074088fb8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xffe9}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000e000"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006d10001b850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, 0x0, &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000280))
ioctl$TUNSETOFFLOAD(r5, 0x40086607, 0x20001412)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r9, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000900)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x20}}, {{&(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000940)=[{&(0x7f00000002c0)="7739fb71776a82e7c37aae0f6ee5b986edf56e4d0f5ba2d15556a1aca5cfd8d5eeb52d6da15e3981485629f8422f1b1461843e0f7beff1696a18b0e3d82462470d2c1d5ba4d464978782c85c3482b8ef74b1df67f6aa03e62109932eb80b8fbfd3d44b8e90e96e0574000c7a6c38b32db41a7848668c5ad5e5c07af7c9d82ccef3127d455f364b9184058899a78b7f9aa414c279bc75d1395a329797c4f8d5d73098596cb06e3c6cee25ba025d61e19c5872834c", 0xb4}, {&(0x7f00000001c0)="58db6113853bfe34ed4769e642e4dbfdae64ca189cd6c7cbe5ac9da10c48a361c156414bedbe8850c5ddac0c1518b2d49f2b9353bd7201bbdbf9a3a9f9a574082b25661167e288f40871294a64fb83c732b1d04f9f9303c7c8f68fb4c1f6813accc6718b76d67fb8621b8f35186c475c8d", 0x71}, {&(0x7f0000000380)="6e0434d83658c2a652109cbcd959316d8b4de7f170815a8dcdf4f02e423670f46ff8c6053114d58b82561fdbb40b15c2f8beb88e18187cc78bbb75746ded7cfb6903d1dc6cb443dc3738c2c43677bd0df06172d86cf12784f0b476d3a35a0d05b6c41fe76b054f1d9564dc35daf4ccfd59b2419a1a79a069a89128d513ee0df71f873f1a821ecc5bf12b0ad816f1e1f418fe5900770abaaaaa6a414e06101a7fbdb6dfe7613e01745adf0f87ffd8323f2ce9345ff687d19ab1a286843a57f006", 0xfec7}, {&(0x7f0000000100)="b9fba4444f6e060c1247f6c4d002524097a800e37eb8", 0x16}, {&(0x7f0000000440)="a8972cce3cb0929bd250b4c6617608bbc1b2482568a2c1d814e153d87607549251e283e673ec74e434842d4cd6949469bda53f5347ad4c57d101cc38104507689bc00327b7e0fbc730687bf870fdf490fd7579e343b58a7a7d6a0f4702edd9069f2eb9", 0x63}, {&(0x7f00000004c0)="783e7b0e86c9d6e75e47cac38f28a039dca6cb21e1b17d9671430c8ca0b64f1f7d863af02f37ffdfa5df3dbb0bf0ddda2667f49822abc269c873bd5cbc2932db6a300fcc58076053940ef61d813cb02a17feee566a5becda99104d17fd5b6151b287b59183031137c51734c78b124995e3aedb73bc47d4912aa00c0560cce7b868ce040b494b562774bfde6def88caee93eee994fdb0ffdd4379006db0c72e6434ddf01a842f07ec99c53e0aaab20a3ae580e33c36f6ab3c74b61f8bcbe4fc2f6ea785b2835f211a6816e8922e71a5fc3d3ac2e19143648969349550f9fc", 0xde}, {&(0x7f00000005c0)="275074aac5dd844e328d02d26b0940d503395ab2dff3f4c52641cdc51977477d52710c1fd13e8327a5cd10b930faaf96da5a0b439f351e43ebd07884fd2dd51112ff8ec734c11a524a9d3efa2b043710ed08947efd2bf00ee716aeb07ae8a3e0577cca23a501e145", 0x68}, {&(0x7f0000000640)="1fb4e7ea6a83488b93e4c3d6c802fc7218eb3f810784b33132a294ae9fd0880b25edbdd32a1f78dd1673b7880b697141cc42d7697c4eb32a9151abb0c60595d902b97e28538348a474f2dc7ffc88adec650e100909150cb6efeedc0ab55a6be262c9c58764abe7abc52e9a483aa0d6598a6869ea2246bfe4b091d6bac4738f52cbf8ce308f642e564c3402a79ea36ed999242fbbb638de0631004a719cb12a5921fc4f06e0112834f362ed49e7f6cabad10f1c9cdba754ed201355fcb086d88af32dbb381f9234c4e596d89315788851f62d", 0xd2}, {&(0x7f00000007c0)="cb5f88571a34ca8800910fcbcbab792ce313ccc6d77ac982ee0ba065b20b00fe4155838ceffb20800b5d9091f430721e5dc28b112592dbe8e4ab38f74f935f29e691cf546acb211d92c58c9bb9241b27d2a595e2b03806f2ab5d28c1750d3b5a6410a81515525c6848257c31a91cfdd171e6d5d553bb7424846251023495e958624fa0abd546718ef2a52f2815382808f76c7712", 0x94}], 0x9, &(0x7f0000000780)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}}}, @ip_pktinfo={{0x0, 0x0, 0x8, {0x0, @multicast1, @multicast1}}}], 0x20}}], 0x2, 0x0)

6.10334743s ago: executing program 4:
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
tee(r1, r0, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="140100001400b99f000000000000c04b06"], 0x114}], 0x1}, 0x0)

5.426717813s ago: executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)={0x58, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="1da3ec8561510cad4601509526e336c97b1f6abb588f5a0ef9dbbfae537c66462a5efd9f2a8771f1c58dab27dc4974b3b77eb93db07d15459c87112540"]}, 0x58}], 0x1}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000072000040"])

4.877123819s ago: executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)

4.16093564s ago: executing program 2:
r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000003c0)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@nossd}, {}, {@space_cache_v1}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000003200)={{r0}, 0x0, 0x4, @inherit={0x68, &(0x7f0000000100)={0x1, 0x4, 0x8, 0x800, {0x21, 0x4, 0xb, 0xfff}, [0xa7, 0x7ff, 0x0, 0x1ff]}}, @name="777cb1d56824ddba8ef580235ce11286ee8f2e131eb4f5d901b503da57ee468f5eeddc9a81f3a672b7bad7ba6ed51333c499294f6e93a1965cb03d07da9779fad333e5646d1f8d603973ae886a8aeae255f281ea3418beadcd874a6ed7124d549e00cf191ef224f42f001566542c1ef1dccca1041ec4a11d4f4a07d1c8d5ab03c8f91d13d5b334bb0242c4ee02cc16406ecbac948192972b553feca53be4230f0a6d813c3b450d5d396cf3f777485b616f40f6472cb702c2d0ec2c3d2fef66710678f1fdb678ac844661f2e814a07a97f79f7d37001508c8d22df212faec33a856866571b08b89476c415864d141dc7e61752f77529dc4aaffdefe3897cd737eeb745c3a142badb43109f58fdaaa9ed6f7ad069d61cb1c508072bb36fc832b6eae3ddb150e4bdaf49a5e41c68b9ae589d1992f1dbb9fb41172a3a8244ecf7d46407b3f2eaa17fb4ae7e8bc56b3609c294bbc705f1d64e2b30bc999682e49ab9c09615e6ea9b8c2d7bb272d20a93905808242f885c5903f52ed51fb5afa7fc6025d8ab146eb372f97474487f1c71c076941d4fb9fa25e35f3bc587e4b985817c89865346b3837c71f55179e5f414080a179bd5db29bab22961a63357112ae4b350521291720468a77f3add671f8647a3a685e9873ca6b868f799153f1ebccaf063bb5c29bbeaa9e577ec0f88843dcfb37069c863f80ab8828d9c443fc555da1aa2780bacff2711443fb4db7886a055857e07b93ff14b56a94316d07201d2c457ca9751415ab059bfe86b9c13a49e6b428c13ebdb94841088bbc9237ddc4d00953338dfb9abc2f9ad025974c71d342e6c1384fae9c73a0091988490515e133c114a6fd92d884fa1f71a88cecf64a41d0992b38747d229f92c38cbf01840ef0c8646d5edc79786c02f60cc40c6a300db38a9b86da20d98ccd8c48844c62894016db9d273869be2fbe6e676be0e8d5823a6dba1a4f6983f6e494a7a08675728e941fa148d67ba5c09f529730c98a9e309f2701a72648dbc164dac1fb7f9e46a368433385716e26fe2789d23e7f56bd010c1dd2e749442e56d6f4976b66336c67ec06a487d9c1858d08c195ccbbbb44b1bf11eb1ec8e787f434e42f278be678d0765ecfd2794978c03ab1f624561bc197c43d1c26ac142ab3ce6d2c78cbbc267d8e0aae27b06d45d18974cd14f6091fa04e6bc863044e3880d99aae24cfe43e47c1d135958ac2c721543a237ed9dfc07f0ab9c1ac9af4a4a14aa0e464c2e97975af7ed7064d83c8fc932c22cd858d1ff47999fe9c7c98182d7d749ab5e85a39ad54f405dbb58537d5d7b57405da00c3256a62980e8755cea1e2c93801d40f32811e44ce1988f92146cda0bcd4c02fae780e17619acd9c0be4138ca3928ac3096533fdb2b3ed117f0b59ab1f49ed46bb4e0da9172f2414cc5cf2e4e1508918aed5c9a5820753817bf5762b0c35cba773ec0865c3023a746ca7242325ca3ece698fe7c5331435e82e116b27920699834af30bdfbd674543b5ff50b442491541e7709efff2dfc16bbfc90b4d2e24000f9922b495a735673019cdf9633810104b67c04b76eb8332f7bf4cc3d5e765ac3ae9979ea14dc9949e7732b586a72a9ff60c05fcb32ed6c146fa3f9fd059a69e0ccf2d9e71bd94c095c5d0884fbe5aab495d2848ac27fa3738c8b2fda30ce626bc9d1f6e8c43b477282540ee60ff791abc34843a10602ae60b4fed128b5524f71f50021a4a7c4396ab98b3095a5fbd59cf1f77dc7c763e1346090eda2051affcbad1bdf0ce848dd3c79e4d97a12f6cab7687d22aaad15099e3438acb5950c2395e9ae94284c0d270d677608a1dcb92aa3d36080baaad9a7ddf350cfabb53ee54dcfe09b7e96c595c10a992eb2d2311a5e027b2363f652fd56b42dc8822f2c2a0d242f48e70e73b23f0c195bda2b895586d778528591d80f6ecbe228f8e2ff4cb55fd26d23694b36ab9ebf430f3fd724c250b60f66d73c6120c5eb2e3abaafd46608ed04319d9dbebecf9c8adcb492562c5895e384c986d0206664e445564b563caeaac9410102c486fb8a14dacc8dccb65045ef1a421cd763f4a7a7a11ded859db3c3e3dfbbcfb1e8bac9a8df6ef180d71940081f250cac65ea82ce02c28e44a78c39910db19f2d62c73878374d53a0a356825b1f6a939120a9c76020ca60a6c6e9cf135c3b858a567852654035b24d26cdfb92d109d49cb921c450046f28cc259b5451f6d447b3789c348999d4edeb15e4131066a9c5a6bdc1b033d0a771058602e345c4e6e8943a2c834c16a737bdb4ea70b9a11783abd9fe537c1cad7843dcc597feaec5b57f56394e246b4596dc235e5e4eb054ac99b99ca571bc2f996f69618163fb3d5b80ac80baf6625f5bf3e2ed12cd035f89b47aab50515dcf04a35fbe73df3e081009d1bd460b17d657501cb8b35227f94422308bb7c7734127516b4fca2003e6db66bee710000223c7dcf65e039f16cd27e4118cb4c6ae79d8e24dd9f32723e86115f8b2f307c9f87d42ea8a10c4637d6502a9edf702b8f5bfcf7a755d6b1f5aa2162374b8bd60185c1c6a0f3d60295ed9f64f55597b1aa285343236ffa03aa5433f4644526a060034c5be1d092c195ab58c140979e68ea4d4b98821b31008af770210a29b3a56d762286df3359df2d9e086d872d938e112dadda7638ea905be3e81034ff6f558d5c82c173d4652a9887d8372b6f8e9e99a3ae4ac03e9ccd585ea7da452bb6853ed49e761d494f56a5e3aa244da594d158e8959281235f9db7711b8b084073a7ce7148b7ac811097106178ed5b3e63efe17131cafef15d6bb633fffb0efcec7074a75e9a2215f30f740580c3caa054acaa1f82de5d362452cb47bd6b3be17818b40cff54ad3bd87f0bac8917c6da7485e054eb9e1854361d56641ec0e3402c1df36c2662fb06467ad3c22160acb1c69cb4dadf9c03de30d2be910c2b118fe28ea1c336c4d823f0ed54741b929c902652c8444ec51f7be16eda87818434c71a133e25578000a8cd27aac3097abe802bbf4c78e39123d1681c9786446ff2ae8196e9360019ba2f65fb2da4af7a2d7affb648191edb77b8f3d26e13be62fb73092ced77540c8bf2440769b2ca83f64869c1fc4f2cffa551a69dc42e274ded8166ff45d3c3e43a8dbd7015f22eba7140013d7e52ae14112c6bfcf26856db813e8418484f3366b0e2dd62b580ce98c66618af6a0a9ef5b33955a6e42d0f48ce79077aa16a5eb1af8906594a668f682040f65508fe41fb3ceb2eb8010b49a4eb268cf1ea5556b62a4d76b5b19887277c60b7612f6883db5f9d0685e8892e10d1acb2e8d932a9447d3cd09da43dd225f65dfac92b30e713640b962f7365d4a6c1cc0dc5da9d73f6672bc219442bb22063a5f3aa6e3b1cfed6d759c2d2cb2641c649572d450d3f8484fad3fe0a37ea3ac58a602cbf3d792388b433104f619914c0531a60ba947500ac097a897dc7d4fff999dcf4793810d728bdf2cefed9d4d4aca9eed7381fd60c32fe30d33bcd9cae7a8010782df2ad391c241d1954fe0263bae1958f9a001322e977560483cb9f814b10dd1ebbf699f4a44db036c15d5a14c47ceb57830981bb3e028ffa8a8f515cee634b5f6237fcdfd40e26becb66f297a894e7c4c651b6ed7c4c823f197af8a5e34e156d621c2054a887b92ce8b094962468d02b098e03a5f052ad7a8a684cf9b026585d085b10067aa18e9be561a80e076f76afd62b85954e3c8aa1dbfd7c9a813552ed1ac53b8b4a9d48187d62eb956090c3e616959d17051c522d85f32cd2f38ce50b0724aa4263b5cc928f1763fbcaa71802eff501524779a188846af335a4e7a6e3a50859957c8e775511ff4b09c714ad1b19d0b91180f6e59d9207549255d8683a4f1bb0f9de9b1bc859803d8f5dfc17faae2d0b6869821f4abd037930deba97dda8b8dc8adadd49c517412d9af5553cca95100324e6e85419e88ce0505d2e3ee7a6b008260de49f5429b1dc3ede54639133261c366c927f3cb0f92164d8aad166177566c71ae84874a770567ae467675ebd9682d03786ea6fadb7495afc3c183a36a783b6df46f892a79ab11b72b8a0fac7660dbf8f81fbd90274cac94efdc47eae1726c1807df58cac25a267c00d263d43707b65d9c052fab1058a67f517f1f24f9970fcb50ba13ab6b403fe7fa575bf3eb068277e335371d0613d5958c5714432d708655ddda815ed5911b402b1ad808018ffc0c03ea7bb80c31fafafbabe1b5635cf8fe9dab8b769b8481bdbac05ae478ea035f3b299260044ba0219bd28d6372850941c9d926fab56173983f81a51721eb989945566c78cec412734d249b602a6e82be2d9b752f3bd608dfa4b0676067cbd3b253eb8db21c65f56bfefcc9083e160385a89abd33ab35ddb456d396b672a97503e70eccb4046f2a18ac1852254568b261de7bcabcc07cb0ed7e7949b43b763c1b86e408321f9f79f7fbe170331c346e1ceb63fc63ff40b725d36c28bd06405a20d03bc0e06a5cb85b6d67b895964c523ed92ed3bab469baed0c643fa80523f614e62862ba303adb424d7027d1b4eb7e3c90cce38d3786f44c9ce74486fb76c57a2e87e83126af393e9559fc846bca3495e0956251e6c597f4072a0d5b1f44dd4ab3b073eaa958a3ca7c1b80dd2f1d103ebbf44283d633f84aa32bf18cc397a970dbe2517da9f8cbc202adcbf5acbb335180baa77c6d8f6083be1ed6286bbb86821c7764959484fb56563855592b7769bd64007125c5e55bd53d7ea7abd8f49c9bb7ad468d6b3e33b95dc4be22444b5722d8836040d6de1e7f6c78b1b33577b710f7101a537ad58293c15cf3a4c4cdd70a658c36934fe38d6f4e24f4b2a4ef9b2734df2f0c06158e31d2e9cd901372c1f8b5578637f5c1fafed1e343820db34fca9d7019af2f5a197ebe80079a203081ea847f42dc6551f206cc5d1c9e3280e4665c4e6d0ac9d41be428e4d225f9678edd497742ba9b4d2b4a01092e339c1227d0ab004082aa9d34f973264ef6f22f103e04d76bef2ad9309e11c80f6be3b194f363e3114897abd98491c77f2efd49fd774b5d41370ec538e6eceab5dd7598c7473c0c72b3be688a5c2fafd4498564aa142da7edf01a2642b626b11cde432ed694d6f66085616616f7a7bae22a30e2366664dea80beeeed6734af2ebd01ddcd4ac7934fc3f14e9415ba407d8ec21b835d4bc6c3f562983a5375438cd6b7098703af5f33e52f9455f8c5c173d32c8a86543c1e202da31d3c9e51579a030498876b907821b8aa71fea9717240898fab0252e36683cea2be03787f8084443105c5c08de8ca1627bdf59fde84c9038d2a09dcfda58a25c5b8109ff404191e87653986f190a67ad0743a898a1c9aeb47fee50f0ff8ebaf4ec557a415db2de542ae833f6566781ac29f62b8e1e49a9b44751ee25c0577048df9bf8767be64e6a95c2b41bff339e77d647f3de40e96f11a7ba3ea7ecae5e5979565c91863d0ae38e62af6dd491829758cdf0bed1a78e3bfb535d8299297a46c969b0ba13a937a5b1da530258c65c41f4bab0e92116f8889b413e555720b169be757d0f6a7a204497a84a524c2101d3db24e9fb6fa991e8d2da55e43b6718f448551a8cfb03c3062755442ce1086f7e18759d27b9d3abe47ba0bb4f3c67c2f258b59f570fd8e74e10a1c11c4e50bbb7bfbe7408e4ebbd091"})
syz_read_part_table(0x104e, &(0x7f0000001080)="$eJzszbENwjAUBNAjiUOoQGIDegomoGYC5qCiZSpWYgyjkARGoHmvsGx/3b/wV891SR2tpveQ9Mus+ZylTe4Z9o9u/i6H7Xzr+s130bkdw8dTvbxu16Rkl6TW4VdVUqZUkrZZ2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvAMAAP//BhkNCw==")
r1 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0)
write$binfmt_script(r1, &(0x7f00000001c0)={'#! ', './file0', [{0x20, 'Btbl'}]}, 0x10)
openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/smackfs/load2\x00', 0x2, 0x0)
pread64(r1, &(0x7f0000002200)=""/4096, 0x1000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$cgroup_devices(r3, &(0x7f0000000000)=ANY=[@ANYBLOB='c 0:'], 0xa)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, 0x0)

3.285820699s ago: executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
close(r6)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)

3.110769095s ago: executing program 0:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket(0x2, 0x3, 0x100000001)
bind$inet(r3, 0x0, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xfffffecc)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x8001, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r3)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000340)=@assoc_value, &(0x7f0000000380)=0x8)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={@mcast2, @ipv4={'\x00', '\xff\xff', @empty}, @dev, 0x0, 0x0, 0x9, 0x0, 0x0, 0x80330})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x4, &(0x7f0000000740)=@framed={{}, [@call]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000000)={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, 0x0, 0x0, 0x8, 0x0, 0x0, 0x80040280})
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r4, &(0x7f00000003c0)={0x0, 0x3, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r6, 0x301, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000000), r4)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet(0x2, 0x80001, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x0, 0x6, 0x8, 0x0, 0x1}, 0x48)
pipe(&(0x7f0000000100))

2.618168959s ago: executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
setfsuid(0x0)

2.449964009s ago: executing program 3:
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
tee(r1, r0, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="140100001400b99f000000000000c04b06"], 0x114}], 0x1}, 0x0)

2.377498409s ago: executing program 1:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000280)={0x8001}, 0x8)
socket$inet(0x2, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000002c0)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff}, 0xfffffffffffffdf4)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x6c, &(0x7f0000000080), &(0x7f00000000c0)=0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
write$cgroup_int(r3, 0x0, 0x0)

2.145249726s ago: executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)={0x58, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @generic="1da3ec8561510cad4601509526e336c97b1f6abb588f5a0ef9dbbfae537c66462a5efd9f2a8771f1c58dab27dc4974b3b77eb93db07d15459c87112540"]}, 0x58}], 0x1}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="820000000000000072000040"])

1.958102807s ago: executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x2a, 0xfffffffffffffffc)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f00000000c0))

1.939862657s ago: executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="3f35b1000000", 0x0, 0x0, 0x0, 0x0, 0x0})

1.866246945s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x4)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000ac0)={0x14, r2, 0xc4fc9e906872378b, 0x0, 0x0, {{0x5}, {@void, @void}}}, 0x14}}, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x8100000}, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), r1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r1)
poll(&(0x7f0000000140)=[{}], 0x1, 0x0)

1.666835663s ago: executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000ec0)=[{{&(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="435d61e778eb38a7b38869e147b2bb2d8ea5f836c654c0d9d14ceca9529604eb9a1f8d24c87b2153413b8bc5d52b8aa671b64b2290f0d96afeaa40f60d23f9f9f7d8b4c37a6409abd84ddbe5264f73200c67d8f9742d0f51951f7bb8fe27a59cc395ba580c12f6e995b8a62901c58273c223abb6", 0x74}, {&(0x7f0000000180)="518cf9568a61ae87e9e450447422ed8ab8e2d292b9e8f1", 0x17}, {&(0x7f0000000380)="5132ac5e8205378f905fac4b0f7b0ad4ff080df00b5a6655e32124d51a45ebebdf4a86101587d502357bfc43f44098742b83caede42f6e007330dc8ab67371c65d39bc126b8f9bf17dce0ba9d14f263efa7056bb8a02", 0x56}], 0x3}}], 0x2, 0x2000c044)
sendto$inet(r1, &(0x7f0000000c80)="e8", 0x57f, 0x0, 0x0, 0x0)

1.625541747s ago: executing program 0:
syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x88c0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
openat(0xffffffffffffffff, 0x0, 0x161040, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x2, 0x2, 0x100, 0x0, 0x2}})

1.337073189s ago: executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x40, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MLSLVLLST={0x18, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x40}}, 0x0)

1.247128264s ago: executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r2 = fsopen(&(0x7f0000000040)='qnx6\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000180)='/sys/fs/smackfs/revoke-subject\x00', &(0x7f00000001c0)="8a", 0xf4240)

1.225987947s ago: executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r0, &(0x7f0000001940)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="a0002883781ecc0e", 0x8}], 0x1}}], 0x1, 0x20000000)

868.047517ms ago: executing program 3:
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000340)={[{@resuid}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x28011, r0, 0x0)
ftruncate(r0, 0x6)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', 0x0})
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00008, 0x0, 0x0, 0x0, 0x2)

720.168459ms ago: executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x50, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x50}}, 0x0)

576.075572ms ago: executing program 1:
r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000202505a8a440000102030109021b00010100000009040000010701010009050102"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000b40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x0, 0x1}})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
write$char_usb(r1, 0x0, 0x0)

508.135427ms ago: executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x20008000)
recvmmsg(r4, &(0x7f00000051c0)=[{{0x0, 0x5, &(0x7f0000001c00)=[{&(0x7f0000000b40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmsg$nl_netfilter(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000003240)={0x9c0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @uid}, @nested={0x6c1, 0x0, 0x0, 0x1, [@generic="698116aedb8b20ea7c6c1ea25cebb36cb7516a143ffcbf515d9b35990799d65ed4fa083777eacc95fa2f3717c611e3c6fe1d4b847f38d0dacc9f008b92723a786b2dd3347844e021bcf5efa0a62caef6e04b6b1b9d640100e3a8fae523375efd02993336c03a1a1bf658f9ed0ad98cc24e76e2b2f4cb4bf0fb02b4ad1c66f8c32e54a0cb9093b9d599e05e779bd684cc7706d2260a8a8c54287555094b6ad08ade2ab84cf88d0ef9342515965597c9eca65e292856ea502b09a749a8f3ea66e51b0d33dec35a77773ef419d59b4c3ca6e89835cffebd2a3886a4e26ba7f4e360d05d6eaad1f680cbdb784160890a3ea391a12000c155b0b50bd74b86937a09d67069c2343877999893989ea493f51f925ac132aab7eec297a3862434e93e1811424687bde6a777c97a8503cff06c411b865f973c2495874293fa05b53260e57c6fc930b693c94681bff0ba128341de4210b22373fba80a6dda5133339b8f435c4b1369d68ab17e15e5f4f0e397e38939f706aacfc602b84e7b6800c0407bf31cde3bad212985b4e73516dcba1abcef724ff9c3f8ebaac7bc51521a2b8b1959c2f199abdfb004a36f34dc1ed8e955ecbbf7e57622ccca111565b06627b5188b7cc860d88e6ecb1a6e09c98b5e2e2ad28d59ff9881879a10c459274f02d802799dc31d22a16d50dc3aa6a209beff95faf7fb3e0efb64abea0107d907e48bdf05ff18f9e25374350fd94c8574626204411980450b26b4d94cc27af25c9fb01ec651cf743389268d34efaccc90cc31417372c8b417661bf7bcc60322ce048935b50b9cc604f502ec4077f684c3491a75e1c316960536739ed057fbaf1f7e51908afa659e47c32760feff1c9286daf9f38f1f4efbfbadb527a8d24a02dbb11b8df87d6d425e33ff3e21b99398b37eb27fc6d22441f23a2abf2d5af960808635a16f2c54345aa0222d3b3ccccc84b240f3c0573a0f390d5db54944e64486182fc1420f4853ef552b1c365de6e507645e9e710041dbd9f2aa13cc59b9bb1670be77a739861c2eec21532ba37d2ec12f604f9e502290952973935b67c6facb7f1409e064c7851c39b4b0a37810000e2df921359dc805a0407d9c8cf92a778f1bac0bf82b806661195a939ca63af13050b985b3138e765dccbef68cf21ae55234ae9de86755288474d4c5c9b246cffe4746eabec04a3f57a61602ae9528ab909b95a1085bcded066ff9a7d648f19343b71df5247f1af8f809f6d117ecc2b4350dfe2eddce37603d4235730e504a147d61b5ea7e64be89c9bdca3b62b741d52caedfdfb227b7a1b1bc6be052f7a07b2071404825b00b96450dc39628e4463aa6d5e6738e4f9b975b4d763440fac2fb297a0812592599814af5fffae33916356070641edfecf45eb9149fcc3c520ea1f02c4d78916429f86b27b01a3ed56b3a8014498bdbb7a9e4822ed452445f0a362fa79decf33651837d02afd67d6e8a2566bf9321d74e2844ce00190c0b5714998159a77e98512a18e7e9b46a57f5ce89f3095232237d30b118ca1c9b30329524a451caa894e3a66424e920bfc7d08c4eb38a274be9d7ba2d93ccdc25dcfa1b9c0ef29fd6ba89a1d994bb484569503a4d33f3d6e347f4f44d811e972ac1c4b85280674e72a0a5824ec65939f1391173191806966bf61a2ac37ecbaa0ab3583b051f4623c1a3ffffffff245a3c384da6c0f97102cb428b4f525a6c6ec1954577cd14a0c97692dd4b964411741f068afd9ead44080190c768f7b54a3421b476d2c9b313f02bf1032ee799e4d3cd2736b28f2726cebca5e69883988e54ec560aa1efedc1070ae316c7e3f1e0e41d972aa4914f5e68dffc3c8941d8a81ee63363539289c55d0522182901377914e566c4122a0a3fd04fb81e6d5805093ce00ed52490b95359f083450dc5da8b5e7702f72d60a3b85baa0d5c69c29dd899c337d7d19a7badac5ce8b2dd5a6e1068681e0671aab8bafe98013af002f36e4fe5eca3426b9dec788ff7d66b511a4015231ddcaa0a862f0536d9f6ce07c39b1f03a47fe071615ef1552c4159826a95ce58a0db04cca0b4e72c1c70b6c32cd1cb318429e1e9771767264b5d83475b503e86ae57f9adda13cea644ca3e89d97a84826f519e7b00622f86654e5031b5808696d8f54cfe7893f3a252a8a4dfa305c426c4c7b1d301686ef36db07ddd905b257dd09d4448c5d335965a7ead2230671424185925ce0c5871c20595bdd437d7a3011f4a99b402eee43cf11677e316d74651377465025757b862b3e117d97fb5247ab67910a5a403df35a82c2a90f4afdea2d70c2d5c0741a54ee15fdfe7c54caf1632c2fd375a0fce83ab11f7ab5b871c73bf33a0f2035f3896e92c52d8eba7d9a6dbbb2d3674f01f9c0c2787831b36db4556b2004e5c51d89a1a805af2f0e35ae6d330ce94fb88aa"]}, @nested={0x219, 0x0, 0x0, 0x1, [@typed={0x4}, @generic="e87d0bc24a735d2ca454cf86d04a86fa3e889b4684aba191712b5ebfeb4f3869c602e09b8d36322912a01b2a17c04c2c82dfcf62b9100095415078fc48b4b4fa54f5110d9f024e4bba683a1ef867e67cd187a28ddab0013f4b2b2edddbd845a23d768a0edc3c8e715f62080f2bb5d8e97b26799bc12511f42fc1203b9edce56628a06e129cb2bcaf038fc3bea270585d00ab3c0b294ef769e8e9b1c1ffe424b05ff3510febb9972c76bbfce37b8c9f9f0cb94ca8c0d728f2e695b535d36efb84c7ab5aab5051d80722cba4af", @typed={0xd, 0x0, 0x0, 0x0, @str='skcipher\x00'}, @typed={0x1d, 0x0, 0x0, 0x0, @binary="ed63125ccf3357e4509aa704a8d2efc38cf1ca2fbcf133f8b4"}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="215f43c0219f18b9e0b3653453c2023cacb1ea2aa2afed2c171a5dba95ea53c0db7580f7036d968c34682b7395be45d186f9b0563c6fccb4f6cb8cc3c0252eea316473136729ee0c7324696b2a58bb31df3f990a1e9db8c7906feaf3408876fbe8426d", @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @generic="c5292577b220f886d7310ee6ebe4c4478788714f086e07f5cbb3e79a5cc3c8eb4d06cd3f65394d117cd1b11678a1fac4eed1c99c0d8b269fdbb9eb1fa126d30680e573d46ddd5f6cad5b2a9968f4ea34a079ac8531460d806858710fcb789a030802fb01225328550d9c6f550c1c4a74c77340486959577616d650dc998c5a34ccdbf2bc3b689a9614a2b2b08983", @typed={0x8, 0x0, 0x0, 0x0, @u32}]}, @generic="6b524909cf511dd393a07fdb96f95664940c8d0b0d6d0784b738663f8a7675d43a8b8c25d88da7aa17b3966e0f2e8d2ce0651e97ca3619e0398888de4aad1d886d0bb41ee40978e8e766fd4b85f767d550a16545a3660db26ecc85252b631293100ed6057d448d0911", @nested={0x55, 0x0, 0x0, 0x1, [@generic="7d6f907c89c4bd27990a63b092ea64f8d624830a0d725e91bd94d911f11cbcfd99207fc676da67f961de268339eca2d25d3f5a5affc014d86ef956b1ce724af613937400d10799957d32b672cdebd60637"]}]}, 0x9c0}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r6, 0x29, 0xc8, &(0x7f0000000180), 0x3d)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xcf, 0x0, 0x0)
sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@private1, 0x0, 0x32}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x0)

207.74092ms ago: executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008546000000000000ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000002200001c0012000c000100626f6e64"], 0x3c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0x53, 0x0, 0x0, r4}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0xf}]}, 0x28}}, 0x0)

204.989623ms ago: executing program 0:
socket$inet_smc(0x2b, 0x1, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
gettid()
capget(&(0x7f0000000180)={0x20071026}, &(0x7f00000001c0))
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0)=[@window, @window, @timestamp], 0x3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[], 0x440)
sendto$inet(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x18, 0x4, 0x3c8, 0x1f8, 0x0, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108, 0x340, {0x30030000, 0x4}}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0xc0, 0xf0, 0x0, {0x7800}}, @unspec=@CONNMARK={0x30}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
socket$key(0xf, 0x3, 0x2)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp6\x00')

0s ago: executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
prctl$PR_GET_TSC(0x43, 0x0)
prctl$PR_MCE_KILL(0x43, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0)
dup2(0xffffffffffffffff, r0)

kernel console output (not intermixed with test programs):

] EXT4-fs (loop0): 1 truncate cleaned up
[ 1781.486124][T27038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1781.828265][T27047] loop3: detected capacity change from 0 to 256
[ 1781.856076][T27047] exFAT-fs (loop3): error, invalid access to FAT bad cluster (entry 0x00000005)
[ 1781.870690][T27047] exFAT-fs (loop3): failed to load alloc-bitmap
[ 1781.898549][T27047] exFAT-fs (loop3): failed to recognize exfat type
[ 1781.933585][T26093] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1781.942955][T27052] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1782.304671][ T9756] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 1782.316612][ T9756] Bluetooth: hci3: Injecting HCI hardware error event
[ 1782.329400][ T9756] Bluetooth: hci3: hardware error 0x00
[ 1782.636694][T27065] syz-executor.3: attempt to access beyond end of device
[ 1782.636694][T27065] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1783.024160][T27066] loop0: detected capacity change from 0 to 512
[ 1783.073171][T27066] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1783.099324][T27066] EXT4-fs (loop0): Remounting filesystem read-only
[ 1783.106509][T27066] EXT4-fs (loop0): 1 truncate cleaned up
[ 1783.114934][T27066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1783.745837][T26093] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1783.779620][   T29] kauditd_printk_skb: 57 callbacks suppressed
[ 1783.779643][   T29] audit: type=1800 audit(2000001174.150:3867): pid=27077 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1970 res=0 errno=0
[ 1783.783321][T27074] loop2: detected capacity change from 0 to 64
[ 1784.154053][T27083] random: crng reseeded on system resumption
[ 1784.384595][ T9756] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1784.471180][T27088] loop0: detected capacity change from 0 to 4096
[ 1784.487901][T24150] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1784.489571][T27088] ntfs3: Bad value for 'umask'
[ 1784.521188][T26645] Trying to free block not in datazone
[ 1784.527550][T26645] Trying to free block not in datazone
[ 1784.533059][T26645] Trying to free block not in datazone
[ 1784.538713][T26645] Trying to free block not in datazone
[ 1784.551651][T26645] Trying to free block not in datazone
[ 1784.557494][T26645] minix_free_block (loop2:6): bit already cleared
[ 1784.563976][T26645] Trying to free block not in datazone
[ 1784.583326][T26645] Trying to free block not in datazone
[ 1784.644348][ T5153] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1784.694348][T24150] usb 4-1: Using ep0 maxpacket: 16
[ 1784.704701][T24150] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1784.716669][T24150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1784.728141][T24150] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 32
[ 1784.739735][T24150] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1784.764604][T24150] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1784.778762][T24150] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1784.793272][T24150] usb 4-1: Manufacturer: syz
[ 1784.812085][T24150] usb 4-1: config 0 descriptor??
[ 1784.844506][ T5153] usb 2-1: Using ep0 maxpacket: 16
[ 1784.854981][ T5153] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1784.869215][ T5153] usb 2-1: config 0 has no interface number 0
[ 1784.882417][ T5153] usb 2-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1784.901547][T27099] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1784.914405][ T5153] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1784.929202][ T5153] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1784.940995][ T5153] usb 2-1: Product: syz
[ 1784.945682][ T5153] usb 2-1: SerialNumber: syz
[ 1784.957506][ T5153] usb 2-1: config 0 descriptor??
[ 1784.968811][ T5153] usbhid 2-1:0.8: couldn't find an input interrupt endpoint
[ 1785.118956][T24150] rc_core: IR keymap rc-hauppauge not found
[ 1785.131787][T24150] Registered IR keymap rc-empty
[ 1785.137295][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.175565][ T5153] usb 2-1: USB disconnect, device number 41
[ 1785.184819][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.228738][T24150] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1785.246770][T24150] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input65
[ 1785.449807][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.527995][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.565020][T27080] loop3: detected capacity change from 0 to 4096
[ 1785.579735][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.589052][T27080] ntfs3: Unknown parameter 'appraise_type'
[ 1785.614745][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.684291][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1785.708431][T27109] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1785.889326][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1786.156654][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1786.378203][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1786.540076][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1786.784683][T27117] syz-executor.1: attempt to access beyond end of device
[ 1786.784683][T27117] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1786.823457][T24150] mceusb 4-1:0.0: Error: mce write urb status = -71
[ 1787.043936][T24150] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1787.107185][T24150] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1787.154467][T24150] usb 4-1: USB disconnect, device number 48
[ 1788.173847][T27126] random: crng reseeded on system resumption
[ 1789.234735][T27138] loop2: detected capacity change from 0 to 512
[ 1789.321628][T27138] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1789.350422][T27138] EXT4-fs (loop2): Remounting filesystem read-only
[ 1789.362215][T27138] EXT4-fs (loop2): 1 truncate cleaned up
[ 1789.482104][T27138] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1790.553934][T27137] loop3: detected capacity change from 0 to 64
[ 1790.638380][T27151] loop1: detected capacity change from 0 to 512
[ 1790.680132][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1790.741484][T27151] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1790.758128][T27155] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1790.780569][T27151] EXT4-fs (loop1): Remounting filesystem read-only
[ 1790.789826][T27151] EXT4-fs (loop1): 1 truncate cleaned up
[ 1790.815434][T27151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1791.079019][T24925] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1791.234382][T26098] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1791.339242][T27162] loop1: detected capacity change from 0 to 8
[ 1791.447970][T26098] usb 3-1: Using ep0 maxpacket: 16
[ 1791.486829][T27166] syz-executor.3: attempt to access beyond end of device
[ 1791.486829][T27166] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1791.788585][T26098] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[ 1791.821625][T26098] usb 3-1: config 0 has no interface number 0
[ 1791.836890][T26098] usb 3-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1791.862618][T26098] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1791.878367][T26098] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1791.887080][T26098] usb 3-1: Product: syz
[ 1791.891522][T26098] usb 3-1: SerialNumber: syz
[ 1791.899431][T26098] usb 3-1: config 0 descriptor??
[ 1791.910836][T26098] usbhid 3-1:0.8: couldn't find an input interrupt endpoint
[ 1792.174533][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 1792.184950][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[ 1792.200888][T26098] usb 3-1: USB disconnect, device number 54
[ 1793.117432][T27174] random: crng reseeded on system resumption
[ 1793.476962][T27183] loop2: detected capacity change from 0 to 64
[ 1793.543359][   T29] audit: type=1800 audit(2000001183.920:3868): pid=27186 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1976 res=0 errno=0
[ 1793.840948][   T29] audit: type=1800 audit(2000001183.920:3869): pid=27186 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1976 res=0 errno=0
[ 1795.189779][T27208] loop1: detected capacity change from 0 to 128
[ 1795.342557][T27212] loop0: detected capacity change from 0 to 512
[ 1795.372663][T27208] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1795.432016][T27212] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1795.478411][T27212] ext4 filesystem being mounted at /root/syzkaller-testdir781229869/syzkaller.LyoPhy/38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1796.863978][T27214] loop2: detected capacity change from 0 to 32768
[ 1796.906695][T27214] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (27214)
[ 1796.977582][T27229] syz-executor.1: attempt to access beyond end of device
[ 1796.977582][T27229] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1797.174378][  T929] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1797.316455][T27214] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1797.327008][T27214] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1797.335958][T27214] BTRFS info (device loop2): using free-space-tree
[ 1797.435639][T26093] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1797.477079][  T929] usb 4-1: Using ep0 maxpacket: 16
[ 1797.487078][  T929] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1797.495772][  T929] usb 4-1: config 0 has no interface number 0
[ 1797.502000][  T929] usb 4-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1797.515557][  T929] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1797.524955][  T929] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1797.533190][  T929] usb 4-1: Product: syz
[ 1797.538831][  T929] usb 4-1: SerialNumber: syz
[ 1797.546552][  T929] usb 4-1: config 0 descriptor??
[ 1797.558363][  T929] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1797.569740][   T29] audit: type=1800 audit(2000001187.950:3870): pid=27214 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1797.583465][T27247] loop0: detected capacity change from 0 to 128
[ 1797.599402][T27247] ufs: You didn't specify the type of your ufs filesystem
[ 1797.599402][T27247] 
[ 1797.599402][T27247] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[ 1797.599402][T27247] 
[ 1797.599402][T27247] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[ 1797.610380][   T29] audit: type=1800 audit(2000001187.990:3871): pid=27214 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1797.641212][T27247] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[ 1797.760974][  T929] usb 4-1: USB disconnect, device number 49
[ 1797.992586][T26645] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1798.150437][   T29] audit: type=1800 audit(2000001188.530:3872): pid=27257 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1972 res=0 errno=0
[ 1798.237809][   T29] audit: type=1800 audit(2000001188.530:3873): pid=27257 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1972 res=0 errno=0
[ 1799.845860][T27265] loop2: detected capacity change from 0 to 512
[ 1799.970046][T27265] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1800.016856][T27265] EXT4-fs (loop2): Remounting filesystem read-only
[ 1800.023677][T27265] EXT4-fs (loop2): 1 truncate cleaned up
[ 1800.037347][T27265] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1800.086260][T27275] loop3: detected capacity change from 0 to 256
[ 1800.123821][T27275] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1800.150157][T27277] loop0: detected capacity change from 0 to 128
[ 1800.190198][T27275] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d)
[ 1800.210689][   T29] audit: type=1800 audit(2000001190.590:3874): pid=27277 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=1977 res=0 errno=0
[ 1800.272696][   T29] audit: type=1804 audit(2000001190.590:3875): pid=27277 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir781229869/syzkaller.LyoPhy/41/file0" dev="sda1" ino=1977 res=1 errno=0
[ 1800.326441][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1800.418605][   T29] audit: type=1804 audit(2000001190.590:3876): pid=27277 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir781229869/syzkaller.LyoPhy/41/file0" dev="sda1" ino=1977 res=1 errno=0
[ 1800.465586][   T29] audit: type=1804 audit(2000001190.690:3877): pid=27270 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2860301449/syzkaller.DHRsPI/137/file0/bus" dev="loop3" ino=1048876 res=1 errno=0
[ 1800.935777][   T29] audit: type=1804 audit(2000001191.320:3878): pid=27286 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir2575000920/syzkaller.rgbObG/108/file0" dev="sda1" ino=1958 res=1 errno=0
[ 1801.372129][T27289] loop1: detected capacity change from 0 to 256
[ 1801.547210][T27289] exfat: Deprecated parameter 'namecase'
[ 1801.553116][T27289] exfat: Unknown parameter '�ocharseT'
[ 1801.824406][T27299] syz-executor.0: attempt to access beyond end of device
[ 1801.824406][T27299] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1801.922766][T27302] loop1: detected capacity change from 0 to 128
[ 1801.957695][T27302] ufs: You didn't specify the type of your ufs filesystem
[ 1801.957695][T27302] 
[ 1801.957695][T27302] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[ 1801.957695][T27302] 
[ 1801.957695][T27302] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[ 1802.036326][T27302] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[ 1802.094915][T27281] loop2: detected capacity change from 0 to 32768
[ 1802.111201][T27281] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (27281)
[ 1802.179091][T27281] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1802.204130][T27281] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1802.213320][T27281] BTRFS info (device loop2): using free-space-tree
[ 1802.437057][   T29] audit: type=1800 audit(2000001192.820:3879): pid=27281 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1802.495063][   T29] audit: type=1800 audit(2000001192.850:3880): pid=27281 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1802.648044][T26645] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1802.812209][    T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1803.064361][    T9] usb 2-1: Using ep0 maxpacket: 16
[ 1803.091972][    T9] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1803.118186][    T9] usb 2-1: config 0 has no interface number 0
[ 1803.134451][    T9] usb 2-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1803.163827][    T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1803.183533][    T9] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1803.330714][    T9] usb 2-1: Product: syz
[ 1803.338948][    T9] usb 2-1: SerialNumber: syz
[ 1803.375761][    T9] usb 2-1: config 0 descriptor??
[ 1803.389329][    T9] usbhid 2-1:0.8: couldn't find an input interrupt endpoint
[ 1803.615616][   T25] usb 2-1: USB disconnect, device number 42
[ 1803.802497][T27341] loop2: detected capacity change from 0 to 1024
[ 1803.879177][T27341] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1804.174590][T27341] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1804.217013][T27341] EXT4-fs (loop2): revision level too high, forcing read-only mode
[ 1804.234786][T27341] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1804.249653][T27341] EXT4-fs error (device loop2): ext4_free_blocks:6590: comm syz-executor.2: Freeing blocks not in datazone - block = 0, count = 4096
[ 1804.276284][T27341] EXT4-fs (loop2): Remounting filesystem read-only
[ 1804.339684][T27341] EXT4-fs (loop2): 1 orphan inode deleted
[ 1804.426535][T27341] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1804.452024][   T29] audit: type=1804 audit(2000001194.830:3881): pid=27353 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir781229869/syzkaller.LyoPhy/44/file0" dev="sda1" ino=1941 res=1 errno=0
[ 1804.520615][T27353] loop0: detected capacity change from 0 to 256
[ 1804.540546][T27353] exfat: Deprecated parameter 'namecase'
[ 1804.552427][T27353] exfat: Unknown parameter '�ocharseT'
[ 1804.569093][T27355] loop1: detected capacity change from 0 to 64
[ 1804.611240][T27355] hfs: unable to parse mount options
[ 1804.761436][T27361] loop0: detected capacity change from 0 to 128
[ 1804.787500][T27361] ufs: You didn't specify the type of your ufs filesystem
[ 1804.787500][T27361] 
[ 1804.787500][T27361] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[ 1804.787500][T27361] 
[ 1804.787500][T27361] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[ 1804.829878][T27361] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[ 1804.996380][T27363] random: crng reseeded on system resumption
[ 1805.076555][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1805.140795][T27361] 9pnet_virtio: no channels available for device 
[ 1805.397115][T27371] loop0: detected capacity change from 0 to 1024
[ 1805.430258][T27371] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1805.475768][T27371] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1805.504300][T27371] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 1805.555567][T27371] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c841c01c, mo2=0003]
[ 1805.587675][T27371] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1806.030610][T27384] syz-executor.1: attempt to access beyond end of device
[ 1806.030610][T27384] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1806.124355][    T9] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1806.209239][T27369] loop2: detected capacity change from 0 to 32768
[ 1806.231440][T27369] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (27369)
[ 1806.303959][T27369] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1806.324686][    T9] usb 4-1: Using ep0 maxpacket: 16
[ 1806.336561][T27369] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1806.357109][T27369] BTRFS info (device loop2): using free-space-tree
[ 1806.364370][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1806.384830][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1806.405971][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1806.416212][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1806.426500][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1806.442924][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1806.452812][    T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1806.470168][    T9] usb 4-1: Manufacturer: syz
[ 1806.481495][    T9] usb 4-1: config 0 descriptor??
[ 1806.593371][   T29] audit: type=1800 audit(2000001196.970:3882): pid=27369 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1806.671987][   T29] audit: type=1800 audit(2000001197.020:3883): pid=27369 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1807.239991][T27376] loop3: detected capacity change from 0 to 4096
[ 1807.248137][T27376] ntfs3: Unknown parameter 'appraise_type'
[ 1807.255052][    T9] rc_core: IR keymap rc-hauppauge not found
[ 1807.260983][    T9] Registered IR keymap rc-empty
[ 1807.271738][T26645] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1807.288010][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.338874][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.389435][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1807.431661][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input66
[ 1807.489323][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.575465][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.652875][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.716363][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.795196][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.864648][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.919934][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1807.975451][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1808.014501][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1808.084646][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1808.135596][    T9] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1808.153991][    T9] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1808.245317][    T9] usb 4-1: USB disconnect, device number 50
[ 1808.516147][T26093] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1809.906234][T27429] loop2: detected capacity change from 0 to 8
[ 1809.926236][T27429] squashfs: Unknown parameter ''
[ 1810.190069][T27421] loop3: detected capacity change from 0 to 1024
[ 1810.213060][T27421] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1810.223988][T27421] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1810.484459][T27421] EXT4-fs (loop3): revision level too high, forcing read-only mode
[ 1810.492875][T27421] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1810.830695][T27421] EXT4-fs error (device loop3): ext4_free_blocks:6590: comm syz-executor.3: Freeing blocks not in datazone - block = 0, count = 4096
[ 1811.624832][T27421] EXT4-fs (loop3): Remounting filesystem read-only
[ 1811.654419][T27421] EXT4-fs (loop3): 1 orphan inode deleted
[ 1811.661745][T27421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1811.752202][T23990] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1811.946079][T27433] loop1: detected capacity change from 0 to 32768
[ 1811.984635][T27433] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (27433)
[ 1812.014509][T19005] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1812.046056][T27433] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1812.070908][T27433] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[ 1812.094371][T27433] BTRFS info (device loop1): using free-space-tree
[ 1812.220170][T19005] usb 3-1: Using ep0 maxpacket: 16
[ 1812.229761][   T29] audit: type=1800 audit(2000001202.600:3884): pid=27433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[ 1812.256523][T19005] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[ 1812.265228][T19005] usb 3-1: config 0 has no interface number 0
[ 1812.271369][T19005] usb 3-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1812.306799][T19005] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1812.313086][   T29] audit: type=1800 audit(2000001202.650:3885): pid=27433 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[ 1812.325378][T19005] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1812.364277][T19005] usb 3-1: Product: syz
[ 1812.374270][T19005] usb 3-1: SerialNumber: syz
[ 1812.392154][T19005] usb 3-1: config 0 descriptor??
[ 1812.410807][T19005] usbhid 3-1:0.8: couldn't find an input interrupt endpoint
[ 1812.426192][T24925] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1812.591949][T19005] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1812.613013][    T9] usb 3-1: USB disconnect, device number 55
[ 1812.804596][T19005] usb 4-1: Using ep0 maxpacket: 16
[ 1812.835655][T19005] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1812.844574][   T29] audit: type=1800 audit(2000001203.220:3886): pid=27444 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1956 res=0 errno=0
[ 1812.855108][T19005] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1812.911264][   T29] audit: type=1800 audit(2000001203.290:3887): pid=27468 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1973 res=0 errno=0
[ 1812.943423][T19005] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1812.952428][T27468] loop1: detected capacity change from 0 to 512
[ 1812.967948][T27468] EXT4-fs: Ignoring removed bh option
[ 1812.974391][   T29] audit: type=1800 audit(2000001203.320:3888): pid=27444 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1956 res=0 errno=0
[ 1813.013626][T19005] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1813.017490][T27468] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1813.038132][   T29] audit: type=1800 audit(2000001203.320:3889): pid=27468 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1973 res=0 errno=0
[ 1813.044072][T19005] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1813.076280][T27468] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[ 1813.141290][T27468] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 8 (level 2)
[ 1813.187904][T27468] EXT4-fs (loop1): Remounting filesystem read-only
[ 1813.200855][T27468] EXT4-fs (loop1): 1 truncate cleaned up
[ 1813.228134][T19005] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1813.233820][T27468] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1813.252514][T27475] syz-executor.0: attempt to access beyond end of device
[ 1813.252514][T27475] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1813.254574][T19005] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1813.312677][T19005] usb 4-1: Manufacturer: syz
[ 1813.349563][T19005] usb 4-1: config 0 descriptor??
[ 1813.365017][T27479] random: crng reseeded on system resumption
[ 1813.794467][T19005] rc_core: IR keymap rc-hauppauge not found
[ 1813.822129][T19005] Registered IR keymap rc-empty
[ 1813.848404][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1813.915330][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1814.060892][T27466] loop3: detected capacity change from 0 to 4096
[ 1814.068585][T27466] ntfs3: Unknown parameter 'appraise_type'
[ 1814.075088][T24925] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1814.136614][T19005] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1814.190797][T19005] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input67
[ 1814.234517][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1814.286569][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1814.514654][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1814.564650][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.400783][T27495] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1815.654519][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.704794][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.744786][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.784390][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.820897][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.884461][T19005] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1815.925913][T19005] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1815.944546][T19005] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1816.183797][T27500] loop3: detected capacity change from 0 to 32768
[ 1816.235613][T19005] usb 4-1: USB disconnect, device number 51
[ 1816.358750][T27500] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1816.485584][T27513] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1817.268127][T27515] loop1: detected capacity change from 0 to 128
[ 1817.279710][T27515] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[ 1817.347813][T27500] XFS (loop3): Ending clean mount
[ 1817.368750][T27500] XFS (loop3): Quotacheck needed: Please wait.
[ 1817.385920][T27515] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[ 1817.453263][T27500] XFS (loop3): Quotacheck: Done.
[ 1817.928879][T27518] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1818.027366][T23990] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1818.218254][T27518] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1818.324405][   T25] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1818.467172][T27518] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1818.514584][   T25] usb 1-1: Using ep0 maxpacket: 16
[ 1818.522091][   T25] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[ 1818.536645][   T25] usb 1-1: config 0 has no interface number 0
[ 1818.571956][   T25] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1818.576738][T27516] loop2: detected capacity change from 0 to 32768
[ 1818.603026][   T25] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1818.609149][T27516] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (27516)
[ 1818.612555][   T25] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1818.696595][   T25] usb 1-1: Product: syz
[ 1818.697973][T27525] loop1: detected capacity change from 0 to 32768
[ 1818.700819][   T25] usb 1-1: SerialNumber: syz
[ 1818.715732][T27516] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1818.717537][   T25] usb 1-1: config 0 descriptor??
[ 1818.730966][T27525] BTRFS: device /dev/loop1 (7:1) using temp-fsid 5c746428-95df-495c-bde1-c0249518d0db
[ 1818.737553][T27518] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1818.743360][T27516] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1818.762909][T27525] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (27525)
[ 1818.766342][   T25] usbhid 1-1:0.8: couldn't find an input interrupt endpoint
[ 1818.791625][T27516] BTRFS info (device loop2): using free-space-tree
[ 1818.818955][T27525] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1818.862474][T27525] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[ 1818.924167][T27525] BTRFS info (device loop1): using free-space-tree
[ 1818.946472][T27542] loop3: detected capacity change from 0 to 512
[ 1818.987671][  T932] usb 1-1: USB disconnect, device number 65
[ 1819.048189][T27542] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1819.070006][T27542] EXT4-fs (loop3): Remounting filesystem read-only
[ 1819.077872][T27542] EXT4-fs (loop3): 1 truncate cleaned up
[ 1819.091352][T27542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1819.117146][T27518] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1819.131264][   T29] audit: type=1800 audit(2000001209.510:3890): pid=27516 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1819.181613][T27518] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1819.193323][   T29] audit: type=1800 audit(2000001209.580:3891): pid=27516 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[ 1819.201130][T27518] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1819.253472][T27518] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1819.415507][   T29] audit: type=1800 audit(2000001209.790:3892): pid=27525 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[ 1819.420460][T26645] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1819.447653][   T29] audit: type=1800 audit(2000001209.820:3893): pid=27525 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[ 1819.640766][T24925] BTRFS info (device loop1): last unmount of filesystem 5c746428-95df-495c-bde1-c0249518d0db
[ 1819.713143][T23990] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1819.875363][T27568] random: crng reseeded on system resumption
[ 1820.097221][  T932] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1820.425442][  T929] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1820.433777][  T932] usb 1-1: Using ep0 maxpacket: 16
[ 1820.461854][  T932] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1820.560644][T27579] nft_compat: unsupported protocol 0
[ 1821.237889][  T932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1821.248885][  T932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1821.264723][  T932] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1821.302209][  T932] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1821.337329][  T932] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1821.371113][  T929] usb 3-1: Using ep0 maxpacket: 8
[ 1821.414623][  T932] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1821.426020][  T929] usb 3-1: unable to get BOS descriptor set
[ 1821.444897][  T932] usb 1-1: Manufacturer: syz
[ 1821.455568][  T929] usb 3-1: config 0 has no interfaces?
[ 1821.473287][  T929] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1821.485239][  T932] usb 1-1: config 0 descriptor??
[ 1821.490900][  T929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1821.508931][  T929] usb 3-1: Product: syz
[ 1821.520930][  T929] usb 3-1: Manufacturer: syz
[ 1821.539421][T27583] loop1: detected capacity change from 0 to 8
[ 1821.546594][  T929] usb 3-1: SerialNumber: syz
[ 1821.555062][  T929] usb 3-1: config 0 descriptor??
[ 1821.571140][T27583] squashfs: Unknown parameter ''
[ 1821.802372][  T929] usb 3-1: USB disconnect, device number 56
[ 1821.854391][  T932] rc_core: IR keymap rc-hauppauge not found
[ 1821.860728][  T932] Registered IR keymap rc-empty
[ 1821.886030][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.074833][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.105377][  T932] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 1822.167532][T27566] loop0: detected capacity change from 0 to 4096
[ 1822.175301][T27566] ntfs3: Unknown parameter 'appraise_type'
[ 1822.183098][  T932] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input68
[ 1822.203273][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.254922][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.275275][T27576] loop3: detected capacity change from 0 to 32768
[ 1822.293287][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.344560][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.404531][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.435014][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.486099][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.536113][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.584381][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.755058][  T932] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1822.787422][  T932] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[ 1822.804298][  T932] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1822.826656][  T932] usb 1-1: USB disconnect, device number 66
[ 1823.072369][T27596] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1823.366834][T27594] loop1: detected capacity change from 0 to 32768
[ 1823.401189][T27594] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (27594)
[ 1823.410544][T27605] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1823.439862][T27594] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1823.452865][T27596] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1823.465527][T27594] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[ 1823.478136][T27594] BTRFS info (device loop1): using free-space-tree
[ 1823.519856][T27605] bridge0: entered promiscuous mode
[ 1823.526568][T27605] macsec1: entered promiscuous mode
[ 1823.545940][  T932] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1823.560262][T27605] bridge0: left promiscuous mode
[ 1823.677752][   T29] audit: type=1800 audit(2000001214.060:3894): pid=27594 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[ 1823.707026][   T29] audit: type=1800 audit(2000001214.090:3895): pid=27594 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[ 1823.754574][  T932] usb 4-1: Using ep0 maxpacket: 16
[ 1823.762192][  T932] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1823.776608][  T932] usb 4-1: config 0 has no interface number 0
[ 1823.783139][  T932] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1823.812658][  T932] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1823.830847][  T932] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1823.840455][  T932] usb 4-1: Product: syz
[ 1823.852417][  T932] usb 4-1: SerialNumber: syz
[ 1823.879402][  T932] usb 4-1: config 0 descriptor??
[ 1823.887680][T27596] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1823.907424][T24925] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1823.920551][  T932] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1824.406412][T27578] usb 4-1: USB disconnect, device number 52
[ 1824.457589][T27596] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1826.080364][T27596] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.162411][T27596] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.341543][T27596] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.404402][  T932] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1826.456294][T27596] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1826.681335][  T932] usb 2-1: Using ep0 maxpacket: 16
[ 1826.692505][  T932] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1826.709221][  T932] usb 2-1: config 0 has no interface number 0
[ 1826.718127][  T932] usb 2-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1826.788349][  T932] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1826.833297][  T932] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1826.879229][T27640] loop2: detected capacity change from 0 to 8
[ 1826.888875][T27640] squashfs: Unknown parameter ''
[ 1826.977439][  T932] usb 2-1: Product: syz
[ 1826.993672][  T932] usb 2-1: SerialNumber: syz
[ 1827.028093][  T932] usb 2-1: config 0 descriptor??
[ 1827.087202][  T932] usbhid 2-1:0.8: couldn't find an input interrupt endpoint
[ 1827.169714][T13996] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1827.324091][  T932] usb 2-1: USB disconnect, device number 43
[ 1827.343488][T25504] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1827.361927][T25504] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1827.372776][T25504] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1827.383176][T25504] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1827.398703][T25504] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1827.409213][T25504] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1827.548549][T13996] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1827.772358][T27644] loop2: detected capacity change from 0 to 1024
[ 1827.775379][T13996] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1827.801158][T27644] hfsplus: unable to parse mount options
[ 1827.840045][T27641] lo speed is unknown, defaulting to 1000
[ 1828.017360][T13996] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1828.568090][T27641] chnl_net:caif_netlink_parms(): no params data found
[ 1828.869210][T13996] vlan0: left allmulticast mode
[ 1828.874415][T13996] veth0_vlan: left allmulticast mode
[ 1828.882002][T13996] vlan0: left promiscuous mode
[ 1828.887981][T13996] bridge0: port 3(vlan0) entered disabled state
[ 1828.903402][T13996] bridge_slave_1: left allmulticast mode
[ 1828.914384][T13996] bridge_slave_1: left promiscuous mode
[ 1829.134741][T13996] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1829.412863][T13996] bridge_slave_0: left allmulticast mode
[ 1829.436878][T13996] bridge_slave_0: left promiscuous mode
[ 1829.454500][T13996] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1829.515186][T25504] Bluetooth: hci3: command tx timeout
[ 1829.722812][T27644] loop2: detected capacity change from 0 to 40427
[ 1829.730817][T27644] F2FS-fs (loop2): Unrecognized mount option "~ouser_xattr" or missing value
[ 1830.591294][T27670] loop2: detected capacity change from 0 to 64
[ 1830.663298][   T29] audit: type=1326 audit(2000001221.040:3896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1830.765694][   T29] audit: type=1326 audit(2000001221.040:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1830.873436][   T29] audit: type=1326 audit(2000001221.040:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1830.942955][   T29] audit: type=1326 audit(2000001221.070:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1830.953460][    C1] vcan0: j1939_xtp_rx_dpo: no connection found
[ 1830.971738][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1830.978340][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1830.984945][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1830.991511][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1830.998116][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.004713][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.011306][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.017909][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.024499][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.031082][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.037757][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.044362][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.049471][   T29] audit: type=1326 audit(2000001221.070:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1831.050913][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.079571][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.086170][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.092739][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.099338][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.105948][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.112517][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.119103][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.125698][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.132257][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.138843][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.145442][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.151193][   T29] audit: type=1326 audit(2000001221.070:3901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1831.151981][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.180630][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.187228][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.193833][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.200447][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.207066][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.213647][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.220267][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.226885][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.233446][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.240040][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.246631][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.253206][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.259796][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.260995][   T29] audit: type=1326 audit(2000001221.070:3902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1831.266363][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.266481][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.266590][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.266702][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.303286][T27663] loop0: detected capacity change from 0 to 32768
[ 1831.308321][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.308442][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.308557][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.331324][T27663] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (27663)
[ 1831.334752][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.334880][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.367507][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.374017][   T29] audit: type=1326 audit(2000001221.070:3903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1831.374059][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.402781][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.409377][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.410140][   T29] audit: type=1326 audit(2000001221.070:3904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1831.416104][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.444877][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.449711][   T29] audit: type=1326 audit(2000001221.070:3905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27666 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1831.451409][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.480136][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.486724][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.493235][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.499809][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.506409][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.513009][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.519626][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.526214][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.532771][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.539835][T27672] random: crng reseeded on system resumption
[ 1831.541550][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.552463][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.559056][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.565954][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.572498][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.579059][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.585620][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.592190][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.598749][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.605310][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.612033][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.618684][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.625336][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.631949][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.638502][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.645054][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.651589][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.658145][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.664707][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.671311][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.677883][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.684440][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.691067][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.697617][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.704179][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.710737][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.717292][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.723819][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.730365][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.737003][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.743572][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.750323][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.756903][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.763540][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.770166][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.776981][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.783575][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1831.807629][T25504] Bluetooth: hci3: command tx timeout
[ 1832.019237][T27663] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1832.037189][T27663] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 1832.050020][T27663] BTRFS info (device loop0): using free-space-tree
[ 1832.196613][T13996] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1832.216267][T13996] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1832.278864][T13996] bond0 (unregistering): Released all slaves
[ 1832.340931][T27668] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1832.378076][T27665] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1832.547409][    C1] vcan0 (unregistering): j1939_tp_rxtimer: 0xffff8880246dd000: rx timeout, send abort
[ 1832.714530][T26093] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1832.759967][T27641] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1832.858881][T27641] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1832.944933][T27641] bridge_slave_0: entered allmulticast mode
[ 1833.057076][    C1] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff8880246dd000: abort rx timeout. Force session deactivation
[ 1833.351720][T27641] bridge_slave_0: entered promiscuous mode
[ 1833.521855][T27696] PKCS7: Unknown OID: [4] 2.37.27379264501.7451
[ 1833.528801][T27696] PKCS7: Only support pkcs7_signedData type
[ 1833.825426][T25504] Bluetooth: hci3: command tx timeout
[ 1835.314920][T27705] nft_compat: unsupported protocol 0
[ 1835.924415][T27705] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1835.932097][T25504] Bluetooth: hci3: command tx timeout
[ 1836.372929][   T29] kauditd_printk_skb: 5 callbacks suppressed
[ 1836.372948][   T29] audit: type=1800 audit(2000001226.750:3911): pid=27713 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1960 res=0 errno=0
[ 1836.404549][   T29] audit: type=1800 audit(2000001226.790:3912): pid=27713 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1960 res=0 errno=0
[ 1836.457088][T27641] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1836.469136][T27641] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1836.644096][T27641] bridge_slave_1: entered allmulticast mode
[ 1836.652215][T27641] bridge_slave_1: entered promiscuous mode
[ 1837.238109][T13996] hsr_slave_0: left promiscuous mode
[ 1837.263317][T13996] hsr_slave_1: left promiscuous mode
[ 1837.345097][T13996] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1837.374422][T13996] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1837.758809][T13996] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1837.927125][T13996] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1838.235752][T27726] random: crng reseeded on system resumption
[ 1838.720865][T27732] loop2: detected capacity change from 0 to 512
[ 1838.755171][T13996] veth1_macvtap: left promiscuous mode
[ 1838.764878][T27732] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e01c, mo2=0002]
[ 1838.783588][T13996] veth0_macvtap: left promiscuous mode
[ 1838.799402][T27732] System zones: 1-12
[ 1838.823412][T13996] veth1_vlan: left promiscuous mode
[ 1838.934614][T13996] veth0_vlan: left promiscuous mode
[ 1839.057978][T27732] EXT4-fs error (device loop2): dx_probe:822: inode #2: comm syz-executor.2: Directory hole found for htree index block
[ 1839.095473][T27732] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117
[ 1839.111121][T27732] EXT4-fs error (device loop2): dx_probe:822: inode #2: comm syz-executor.2: Directory hole found for htree index block
[ 1840.028994][T27732] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[ 1840.062378][T27732] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1840.162312][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1840.174025][ T6117] hid (null): unknown global tag 0xe
[ 1840.185414][ T6117] hid-generic 0000:0000:0000.0035: unknown global tag 0xe
[ 1840.192579][ T6117] hid-generic 0000:0000:0000.0035: item 0 1 1 14 parsing failed
[ 1840.206658][ T6117] hid-generic 0000:0000:0000.0035: probe with driver hid-generic failed with error -22
[ 1840.303555][   T29] audit: type=1326 audit(2000001230.680:3913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1840.499406][T27754] loop1: detected capacity change from 0 to 8
[ 1840.520942][T27754] squashfs: Unknown parameter ''
[ 1840.535026][   T29] audit: type=1326 audit(2000001230.710:3914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1840.611273][   T29] audit: type=1326 audit(2000001230.870:3915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1840.635169][   T29] audit: type=1326 audit(2000001230.870:3916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1840.698242][   T29] audit: type=1326 audit(2000001230.870:3917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.477981][T27738] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 361: padding at end of block bitmap is not set
[ 1841.517126][   T29] audit: type=1326 audit(2000001230.880:3918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.549643][   T29] audit: type=1326 audit(2000001230.880:3919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.577024][   T29] audit: type=1326 audit(2000001230.880:3920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.615206][   T29] audit: type=1326 audit(2000001230.880:3921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.656605][   T29] audit: type=1326 audit(2000001230.880:3922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.680098][   T29] audit: type=1326 audit(2000001230.880:3923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.712935][T27762] loop1: detected capacity change from 0 to 64
[ 1841.721334][   T29] audit: type=1326 audit(2000001230.880:3924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.721347][T27762] hfs: unable to parse mount options
[ 1841.721391][   T29] audit: type=1326 audit(2000001230.890:3925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1841.771935][   T29] audit: type=1326 audit(2000001230.890:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27741 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b7a87d0a9 code=0x7ffc0000
[ 1842.598104][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1842.812030][   T29] audit: type=1800 audit(2000001233.190:3927): pid=27768 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1947 res=0 errno=0
[ 1842.900988][T13996] team0 (unregistering): Port device team_slave_1 removed
[ 1842.985794][T13996] team0 (unregistering): Port device team_slave_0 removed
[ 1843.745704][T27773] syz-executor.2: attempt to access beyond end of device
[ 1843.745704][T27773] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1844.531386][T27779] random: crng reseeded on system resumption
[ 1845.139021][T27745] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1845.368310][T27641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1845.516625][T27641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1845.712543][T27785] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1845.816831][T27641] team0: Port device team_slave_0 added
[ 1845.821998][T27788] loop0: detected capacity change from 0 to 8192
[ 1845.869610][T27641] team0: Port device team_slave_1 added
[ 1845.905664][T27788]  loop0: p2 p4[EZD]
[ 1845.912165][T27788] loop0: p2 size 2130706432 extends beyond EOD, truncated
[ 1845.924540][T27788] loop0: p4 size 65536 extends beyond EOD, truncated
[ 1845.978935][T27785] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1846.018298][T27641] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1846.034607][T27641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1846.072895][T27641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1846.100705][T27785] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1846.140315][T27641] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1846.167911][T27641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1846.200630][T27641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1846.227831][T27785] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1846.341808][T27641] hsr_slave_0: entered promiscuous mode
[ 1846.349720][T27641] hsr_slave_1: entered promiscuous mode
[ 1846.373158][T27785] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1846.481507][T27785] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1846.528195][T27785] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1846.585396][T27797] loop0: detected capacity change from 0 to 8
[ 1846.593725][T27797] squashfs: Unknown parameter ''
[ 1846.637847][T27785] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1847.285937][T27811] syz-executor.2: attempt to access beyond end of device
[ 1847.285937][T27811] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1848.579289][T27641] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1848.613794][T27641] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1848.806843][T27641] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1849.132097][T27641] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1849.175799][  T932] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1849.441197][  T932] usb 3-1: Using ep0 maxpacket: 32
[ 1849.593423][  T932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1849.617042][T27828] random: crng reseeded on system resumption
[ 1850.118306][  T932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1850.142091][  T932] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1850.233784][  T932] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[ 1850.298142][  T932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1850.337768][   T29] kauditd_printk_skb: 1 callbacks suppressed
[ 1850.337789][   T29] audit: type=1800 audit(2000001240.710:3929): pid=27833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1970 res=0 errno=0
[ 1850.338477][  T932] usb 3-1: config 0 descriptor??
[ 1850.377932][   T29] audit: type=1804 audit(2000001240.760:3930): pid=27833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir2575000920/syzkaller.rgbObG/135/memory.events" dev="sda1" ino=1970 res=1 errno=0
[ 1850.439931][   T29] audit: type=1804 audit(2000001240.770:3931): pid=27833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir2575000920/syzkaller.rgbObG/135/memory.events" dev="sda1" ino=1970 res=1 errno=0
[ 1850.610330][T27641] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1850.668668][T27641] 8021q: adding VLAN 0 to HW filter on device team0
[ 1850.732652][T12655] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1850.739923][T12655] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1850.805167][T12655] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1850.812414][T12655] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1850.908003][T27820] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1850.961426][  T932] ntrig 0003:1B96:000A.0036: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.2-1/input0
[ 1850.993976][T27839] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1851.138222][T27839] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1851.222701][T27844] loop2: detected capacity change from 0 to 256
[ 1851.493400][T27839] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1851.508369][   T29] audit: type=1326 audit(2000001241.890:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1851.537728][   T29] audit: type=1326 audit(2000001241.890:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1851.564853][   T29] audit: type=1326 audit(2000001241.950:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1851.644001][  T932] usb 3-1: USB disconnect, device number 57
[ 1851.682219][T27839] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1851.697790][   T29] audit: type=1326 audit(2000001241.950:3935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1851.800179][   T29] audit: type=1326 audit(2000001241.950:3936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1851.836024][T27641] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1851.871845][   T29] audit: type=1326 audit(2000001241.980:3937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1851.953629][   T29] audit: type=1326 audit(2000001241.980:3938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27815 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044907d0a9 code=0x7ffc0000
[ 1852.030074][T27641] veth0_vlan: entered promiscuous mode
[ 1852.061330][T27641] veth1_vlan: entered promiscuous mode
[ 1852.153979][T27850] loop0: detected capacity change from 0 to 32768
[ 1852.204669][T27850] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[ 1852.213730][T27850] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1852.229507][T27641] veth0_macvtap: entered promiscuous mode
[ 1852.251429][T27641] veth1_macvtap: entered promiscuous mode
[ 1852.293859][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1852.313801][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.315906][T27850] XFS (loop0): Ending clean mount
[ 1852.324057][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1852.339639][T27850] XFS (loop0): Quotacheck needed: Please wait.
[ 1852.349894][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.366865][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1852.380124][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.412674][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1852.425327][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.432182][T27850] XFS (loop0): Quotacheck: Done.
[ 1852.438984][T27641] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1852.509546][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1852.521587][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.532019][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1852.574152][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.604747][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1852.636243][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1852.666175][T27641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1852.685132][T27641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1854.393165][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 1854.404020][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[ 1854.655492][T27641] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1854.801277][T27641] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1854.858804][T27641] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1854.894664][T27641] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1854.903550][T27641] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1855.085086][T27877] syz-executor.2: attempt to access beyond end of device
[ 1855.085086][T27877] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1855.578769][T26093] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1855.715481][T27711] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1855.723451][T27711] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1855.936719][ T2432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1855.948812][ T2432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1856.014096][T27883] random: crng reseeded on system resumption
[ 1857.618554][T27888] loop2: detected capacity change from 0 to 64
[ 1857.646649][   T29] kauditd_printk_skb: 7 callbacks suppressed
[ 1857.646672][   T29] audit: type=1800 audit(2000001248.020:3946): pid=27890 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1968 res=0 errno=0
[ 1857.677625][T27888] hfs: unable to parse mount options
[ 1857.692610][T27890] loop3: detected capacity change from 0 to 512
[ 1857.795517][T27890] EXT4-fs (loop3): 1 truncate cleaned up
[ 1857.802599][T27890] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1857.893865][T27839] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1857.921426][T27839] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1857.939042][T27839] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1857.973127][T27839] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1858.153241][T27641] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1859.172854][T27910] loop3: detected capacity change from 0 to 4096
[ 1859.227978][T27910] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[ 1859.323892][T27910] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[ 1859.421481][T27910] syzkaller1: entered promiscuous mode
[ 1859.438766][T27910] syzkaller1: entered allmulticast mode
[ 1859.514691][  T932] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1859.724947][  T932] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1859.744997][  T932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1859.753054][  T932] usb 2-1: Product: syz
[ 1859.774479][  T932] usb 2-1: Manufacturer: syz
[ 1859.779318][  T932] usb 2-1: SerialNumber: syz
[ 1859.802609][  T932] usb 2-1: config 0 descriptor??
[ 1860.091069][  T932] usb 2-1: USB disconnect, device number 44
[ 1860.364789][   T29] audit: type=1800 audit(2000001250.740:3947): pid=27929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1978 res=0 errno=0
[ 1860.396045][   T29] audit: type=1804 audit(2000001250.770:3948): pid=27929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="memory.events" dev="sda1" ino=1978 res=1 errno=0
[ 1860.419743][   T29] audit: type=1804 audit(2000001250.770:3949): pid=27929 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="memory.events" dev="sda1" ino=1978 res=1 errno=0
[ 1860.457797][T27925] loop0: detected capacity change from 0 to 32768
[ 1860.482482][T27925] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[ 1860.491831][T27925] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1860.533962][T27925] XFS (loop0): Ending clean mount
[ 1860.542771][T27925] XFS (loop0): Quotacheck needed: Please wait.
[ 1860.607402][T27925] XFS (loop0): Quotacheck: Done.
[ 1861.573773][T26093] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1861.590724][   T29] audit: type=1800 audit(2000001251.970:3950): pid=27944 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1946 res=0 errno=0
[ 1861.636251][   T29] audit: type=1800 audit(2000001251.970:3951): pid=27944 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1946 res=0 errno=0
[ 1862.027112][T27950] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.259274][T27960] syz-executor.2: attempt to access beyond end of device
[ 1862.259274][T27960] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1862.298096][T27952] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1862.959920][T27950] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1863.330248][T27952] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1863.659625][T27950] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1864.244534][T27972] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1864.372482][T27975] syz-executor.0: attempt to access beyond end of device
[ 1864.372482][T27975] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1864.412900][T27978] loop2: detected capacity change from 0 to 512
[ 1864.565833][T27978] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1864.583043][T27952] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1864.598629][T27978] EXT4-fs (loop2): Remounting filesystem read-only
[ 1864.605638][T27978] EXT4-fs (loop2): 1 truncate cleaned up
[ 1864.612695][T27978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1864.717292][T27950] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1864.895289][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1864.920186][T27952] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1865.109220][T27985] loop3: detected capacity change from 0 to 4096
[ 1865.126143][T27950] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.128079][T27987] loop2: detected capacity change from 0 to 128
[ 1865.151373][T27985] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[ 1865.163372][T27950] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.176061][T27987] ufs: You didn't specify the type of your ufs filesystem
[ 1865.176061][T27987] 
[ 1865.176061][T27987] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[ 1865.176061][T27987] 
[ 1865.176061][T27987] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[ 1865.217086][T27950] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.225707][T27987] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[ 1865.254080][T27950] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.313382][T27987] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1865.315964][T27952] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.359433][T27985] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[ 1865.368925][T27952] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.432271][T27952] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1865.467261][T27987] 9pnet_virtio: no channels available for device @
[ 1865.488036][T27985] syzkaller1: entered promiscuous mode
[ 1865.493558][T27985] syzkaller1: entered allmulticast mode
[ 1865.556736][T27952] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1866.017371][   T29] audit: type=1800 audit(2000001256.400:3952): pid=28003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1973 res=0 errno=0
[ 1866.074538][   T29] audit: type=1800 audit(2000001256.400:3953): pid=28003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1973 res=0 errno=0
[ 1866.103206][T28005] syz-executor.1: attempt to access beyond end of device
[ 1866.103206][T28005] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1866.413650][T28008] loop0: detected capacity change from 0 to 4096
[ 1866.609702][T27997] loop2: detected capacity change from 0 to 32768
[ 1866.641854][T27997] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (27997)
[ 1866.656200][T28008] overlayfs: upper fs does not support tmpfile.
[ 1866.683988][T28008] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1867.604378][T28013] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1868.593241][T27997] BTRFS info (device loop2): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[ 1868.703884][T27997] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1868.785481][T27997] BTRFS info (device loop2): using free-space-tree
[ 1868.793105][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[ 1868.797783][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1868.815123][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1868.830054][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1868.847446][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1868.860111][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1868.872319][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1868.885162][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1868.896810][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1868.906991][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1868.918449][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1868.930679][T27997] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1869.094592][T27997] BTRFS error (device loop2): open_ctree failed
[ 1870.088255][T26093] ntfs3: loop0: failed to convert "0000" to iso8859-1
[ 1870.099065][T28043] loop1: detected capacity change from 0 to 512
[ 1870.105757][T26093] ntfs3: loop0: failed to convert name for inode 1e.
[ 1870.244372][T28043] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1870.324688][T28043] EXT4-fs (loop1): Remounting filesystem read-only
[ 1870.352900][T28043] EXT4-fs (loop1): 1 truncate cleaned up
[ 1870.422427][T28043] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1870.628814][T28048] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1870.736444][T28057] random: crng reseeded on system resumption
[ 1871.015282][T24925] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1871.114880][ T9756] Bluetooth: hci2: command 0x0406 tx timeout
[ 1871.582712][T28048] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1871.762111][T28072] syz-executor.1: attempt to access beyond end of device
[ 1871.762111][T28072] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1871.851727][T28048] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1872.919978][ T2849] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1873.170049][T28048] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1874.365623][ T2849] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1874.627865][ T2849] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1874.675886][ T9756] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1874.687200][ T9756] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1874.698579][ T9756] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1874.714610][ T9756] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1874.735044][ T9756] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1874.744481][ T9756] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1874.980685][T28097] loop1: detected capacity change from 0 to 4096
[ 1875.008790][ T2849] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1875.025991][T28097] ntfs3: Unknown parameter 'syzkaller'
[ 1875.110382][T28096] lo speed is unknown, defaulting to 1000
[ 1875.143650][   T29] audit: type=1804 audit(2000001265.520:3954): pid=28097 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2575000920/syzkaller.rgbObG/149/bus" dev="sda1" ino=1968 res=1 errno=0
[ 1875.190201][T28048] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.224383][   T29] audit: type=1804 audit(2000001265.530:3955): pid=28097 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir2575000920/syzkaller.rgbObG/149/bus" dev="sda1" ino=1968 res=1 errno=0
[ 1875.315409][T28048] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.349805][T28109] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1875.392642][T28048] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.451797][T28048] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1875.482308][T28110] dummy0: entered promiscuous mode
[ 1875.482802][T28110] vlan2: entered promiscuous mode
[ 1875.482988][T28110] vlan2: entered allmulticast mode
[ 1875.483008][T28110] dummy0: entered allmulticast mode
[ 1875.514289][T28110] dummy0: left allmulticast mode
[ 1875.514535][T28110] dummy0: left promiscuous mode
[ 1875.774345][  T929] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1875.954572][ T2849] bridge_slave_1: left allmulticast mode
[ 1875.954604][ T2849] bridge_slave_1: left promiscuous mode
[ 1875.954867][ T2849] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1875.965935][ T2849] bridge_slave_0: left allmulticast mode
[ 1875.965965][ T2849] bridge_slave_0: left promiscuous mode
[ 1875.966180][ T2849] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1875.967978][  T929] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1875.970580][  T929] usb 3-1: New USB device found, idVendor=056a, idProduct=0026, bcdDevice= 0.40
[ 1875.970615][  T929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1875.970642][  T929] usb 3-1: Product: syz
[ 1875.970662][  T929] usb 3-1: Manufacturer: syz
[ 1875.970682][  T929] usb 3-1: SerialNumber: syz
[ 1875.998240][  T929] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[ 1876.193804][  T929] usb 3-1: USB disconnect, device number 58
[ 1876.195239][ T5153] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1876.285265][   T29] audit: type=1800 audit(2000001266.670:3956): pid=28115 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1941 res=0 errno=0
[ 1876.392374][ T5153] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1876.413511][T28126] syz-executor.1: attempt to access beyond end of device
[ 1876.413511][T28126] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1876.433072][ T5153] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1876.443326][ T5153] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1876.452453][ T5153] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1876.472976][ T5153] usb 4-1: config 0 descriptor??
[ 1876.865340][T25504] Bluetooth: hci1: command tx timeout
[ 1876.905108][ T5153] usbhid 4-1:0.0: can't add hid device: -71
[ 1876.931629][ T5153] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1876.948928][ T5153] usb 4-1: USB disconnect, device number 53
[ 1877.397344][T28135] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1877.730687][T28137] loop2: detected capacity change from 0 to 256
[ 1877.767055][T28137] exFAT-fs (loop2): error, invalid access to FAT bad cluster (entry 0x00000005)
[ 1877.776364][T28137] exFAT-fs (loop2): failed to load alloc-bitmap
[ 1877.782826][T28137] exFAT-fs (loop2): failed to recognize exfat type
[ 1877.863560][ T2849] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1877.877659][ T2849] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1877.896769][ T2849] bond0 (unregistering): Released all slaves
[ 1877.921673][T28096] chnl_net:caif_netlink_parms(): no params data found
[ 1878.016109][T28139] team0: entered promiscuous mode
[ 1878.042256][T28139] team_slave_0: entered promiscuous mode
[ 1878.097433][T28139] team_slave_1: entered promiscuous mode
[ 1878.121122][T28139] team0: entered allmulticast mode
[ 1878.155348][T28139] team_slave_0: entered allmulticast mode
[ 1878.178254][T28139] team_slave_1: entered allmulticast mode
[ 1878.526816][T28153] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1878.579162][T28155] loop2: detected capacity change from 0 to 512
[ 1878.593402][T28159] syz-executor.1: attempt to access beyond end of device
[ 1878.593402][T28159] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1878.665614][T28155] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1878.694147][T28155] EXT4-fs (loop2): Remounting filesystem read-only
[ 1878.701456][T28155] EXT4-fs (loop2): 1 truncate cleaned up
[ 1878.710226][T28155] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1878.868937][T28153] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1878.944489][T25504] Bluetooth: hci1: command tx timeout
[ 1879.073544][T28096] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1879.083329][T28096] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1879.119946][T28096] bridge_slave_0: entered allmulticast mode
[ 1879.184074][T28096] bridge_slave_0: entered promiscuous mode
[ 1879.211318][T28153] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1879.254694][T28096] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1879.309766][T28096] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1879.335759][T28096] bridge_slave_1: entered allmulticast mode
[ 1879.356547][T28096] bridge_slave_1: entered promiscuous mode
[ 1879.376913][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1879.389630][ T2849] hsr_slave_0: left promiscuous mode
[ 1879.400872][ T2849] hsr_slave_1: left promiscuous mode
[ 1879.425125][ T2849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1879.440191][ T2849] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1879.458711][ T2849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1879.472766][ T2849] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1879.524751][T28141] loop3: detected capacity change from 0 to 40427
[ 1879.543543][T28141] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1879.551719][T28141] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1879.575322][T28141] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1879.579877][ T2849] veth1_macvtap: left promiscuous mode
[ 1879.604370][ T2849] veth0_macvtap: left promiscuous mode
[ 1879.620365][ T2849] veth1_vlan: left promiscuous mode
[ 1879.630440][ T2849] veth0_vlan: left promiscuous mode
[ 1879.642767][T28141] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1879.650427][T28141] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1880.644705][T28175] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1880.934060][ T2849] team0 (unregistering): Port device team_slave_1 removed
[ 1881.012586][ T2849] team0 (unregistering): Port device team_slave_0 removed
[ 1881.038031][T25504] Bluetooth: hci1: command tx timeout
[ 1881.798108][T28153] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1881.828152][T28173] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1881.856902][T28177] dummy0: entered promiscuous mode
[ 1881.862811][T28177] vlan2: entered promiscuous mode
[ 1881.868261][T28177] vlan2: entered allmulticast mode
[ 1881.873567][T28177] dummy0: entered allmulticast mode
[ 1881.886358][T28177] dummy0: left allmulticast mode
[ 1881.891457][T28177] dummy0: left promiscuous mode
[ 1881.966697][T28096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1882.009484][T28096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1882.148032][T28184] syz-executor.1: attempt to access beyond end of device
[ 1882.148032][T28184] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1882.172851][T28096] team0: Port device team_slave_0 added
[ 1882.258511][T28153] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1882.275208][T28096] team0: Port device team_slave_1 added
[ 1882.344309][T27880] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1882.349591][T28153] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1882.373946][T28096] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1882.400633][T28096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1882.435901][T28096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1882.450626][T28096] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1882.457909][T28096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1882.484777][T28096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1882.501763][T28153] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1882.537045][T27880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1882.555784][T27880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1882.570526][T27880] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1882.581888][T27880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1882.593079][T27880] usb 4-1: config 0 descriptor??
[ 1882.615593][T28153] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1882.679073][T28096] hsr_slave_0: entered promiscuous mode
[ 1882.700940][T28096] hsr_slave_1: entered promiscuous mode
[ 1882.723671][T28188] IPVS: set_ctl: invalid protocol: 0 172.20.20.170:0
[ 1882.735641][T28096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1882.764271][T28096] Cannot create hsr debugfs directory
[ 1882.803062][T27880] usbhid 4-1:0.0: can't add hid device: -71
[ 1882.827809][T27880] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1882.842290][T28191] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1882.845458][T27880] usb 4-1: USB disconnect, device number 54
[ 1883.104316][T25504] Bluetooth: hci1: command tx timeout
[ 1883.828883][T28096] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1883.886454][T28096] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1883.920272][T28096] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1883.941555][T28096] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1884.072668][T28196] loop1: detected capacity change from 0 to 32768
[ 1884.106879][T28212] loop2: detected capacity change from 0 to 512
[ 1884.138218][T28212] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1884.138730][T28212] EXT4-fs (loop2): Remounting filesystem read-only
[ 1884.138980][T28212] EXT4-fs (loop2): 1 truncate cleaned up
[ 1884.140921][T28212] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1884.209372][T28196] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1884.259281][T28196] batadv0: entered promiscuous mode
[ 1884.314893][T28196] batadv0: entered allmulticast mode
[ 1884.339211][T28196] team0: Port device batadv0 added
[ 1884.511308][T28096] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1884.520030][T28219] loop3: detected capacity change from 0 to 128
[ 1884.538063][T28219] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1884.614109][T28096] 8021q: adding VLAN 0 to HW filter on device team0
[ 1884.625029][T28219] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[ 1884.661995][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1884.669322][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1884.703971][T26645] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1884.777380][T27880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1884.784645][T27880] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1884.865708][T28223] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1884.885534][T28224] syz-executor.3: attempt to access beyond end of device
[ 1884.885534][T28224] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1884.983084][T28223] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1885.068511][T28223] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1885.155114][T28223] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1885.231347][T28229] loop1: detected capacity change from 0 to 256
[ 1885.337722][T28223] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1885.371376][T28223] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1885.402035][T28223] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1885.424096][T28223] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1885.487734][T28096] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1885.524438][ T5153] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1885.602364][T28096] veth0_vlan: entered promiscuous mode
[ 1885.618222][T28096] veth1_vlan: entered promiscuous mode
[ 1885.666953][T28096] veth0_macvtap: entered promiscuous mode
[ 1885.691058][T28096] veth1_macvtap: entered promiscuous mode
[ 1885.714517][ T5153] usb 2-1: Using ep0 maxpacket: 16
[ 1885.731832][ T5153] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 1885.742299][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1885.749214][ T5153] usb 2-1: config 0 has no interface number 0
[ 1885.767553][ T5153] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1885.775330][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1885.783803][ T5153] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1885.793139][T28237] input: syz1 as /devices/virtual/input/input69
[ 1885.805066][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1885.806499][ T5153] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1885.819214][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1885.843596][ T5153] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1885.848685][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1885.853717][T28059] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1885.863201][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1885.876176][ T5153] usb 2-1: Product: syz
[ 1885.881341][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1885.884327][ T5153] usb 2-1: SerialNumber: syz
[ 1885.901739][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1885.904639][T28240] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1885.925093][ T5153] usb 2-1: config 0 descriptor??
[ 1885.933799][ T5153] cm109 2-1:0.8: invalid payload size 0, expected 4
[ 1885.940338][T28096] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1885.953460][ T5153] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input70
[ 1885.992628][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1886.003607][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1886.020096][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1886.032631][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1886.047948][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1886.059771][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1886.071517][T28096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1886.082389][T28096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1886.096657][T28096] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1886.097033][T28059] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1886.108464][T28096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1886.124324][T28096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1886.134727][T28059] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1886.145858][T28059] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1886.156012][T28059] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1886.156206][T28096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1886.168881][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.179073][T28096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1886.179877][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.195717][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.202896][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.210263][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.217493][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.224648][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1886.225451][T27880] usb 2-1: USB disconnect, device number 45
[ 1886.231604][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1886.283597][T27880] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1886.283900][T28059] usb 3-1: config 0 descriptor??
[ 1886.427528][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1886.441894][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1886.491243][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1886.501489][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1886.513572][T28059] usbhid 3-1:0.0: can't add hid device: -71
[ 1886.521635][T28059] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1886.538476][T28059] usb 3-1: USB disconnect, device number 59
[ 1886.561211][T28246] loop3: detected capacity change from 0 to 4096
[ 1886.573901][T28246] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[ 1886.603916][T28246] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[ 1886.672479][T28246] syzkaller1: entered promiscuous mode
[ 1886.679257][T28246] syzkaller1: entered allmulticast mode
[ 1887.243369][T28260] loop2: detected capacity change from 0 to 128
[ 1887.256899][T28256] loop1: detected capacity change from 0 to 512
[ 1887.281588][T28260] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[ 1887.318945][T28256] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1887.369201][T28256] EXT4-fs (loop1): Remounting filesystem read-only
[ 1887.369601][T28256] EXT4-fs (loop1): 1 truncate cleaned up
[ 1887.371648][T28256] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1887.393415][T28249] loop0: detected capacity change from 0 to 32768
[ 1887.409215][T28260] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[ 1887.507261][T28249] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[ 1887.568939][T28261] loop3: detected capacity change from 0 to 512
[ 1887.579417][T28249] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1887.641949][T28261] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters
[ 1887.669085][T28275] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1887.681016][T28261] EXT4-fs (loop3): Remounting filesystem read-only
[ 1887.690767][T28261] EXT4-fs (loop3): 1 truncate cleaned up
[ 1887.708648][T28261] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1887.742795][T28249] XFS (loop0): Ending clean mount
[ 1887.772911][T28249] XFS (loop0): Quotacheck needed: Please wait.
[ 1887.849821][T28275] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1887.884107][T28280] syz-executor.2: attempt to access beyond end of device
[ 1887.884107][T28280] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1888.025946][T24925] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1888.047998][T28249] XFS (loop0): Quotacheck: Done.
[ 1888.057987][T28275] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1888.350654][T27641] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1888.400442][T28275] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1889.286449][T28275] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1889.325352][T28096] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1889.343366][T28275] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1889.412905][T28275] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1889.519717][T28275] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1889.520597][T28301] loop2: detected capacity change from 0 to 256
[ 1889.923246][T28308] loop1: detected capacity change from 0 to 4096
[ 1889.934676][    T9] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1889.944637][T28308] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[ 1890.026573][T28308] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[ 1890.040340][T28316] loop0: detected capacity change from 0 to 256
[ 1890.063699][T28316] exFAT-fs (loop0): error, invalid access to FAT bad cluster (entry 0x00000005)
[ 1890.078097][T28319] loop3: detected capacity change from 0 to 1024
[ 1890.081826][T28316] exFAT-fs (loop0): failed to load alloc-bitmap
[ 1890.091155][T28316] exFAT-fs (loop0): failed to recognize exfat type
[ 1890.102945][T28308] syzkaller1: entered promiscuous mode
[ 1890.109135][T28308] syzkaller1: entered allmulticast mode
[ 1890.134595][T28319] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040e01c, mo2=0002]
[ 1890.145462][T28319] System zones: 0-1, 3-12
[ 1890.154267][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1890.180920][    T9] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[ 1890.190559][T28319] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1890.199353][    T9] usb 3-1: config 0 has no interface number 0
[ 1890.228332][    T9] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1890.239554][    T9] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1890.253120][    T9] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1890.272642][    T9] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1890.294092][    T9] usb 3-1: Product: syz
[ 1890.308580][    T9] usb 3-1: SerialNumber: syz
[ 1890.337459][    T9] usb 3-1: config 0 descriptor??
[ 1890.367725][    T9] cm109 3-1:0.8: invalid payload size 0, expected 4
[ 1890.397403][    T9] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input71
[ 1890.684252][    C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1890.687810][   T25] usb 3-1: USB disconnect, device number 60
[ 1890.691234][    C0] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1891.525305][   T25] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1891.707827][T27641] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1891.832497][T28331] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1892.900238][T28362] netlink: 596 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1892.921016][T28362] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1892.931878][   T29] audit: type=1804 audit(2000001283.310:3957): pid=28364 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="cgroup.controllers" dev="sda1" ino=1975 res=1 errno=0
[ 1893.125530][T28364] IPVS: persistence engine module ip_vs_pe_si not found
[ 1893.385493][T28395] tmpfs: Unknown parameter 'fd'
[ 1893.397158][T28394] loop1: detected capacity change from 0 to 512
[ 1893.476270][T28394] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1893.486209][T28404] loop3: detected capacity change from 0 to 256
[ 1893.494405][T28394] ext4 filesystem being mounted at /root/syzkaller-testdir2575000920/syzkaller.rgbObG/166/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1893.551037][T28404] FAT-fs (loop3): Directory bread(block 64) failed
[ 1893.558206][T28404] FAT-fs (loop3): Directory bread(block 65) failed
[ 1893.565178][T28404] FAT-fs (loop3): Directory bread(block 66) failed
[ 1893.571931][T28404] FAT-fs (loop3): Directory bread(block 67) failed
[ 1893.582039][T28404] FAT-fs (loop3): Directory bread(block 68) failed
[ 1893.589041][T28404] FAT-fs (loop3): Directory bread(block 69) failed
[ 1893.595727][T28394] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz-executor.1: corrupted inode contents
[ 1893.597404][T28404] FAT-fs (loop3): Directory bread(block 70) failed
[ 1893.617412][T28404] FAT-fs (loop3): Directory bread(block 71) failed
[ 1893.624150][T28404] FAT-fs (loop3): Directory bread(block 72) failed
[ 1893.631051][T28404] FAT-fs (loop3): Directory bread(block 73) failed
[ 1893.635942][T28399] loop2: detected capacity change from 0 to 8192
[ 1893.650939][T28394] EXT4-fs error (device loop1): ext4_dirty_inode:5935: inode #2: comm syz-executor.1: mark_inode_dirty error
[ 1893.667202][   T29] audit: type=1800 audit(2000001284.050:3958): pid=28404 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1048897 res=0 errno=0
[ 1893.672521][T28394] EXT4-fs error (device loop1): ext4_do_update_inode:5075: inode #2: comm syz-executor.1: corrupted inode contents
[ 1893.696428][T28404] syz-executor.3: attempt to access beyond end of device
[ 1893.696428][T28404] loop3: rw=2049, sector=1224, nr_sectors = 4 limit=256
[ 1893.727491][T28394] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz-executor.1: mark_inode_dirty error
[ 1893.906160][ T9756] Bluetooth: hci5: command 0x1003 tx timeout
[ 1893.914692][T25504] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1894.041812][T24925] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1894.110258][   T29] audit: type=1804 audit(2000001284.490:3959): pid=28418 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3401229241/syzkaller.LsuYne/3/cgroup.controllers" dev="sda1" ino=1971 res=1 errno=0
[ 1894.205202][T28418] IPVS: persistence engine module ip_vs_pe_si not found
[ 1894.746360][T28407] loop2: detected capacity change from 0 to 32768
[ 1894.841028][T28407] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[ 1894.848719][T28451] loop3: detected capacity change from 0 to 256
[ 1894.984477][T28451] FAT-fs (loop3): Directory bread(block 64) failed
[ 1895.013279][T28407] XFS (loop2): Ending clean mount
[ 1895.025659][T28451] FAT-fs (loop3): Directory bread(block 65) failed
[ 1895.050714][T28451] FAT-fs (loop3): Directory bread(block 66) failed
[ 1895.074587][T28451] FAT-fs (loop3): Directory bread(block 67) failed
[ 1895.102300][T28451] FAT-fs (loop3): Directory bread(block 68) failed
[ 1895.119475][T28451] FAT-fs (loop3): Directory bread(block 69) failed
[ 1895.139926][T28451] FAT-fs (loop3): Directory bread(block 70) failed
[ 1895.181696][T28451] FAT-fs (loop3): Directory bread(block 71) failed
[ 1895.195136][T28451] FAT-fs (loop3): Directory bread(block 72) failed
[ 1895.218506][T28451] FAT-fs (loop3): Directory bread(block 73) failed
[ 1895.314137][   T29] audit: type=1800 audit(2000001285.690:3960): pid=28451 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1048898 res=0 errno=0
[ 1895.401910][T28461] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[ 1895.438069][T28428] loop1: detected capacity change from 0 to 32768
[ 1895.447112][ T2408] kworker/u8:7: attempt to access beyond end of device
[ 1895.447112][ T2408] loop3: rw=1, sector=1224, nr_sectors = 4 limit=256
[ 1895.448236][T28461] netlink: 55 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1895.479214][T28428] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (28428)
[ 1895.548268][T28428] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1895.582775][T28428] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[ 1895.604349][T28428] BTRFS info (device loop1): using free-space-tree
[ 1895.948775][T28489] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1895.990211][T28489] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1896.030765][T24925] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1896.100930][T28492] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[ 1896.157733][T28496] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1896.230294][T28496] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[ 1896.434103][T28500] loop3: detected capacity change from 0 to 2048
[ 1896.459618][T28504] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1896.497862][T28503] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[ 1896.547872][T28503] netlink: 55 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1896.733095][   T29] audit: type=1800 audit(2000000000.000:3961): pid=28511 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=15 res=0 errno=0
[ 1897.072936][T26645] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[ 1897.630426][T28535] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1897.640378][T28535] xfrm0: entered promiscuous mode
[ 1897.647390][T28535] xfrm0: entered allmulticast mode
[ 1897.663732][T28535] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1897.687024][T28535] xfrm0: left promiscuous mode
[ 1897.691964][T28535] xfrm0: left allmulticast mode
[ 1898.029137][   T29] audit: type=1804 audit(2000000001.220:3962): pid=28543 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3401229241/syzkaller.LsuYne/16/cgroup.controllers" dev="sda1" ino=1969 res=1 errno=0
[ 1898.206396][T28553] random: crng reseeded on system resumption
[ 1898.226616][T28557] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1898.511736][T28560] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1898.895770][T28565] macvtap0: entered promiscuous mode
[ 1898.901399][T28565] macvtap0: entered allmulticast mode
[ 1898.944491][T28565] veth0_macvtap: entered allmulticast mode
[ 1899.361046][T28584] syz-executor.4[28584] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1899.361208][T28584] syz-executor.4[28584] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1899.923524][T28594] loop0: detected capacity change from 0 to 2048
[ 1900.118157][T28594] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1900.324459][T28594] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 1900.350992][T28594] EXT4-fs (loop0): Remounting filesystem read-only
[ 1900.737725][T28096] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1900.881475][T28602] loop3: detected capacity change from 0 to 2048
[ 1900.906457][T28603] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1901.036907][T28611] random: crng reseeded on system resumption
[ 1901.360303][   T29] audit: type=1800 audit(2000000000.000:3963): pid=28610 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=15 res=0 errno=0
[ 1901.392942][T28616] bond0: entered promiscuous mode
[ 1901.398390][T28616] bond_slave_0: entered promiscuous mode
[ 1901.404777][T28616] bond_slave_1: entered promiscuous mode
[ 1901.413745][T28616] syz_tun: entered promiscuous mode
[ 1902.119162][T28626] loop0: detected capacity change from 0 to 512
[ 1902.227958][T28626] EXT4-fs warning (device loop0): ext4_enable_quotas:7078: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix.
[ 1902.243665][T28626] EXT4-fs (loop0): mount failed
[ 1902.362438][   T29] audit: type=1326 audit(2000000000.980:3964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28627 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb9fa7d0a9 code=0x0
[ 1902.782495][T28624] loop2: detected capacity change from 0 to 32768
[ 1902.798938][T28624] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (28624)
[ 1902.839712][T28624] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[ 1902.863980][T28624] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[ 1902.880260][T28624] BTRFS info (device loop2): disk space caching is enabled
[ 1903.031143][T28624] BTRFS info (device loop2): rebuilding free space tree
[ 1903.190629][T28624] BTRFS info (device loop2): disabling free space tree
[ 1903.208350][T28624] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1903.229954][T28624] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1903.278610][T28655] program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1903.916281][T26645] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[ 1904.685316][T28685] random: crng reseeded on system resumption
[ 1905.118271][T28693] loop3: detected capacity change from 0 to 2048
[ 1905.210209][T28693] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1905.338339][ T2408] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[ 1905.373243][ T2408] EXT4-fs (loop3): Remounting filesystem read-only
[ 1905.393109][T27641] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1905.674309][  T932] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1905.874390][  T932] usb 2-1: Using ep0 maxpacket: 32
[ 1906.046559][T28712] x_tables: duplicate underflow at hook 4
[ 2010.864161][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 2010.871182][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=201813, q=285 ncpus=2)
[ 2010.879015][    C1] rcu: All QSes seen, last rcu_preempt kthread activity 10494 (4295138161-4295127667), jiffies_till_next_fqs=1, root ->qsmask 0x0
[ 2010.892410][    C1] rcu: rcu_preempt kthread starved for 10495 jiffies! g201813 f0x2 RCU_GP_CLEANUP(7) ->state=0x0 ->cpu=0
[ 2010.903649][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 2010.913644][    C1] rcu: RCU grace-period kthread stack dump:
[ 2010.919558][    C1] task:rcu_preempt     state:R  running task     stack:26448 pid:17    tgid:17    ppid:2      flags:0x00004000
[ 2010.931339][    C1] Call Trace:
[ 2010.934739][    C1]  <TASK>
[ 2010.937703][    C1]  __schedule+0x1796/0x49d0
[ 2010.942275][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2010.948552][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2010.954921][    C1]  ? __pfx___schedule+0x10/0x10
[ 2010.959825][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2010.965850][    C1]  ? preempt_schedule_irq+0xf0/0x1c0
[ 2010.971170][    C1]  preempt_schedule_irq+0xfb/0x1c0
[ 2010.976313][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 2010.982063][    C1]  ? preempt_schedule_notrace_thunk+0x1a/0x30
[ 2010.988163][    C1]  ? trace_irq_disable+0x2c/0x120
[ 2010.993231][    C1]  irqentry_exit+0x5e/0x90
[ 2010.997684][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2011.003718][    C1] RIP: 0010:preempt_schedule_common+0x11/0xd0
[ 2011.009827][    C1] Code: ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 53 49 bf 00 00 00 00 00 fc ff df eb 0d <48> f7 03 08 00 00 00 0f 84 9c 00 00 00 65 ff 05 13 7d 7d 74 65 8b
[ 2011.029469][    C1] RSP: 0018:ffffc90000167bc0 EFLAGS: 00000246
[ 2011.035575][    C1] RAX: 1ffff11002e51000 RBX: ffff888017288000 RCX: 1ffff9200002cf54
[ 2011.043580][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcabb80 RDI: ffff8880172895f8
[ 2011.051619][    C1] RBP: ffffc90000167c68 R08: ffffffff8fac20ef R09: 1ffffffff1f5841d
[ 2011.059638][    C1] R10: dffffc0000000000 R11: fffffbfff1f5841e R12: 1ffff9200002cf80
[ 2011.067643][    C1] R13: ffffffff8e338c00 R14: ffffffff8b865731 R15: dffffc0000000000
[ 2011.075650][    C1]  ? preempt_schedule+0xe1/0xf0
[ 2011.080595][    C1]  preempt_schedule+0xe1/0xf0
[ 2011.085312][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[ 2011.090734][    C1]  preempt_schedule_thunk+0x1a/0x30
[ 2011.095980][    C1]  _raw_spin_unlock_irq+0x44/0x50
[ 2011.101050][    C1]  rcu_gp_cleanup+0x5b2/0x1030
[ 2011.105856][    C1]  ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10
[ 2011.112065][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 2011.118004][    C1]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[ 2011.123246][    C1]  ? finish_swait+0xd4/0x1e0
[ 2011.127877][    C1]  rcu_gp_kthread+0xb5/0x3b0
[ 2011.132507][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 2011.137741][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 2011.143687][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 2011.148767][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 2011.153996][    C1]  kthread+0x2f0/0x390
[ 2011.158119][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 2011.163362][    C1]  ? __pfx_kthread+0x10/0x10
[ 2011.167996][    C1]  ret_from_fork+0x4b/0x80
[ 2011.172452][    C1]  ? __pfx_kthread+0x10/0x10
[ 2011.177079][    C1]  ret_from_fork_asm+0x1a/0x30
[ 2011.181900][    C1]  </TASK>
[ 2011.185033][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 2011.191386][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 2011.196625][    C0] NMI backtrace for cpu 0
[ 2011.196639][    C0] CPU: 0 PID: 28711 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00301-g5f583a3162ff #0
[ 2011.196659][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2011.196670][    C0] RIP: 0010:__sanitizer_cov_trace_cmp4+0x0/0x90
[ 2011.196696][    C0] Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 4c 8b 04 24 65 48 8b 14 25 80 d4 03 00 65 8b 05 10 ae
[ 2011.196711][    C0] RSP: 0018:ffffc90008cb76e0 EFLAGS: 00000046
[ 2011.196729][    C0] RAX: 0000000000000000 RBX: 000000000000005c RCX: 0000000000040000
[ 2011.196741][    C0] RDX: ffffc90012fa2000 RSI: 000000000000005f RDI: 000000000000005c
[ 2011.196753][    C0] RBP: dffffc0000000000 R08: ffffffff8b7508ec R09: 1ffff11017287e1a
[ 2011.196768][    C0] R10: dffffc0000000000 R11: ffffed1017287e1b R12: ffff88804e122308
[ 2011.196782][    C0] R13: ffff8880b943f0a8 R14: ffff88804e122308 R15: 000000000000005f
[ 2011.196796][    C0] FS:  00007f0233b726c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[ 2011.196813][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2011.196826][    C0] CR2: 0000001b2e824000 CR3: 000000004e620000 CR4: 00000000003506f0
[ 2011.196843][    C0] Call Trace:
[ 2011.196852][    C0]  <NMI>
[ 2011.196859][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 2011.196880][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 2011.196903][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 2011.196922][    C0]  ? nmi_handle+0x2a/0x5a0
[ 2011.196958][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 2011.196979][    C0]  ? nmi_handle+0x14f/0x5a0
[ 2011.197006][    C0]  ? nmi_handle+0x2a/0x5a0
[ 2011.197034][    C0]  ? __pfx___sanitizer_cov_trace_cmp4+0x10/0x10
[ 2011.197055][    C0]  ? default_do_nmi+0x63/0x160
[ 2011.197076][    C0]  ? exc_nmi+0x123/0x1f0
[ 2011.197095][    C0]  ? end_repeat_nmi+0xf/0x53
[ 2011.197126][    C0]  ? plist_add+0x15c/0x490
[ 2011.197146][    C0]  ? __pfx___sanitizer_cov_trace_cmp4+0x10/0x10
[ 2011.197168][    C0]  ? __pfx___sanitizer_cov_trace_cmp4+0x10/0x10
[ 2011.197190][    C0]  ? __pfx___sanitizer_cov_trace_cmp4+0x10/0x10
[ 2011.197211][    C0]  </NMI>
[ 2011.197217][    C0]  <TASK>
[ 2011.197223][    C0]  plist_add+0x197/0x490
[ 2011.197248][    C0]  enqueue_pushable_task+0x11a/0x3d0
[ 2011.197274][    C0]  __pick_next_task+0xdb/0x2c0
[ 2011.197305][    C0]  __schedule+0x729/0x49d0
[ 2011.197343][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2011.197364][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2011.197386][    C0]  ? __pfx___schedule+0x10/0x10
[ 2011.197416][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2011.197442][    C0]  ? preempt_schedule_irq+0xf0/0x1c0
[ 2011.197466][    C0]  preempt_schedule_irq+0xfb/0x1c0
[ 2011.197485][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 2011.197502][    C0]  ? preempt_schedule_notrace_thunk+0x1a/0x30
[ 2011.197523][    C0]  ? trace_irq_disable+0x2c/0x120
[ 2011.197547][    C0]  irqentry_exit+0x5e/0x90
[ 2011.197571][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2011.197598][    C0] RIP: 0010:preempt_schedule_common+0x18/0xd0
[ 2011.197616][    C0] Code: 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 53 49 bf 00 00 00 00 00 fc ff df eb 0d 48 f7 03 08 00 00 00 <0f> 84 9c 00 00 00 65 ff 05 13 7d 7d 74 65 8b 05 0c 7d 7d 74 25 ff
[ 2011.197631][    C0] RSP: 0018:ffffc90008cb7b60 EFLAGS: 00000202
[ 2011.197646][    C0] RAX: 1ffff1100c0af780 RBX: ffff88806057bc00 RCX: 1ffff92001196f48
[ 2011.197660][    C0] RDX: dffffc0000000000 RSI: ffffffff8bcabb80 RDI: ffff88806057d1f8
[ 2011.197674][    C0] RBP: ffffc90008cb7c08 R08: ffffffff8fac20ef R09: 1ffffffff1f5841d
[ 2011.197688][    C0] R10: dffffc0000000000 R11: fffffbfff1f5841e R12: 1ffff92001196f74
[ 2011.197702][    C0] R13: 1ffff11005ffc1bb R14: ffffffff8b865731 R15: dffffc0000000000
[ 2011.197719][    C0]  ? preempt_schedule+0xe1/0xf0
[ 2011.197746][    C0]  preempt_schedule+0xe1/0xf0
[ 2011.197764][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[ 2011.197787][    C0]  preempt_schedule_thunk+0x1a/0x30
[ 2011.197810][    C0]  _raw_spin_unlock_irq+0x44/0x50
[ 2011.197838][    C0]  get_signal+0x14dd/0x1740
[ 2011.197875][    C0]  ? __pfx_get_signal+0x10/0x10
[ 2011.197908][    C0]  arch_do_signal_or_restart+0x96/0x860
[ 2011.197934][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 2011.197956][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2011.197984][    C0]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 2011.198011][    C0]  syscall_exit_to_user_mode+0xc9/0x370
[ 2011.198039][    C0]  do_syscall_64+0x100/0x230
[ 2011.198066][    C0]  ? clear_bhb_loop+0x35/0x90
[ 2011.198093][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2011.198118][    C0] RIP: 0033:0x7f0232e7d0a9
[ 2011.198140][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 2011.198155][    C0] RSP: 002b:00007f0233b720c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000090
[ 2011.198173][    C0] RAX: 0000000000000000 RBX: 00007f0232fb4050 RCX: 00007f0232e7d0a9
[ 2011.198186][    C0] RDX: 0000000020000200 RSI: 0000000000000002 RDI: 0000000000000000
[ 2011.198198][    C0] RBP: 00007f0232eec074 R08: 0000000000000000 R09: 0000000000000000
[ 2011.198210][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2011.198222][    C0] R13: 000000000000006e R14: 00007f0232fb4050 R15: 00007ffd7eb60de8
[ 2011.198245][    C0]  </TASK>