last executing test programs:

9m49.632703516s ago: executing program 1 (id=577):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
poll(0x0, 0x0, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000008540), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000008600)={0x0, 0x0, &(0x7f00000085c0)={&(0x7f0000008580)={0x30, r3, 0xa2029fdcff44a679, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x14, 0x19, {0x2a, 0x1, 0x29580, 0x800}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000c1}, 0x400c050)

9m45.121078802s ago: executing program 1 (id=572):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x37, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
quotactl_fd$Q_SYNC(r0, 0xffffffff80000101, 0x0, 0x0)

9m38.676309738s ago: executing program 1 (id=588):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

9m38.442174532s ago: executing program 1 (id=593):
set_robust_list(&(0x7f0000000280)={0x0, 0x5, &(0x7f00000001c0)}, 0x18)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x4, 0x9, '\x00', 0x1})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

9m38.002066085s ago: executing program 1 (id=596):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x6}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
setns(r1, 0x24020000)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, &(0x7f0000000580)={0x1})
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080)={0x20000001, 0x2}, 0x8)
close(0xffffffffffffffff)

9m37.002104544s ago: executing program 1 (id=597):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000050)

9m21.24382909s ago: executing program 32 (id=597):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000050)

7m25.971898367s ago: executing program 5 (id=860):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="9b400ca600f8fd5a6b17a79144d7630275e299c92f18a1342f538b16d179fe0b7b09b79594fd7974ab", 0x29)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}]}}, 0x1, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, 0x0, 0xc080)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)

7m12.955695292s ago: executing program 5 (id=881):
r0 = fanotify_init(0x20, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x641, 0x1020, r4, 0x0)

7m11.770415259s ago: executing program 5 (id=884):
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
dup(0xffffffffffffffff)
preadv(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/138, 0x8a}], 0x1, 0x9, 0x89b)

7m10.674496947s ago: executing program 5 (id=886):
mkdirat(0xffffffffffffffff, 0x0, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x3032}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x3)
syz_mount_image$btrfs(&(0x7f0000000340), &(0x7f0000000280)='./bus\x00', 0x2000898, &(0x7f0000000380)={[{@noenospc_debug}]}, 0x41, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000000abc0)=""/102392, 0x18ff8)
prctl$PR_GET_PDEATHSIG(0x2, &(0x7f00000003c0))
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000240)='./file0/file0\x00', 0x0)

7m7.523169549s ago: executing program 5 (id=891):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000001200)='./file0\x00', 0x1000000, &(0x7f00000001c0)={[{@nodots}, {@fat=@discard}, {@nodots}, {@fat=@flush}, {@nodots}, {@fat=@discard}, {@nodots}, {@nodots}, {}]}, 0x1, 0x11f1, &(0x7f0000001240)="$eJzs3U1rY1UYB/CnmYzNpNPO+DY6s/GgG91cHBeu3BRpQSagzEyEGVd3aKohMQm9WSQiWHDnyg/i0p0gfgE/SXGjm66MtElfsS/S2Dd+v00f+r/PveeewIUbziEbH/34dWu1yFbzfpRmZqLci0ibKVKU4kaMrcd73y//9cOTZ88fLdZqS49TWl58+vDDlNLCW79+8e1Pb//Wn/v854VfZqM06bj3+/2Nv59+1SxSs0idbj/l6UW3289ftBtppVm0spQ+aze2zt/sFI21A/lqu9vrDVPeWZmv9tYaRZHyzjC1GsPU76bvIiL/Mm92UpZlab4aVM7QW9/5iEc346UYjUajW1GNubgd87EQd+JuvByvxKvxWrwe9+KNeDPubx+1e4L1Mw8fAAAAAAAAAAAAAAAAAAAAiM3t3fyjE/f/z/37/n8AAAAAAAAAAAAAAAAAAABgCk67//+I3/8HAAAAAAAAAAAAAAAAAAAApsD+fwAAAAAAAAAAAAAAAAAAALh4T549f7RYqy09TqkS8cf6oD6oj/+O8+VPakvvp23lva4/B4P6jd384ThP46w8yWejOsk/OJDv9Ffi3XfG+Vb28ae1Q/mDWDmfKQAAAIBrL0u77u79d+/9PsuOysfVvu8HDr2/l+NBOSJuH7xe+f+9Hf6jYvhNK2+3G2vHFVHad/DspPPErukVdyaXPI9rTa+YOfVE3YyIyzHmK1pUJlN9WcZzHYrzfhJxEfY95AEAAAAAAAAAALhCjl0GOJosvD3jcsKIWxd9mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCpAAAA///tjHSh")
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)
rename(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='./file2\x00')
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="9b400ca600f8fd5a6b17a79144d7630275e299c92f18a1342f538b16d179fe0b7b09b79594fd7974ab", 0x29)
lstat(&(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x2000000, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1800}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '!,(,,}'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@smackfsroot={'smackfsroot', 0x3d, '9p\x00'}}]}}, 0x1, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r5, 0x0, 0xc080)
creat(&(0x7f0000000080)='./file0\x00', 0xa)
mount$9p_fd(0x0, 0x0, 0x0, 0xa00000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)

7m0.716072991s ago: executing program 5 (id=907):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f00000007c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r3)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x4e22, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0)
bind$inet(r4, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r2, 0x0, r3, 0x0, 0xfffd, 0x0)

6m45.450989149s ago: executing program 33 (id=907):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f00000007c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r3)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x4e22, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0)
bind$inet(r4, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r2, 0x0, r3, 0x0, 0xfffd, 0x0)

7.133530156s ago: executing program 4 (id=2069):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00')
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)="8b1c8d02", 0x4}, {0x0}], 0x2)

5.928118335s ago: executing program 6 (id=2075):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r1, 0x7, 0xffffffffffffffff, 0x0)

5.902994788s ago: executing program 4 (id=2076):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000001880)=0x40, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @loopback, 0x10}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e61, 0x80, @mcast2, 0x81}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1400000000"], 0x18}}], 0x2, 0x0)

5.728021835s ago: executing program 4 (id=2078):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f00002ec000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xffffffff]}, 0x0, 0x8)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002840)='/proc/locks\x00', 0x0, 0x0)
sendfile(r1, r2, &(0x7f0000002b00)=0x7, 0xfd85)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000008, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x22eb7000)

5.356085602s ago: executing program 0 (id=2082):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x2, 0xa5, 0xbd, 0x1, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x5, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x40, 0x6}, {0x3fe, 0x9, 0x0, 0xfd, 0x3, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300f23e872fee0f01c40f01c5b9800000c00f3226670f577c000f30b80e0000000f23d80f21f80f23f8c9b9490300000f60b932c00a000000f30f06002fb90d090000b800680000ba000000000f30", 0x51}], 0x1, 0x3e, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.532975084s ago: executing program 0 (id=2084):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0xfffffffffffffffc, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

3.426513873s ago: executing program 3 (id=2086):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x60, &(0x7f0000000280)=[@vmwrite={0x8, 0x0, 0x10, 0x0, 0x2, 0x0, 0x3, 0x0, 0x990}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, 0x0)

3.327848602s ago: executing program 0 (id=2088):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000001880)=0x40, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @loopback, 0x10}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e61, 0x80, @mcast2, 0x81}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1400000000"], 0x18}}], 0x2, 0x0)

3.258446209s ago: executing program 0 (id=2089):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x4000007, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002980)=ANY=[@ANYBLOB="000100000000000029000000040000003a1c00000000000005020400c91020010000000000000000000000000000c91000000000000000000000ffffac1414aa0502000904015a0001000001000a5eee2c1fbfdd2b226991c2f3dd5be14937873e5daf883d9fcd184d8c1b72a1692ae7ce84431c0b39a9b8d6b2adec63be21c921a69009418c1e24236fbb673dd0799f4de0e632b086d82ba951bac5b2f34b03dee501000748000000031004060003000000000000000400000000000000070000000000000003000000000000000300000000000000f2fe0000000000000300000000000000840000000000000000000000000000140000000000000029000000080000000100"/280], 0x118}}], 0x1, 0x10000001)

3.186981846s ago: executing program 3 (id=2090):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x2, 0xa5, 0xbd, 0x1, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x5, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x40, 0x6}, {0x3fe, 0x9, 0x0, 0xfd, 0x3, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300f23e872fee0f01c40f01c5b9800000c00f3226670f577c000f30b80e0000000f23d80f21f80f23f8c9b9490300000f60b932c00a000000f30f06002fb90d090000b800680000ba000000000f30", 0x51}], 0x1, 0x3e, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0xffff1000, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x7, 0x6}, {0xffff1000, 0xeeef0000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x48, 0x3, 0x0, 0xfc}, {0xd000, 0x33331000, 0xc, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x6000, 0xeeee8000, 0xe, 0x3, 0x0, 0x4, 0x10, 0x0, 0x0, 0x8}, {0x100000, 0xeeef0000, 0xd, 0x78, 0x5, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0xf4}, {0x0, 0xffff1000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x1000, 0x1000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x8, 0x0, 0x3}, {0x80a0000, 0x8cc}, {}, 0xddf8ffdb, 0x0, 0x3000, 0x110, 0x80000000000, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0x1]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.916930753s ago: executing program 2 (id=2092):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0x7, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x80)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000002e00)=[{&(0x7f0000001980)=""/128, 0x80}], 0x1, 0x372, 0x0)

2.885941506s ago: executing program 6 (id=2093):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x80000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$FICLONE(r1, 0x40049409, r0)

2.836092021s ago: executing program 3 (id=2094):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)={0x38, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {0x3, 0x0, 0xf0ff}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x8840}, 0x800)

2.784926486s ago: executing program 6 (id=2095):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @loopback, 0x10}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x2, 0x0)

2.768839887s ago: executing program 2 (id=2096):
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000700), 0x18)
close(0x3)
socket(0xa, 0x3, 0xff)
utimensat(r0, 0x0, &(0x7f0000000880)={{0x0, 0xea60}, {0x0, 0x3ffffffe}}, 0x0)

2.696054475s ago: executing program 3 (id=2097):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x6}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setns(r1, 0x24020000)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)

2.682971106s ago: executing program 6 (id=2098):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x8, 0x10, 0x20001, 0xffffffffffffffff, 0x3b, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x3, 0xf}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r2, 0x0, 0x0)
write$USERIO_CMD_REGISTER(r2, &(0x7f0000000000), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f0000000640)={0x2, 0xfc}, 0x2)

2.682804766s ago: executing program 2 (id=2099):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0xcf, 0x4, 0x20000080003, 0x20000000000, 0x0, 0x8000000000000002, 0x2, 0xfffffffe, 0x9c, 0x0, 0x9, 0x805, 0x0, 0x4, 0xfffffffffffffffc], 0x2001, 0x6f94})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'veth1\x00', &(0x7f0000000200)=@ethtool_ringparam={0x10, 0x4, 0x3, 0x7, 0x38a, 0x56d08d32, 0x1, 0x6, 0x8}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.500966772s ago: executing program 3 (id=2100):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000180))
r1 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0)

1.500685222s ago: executing program 4 (id=2101):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8d})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000040)={0xffff1000, 0x0, 0x1, 0x1, 0x3})

1.396061643s ago: executing program 0 (id=2102):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r5, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)

1.380648214s ago: executing program 2 (id=2103):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
shutdown(r0, 0x1)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x3, 0xf06, 0x1, 0x94, 0xfffffffd, 0x5}, 0x9c)

1.32114082s ago: executing program 6 (id=2104):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESHEX, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYRES64, @ANYRES64], 0xb, 0x2ed, &(0x7f0000000a80)="$eJzs3L9PE2EYwPGnPyhtCZTBaDQxvNFFlwtUZ6UxkBibSJAafyQmB1y16dmSuwZTY0QnV+Mf4UAY2UiUf4DFTRcXNxYTTWQwnun1jkI5QKC0CN9PQu7hnve5vm9byPM2HKv33j4t5m0tr1ckHFcSEhFZE+mXsPhC3jHsxjHZ6JVc7vnx+fyd+w9uZbLZkXGlRjMTV9JKqb6BD89eJLxhS92y0v9o9Xv628rplbOrfyaeFGxVsFWpXFG6mix/reiTpqGmC3ZRU2rMNHTbUIWSbVj1fLmez5vlmZmq0kvTvckZy7BtpZeqqmhUVaWsKlZVRR7rhZLSNE31JgW7yc2Pj+uZfRZPtXgyOCSWldEjIpLYksnNd2RCAACgo5r7/7CoVvb/CxeWKz13F/u8/n8pFtT/X/1Sv9am/j8uIoH9v//4gf2/vrf+f2tHdLIcqP/H0TAQ23Iq1AhrSSujJ72fX9frhwuDbkD/DwAAAAAAAAAAAAAAAAAAAADA/2DNcVKO46T8o//VLSJxEfG/DyiNiMj1DkwZLXSA1x/HQOPGvWifiPlmNjebqx+9AcsiYoohg5KS3+77wVOL/TuPVE2/fDTnvPq52VzEzWTyUnDrhyTVJc31jjN6MzsypOo213dJcmN9WlJyKrg+HVgfk0sXN9RrkpJPU1IWU6bdeTTqXw4pdeN2tqk+4Y4DAAAAAOA40NS6wP27pm2Xr9ev76+bPx+INPbXg4H786ici3Z27QAAAAAAnBR29XlRN03D2iFIyO5j9h9ED+nK/gr/tcr/W4bDW+kOgf/gm1Jx72TLn5bQHp6WbYKw7KdqoLYaddBV+B8bNaV+Oo7jBjI23P5X0A3OvHv/q3UXvLYYD15pC4LIzm+Arrb9AgIAAADQNo2m3z8z3NkJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABwArXjv6N1eo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUfE3AAD//7ndB6A=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
mkdir(0x0, 0xe7f6bec49cc54d58)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r5, 0x0, 0x404c040)
fdatasync(r0)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x84c00, 0x0, 0x0, 0x0, &(0x7f0000000000))

1.21594097s ago: executing program 2 (id=2105):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x2, 0xa5, 0xbd, 0x1, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x5, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x40, 0x6}, {0x3fe, 0x9, 0x0, 0xfd, 0x3, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300f23e872fee0f01c40f01c5b9800000c00f3226670f577c000f30b80e0000000f23d80f21f80f23f8c9b9490300000f60b932c00a000000f30f06002fb90d090000b800680000ba000000000f30", 0x51}], 0x1, 0x3e, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0xffff1000, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x7, 0x6}, {0xffff1000, 0xeeef0000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x48, 0x3, 0x0, 0xfc}, {0xd000, 0x33331000, 0xc, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x6000, 0xeeee8000, 0xe, 0x3, 0x0, 0x4, 0x10, 0x0, 0x0, 0x8}, {0x100000, 0xeeef0000, 0xd, 0x78, 0x5, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0xf4}, {0x0, 0xffff1000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x1000, 0x1000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x8, 0x0, 0x3}, {0x80a0000, 0x8cc}, {}, 0xddf8ffdb, 0x0, 0x3000, 0x110, 0x80000000000, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0x1]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.039503978s ago: executing program 4 (id=2106):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000240)={@local, @local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@noop]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x3f7, 0x4)
recvmmsg(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/35, 0x23}, 0x2000}], 0x1, 0x162, 0x0)

103.6484ms ago: executing program 3 (id=2107):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0xffffffff, 0x0, "8100e1c8e80b598c36ff000800"})
syz_open_pts(r2, 0x141601)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe2(&(0x7f0000001040), 0x4800)
pipe2(&(0x7f0000000240), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r4, @ANYRES64=r3, @ANYBLOB="ed"], 0x20)

98.261661ms ago: executing program 0 (id=2108):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$unix(r1, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000380)="c8", 0x1}], 0x1, 0x0, 0x0, 0x11}}], 0x1, 0x20008000)
io_setup(0x7, &(0x7f0000000000)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xfffd, r1, 0x0}])

97.550841ms ago: executing program 6 (id=2109):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$inet6(r0, &(0x7f0000000480)={&(0x7f0000000040)={0xa, 0x4e20, 0xfffffffc, @remote, 0x2}, 0x1c, 0x0}, 0x20008814)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
shutdown(r0, 0x1)

89.090212ms ago: executing program 2 (id=2110):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x6}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setns(r1, 0x24020000)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=2111):
syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x8, 0x44, 0x0, 0x0, 0x0, 0x5, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x2, 0x0}, {[@timestamp={0x44, 0xc, 0x5, 0x0, 0x4, [0x1, 0x6]}, @ssrr={0x89, 0xb, 0xd7, [@private=0xa010100, @remote]}, @generic={0x83, 0x2}]}}, {{0x4e23, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0xfffd}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

ory.0: Falling back to sysfs fallback for: regulatory.db
[  278.367917][ T6396] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  278.412789][ T5894] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  278.601448][ T6399] loop4: detected capacity change from 0 to 128
[  278.701954][ T6381] vhci_hcd: connection reset by peer
[  278.719368][  T154] vhci_hcd: stop threads
[  278.723783][  T154] vhci_hcd: release socket
[  278.733969][  T154] vhci_hcd: disconnect device
[  278.818536][ T6399] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  278.840287][ T6399] ext4 filesystem being mounted at /102/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  278.976608][ T6408] loop1: detected capacity change from 0 to 128
[  279.247935][   T26] audit: type=1800 audit(1760795184.106:9): pid=6416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.529" name="bus" dev="loop1" ino=1048606 res=0 errno=0
[  280.049702][ T6423] loop2: detected capacity change from 0 to 128
[  280.404063][ T6423] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  281.191168][ T6423] ext4 filesystem being mounted at /111/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  281.281550][ T6434] loop3: detected capacity change from 0 to 128
[  281.307386][ T6436] netlink: 4 bytes leftover after parsing attributes in process `syz.4.545'.
[  281.567680][ T6439] loop1: detected capacity change from 0 to 16
[  281.594092][ T6439] erofs: (device loop1): mounted with root inode @ nid 36.
[  282.436965][ T6443] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  282.455448][ T6443] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  282.468551][ T6443] erofs: (device loop1): z_erofs_readpage: failed to read, err [-117]
[  282.486891][ T6443] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  282.496578][ T6443] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  282.509624][ T6443] erofs: (device loop1): z_erofs_readpage: failed to read, err [-117]
[  282.527200][ T6443] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  282.536845][ T6443] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  282.549835][ T6443] erofs: (device loop1): z_erofs_readpage: failed to read, err [-117]
[  282.567869][ T6443] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  282.577519][ T6443] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  282.590687][ T6443] erofs: (device loop1): z_erofs_readpage: failed to read, err [-117]
[  283.532903][ T5894] vhci_hcd: vhci_device speed not set
[  285.088676][ T6463] loop2: detected capacity change from 0 to 128
[  287.423211][ T6475] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4
[  287.432503][ T6475] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4
[  287.442157][ T6475] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  287.453097][ T6475] syz.0.557 (6475) used greatest stack depth: 18664 bytes left
[  287.652874][   T26] audit: type=1800 audit(1760795192.286:10): pid=6475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.557" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  287.959544][   T26] audit: type=1800 audit(1760795192.676:11): pid=6480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.556" name="bus" dev="loop2" ino=1048607 res=0 errno=0
[  289.111006][ T6489] loop3: detected capacity change from 0 to 40427
[  289.123322][ T6493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.561'.
[  289.231475][ T6489] F2FS-fs (loop3): invalid crc value
[  289.266267][ T6489] F2FS-fs (loop3): Found nat_bits in checkpoint
[  289.307831][ T6489] F2FS-fs (loop3): Start checkpoint disabled!
[  289.334877][ T6489] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  290.435121][ T6508] ax25_connect(): syz.2.562 uses autobind, please contact jreuter@yaina.de
[  290.981036][ T6518] loop4: detected capacity change from 0 to 256
[  292.408243][ T4270] attempt to access beyond end of device
[  292.408243][ T4270] loop3: rw=2049, want=40976, limit=40427
[  292.450240][ T6518] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  294.479687][ T6533] netlink: 830 bytes leftover after parsing attributes in process `syz.2.570'.
[  294.817921][ T6537] overlayfs: failed to resolve './file0': -2
[  295.138676][ T6549] netlink: 'syz.2.573': attribute type 10 has an invalid length.
[  295.162383][ T6549] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  295.526794][ T6557] loop4: detected capacity change from 0 to 512
[  295.762497][ T6558] loop2: detected capacity change from 0 to 40427
[  295.841253][ T6558] F2FS-fs (loop2): invalid crc value
[  295.854531][ T6558] F2FS-fs (loop2): Found nat_bits in checkpoint
[  295.899159][ T6558] F2FS-fs (loop2): Start checkpoint disabled!
[  295.907605][ T6557] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  295.930192][ T6558] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  296.043419][ T6557] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  296.113590][ T6557] EXT4-fs (loop4): 1 truncate cleaned up
[  296.120342][ T6557] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,bsdgroups,quota,,errors=continue. Quota mode: writeback.
[  297.059687][ T4270] attempt to access beyond end of device
[  297.059687][ T4270] loop2: rw=2049, want=40976, limit=40427
[  297.141228][ T6557] EXT4-fs (loop4): shut down requested (0)
[  298.867238][ T6580] loop2: detected capacity change from 0 to 40427
[  298.950727][ T6580] F2FS-fs (loop2): invalid crc value
[  299.675843][ T6580] F2FS-fs (loop2): Found nat_bits in checkpoint
[  299.715884][ T6580] F2FS-fs (loop2): Start checkpoint disabled!
[  300.056574][ T6594] loop4: detected capacity change from 0 to 16
[  300.096128][ T6580] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  300.411671][ T6594] erofs: (device loop4): mounted with root inode @ nid 36.
[  300.939330][ T6604] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  301.295179][ T6604] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  301.308597][ T6604] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[  301.477671][ T6611] netlink: 4 bytes leftover after parsing attributes in process `syz.0.591'.
[  301.556698][ T6612] netlink: 830 bytes leftover after parsing attributes in process `syz.1.588'.
[  301.572163][ T4493] attempt to access beyond end of device
[  301.572163][ T4493] loop2: rw=2049, want=40976, limit=40427
[  301.960020][ T6617] team0: Port device team_slave_1 removed
[  302.325467][ T6631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.605'.
[  304.607816][ T6659] loop2: detected capacity change from 0 to 1024
[  304.672398][ T6659] EXT4-fs (loop2): Ignoring removed bh option
[  304.678899][ T6659] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  304.999968][ T6659] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal
[  306.541685][ T6668] loop2: detected capacity change from 0 to 1024
[  307.519619][ T6668] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,,errors=continue. Quota mode: none.
[  309.331430][ T6709] loop3: detected capacity change from 0 to 256
[  309.453470][ T6709] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  310.133572][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.609'.
[  313.001892][ T6747] ax25_connect(): syz.3.625 uses autobind, please contact jreuter@yaina.de
[  313.604196][ T6637] ODEBUG: Out of memory. ODEBUG disabled
[  313.750999][ T6752] loop4: detected capacity change from 0 to 1024
[  314.092051][ T6752] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,,errors=continue. Quota mode: none.
[  315.475055][ T6772] loop4: detected capacity change from 0 to 40427
[  315.488088][ T6772] F2FS-fs (loop4): invalid crc value
[  315.544683][ T6772] F2FS-fs (loop4): Found nat_bits in checkpoint
[  315.788949][ T6782] loop3: detected capacity change from 0 to 256
[  315.809819][ T6772] F2FS-fs (loop4): Start checkpoint disabled!
[  317.240503][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  317.246964][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  317.362362][ T6782] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  317.468794][ T6772] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  318.063082][ T4493] attempt to access beyond end of device
[  318.063082][ T4493] loop4: rw=2049, want=40976, limit=40427
[  320.682839][ T6814] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  323.433163][   T23] Bluetooth: hci5: command 0x0409 tx timeout
[  323.748438][ T6840] loop2: detected capacity change from 0 to 256
[  323.775661][ T6815] chnl_net:caif_netlink_parms(): no params data found
[  325.158877][ T6842] loop4: detected capacity change from 0 to 40427
[  325.262475][ T6637] Set syz1 is full, maxelem 65536 reached
[  325.303784][ T6842] F2FS-fs (loop4): invalid crc value
[  325.333137][ T6840] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  325.341991][ T6842] F2FS-fs (loop4): Found nat_bits in checkpoint
[  325.383700][ T6842] F2FS-fs (loop4): Start checkpoint disabled!
[  325.402990][ T6842] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  325.452764][   T21] Bluetooth: hci5: command 0x041b tx timeout
[  325.797242][ T6815] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.882807][ T6815] bridge0: port 1(bridge_slave_0) entered disabled state
[  325.970598][ T6815] device bridge_slave_0 entered promiscuous mode
[  326.010233][ T6815] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.042949][ T6815] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.050617][ T5992] attempt to access beyond end of device
[  326.050617][ T5992] loop4: rw=2049, want=40976, limit=40427
[  326.101209][ T6815] device bridge_slave_1 entered promiscuous mode
[  326.261999][ T6815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  326.313859][ T6815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  326.540768][ T6815] team0: Port device team_slave_0 added
[  326.574504][ T6815] team0: Port device team_slave_1 added
[  326.691911][ T6815] batman_adv: batadv0: Adding interface: batadv_slave_0
[  326.826534][ T6815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  326.901519][ T6815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  327.369553][ T6815] batman_adv: batadv0: Adding interface: batadv_slave_1
[  327.574731][   T21] Bluetooth: hci5: command 0x040f tx timeout
[  327.581402][ T6815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  327.646077][ T6815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  327.885280][ T6875] loop4: detected capacity change from 0 to 128
[  329.015862][ T6815] device hsr_slave_0 entered promiscuous mode
[  329.071013][ T6815] device hsr_slave_1 entered promiscuous mode
[  329.691408][ T2859] Bluetooth: hci5: command 0x0419 tx timeout
[  329.766509][ T6815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  329.938353][ T6815] Cannot create hsr debugfs directory
[  331.133733][ T6891] loop3: detected capacity change from 0 to 40427
[  332.252068][ T6898] loop4: detected capacity change from 0 to 256
[  332.295175][ T6891] F2FS-fs (loop3): invalid crc value
[  332.442364][ T6891] F2FS-fs (loop3): Found nat_bits in checkpoint
[  332.491420][ T6891] F2FS-fs (loop3): Start checkpoint disabled!
[  332.528718][ T6898] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  332.856256][ T6891] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  333.605707][ T5998] attempt to access beyond end of device
[  333.605707][ T5998] loop3: rw=2049, want=40976, limit=40427
[  333.673688][ T4493] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.838811][ T4493] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.966904][ T4493] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.071686][ T4493] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.441688][ T6815] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  336.066301][ T6815] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  336.275188][ T6815] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  336.488025][ T4493] tipc: Disabling bearer <udp:syz2>
[  336.498363][ T6815] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  336.512632][ T4493] tipc: Left network mode
[  337.315200][ T6952] loop2: detected capacity change from 0 to 256
[  338.041299][ T6952] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  338.665870][ T6955] loop3: detected capacity change from 0 to 40427
[  338.736082][ T6955] F2FS-fs (loop3): invalid crc value
[  338.763588][ T6955] F2FS-fs (loop3): Found nat_bits in checkpoint
[  338.805125][ T6955] F2FS-fs (loop3): Start checkpoint disabled!
[  338.824196][ T6967] ax25_connect(): syz.4.670 uses autobind, please contact jreuter@yaina.de
[  338.879222][ T6815] 8021q: adding VLAN 0 to HW filter on device bond0
[  339.103642][ T6972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.668'.
[  339.945352][ T6955] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  340.276171][ T6815] 8021q: adding VLAN 0 to HW filter on device team0
[  340.311440][ T6815] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  340.329769][ T6815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  340.435159][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  341.754519][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  341.762536][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  341.771478][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  341.780248][ T4270] bridge0: port 1(bridge_slave_0) entered blocking state
[  341.787404][ T4270] bridge0: port 1(bridge_slave_0) entered forwarding state
[  341.796228][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  342.142668][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  342.212165][ T4270] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.219481][ T4270] bridge0: port 2(bridge_slave_1) entered forwarding state
[  343.453298][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  343.480515][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  344.806540][ T5992] attempt to access beyond end of device
[  344.806540][ T5992] loop3: rw=2049, want=40976, limit=40427
[  345.603761][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  345.752476][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  346.465849][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  346.538202][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  346.547715][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  346.556397][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  346.885540][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  346.895356][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  346.914924][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  346.927260][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  346.935873][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  347.734100][ T7040] netlink: 4 bytes leftover after parsing attributes in process `syz.4.683'.
[  347.925338][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  347.962881][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  348.007847][ T6815] 8021q: adding VLAN 0 to HW filter on device batadv0
[  348.112563][ T7051] ax25_connect(): syz.0.685 uses autobind, please contact jreuter@yaina.de
[  348.359813][ T7056] loop3: detected capacity change from 0 to 16
[  349.138017][ T7056] erofs: (device loop3): mounted with root inode @ nid 36.
[  349.796776][ T7070] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  349.818826][ T7070] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  349.832128][ T7070] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  349.843922][ T7070] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  349.853525][ T7070] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  349.866765][ T7070] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  349.878490][ T7070] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  349.888123][ T7070] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  349.901248][ T7070] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  349.911890][ T7063] loop4: detected capacity change from 0 to 40427
[  350.108680][ T7063] F2FS-fs (loop4): invalid crc value
[  350.134446][ T2859] Bluetooth: hci3: command 0x0406 tx timeout
[  350.333007][ T7063] F2FS-fs (loop4): Found nat_bits in checkpoint
[  351.056401][ T7063] F2FS-fs (loop4): Start checkpoint disabled!
[  351.098824][ T7063] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  352.846690][ T5998] attempt to access beyond end of device
[  352.846690][ T5998] loop4: rw=2049, want=40976, limit=40427
[  353.023882][ T7099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.697'.
[  353.050567][ T7100] loop2: detected capacity change from 0 to 256
[  353.131008][ T7100] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  353.972749][ T4493] device hsr_slave_0 left promiscuous mode
[  354.030408][ T4493] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  354.132016][ T4493] batman_adv: batadv0: Removing interface: batadv_slave_0
[  354.299559][ T4493] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  354.355624][ T4493] batman_adv: batadv0: Removing interface: batadv_slave_1
[  354.413573][ T4493] bridge0: port 3(team0) entered disabled state
[  354.469680][ T4493] device bridge_slave_1 left promiscuous mode
[  354.492040][ T4493] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.526279][ T4493] device bridge_slave_0 left promiscuous mode
[  354.540091][ T4493] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.871260][ T4493] device veth1_macvtap left promiscuous mode
[  354.929670][ T4493] device veth0_macvtap left promiscuous mode
[  354.951687][ T4493] device veth1_vlan left promiscuous mode
[  355.012327][ T4493] device veth0_vlan left promiscuous mode
[  356.297155][ T4493] device team_slave_0 left promiscuous mode
[  356.336221][ T7141] loop4: detected capacity change from 0 to 40427
[  356.409910][ T7141] F2FS-fs (loop4): invalid crc value
[  356.435082][ T7141] F2FS-fs (loop4): Found nat_bits in checkpoint
[  356.468479][ T7141] F2FS-fs (loop4): Start checkpoint disabled!
[  356.507463][ T7141] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  356.980567][ T4493] team0 (unregistering): Port device team_slave_0 removed
[  357.048666][ T4493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  357.091771][ T6000] attempt to access beyond end of device
[  357.091771][ T6000] loop4: rw=2049, want=40976, limit=40427
[  357.123725][ T4493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  357.306746][ T4493] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  357.325102][ T4493] bond0 (unregistering): Released all slaves
[  357.772205][ T7108] netlink: 28 bytes leftover after parsing attributes in process `syz.0.698'.
[  357.820688][ T7109] netlink: 'syz.0.698': attribute type 6 has an invalid length.
[  358.132931][ T7161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.709'.
[  358.538408][ T6000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  358.547500][ T6000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  358.667169][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  358.685644][ T7175] ax25_connect(): syz.0.712 uses autobind, please contact jreuter@yaina.de
[  358.699258][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  358.737922][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  358.802103][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  358.815323][ T6815] device veth0_vlan entered promiscuous mode
[  358.997491][ T6815] device veth1_vlan entered promiscuous mode
[  359.022401][ T5998] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  359.076570][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  359.105006][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  359.138192][ T6815] device veth0_macvtap entered promiscuous mode
[  359.161014][ T6815] device veth1_macvtap entered promiscuous mode
[  359.257994][ T6815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.148166][ T6815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.311321][ T7178] loop2: detected capacity change from 0 to 2048
[  360.571385][ T7201] loop4: detected capacity change from 0 to 40427
[  360.592901][ T6815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.941951][ T6815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.952328][ T6815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  360.963370][ T6815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.974835][ T6815] batman_adv: batadv0: Interface activated: batadv_slave_0
[  360.985131][ T6815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  360.995764][ T6815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.113733][ T6815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  362.649679][ T6815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.660497][ T6815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  362.671043][ T6815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.728141][ T6815] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.744272][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  362.756203][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  362.767578][ T7201] F2FS-fs (loop4): invalid crc value
[  362.783451][ T7201] F2FS-fs (loop4): Found nat_bits in checkpoint
[  362.933185][ T7201] F2FS-fs (loop4): Start checkpoint disabled!
[  362.971288][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  362.982742][ T7201] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  366.886780][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  366.905174][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  366.921540][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  367.006145][ T6815] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  367.019074][ T6815] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  367.028919][ T6815] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  367.037900][ T6815] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  367.048469][ T7222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.722'.
[  367.286009][ T7230] ax25_connect(): syz.3.724 uses autobind, please contact jreuter@yaina.de
[  368.203609][ T4270] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  368.211983][ T4270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  368.341631][ T6000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  369.024250][ T6000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.404609][ T6000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.416465][ T6000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  370.230447][ T7254] loop4: detected capacity change from 0 to 2048
[  370.333367][ T7254] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  370.645526][ T7267] loop3: detected capacity change from 0 to 40427
[  370.670495][ T7254] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  370.709068][ T7267] F2FS-fs (loop3): invalid crc value
[  370.734700][ T7267] F2FS-fs (loop3): Found nat_bits in checkpoint
[  370.765075][ T7267] F2FS-fs (loop3): Start checkpoint disabled!
[  370.792728][ T7267] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  370.802875][ T7254] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  370.810881][ T7254] UDF-fs: Scanning with blocksize 512 failed
[  370.827697][ T7254] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  371.682484][ T7282] ax25_connect(): syz.2.735 uses autobind, please contact jreuter@yaina.de
[  372.016430][  T154] attempt to access beyond end of device
[  372.016430][  T154] loop3: rw=2049, want=40976, limit=40427
[  372.679507][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.736'.
[  373.285086][ T7305] loop3: detected capacity change from 0 to 128
[  375.962190][ T7318] loop3: detected capacity change from 0 to 128
[  378.585273][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  378.591754][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  379.066359][ T7335] loop4: detected capacity change from 0 to 40427
[  379.202936][ T7335] F2FS-fs (loop4): invalid crc value
[  380.604232][ T7335] F2FS-fs (loop4): Found nat_bits in checkpoint
[  380.723708][ T7355] ax25_connect(): syz.2.749 uses autobind, please contact jreuter@yaina.de
[  381.028816][ T7335] F2FS-fs (loop4): Start checkpoint disabled!
[  381.335210][ T7343] loop3: detected capacity change from 0 to 2048
[  381.346199][ T7335] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  381.409159][ T7343] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  381.855189][ T7368] loop5: detected capacity change from 0 to 128
[  384.535958][  T154] attempt to access beyond end of device
[  384.535958][  T154] loop4: rw=2049, want=40976, limit=40427
[  385.765052][ T7393] loop2: detected capacity change from 0 to 4096
[  386.056142][ T5992] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.077394][ T7393] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  386.611798][ T7399] netlink: 4 bytes leftover after parsing attributes in process `syz.0.761'.
[  394.402623][ T7463] loop2: detected capacity change from 0 to 256
[  395.147219][ T7463] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  395.572995][ T7473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.777'.
[  401.230686][ T7495] binder: 7494:7495 ioctl c0306201 200000000180 returned -14
[  401.762662][ T1335] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  402.371395][ T7511] loop2: detected capacity change from 0 to 256
[  402.384474][ T7510] loop5: detected capacity change from 0 to 128
[  402.723030][ T1335] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  403.464968][ T1335] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.480750][ T7511] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  403.660206][ T1335] usb 4-1: Product: syz
[  403.723289][ T1335] usb 4-1: Manufacturer: syz
[  403.839172][ T1335] usb 4-1: SerialNumber: syz
[  404.064950][ T1335] usb 4-1: config 0 descriptor??
[  404.322940][ T1335] usb 4-1: can't set config #0, error -71
[  404.442974][ T1335] usb 4-1: USB disconnect, device number 2
[  405.964506][ T7550] loop2: detected capacity change from 0 to 16
[  406.041419][ T7550] erofs: (device loop2): mounted with root inode @ nid 36.
[  406.106666][ T7550] attempt to access beyond end of device
[  406.106666][ T7550] loop2: rw=0, want=24, limit=16
[  407.178813][ T1335] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  409.604494][ T5899] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  409.613657][ T5899] Bluetooth: hci3: Injecting HCI hardware error event
[  409.624045][  T146] Bluetooth: hci3: hardware error 0x00
[  409.802702][ T1335] usb 5-1: unable to read config index 0 descriptor/start: -71
[  409.811122][ T1335] usb 5-1: can't read configurations, error -71
[  409.832245][ T7587] input: syz0 as /devices/virtual/input/input8
[  412.849743][ T7609] netlink: 28 bytes leftover after parsing attributes in process `syz.2.813'.
[  412.942765][ T7609] netlink: 28 bytes leftover after parsing attributes in process `syz.2.813'.
[  413.006564][ T7609] device ip6gretap0 entered promiscuous mode
[  413.079594][ T7609] device syz_tun entered promiscuous mode
[  413.126852][ T5998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  414.432974][ T7631] loop3: detected capacity change from 0 to 256
[  414.888972][ T7632] ax25_connect(): syz.2.816 uses autobind, please contact jreuter@yaina.de
[  415.627270][ T7631] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  415.866405][   T26] audit: type=1326 audit(1760795320.726:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  415.945120][ T7637] loop5: detected capacity change from 0 to 128
[  416.060985][   T26] audit: type=1326 audit(1760795320.746:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  416.164794][ T7644] loop4: detected capacity change from 0 to 128
[  416.331060][   T26] audit: type=1326 audit(1760795320.746:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  416.993812][ T7652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.822'.
[  417.071319][   T26] audit: type=1326 audit(1760795320.796:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  417.093492][    C1] vkms_vblank_simulate: vblank timer overrun
[  417.331761][   T26] audit: type=1326 audit(1760795320.806:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fea282d1885 code=0x7ffc0000
[  418.656203][   T26] audit: type=1326 audit(1760795320.806:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  418.678305][   T26] audit: type=1326 audit(1760795320.806:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  418.843106][   T26] audit: type=1326 audit(1760795320.806:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  418.922257][   T26] audit: type=1326 audit(1760795320.816:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  418.994982][   T26] audit: type=1326 audit(1760795320.816:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7634 comm="syz.4.819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  419.305734][ T7675] loop5: detected capacity change from 0 to 8
[  419.434762][ T7675] SQUASHFS error: zlib decompression failed, data probably corrupt
[  419.443417][ T7675] SQUASHFS error: Failed to read block 0x4de: -5
[  419.451912][ T7675] SQUASHFS error: Failed to read block 0x4e2: -5
[  419.459291][ T7675] SQUASHFS error: Failed to read block 0x9ca: -5
[  419.487115][ T7675] SQUASHFS error: Failed to read block 0x2cf2: -5
[  419.496545][ T7675] SQUASHFS error: Failed to read block 0x52cf2: -5
[  419.503783][ T7675] SQUASHFS error: Failed to read block 0x535f2: -5
[  419.976578][ T7672] loop4: detected capacity change from 0 to 4096
[  420.333415][ T7672] ntfs3: Unknown parameter 'windows_names'
[  421.695293][ T7697] ax25_connect(): syz.4.832 uses autobind, please contact jreuter@yaina.de
[  423.771110][ T7708] loop5: detected capacity change from 0 to 512
[  423.836664][ T7708] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  423.910553][ T7708] EXT4-fs (loop5): 1 truncate cleaned up
[  423.940086][ T7718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.836'.
[  423.957283][ T7708] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,lazytime,quota,. Quota mode: writeback.
[  428.042229][ T7765] ax25_connect(): syz.3.845 uses autobind, please contact jreuter@yaina.de
[  428.875433][ T7768] loop2: detected capacity change from 0 to 128
[  430.229461][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.849'.
[  430.588556][ T7788] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  431.512776][ T7795] loop2: detected capacity change from 0 to 40427
[  431.668850][ T7795] F2FS-fs (loop2): invalid crc value
[  431.681216][ T7795] F2FS-fs (loop2): Found nat_bits in checkpoint
[  431.717479][ T7795] F2FS-fs (loop2): Start checkpoint disabled!
[  432.490501][ T7795] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  432.718860][ T7808] loop5: detected capacity change from 0 to 128
[  432.893595][ T7808] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  432.989260][ T5998] attempt to access beyond end of device
[  432.989260][ T5998] loop2: rw=2049, want=40976, limit=40427
[  433.010956][ T7808] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  433.535452][ T7816] loop4: detected capacity change from 0 to 40427
[  434.060416][ T7816] F2FS-fs (loop4): invalid crc value
[  434.074678][ T7816] F2FS-fs (loop4): Found nat_bits in checkpoint
[  434.119620][ T7816] F2FS-fs (loop4): Start checkpoint disabled!
[  434.134024][ T7816] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  434.753322][ T5998] attempt to access beyond end of device
[  434.753322][ T5998] loop4: rw=2049, want=40976, limit=40427
[  434.777952][ T7826] loop5: detected capacity change from 0 to 8192
[  436.558014][ T7852] ax25_connect(): syz.3.865 uses autobind, please contact jreuter@yaina.de
[  438.257525][ T7874] loop3: detected capacity change from 0 to 40427
[  438.468646][ T7874] F2FS-fs (loop3): invalid crc value
[  438.571527][ T7874] F2FS-fs (loop3): Found nat_bits in checkpoint
[  438.618765][ T7874] F2FS-fs (loop3): Start checkpoint disabled!
[  438.938921][ T7880] loop2: detected capacity change from 0 to 128
[  438.953429][ T7874] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  440.603203][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  440.609552][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  440.801546][ T7890] loop4: detected capacity change from 0 to 128
[  441.108557][ T7897] loop2: detected capacity change from 0 to 256
[  441.317934][ T7897] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  441.556595][ T7890] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  441.588604][ T4493] attempt to access beyond end of device
[  441.588604][ T4493] loop3: rw=2049, want=40976, limit=40427
[  441.850909][ T7890] ext4 filesystem being mounted at /176/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  442.735844][ T7902] loop2: detected capacity change from 0 to 40427
[  442.819566][ T7902] F2FS-fs (loop2): invalid crc value
[  442.860845][ T7902] F2FS-fs (loop2): Found nat_bits in checkpoint
[  442.903980][ T7902] F2FS-fs (loop2): Start checkpoint disabled!
[  442.942681][ T7902] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  444.638813][ T7922] ax25_connect(): syz.4.876 uses autobind, please contact jreuter@yaina.de
[  445.519267][ T5998] attempt to access beyond end of device
[  445.519267][ T5998] loop2: rw=2049, want=40976, limit=40427
[  445.655292][ T7930] misc userio: Invalid payload size
[  445.663305][ T7930] misc userio: No port type given on /dev/userio
[  445.672666][ T7930] misc userio: The device must be registered before sending interrupts
[  445.834057][ T7929] loop3: detected capacity change from 0 to 256
[  447.293208][ T1335] Bluetooth: hci5: command 0x0406 tx timeout
[  449.767911][ T7970] loop5: detected capacity change from 0 to 32768
[  450.727714][ T7970] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.886 (7970)
[  450.774681][ T7970] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  450.783465][ T7970] BTRFS info (device loop5): using free space tree
[  450.790121][ T7970] BTRFS info (device loop5): has skinny extents
[  451.417036][ T7970] BTRFS info (device loop5): enabling ssd optimizations
[  452.440973][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.890'.
[  453.750660][ T8023] misc userio: Invalid payload size
[  453.759016][ T8023] misc userio: No port type given on /dev/userio
[  453.771666][ T8023] misc userio: The device must be registered before sending interrupts
[  454.619879][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.680430][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.724624][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.740082][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.787543][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.822833][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.870607][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.917264][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  454.956119][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  455.064300][ T8046] loop3: detected capacity change from 0 to 128
[  456.262281][ T8061] loop5: detected capacity change from 0 to 8192
[  457.216437][ T4236] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  457.953664][ T5894] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  457.992821][ T4236] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  457.999716][ T8096] loop4: detected capacity change from 0 to 256
[  458.022629][ T4236] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  458.042738][ T4236] usb 3-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[  458.075251][ T4236] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.249594][ T4236] usb 3-1: config 0 descriptor??
[  458.282645][ T5894] usb 1-1: Using ep0 maxpacket: 8
[  458.988964][ T4236] uclogic 0003:5543:0064.0001: item fetching failed at offset 0/1
[  459.005154][ T4236] uclogic 0003:5543:0064.0001: parse failed
[  459.015731][ T4236] uclogic: probe of 0003:5543:0064.0001 failed with error -22
[  459.063105][ T5894] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  459.116011][ T5894] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  459.150943][ T8111] misc userio: Invalid payload size
[  459.163926][ T8111] misc userio: No port type given on /dev/userio
[  459.166378][ T8110] loop4: detected capacity change from 0 to 128
[  459.177691][ T5425] usb 3-1: USB disconnect, device number 3
[  459.196353][ T5894] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  459.204080][ T8111] misc userio: The device must be registered before sending interrupts
[  459.216811][ T5894] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  459.262660][ T5894] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  459.302718][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.113192][ T5894] usb 1-1: usb_control_msg returned -71
[  460.118840][ T5894] usbtmc 1-1:16.0: can't read capabilities
[  460.164063][ T5894] usb 1-1: USB disconnect, device number 2
[  460.401628][ T8131] loop4: detected capacity change from 0 to 128
[  462.952295][ T8145] loop3: detected capacity change from 0 to 256
[  464.195922][ T8145] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  465.560138][ T8158] loop3: detected capacity change from 0 to 256
[  465.599975][ T8161] misc userio: Invalid payload size
[  465.973915][ T8165] fuse: Bad value for 'fd'
[  466.033130][ T8166] misc userio: No port type given on /dev/userio
[  466.344237][ T8161] misc userio: The device must be registered before sending interrupts
[  468.751525][ T8191] loop4: detected capacity change from 0 to 16
[  468.931913][ T8191] erofs: (device loop4): mounted with root inode @ nid 36.
[  469.828891][ T8199] loop2: detected capacity change from 0 to 256
[  470.063609][ T8201] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  470.412710][ T8201] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  470.425837][ T8201] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[  471.123112][ T8206] loop3: detected capacity change from 0 to 128
[  471.670549][ T8199] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  474.122244][ T8222] fuse: Bad value for 'fd'
[  474.771332][ T8227] loop2: detected capacity change from 0 to 256
[  476.478354][ T8254] loop3: detected capacity change from 0 to 16
[  476.651469][ T8254] erofs: (device loop3): mounted with root inode @ nid 36.
[  476.873676][ T8257] misc userio: Invalid payload size
[  476.879200][ T8257] misc userio: No port type given on /dev/userio
[  476.970472][ T8262] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  476.983355][ T8262] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  476.996431][ T8262] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  477.007953][ T8262] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  477.017471][ T8262] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  477.030671][ T8262] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  477.042131][ T8262] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  477.051621][ T8262] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  477.064714][ T8262] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  477.077485][ T8262] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  477.087067][ T8262] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  477.100050][ T8262] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  477.838090][ T8265] loop4: detected capacity change from 0 to 40427
[  477.860999][ T8247] chnl_net:caif_netlink_parms(): no params data found
[  478.076139][ T8264] loop2: detected capacity change from 0 to 256
[  478.859018][ T5894] Bluetooth: hci0: command 0x0409 tx timeout
[  478.873276][ T8267] Cannot find add_set index 65532 as target
[  478.925355][ T8265] F2FS-fs (loop4): invalid crc value
[  478.960246][ T8271] ax25_connect(): syz.3.940 uses autobind, please contact jreuter@yaina.de
[  479.000463][ T8265] F2FS-fs (loop4): Found nat_bits in checkpoint
[  479.036445][ T8265] F2FS-fs (loop4): Start checkpoint disabled!
[  479.095355][ T8265] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  479.367990][ T8280] fuse: Bad value for 'fd'
[  481.173843][ T5426] Bluetooth: hci0: command 0x041b tx timeout
[  481.194093][ T5998] attempt to access beyond end of device
[  481.194093][ T5998] loop4: rw=2049, want=40976, limit=40427
[  481.252362][ T8286] loop3: detected capacity change from 0 to 128
[  481.284351][ T8247] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.291470][ T8247] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.396540][ T8247] device bridge_slave_0 entered promiscuous mode
[  481.530418][ T8247] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.542881][ T8247] bridge0: port 2(bridge_slave_1) entered disabled state
[  481.551050][ T8247] device bridge_slave_1 entered promiscuous mode
[  482.361637][ T5998] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.769640][ T8298] loop4: detected capacity change from 0 to 256
[  483.091692][ T8247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  483.391229][ T8247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  483.392424][ T5425] Bluetooth: hci0: command 0x040f tx timeout
[  483.629463][ T8305] loop3: detected capacity change from 0 to 16
[  483.702261][ T5998] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.755313][ T8247] team0: Port device team_slave_0 added
[  483.775925][ T8305] erofs: (device loop3): mounted with root inode @ nid 36.
[  483.896209][ T8247] team0: Port device team_slave_1 added
[  483.920077][ T8247] batman_adv: batadv0: Adding interface: batadv_slave_0
[  483.927266][ T8247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  483.955670][ T8247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  483.981627][ T8247] batman_adv: batadv0: Adding interface: batadv_slave_1
[  484.093557][ T8313] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  484.108502][ T8313] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  484.121599][ T8313] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  484.132723][ T8313] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  484.142169][ T8313] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  484.155194][ T8313] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  484.166028][ T8313] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  484.175755][ T8313] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  484.188825][ T8313] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  484.201422][ T8313] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  484.210926][ T8313] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  484.223975][ T8313] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  484.409040][ T8247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  484.662574][ T8247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  484.675438][ T8317] ax25_connect(): syz.3.953 uses autobind, please contact jreuter@yaina.de
[  484.751162][ T5998] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.833801][ T8315] loop2: detected capacity change from 0 to 8192
[  484.891225][ T8247] device hsr_slave_0 entered promiscuous mode
[  484.911436][ T8247] device hsr_slave_1 entered promiscuous mode
[  485.102607][ T8320] loop4: detected capacity change from 0 to 40427
[  485.241540][ T8320] F2FS-fs (loop4): invalid crc value
[  485.282256][ T8247] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  485.338921][ T8320] F2FS-fs (loop4): Found nat_bits in checkpoint
[  485.384030][ T8320] F2FS-fs (loop4): Start checkpoint disabled!
[  485.439151][ T8320] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  485.532691][ T5425] Bluetooth: hci0: command 0x0419 tx timeout
[  485.596073][ T8330] loop3: detected capacity change from 0 to 128
[  485.603987][ T8247] Cannot create hsr debugfs directory
[  485.615599][ T5998] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.553099][ T5990] attempt to access beyond end of device
[  486.553099][ T5990] loop4: rw=2049, want=40976, limit=40427
[  486.804637][ T8336] loop3: detected capacity change from 0 to 256
[  486.889501][ T8247] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  487.025297][ T8247] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  487.185957][ T8247] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  487.241675][ T8247] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  487.931889][ T8247] 8021q: adding VLAN 0 to HW filter on device bond0
[  488.032998][ T5990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  488.043668][ T5990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  488.064804][ T8247] 8021q: adding VLAN 0 to HW filter on device team0
[  488.195993][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  488.366132][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  488.486374][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.493519][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  489.962417][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  490.261063][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  490.300310][ T8380] loop3: detected capacity change from 0 to 16
[  490.312132][ T8376] ax25_connect(): syz.4.964 uses autobind, please contact jreuter@yaina.de
[  490.323497][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  490.332276][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.339410][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.409948][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  490.547645][ T8380] erofs: (device loop3): mounted with root inode @ nid 36.
[  491.159338][ T8386] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  491.242713][ T8386] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  491.255944][ T8386] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  492.439661][ T8247] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  492.498911][ T8247] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  492.634848][ T8398] loop2: detected capacity change from 0 to 256
[  492.666133][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  492.887757][ T8398] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  492.911545][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  493.499323][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  493.532400][ T8415] loop3: detected capacity change from 0 to 128
[  493.677641][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  493.703451][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  494.411468][ T8421] ax25_connect(): syz.4.977 uses autobind, please contact jreuter@yaina.de
[  494.541757][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  494.557982][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  494.579555][ T8425] loop4: detected capacity change from 0 to 16
[  494.588823][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  495.181232][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  495.214255][ T8425] erofs: (device loop4): mounted with root inode @ nid 36.
[  495.221888][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  495.280367][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  495.342133][ T8419] loop2: detected capacity change from 0 to 8192
[  495.572356][ T8436] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  495.607389][ T8436] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  495.885805][ T8436] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[  496.295565][ T5894] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  496.484373][ T8444] loop4: detected capacity change from 0 to 4096
[  496.532353][ T8247] 8021q: adding VLAN 0 to HW filter on device batadv0
[  496.542966][ T5894] usb 1-1: Using ep0 maxpacket: 16
[  496.603967][ T8444] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  496.622280][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  496.643120][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  496.650671][ T8444] UDF-fs: Scanning with blocksize 512 failed
[  496.663454][ T5894] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  496.673491][ T5894] usb 1-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  496.714373][ T5894] usb 1-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  496.738271][ T8444] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  496.802669][ T5894] usb 1-1: config 1 interface 0 has no altsetting 0
[  496.914955][ T5998] device hsr_slave_0 left promiscuous mode
[  496.951447][ T5998] device hsr_slave_1 left promiscuous mode
[  497.002865][ T5894] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  497.012103][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.054013][ T5894] usb 1-1: Product: syz
[  497.058244][ T5894] usb 1-1: Manufacturer: syz
[  497.112616][ T5894] usb 1-1: SerialNumber: syz
[  497.283546][ T5998] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  497.303344][ T5998] batman_adv: batadv0: Removing interface: batadv_slave_0
[  497.370959][ T5998] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  497.432999][ T5998] batman_adv: batadv0: Removing interface: batadv_slave_1
[  497.452352][ T5894] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  497.613889][ T5998] device bridge_slave_1 left promiscuous mode
[  497.623413][ T5998] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.665020][ T1335] usb 1-1: USB disconnect, device number 3
[  497.685868][ T1335] usblp0: removed
[  497.723259][ T5998] device bridge_slave_0 left promiscuous mode
[  497.731490][ T5998] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.761195][ T5998] device veth1_macvtap left promiscuous mode
[  497.775397][ T5998] device veth0_macvtap left promiscuous mode
[  497.781902][ T5998] device veth1_vlan left promiscuous mode
[  497.792148][ T5998] device veth0_vlan left promiscuous mode
[  499.068389][ T5998] team0 (unregistering): Port device team_slave_1 removed
[  499.084546][ T5998] team0 (unregistering): Port device team_slave_0 removed
[  499.108593][ T5998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  499.129299][ T5998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  499.397044][ T5998] bond0 (unregistering): Released all slaves
[  500.304049][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  500.330387][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  500.340499][ T8491] loop4: detected capacity change from 0 to 16
[  501.023661][ T8496] loop2: detected capacity change from 0 to 256
[  501.099812][ T8496] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  501.370207][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  501.456377][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  501.463982][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  501.472268][ T8491] erofs: (device loop4): mounted with root inode @ nid 36.
[  501.503407][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  501.580599][ T8247] device veth0_vlan entered promiscuous mode
[  501.994664][ T8505] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  502.165252][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  502.204143][ T8505] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  502.217838][ T8505] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[  502.328105][ T8499] misc userio: No port type given on /dev/userio
[  502.335845][ T8499] misc userio: The device must be registered before sending interrupts
[  502.458319][ T5987] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  502.928104][ T8247] device veth1_vlan entered promiscuous mode
[  502.937093][ T8516] loop2: detected capacity change from 0 to 256
[  502.983301][ T8516] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  503.220141][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  503.248984][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  503.307391][ T8247] device veth0_macvtap entered promiscuous mode
[  503.338970][ T8521] loop3: detected capacity change from 0 to 8192
[  503.574264][ T8524] loop2: detected capacity change from 0 to 40427
[  503.599305][ T8524] F2FS-fs (loop2): invalid crc value
[  503.630774][ T8247] device veth1_macvtap entered promiscuous mode
[  503.664755][ T8524] F2FS-fs (loop2): Found nat_bits in checkpoint
[  503.711573][ T8524] F2FS-fs (loop2): Start checkpoint disabled!
[  503.743576][ T8247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  503.884789][ T8524] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  504.854091][ T8247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.864262][ T8247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  504.875084][ T8247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.885193][ T8247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  504.902627][ T8247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  504.915121][ T8247] batman_adv: batadv0: Interface activated: batadv_slave_0
[  504.924297][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  504.932811][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  504.987292][ T8539] loop4: detected capacity change from 0 to 128
[  505.013532][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  505.078924][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  506.047061][ T8247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.066404][ T8247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.088652][ T8247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.203104][ T5992] attempt to access beyond end of device
[  506.203104][ T5992] loop2: rw=2049, want=40976, limit=40427
[  506.258457][ T8247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.306377][ T8247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  506.316931][ T8247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  506.328375][ T8247] batman_adv: batadv0: Interface activated: batadv_slave_1
[  507.093938][ T8247] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  507.102856][ T8247] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  507.111560][ T8247] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  507.121011][ T8247] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  507.335369][ T8560] loop4: detected capacity change from 0 to 256
[  507.403791][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  507.472547][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  507.683767][ T8560] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  510.165725][ T8569] loop3: detected capacity change from 0 to 256
[  510.381344][ T8570] misc userio: No port type given on /dev/userio
[  510.388884][ T8570] misc userio: The device must be registered before sending interrupts
[  510.737228][ T5987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  510.799938][ T5987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  510.869407][ T8569] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  510.984221][ T4493] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  511.024882][ T4493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  511.066653][ T4493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  511.141547][ T5990] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  511.200629][ T8584] loop2: detected capacity change from 0 to 2
[  511.572435][ T8584] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  511.681008][ T8589] ax25_connect(): syz.4.1012 uses autobind, please contact jreuter@yaina.de
[  511.859049][ T8591] __nla_validate_parse: 43 callbacks suppressed
[  511.859067][ T8591] netlink: 4 bytes leftover after parsing attributes in process `syz.6.931'.
[  513.927145][ T8600] loop4: detected capacity change from 0 to 8192
[  514.714850][ T8612] loop3: detected capacity change from 0 to 40427
[  514.761270][ T8612] F2FS-fs (loop3): invalid crc value
[  514.773854][ T8591] device hsr_slave_1 left promiscuous mode
[  514.782113][ T8612] F2FS-fs (loop3): Found nat_bits in checkpoint
[  514.827242][ T8612] F2FS-fs (loop3): Start checkpoint disabled!
[  514.867208][ T8612] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  515.336489][ T8623] loop2: detected capacity change from 0 to 256
[  515.482124][ T8623] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  515.725333][ T8628] loop6: detected capacity change from 0 to 128
[  515.835320][ T4493] attempt to access beyond end of device
[  515.835320][ T4493] loop3: rw=2049, want=40984, limit=40427
[  517.474645][ T8652] loop2: detected capacity change from 0 to 256
[  518.090519][ T8656] loop6: detected capacity change from 0 to 16
[  519.095924][ T8656] erofs: (device loop6): mounted with root inode @ nid 36.
[  519.500547][ T8674] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  519.983264][ T8674] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  519.996441][ T8674] erofs: (device loop6): z_erofs_readpage: failed to read, err [-117]
[  520.007395][ T8675] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  520.017442][ T8675] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  520.030411][ T8675] erofs: (device loop6): z_erofs_readpage: failed to read, err [-117]
[  520.038835][ T8676] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  520.048291][ T8676] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  520.061321][ T8676] erofs: (device loop6): z_erofs_readpage: failed to read, err [-117]
[  520.069697][ T8677] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  520.079182][ T8677] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  520.092189][ T8677] erofs: (device loop6): z_erofs_readpage: failed to read, err [-117]
[  520.245262][ T8652] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  520.563688][ T8688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1033'.
[  520.581136][ T8687] loop3: detected capacity change from 0 to 128
[  520.985236][ T8690] loop2: detected capacity change from 0 to 40427
[  521.081387][ T8690] F2FS-fs (loop2): invalid crc value
[  521.214377][ T8690] F2FS-fs (loop2): Found nat_bits in checkpoint
[  521.254249][ T8690] F2FS-fs (loop2): Start checkpoint disabled!
[  521.273961][ T8690] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  523.701181][  T154] attempt to access beyond end of device
[  523.701181][  T154] loop2: rw=2049, want=40984, limit=40427
[  523.730344][ T8701] loop6: detected capacity change from 0 to 8192
[  524.972746][ T8732] loop4: detected capacity change from 0 to 256
[  525.916287][ T8734] loop2: detected capacity change from 0 to 128
[  526.641185][ T8732] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  527.302037][ T8745] MPTCP: addr_signal error, rm_addr=1
[  528.370601][ T8760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1048'.
[  528.421537][ T8763] loop6: detected capacity change from 0 to 128
[  529.812468][ T8787] loop6: detected capacity change from 0 to 256
[  529.974259][ T8787] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  531.523065][ T8802] loop2: detected capacity change from 0 to 8192
[  532.714919][ T8812] loop3: detected capacity change from 0 to 128
[  533.936923][ T8831] loop6: detected capacity change from 0 to 128
[  534.074606][ T8840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1063'.
[  535.294078][ T8850] team0: Port device team_slave_0 removed
[  540.690499][ T8872] loop4: detected capacity change from 0 to 40427
[  540.755263][ T8872] F2FS-fs (loop4): invalid crc value
[  540.807017][ T8872] F2FS-fs (loop4): Found nat_bits in checkpoint
[  541.849446][ T8872] F2FS-fs (loop4): Start checkpoint disabled!
[  541.877607][ T8872] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  543.144663][ T8903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1077'.
[  543.208655][ T4493] attempt to access beyond end of device
[  543.208655][ T4493] loop4: rw=2049, want=40976, limit=40427
[  544.265164][ T8920] loop6: detected capacity change from 0 to 128
[  544.758510][ T8930] misc userio: Invalid payload size
[  544.764821][ T8930] misc userio: No port type given on /dev/userio
[  544.773032][ T8930] misc userio: The device must be registered before sending interrupts
[  547.651326][ T8948] loop2: detected capacity change from 0 to 128
[  547.767359][ T8953] loop3: detected capacity change from 0 to 1024
[  548.045328][ T8958] loop4: detected capacity change from 0 to 40427
[  548.092596][ T8958] F2FS-fs (loop4): invalid crc value
[  548.561004][ T8958] F2FS-fs (loop4): Found nat_bits in checkpoint
[  548.722588][ T8958] F2FS-fs (loop4): Start checkpoint disabled!
[  548.772684][ T8958] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  549.112949][ T8980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1093'.
[  549.123040][ T8980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1093'.
[  549.132365][ T8980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1093'.
[  549.142838][ T8980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1093'.
[  549.225373][ T8983] loop2: detected capacity change from 0 to 128
[  549.505914][ T4493] attempt to access beyond end of device
[  549.505914][ T4493] loop4: rw=2049, want=40976, limit=40427
[  549.680527][ T8990] loop6: detected capacity change from 0 to 40427
[  549.709499][ T8990] F2FS-fs (loop6): invalid crc value
[  549.719195][ T8990] F2FS-fs (loop6): Found nat_bits in checkpoint
[  549.751813][ T8990] F2FS-fs (loop6): Start checkpoint disabled!
[  549.784705][ T8990] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  552.068812][ T4344] attempt to access beyond end of device
[  552.068812][ T4344] loop6: rw=2049, want=45104, limit=40427
[  552.191335][ T9019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1101'.
[  552.244083][ T9021] loop4: detected capacity change from 0 to 16
[  552.375815][ T9021] erofs: (device loop4): mounted with root inode @ nid 36.
[  552.749376][ T9032] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  553.501553][ T9032] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  553.514702][ T9032] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[  554.251695][ T9050] IPv6: Can't replace route, no match found
[  554.330651][ T9054] loop3: detected capacity change from 0 to 256
[  555.424105][ T9063] misc userio: Invalid payload size
[  555.437159][ T9063] misc userio: No port type given on /dev/userio
[  555.472232][ T9063] misc userio: The device must be registered before sending interrupts
[  557.244861][ T9114] loop2: detected capacity change from 0 to 128
[  557.375747][ T9120] loop3: detected capacity change from 0 to 16
[  557.592733][ T9120] erofs: (device loop3): mounted with root inode @ nid 36.
[  557.976650][ T9146] MPTCP: addr_signal error, rm_addr=1
[  558.464174][ T9158] loop2: detected capacity change from 0 to 128
[  559.973211][ T9165] loop6: detected capacity change from 0 to 256
[  560.347332][ T9170] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  560.360157][ T9170] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  560.373263][ T9170] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  560.383281][ T9170] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  560.392733][ T9170] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  560.405772][ T9170] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  560.415722][ T9170] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  560.425185][ T9170] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  560.437430][ T9170] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  560.447494][ T9170] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  560.457089][ T9170] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  560.469317][ T9170] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  562.895917][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  562.902298][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  563.916441][ T9200] loop4: detected capacity change from 0 to 256
[  563.947411][ T9203] loop2: detected capacity change from 0 to 128
[  567.076986][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  567.784166][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  568.092143][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  568.167853][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  568.235224][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  568.276610][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  568.327540][ T9220] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  568.363896][ T9228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1133'.
[  570.175469][ T9247] loop6: detected capacity change from 0 to 40427
[  570.256974][ T9253] loop2: detected capacity change from 0 to 64
[  570.373092][ T9247] F2FS-fs (loop6): invalid crc value
[  570.394796][ T9247] F2FS-fs (loop6): Found nat_bits in checkpoint
[  570.435146][ T9247] F2FS-fs (loop6): Start checkpoint disabled!
[  570.451155][ T9247] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  573.078313][   T23] Bluetooth: hci0: command 0x0c20 tx timeout
[  573.123937][ T5990] attempt to access beyond end of device
[  573.123937][ T5990] loop6: rw=2049, want=40984, limit=40427
[  575.208081][ T9301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1149'.
[  575.686575][ T9312] loop3: detected capacity change from 0 to 128
[  575.756016][ T9314] loop2: detected capacity change from 0 to 2048
[  576.087768][ T9314] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  577.083248][ T9334] loop3: detected capacity change from 0 to 40427
[  578.051983][ T9334] F2FS-fs (loop3): invalid crc value
[  578.247995][ T9334] F2FS-fs (loop3): Found nat_bits in checkpoint
[  578.974381][ T9334] F2FS-fs (loop3): Start checkpoint disabled!
[  579.552620][ T9334] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  580.065213][ T9360] loop6: detected capacity change from 0 to 40427
[  580.135216][ T9360] F2FS-fs (loop6): invalid crc value
[  580.253264][ T9360] F2FS-fs (loop6): Found nat_bits in checkpoint
[  580.262542][ T5985] attempt to access beyond end of device
[  580.262542][ T5985] loop3: rw=2049, want=40984, limit=40427
[  580.297015][ T9360] F2FS-fs (loop6): Start checkpoint disabled!
[  580.314065][ T9368] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1164'.
[  580.332985][ T9360] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  580.469173][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1164'.
[  580.996343][ T5998] attempt to access beyond end of device
[  580.996343][ T5998] loop6: rw=2049, want=40976, limit=40427
[  581.412211][ T9390] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1177'.
[  581.445748][ T9395] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
[  581.868703][ T9395] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
[  582.235793][ T9395] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
[  582.299874][ T9395] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
[  582.309835][ T9395] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
[  582.319871][ T9395] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
[  582.327820][ T9400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'.
[  582.383746][ T9408] loop3: detected capacity change from 0 to 512
[  582.908023][ T9425] loop6: detected capacity change from 0 to 128
[  582.951455][ T9408] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  583.033444][ T9408] ext4 filesystem being mounted at /252/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  583.349963][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  583.349979][   T26] audit: type=1800 audit(1760795488.206:23): pid=9408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1169" name="file1" dev="loop3" ino=15 res=0 errno=0
[  583.376534][    C1] vkms_vblank_simulate: vblank timer overrun
[  586.362181][ T9468] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1181'.
[  587.563091][ T9482] loop3: detected capacity change from 0 to 32768
[  587.740788][ T9489] loop4: detected capacity change from 0 to 128
[  587.857699][ T9482] (syz.3.1185,9482,1):ocfs2_slot_map_physical_size:223 ERROR: Slot map file is too small!  (size 0, needed 8)
[  588.006410][ T9490] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  589.417396][ T9498] loop4: detected capacity change from 0 to 40427
[  590.013927][ T9498] F2FS-fs (loop4): invalid crc value
[  590.024265][ T9498] F2FS-fs (loop4): Found nat_bits in checkpoint
[  590.057846][ T9498] F2FS-fs (loop4): Start checkpoint disabled!
[  590.137246][ T9498] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  592.972223][ T9122] attempt to access beyond end of device
[  592.972223][ T9122] loop4: rw=2049, want=40976, limit=40427
[  595.763620][ T9536] loop2: detected capacity change from 0 to 40427
[  595.781091][ T9536] F2FS-fs (loop2): invalid crc value
[  595.915841][ T9536] F2FS-fs (loop2): Found nat_bits in checkpoint
[  595.949485][ T9536] F2FS-fs (loop2): Start checkpoint disabled!
[  595.989584][ T9536] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  596.905719][ T9126] attempt to access beyond end of device
[  596.905719][ T9126] loop2: rw=2049, want=40976, limit=40427
[  598.584859][ T9565] loop2: detected capacity change from 0 to 128
[  599.517487][ T9573] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1205'.
[  599.535583][ T9573] netlink: 'syz.6.1205': attribute type 6 has an invalid length.
[  601.255565][   T21] Bluetooth: hci0: command 0x0406 tx timeout
[  601.365464][ T9581] loop2: detected capacity change from 0 to 128
[  601.870005][ T9585] loop4: detected capacity change from 0 to 40427
[  602.017143][ T9576] loop3: detected capacity change from 0 to 8192
[  602.051733][ T9585] F2FS-fs (loop4): invalid crc value
[  602.090252][ T9585] F2FS-fs (loop4): Found nat_bits in checkpoint
[  602.138253][ T9585] F2FS-fs (loop4): Start checkpoint disabled!
[  602.159328][ T9585] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  606.007901][ T5985] attempt to access beyond end of device
[  606.007901][ T5985] loop4: rw=2049, want=40976, limit=40427
[  606.076214][ T9628] misc userio: Invalid payload size
[  606.082867][ T9628] misc userio: No port type given on /dev/userio
[  606.091099][ T9628] misc userio: The device must be registered before sending interrupts
[  606.248169][ T9629] loop3: detected capacity change from 0 to 128
[  607.695460][ T9643] loop2: detected capacity change from 0 to 8192
[  607.891829][ T9641] hub 9-0:1.0: USB hub found
[  607.897182][ T9641] hub 9-0:1.0: 1 port detected
[  608.842546][ T9659] loop4: detected capacity change from 0 to 16
[  608.911122][ T9659] erofs: (device loop4): mounted with root inode @ nid 36.
[  610.204034][ T9682] loop4: detected capacity change from 0 to 32768
[  610.280722][ T9682] (syz.4.1233,9682,0):ocfs2_slot_map_physical_size:223 ERROR: Slot map file is too small!  (size 0, needed 8)
[  610.352868][ T9682] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  610.622151][ T9689] loop2: detected capacity change from 0 to 128
[  613.109749][ T9713] loop3: detected capacity change from 0 to 16
[  613.169571][ T9713] erofs: (device loop3): mounted with root inode @ nid 36.
[  613.814923][ T9718] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  613.890712][ T9718] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  613.904225][ T9718] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  615.472614][ T5864] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  615.612308][ T9728] loop3: detected capacity change from 0 to 8192
[  616.233065][ T9741] loop6: detected capacity change from 0 to 128
[  616.342854][ T5864] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  616.376488][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.422149][ T5864] usb 1-1: Product: syz
[  616.425699][ T9745] loop6: detected capacity change from 0 to 128
[  616.454807][ T5864] usb 1-1: Manufacturer: syz
[  616.493968][ T5864] usb 1-1: SerialNumber: syz
[  616.495021][ T9743] loop3: detected capacity change from 0 to 4096
[  616.535160][ T9747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1251'.
[  616.662402][ T9750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1251'.
[  616.943790][ T9752] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  617.191200][   T26] audit: type=1800 audit(1760795522.046:24): pid=9743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1249" name="file1" dev="loop3" ino=15 res=0 errno=0
[  617.992559][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  618.154800][ T9758] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1249'.
[  618.731423][ T9760] loop6: detected capacity change from 0 to 16
[  618.793268][ T9760] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  618.806308][ T9762] loop2: detected capacity change from 0 to 16
[  618.903250][ T9762] erofs: (device loop2): mounted with root inode @ nid 36.
[  619.760745][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  619.880820][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  621.851762][ T9778] loop4: detected capacity change from 0 to 8192
[  621.899411][ T5864] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  621.909502][ T5864] lan78xx: probe of 1-1:1.0 failed with error -71
[  621.941989][ T9788] loop6: detected capacity change from 0 to 128
[  621.951692][ T5864] usb 1-1: USB disconnect, device number 4
[  622.294981][ T9791] fuse: Bad value for 'fd'
[  622.308542][ T9791] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000ff00)
[  622.316920][ T9791] FAT-fs (loop4): Filesystem has been set read-only
[  624.343330][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  624.350978][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  625.167597][ T9810] loop6: detected capacity change from 0 to 4096
[  625.719935][ T9814] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  626.155601][   T26] audit: type=1800 audit(1760795531.016:25): pid=9810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1266" name="file1" dev="loop6" ino=15 res=0 errno=0
[  627.023538][ T9830] netlink: 220 bytes leftover after parsing attributes in process `syz.6.1266'.
[  627.932963][ T5864] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  628.514910][ T5864] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  628.544802][ T5864] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.582604][ T5864] usb 3-1: Product: syz
[  628.592911][ T5864] usb 3-1: Manufacturer: syz
[  628.612611][ T5864] usb 3-1: SerialNumber: syz
[  629.041332][ T9842] loop3: detected capacity change from 0 to 8192
[  630.206383][ T5864] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  630.232616][ T5864] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  630.287330][ T5864] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  630.318751][ T5864] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  630.338086][ T5864] lan78xx: probe of 3-1:1.0 failed with error -71
[  631.281865][ T5864] usb 3-1: USB disconnect, device number 4
[  631.817337][ T9873] loop6: detected capacity change from 0 to 40427
[  631.875904][ T9873] F2FS-fs (loop6): invalid crc value
[  631.930774][ T9873] F2FS-fs (loop6): Found nat_bits in checkpoint
[  631.960803][ T9873] F2FS-fs (loop6): Start checkpoint disabled!
[  632.013318][ T9873] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  632.991695][ T9890] misc userio: Invalid payload size
[  632.998058][ T9890] misc userio: No port type given on /dev/userio
[  633.005730][ T9890] misc userio: The device must be registered before sending interrupts
[  633.334999][ T9892] loop3: detected capacity change from 0 to 128
[  633.802106][ T9126] attempt to access beyond end of device
[  633.802106][ T9126] loop6: rw=2049, want=40976, limit=40427
[  633.812434][ T9897] loop2: detected capacity change from 0 to 4096
[  634.145203][ T4186] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22.
[  634.372698][ T4186] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  634.867568][ T9912] loop2: detected capacity change from 0 to 128
[  635.345415][ T9908] loop6: detected capacity change from 0 to 8192
[  635.798161][ T9917] fuse: Bad value for 'fd'
[  635.804450][ T9917] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000ff00)
[  635.812312][ T9917] FAT-fs (loop6): Filesystem has been set read-only
[  638.590724][ T9941] misc userio: Invalid payload size
[  638.597156][ T9941] misc userio: No port type given on /dev/userio
[  638.604640][ T9941] misc userio: The device must be registered before sending interrupts
[  639.990638][ T9945] loop3: detected capacity change from 0 to 2048
[  640.054989][ T9949] loop2: detected capacity change from 0 to 16
[  640.161207][ T9949] erofs: (device loop2): mounted with root inode @ nid 36.
[  640.188095][ T9945] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  641.309816][ T9963] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  641.324806][ T9963] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  641.338049][ T9963] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  641.349592][ T9963] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  641.359113][ T9963] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  641.372215][ T9963] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  641.383299][ T9963] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  641.392801][ T9963] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  641.406021][ T9963] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  641.418929][ T9963] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  641.428465][ T9963] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  641.441580][ T9963] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  641.803220][ T9955] loop6: detected capacity change from 0 to 8192
[  642.968643][ T9971] fuse: Bad value for 'fd'
[  642.975023][ T9971] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000ff00)
[  642.984975][ T9971] FAT-fs (loop6): Filesystem has been set read-only
[  643.426204][ T9977] mkiss: ax0: crc mode is auto.
[  646.423914][ T9998] misc userio: Invalid payload size
[  646.429966][ T9998] misc userio: No port type given on /dev/userio
[  646.437817][ T9998] misc userio: The device must be registered before sending interrupts
[  648.233808][T10003] loop2: detected capacity change from 0 to 1024
[  648.629423][T10003] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  648.645385][T10003] EXT4-fs (loop2): orphan cleanup on readonly fs
[  648.718416][T10003] EXT4-fs error (device loop2): ext4_free_blocks:6218: comm syz.2.1314: Freeing blocks not in datazone - block = 0, count = 4096
[  648.737164][T10003] EXT4-fs (loop2): 1 orphan inode deleted
[  648.749831][T10003] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  649.794729][   T26] audit: type=1326 audit(1760795554.626:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.4.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  649.935591][   T26] audit: type=1326 audit(1760795554.626:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.4.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  650.019015][   T26] audit: type=1326 audit(1760795554.726:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.4.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  650.050028][ T8070] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  650.098319][ T8070] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  650.120440][   T26] audit: type=1326 audit(1760795554.726:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.4.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  650.237038][   T26] audit: type=1326 audit(1760795554.726:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.4.1320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea2829efc9 code=0x7ffc0000
[  650.307118][T10024] loop2: detected capacity change from 0 to 8192
[  650.417302][T10035] Cannot find add_set index 65532 as target
[  650.646072][T10037] fuse: Bad value for 'fd'
[  650.663313][T10037] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  650.671600][T10037] FAT-fs (loop2): Filesystem has been set read-only
[  651.363044][T10041] loop2: detected capacity change from 0 to 128
[  653.465895][T10021] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.473257][T10021] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.492747][   T26] audit: type=1400 audit(1760795558.346:31): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10052 comm="syz.3.1328"
[  657.689642][T10082] loop3: detected capacity change from 0 to 4096
[  657.773881][T10079] loop2: detected capacity change from 0 to 8192
[  658.002938][T10021] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  658.077456][T10084] fuse: Bad value for 'fd'
[  658.084000][T10084] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  658.091860][T10084] FAT-fs (loop2): Filesystem has been set read-only
[  658.114464][T10021] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  658.123681][ T4184] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  658.130161][ T4184] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  658.228618][T10089] ubi0: attaching mtd0
[  658.238482][T10089] ubi0: scanning is finished
[  658.255394][T10089] ubi0: empty MTD device detected
[  658.807825][T10089] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  659.011979][T10089] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  659.292506][T10089] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  659.360195][T10089] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  659.378190][T10089] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  659.392542][T10089] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  659.410935][T10089] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2222276451
[  659.431629][T10089] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  659.464736][T10094] ubi0: background thread "ubi_bgt0d" started, PID 10094
[  659.498459][T10091] ubi0: detaching mtd0
[  659.540061][T10091] ubi0: mtd0 is detached
[  659.608538][   T21] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  659.922901][   T21] usb 3-1: Using ep0 maxpacket: 32
[  660.062989][   T21] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  660.351252][   T21] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  660.371423][T10103] loop3: detected capacity change from 0 to 128
[  660.378104][   T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.396503][   T21] usb 3-1: Product: syz
[  660.423110][   T21] usb 3-1: Manufacturer: syz
[  660.443083][   T21] usb 3-1: SerialNumber: syz
[  660.461987][   T21] usb 3-1: config 0 descriptor??
[  660.682107][   T21] usb 3-1: bad CDC descriptors
[  660.689962][   T21] usb 3-1: unsupported MDLM descriptors
[  661.192700][ T5425] usb 3-1: USB disconnect, device number 5
[  661.783147][T10111] loop2: detected capacity change from 0 to 512
[  662.100399][T10111] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.1344: inode #1: comm syz.2.1344: iget: illegal inode #
[  662.173302][T10111] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1344: error while reading EA inode 1 err=-117
[  662.385260][T10111] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.1344: inode #1: comm syz.2.1344: iget: illegal inode #
[  662.551887][T10111] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1344: error while reading EA inode 1 err=-117
[  662.708099][T10111] EXT4-fs (loop2): 1 orphan inode deleted
[  662.752649][T10111] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,stripe=0x0000000000000003,norecovery,noinit_itable,max_batch_time=0x0000000000000006,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,barrier=0x0000000000000002,noblock_validity,noquota,,errors=continue. Quota mode: none.
[  662.782529][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.901002][T10021] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  662.921992][T10021] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  662.992531][T10021] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  663.033775][T10021] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  664.213969][T10127] loop3: detected capacity change from 0 to 8
[  664.317444][T10130] loop2: detected capacity change from 0 to 8192
[  664.533279][T10127] SQUASHFS error: xz decompression failed, data probably corrupt
[  664.541560][T10127] SQUASHFS error: Failed to read block 0x108: -5
[  664.548937][T10127] SQUASHFS error: Unable to read metadata cache entry [106]
[  664.556258][T10127] SQUASHFS error: Unable to read inode 0x11f
[  665.989705][T10147] fuse: Bad value for 'fd'
[  666.038306][T10147] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000ff00)
[  666.046612][T10147] FAT-fs (loop2): Filesystem has been set read-only
[  666.538988][   T26] audit: type=1400 audit(1760795571.396:32): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10136 comm="syz.4.1354"
[  666.954039][T10150] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  666.960624][T10150] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  666.976088][T10150] vhci_hcd vhci_hcd.0: Device attached
[  667.036703][T10162] loop6: detected capacity change from 0 to 128
[  667.079789][T10150] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  667.134041][T10150] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  667.172366][T10157] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(13)
[  667.179040][T10157] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  667.309741][T10152] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(10)
[  667.316518][T10152] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  667.326868][T10152] vhci_hcd vhci_hcd.0: Device attached
[  667.336284][T10150] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  667.924747][ T9111] Bluetooth: hci5: Frame reassembly failed (-90)
[  668.373912][T10150] vhci_hcd vhci_hcd.0: pdev(0) rhport(6) sockfd(12)
[  668.380578][T10150] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  668.392627][ T8070] usb 33-1: new low-speed USB device number 3 using vhci_hcd
[  668.421033][T10150] vhci_hcd vhci_hcd.0: Device attached
[  668.486944][T10174] loop4: detected capacity change from 0 to 128
[  668.505909][T10158] vhci_hcd: connection closed
[  668.505977][T10154] vhci_hcd: connection closed
[  668.516559][T10151] vhci_hcd: connection reset by peer
[  668.537703][T10157] vhci_hcd vhci_hcd.0: Device attached
[  668.548448][T10169] vhci_hcd: connection closed
[  668.570104][ T9111] vhci_hcd: stop threads
[  668.579936][ T9111] vhci_hcd: release socket
[  668.584583][ T9111] vhci_hcd: disconnect device
[  668.591257][ T9111] vhci_hcd: stop threads
[  668.596005][ T9111] vhci_hcd: release socket
[  668.600527][ T9111] vhci_hcd: disconnect device
[  668.646021][ T9111] vhci_hcd: stop threads
[  668.660683][ T9111] vhci_hcd: release socket
[  668.665816][ T9111] vhci_hcd: disconnect device
[  668.733163][ T9111] vhci_hcd: stop threads
[  668.807604][T10176] loop3: detected capacity change from 0 to 256
[  668.823826][ T9111] vhci_hcd: release socket
[  668.843868][ T9111] vhci_hcd: disconnect device
[  669.469820][T10176] exfat: Deprecated parameter 'utf8'
[  669.480354][T10176] exfat: Unknown parameter 'keep_last_dots'
[  669.932630][   T23] Bluetooth: hci5: command 0x1003 tx timeout
[  669.939668][ T4194] Bluetooth: hci5: sending frame failed (-49)
[  671.197411][T10194] loop4: detected capacity change from 0 to 8192
[  671.730346][T10210] fuse: Bad value for 'fd'
[  672.065441][ T5425] Bluetooth: hci5: command 0x1001 tx timeout
[  672.071640][ T4194] Bluetooth: hci5: sending frame failed (-49)
[  672.142333][T10210] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000ff00)
[  672.150457][T10210] FAT-fs (loop4): Filesystem has been set read-only
[  673.532823][ T8070] vhci_hcd: vhci_device speed not set
[  673.579082][T10225] loop6: detected capacity change from 0 to 1768
[  673.589692][T10231] loop4: detected capacity change from 0 to 128
[  674.160053][ T5425] Bluetooth: hci5: command 0x1009 tx timeout
[  674.626764][T10238] loop6: detected capacity change from 0 to 128
[  677.466119][T10262] fuse: Bad value for 'fd'
[  677.962924][T10256] loop4: detected capacity change from 0 to 64
[  680.164321][T10287] loop6: detected capacity change from 0 to 128
[  680.756205][T10289] loop4: detected capacity change from 0 to 8
[  681.097805][T10289] SQUASHFS error: xz decompression failed, data probably corrupt
[  681.106017][T10289] SQUASHFS error: Failed to read block 0x108: -5
[  681.112410][T10289] SQUASHFS error: Unable to read metadata cache entry [106]
[  681.119865][T10289] SQUASHFS error: Unable to read inode 0x11f
[  683.794497][T10304] fuse: Bad value for 'fd'
[  686.890617][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  686.898567][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  687.230122][T10340] loop2: detected capacity change from 0 to 16
[  688.084600][T10340] erofs: (device loop2): mounted with root inode @ nid 36.
[  688.628104][T10353] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  689.022420][T10353] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  689.035749][T10353] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  689.120611][   T21] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  690.043028][T10359] fuse: Bad value for 'fd'
[  691.712555][   T21] usb 7-1: unable to read config index 0 descriptor/start: -71
[  692.247971][   T21] usb 7-1: can't read configurations, error -71
[  692.305144][T10376] loop4: detected capacity change from 0 to 128
[  694.306832][T10376] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  694.338315][T10376] ext4 filesystem being mounted at /277/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  695.532018][T10405] loop4: detected capacity change from 0 to 8192
[  695.900335][T10411] fuse: Bad value for 'fd'
[  695.910559][T10411] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000ff00)
[  695.918523][T10411] FAT-fs (loop4): Filesystem has been set read-only
[  699.796602][T10437] loop4: detected capacity change from 0 to 128
[  699.974677][T10437] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  700.049729][T10437] ext4 filesystem being mounted at /283/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  700.119465][T10426] loop3: detected capacity change from 0 to 32768
[  700.327531][T10426] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1430 (10426)
[  701.024009][T10426] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  701.070845][T10426] BTRFS info (device loop3): allowing degraded mounts
[  701.107256][T10452] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1438'.
[  701.173584][T10426] BTRFS info (device loop3): setting nodatasum
[  701.218246][T10426] BTRFS info (device loop3): disabling tree log
[  702.008716][T10426] BTRFS info (device loop3): max_inline at 0
[  702.142852][T10426] BTRFS info (device loop3): using free space tree
[  702.149994][T10426] BTRFS info (device loop3): has skinny extents
[  703.154368][T10454] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  703.415109][T10454] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  703.422069][T10454] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  703.429297][T10454] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  703.436752][T10454] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  703.443704][T10454] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  703.451058][T10454] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  703.458201][T10454] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  703.465123][T10454] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  703.471997][T10454] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  703.478856][T10454] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  703.485746][T10454] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  703.492689][T10454] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  703.500816][T10454] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  704.229634][T10490] batman_adv: batadv0: Adding interface: gretap1
[  704.331193][T10494] loop6: detected capacity change from 0 to 8
[  705.044317][T10490] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  705.164910][T10490] batman_adv: batadv0: Interface activated: gretap1
[  705.211607][T10496] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1441'.
[  705.464216][T10426] BTRFS error (device loop3): open_ctree failed: -12
[  705.705891][T10494] SQUASHFS error: xz decompression failed, data probably corrupt
[  705.722671][T10494] SQUASHFS error: Failed to read block 0x108: -5
[  705.781088][T10542] loop4: detected capacity change from 0 to 128
[  705.802363][T10494] SQUASHFS error: Unable to read metadata cache entry [106]
[  705.948826][T10542] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  706.036262][T10542] ext4 filesystem being mounted at /286/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  706.081398][T10494] SQUASHFS error: Unable to read inode 0x11f
[  706.804109][T10552] loop2: detected capacity change from 0 to 2048
[  706.846695][T10554] loop3: detected capacity change from 0 to 16
[  707.041331][T10554] erofs: (device loop3): mounted with root inode @ nid 36.
[  708.398862][T10565] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  708.887147][T10565] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  708.900538][T10565] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  710.588349][T10592] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1455'.
[  712.118590][T10605] loop4: detected capacity change from 0 to 128
[  712.214020][T10606] loop2: detected capacity change from 0 to 2048
[  712.358310][T10610] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1460'.
[  713.802596][T10619] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  715.025842][T10655] loop3: detected capacity change from 0 to 128
[  717.351838][T10674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1470'.
[  717.444320][T10679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1470'.
[  718.390493][T10694] loop6: detected capacity change from 0 to 2048
[  721.153905][T10735] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1486'.
[  721.172667][T10736] loop2: detected capacity change from 0 to 128
[  721.286044][T10737] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1486'.
[  721.874791][T10745] loop4: detected capacity change from 0 to 128
[  722.186600][T10746] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1488'.
[  722.199431][T10745] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  722.314305][T10745] ext4 filesystem being mounted at /297/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  725.748062][T10785] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1501'.
[  725.828619][T10793] loop3: detected capacity change from 0 to 128
[  725.836365][T10795] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1501'.
[  726.024007][T10793] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  726.045178][T10793] ext4 filesystem being mounted at /307/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  728.456335][T10839] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1517'.
[  728.803076][T10844] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  728.827412][T10844] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  729.644380][T10857] loop4: detected capacity change from 0 to 128
[  729.963396][T10857] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  730.030780][T10857] ext4 filesystem being mounted at /309/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  730.397098][   T26] audit: type=1400 audit(1760795635.256:33): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10867 comm="syz.2.1525"
[  732.865394][T10883] misc userio: Invalid payload size
[  732.908686][T10883] misc userio: No port type given on /dev/userio
[  732.971279][T10883] misc userio: The device must be registered before sending interrupts
[  733.142118][T10895] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1532'.
[  734.567918][   T26] audit: type=1400 audit(1760795639.426:34): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10916 comm="syz.4.1539"
[  735.632360][T10937] loop2: detected capacity change from 0 to 128
[  735.824432][T10931] misc userio: Invalid payload size
[  735.877752][T10931] misc userio: No port type given on /dev/userio
[  735.986947][T10935] misc userio: The device must be registered before sending interrupts
[  739.396540][T10970] loop6: detected capacity change from 0 to 8192
[  741.278177][T10981] misc userio: Invalid payload size
[  741.370898][T10983] misc userio: No port type given on /dev/userio
[  741.444332][T10981] misc userio: The device must be registered before sending interrupts
[  743.622865][T11013] loop4: detected capacity change from 0 to 8192
[  743.803667][T11029] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  743.829915][T11029] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  745.858193][T11048] misc userio: No port type given on /dev/userio
[  745.922780][T11048] misc userio: The device must be registered before sending interrupts
[  746.012851][T11072] loop4: detected capacity change from 0 to 128
[  746.632358][T11085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1586'.
[  748.312904][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  748.319375][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  748.859254][T11115] loop3: detected capacity change from 0 to 128
[  749.479724][T11123] loop2: detected capacity change from 0 to 128
[  751.619798][T11141] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1604'.
[  751.701383][T11145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1604'.
[  753.487230][T11173] loop6: detected capacity change from 0 to 128
[  754.992268][T11183] loop3: detected capacity change from 0 to 128
[  755.345020][T11199] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1621'.
[  758.531202][T11236] loop3: detected capacity change from 0 to 8192
[  758.958096][T11251] fuse: Bad value for 'fd'
[  758.972231][T11251] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000ff00)
[  758.980238][T11251] FAT-fs (loop3): Filesystem has been set read-only
[  760.525093][T11269] loop2: detected capacity change from 0 to 128
[  760.860890][T11274] loop3: detected capacity change from 0 to 16
[  761.056615][T11274] erofs: (device loop3): mounted with root inode @ nid 36.
[  761.096784][T11279] misc userio: Invalid payload size
[  762.994246][T11274] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  763.005668][T11276] misc userio: No port type given on /dev/userio
[  763.012457][T11274] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  763.012596][T11276] misc userio: The device must be registered before sending interrupts
[  763.033956][T11274] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  763.045808][T11274] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  763.055267][T11274] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  763.068284][T11274] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  763.078261][T11274] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  763.087673][T11274] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  763.099943][T11274] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  763.110758][T11274] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  763.120174][T11274] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  763.132511][T11274] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  763.507987][T11286] loop6: detected capacity change from 0 to 8192
[  763.824936][T11292] fuse: Bad value for 'fd'
[  763.831389][T11292] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000ff00)
[  763.839461][T11292] FAT-fs (loop6): Filesystem has been set read-only
[  765.231216][   T26] audit: type=1400 audit(1760795670.086:35): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11312 comm="syz.2.1656"
[  766.231825][T11320] misc userio: Invalid payload size
[  766.271250][T11320] misc userio: No port type given on /dev/userio
[  766.302720][T11320] misc userio: The device must be registered before sending interrupts
[  767.018999][T11330] kvm: pic: non byte write
[  767.145148][T11334] loop2: detected capacity change from 0 to 128
[  767.347968][T11338] fuse: Bad value for 'fd'
[  770.726105][   T26] audit: type=1326 audit(1760795675.586:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11371 comm="syz.3.1672" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7eaaaddfc9 code=0x0
[  770.729107][T11368] loop4: detected capacity change from 0 to 128
[  771.829699][T11389] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1679'.
[  772.321175][T11400] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1679'.
[  772.332885][   T26] audit: type=1400 audit(1760795677.196:37): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11391 comm="syz.3.1680"
[  772.502120][T11404] loop2: detected capacity change from 0 to 128
[  773.744211][T11427] loop2: detected capacity change from 0 to 128
[  773.789889][T11427] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  773.810565][T11427] ext4 filesystem being mounted at /346/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  776.440622][T11451] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1694'.
[  776.869268][T11454] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1694'.
[  777.206993][   T26] audit: type=1400 audit(1760795682.066:38): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11455 comm="syz.2.1695"
[  780.054101][T11477] misc userio: Invalid payload size
[  780.060972][T11477] misc userio: No port type given on /dev/userio
[  780.069040][T11477] misc userio: The device must be registered before sending interrupts
[  780.568796][T11499] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1710'.
[  780.679549][T11505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1710'.
[  780.694100][   T26] audit: type=1400 audit(1760795685.556:39): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11500 comm="syz.0.1711"
[  782.138025][T11518] loop3: detected capacity change from 0 to 128
[  786.299492][T11534] misc userio: Invalid payload size
[  786.306025][T11534] misc userio: No port type given on /dev/userio
[  786.313550][T11534] misc userio: The device must be registered before sending interrupts
[  787.450013][T11542] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1722'.
[  787.526291][T11545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1722'.
[  791.043215][T11584] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1735'.
[  791.145502][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1735'.
[  793.955399][T11618] loop3: detected capacity change from 0 to 128
[  795.230426][T11633] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1750'.
[  795.337459][T11636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1750'.
[  795.365971][T11630] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  800.740762][T11664] loop3: detected capacity change from 0 to 128
[  800.771347][T11665] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  803.797903][T11697] loop2: detected capacity change from 0 to 16
[  803.888940][T11697] erofs: (device loop2): mounted with root inode @ nid 36.
[  804.239794][T11712] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  804.252814][T11712] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  804.266051][T11712] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  804.278522][T11713] raw_sendmsg: syz.4.1772 forgot to set AF_INET. Fix it!
[  804.298212][T11712] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  804.307814][T11712] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  804.320831][T11712] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  804.342870][T11709] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  804.378446][T11709] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  804.396950][T11716] loop6: detected capacity change from 0 to 128
[  804.403217][T11709] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  804.428175][T11709] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  804.440337][T11709] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  804.461616][T11709] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
[  804.908976][T11720] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  804.927287][T11720] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  806.242429][T11756] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  806.412127][   T26] audit: type=1400 audit(1760795711.266:40): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11762 comm="syz.2.1789"
[  808.339784][T11784] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  808.639846][T11787] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  808.655680][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  808.662064][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  808.692723][T11787] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  810.359121][   T26] audit: type=1400 audit(1760795715.216:41): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11809 comm="syz.3.1802"
[  814.414565][   T26] audit: type=1326 audit(1760795719.276:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11873 comm="syz.2.1822" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fec4683bfc9 code=0x0
[  817.253662][T11890] kvm: emulating exchange as write
[  820.811249][T11947] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  820.835311][T11947] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  821.088265][T11953] misc userio: Invalid payload size
[  821.094874][T11953] misc userio: No port type given on /dev/userio
[  821.102319][T11953] misc userio: The device must be registered before sending interrupts
[  821.568586][T11954] MPTCP: addr_signal error, rm_addr=1
[  822.020351][   T26] audit: type=1400 audit(1760795726.876:43): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=11958 comm="syz.3.1848"
[  824.683768][T11998] MPTCP: addr_signal error, rm_addr=1
[  824.970019][T12002] loop4: detected capacity change from 0 to 8192
[  827.109890][T12051] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  827.137920][T12043] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  827.146723][T12043] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  828.063448][T12069] loop6: detected capacity change from 0 to 8192
[  828.480329][T12077] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000ff00)
[  828.488396][T12077] FAT-fs (loop6): Filesystem has been set read-only
[  831.097593][T12120] loop2: detected capacity change from 0 to 128
[  831.338242][T12120] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  831.367679][T12120] ext4 filesystem being mounted at /393/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  834.528386][T12175] MPTCP: addr_signal error, rm_addr=1
[  836.594945][T12206] loop6: detected capacity change from 0 to 128
[  839.078998][T12267] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  839.097593][   T26] audit: type=1400 audit(1760795743.956:44): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=12269 comm="syz.2.1940"
[  839.153489][T12267] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  841.227419][T12297] loop3: detected capacity change from 0 to 128
[  841.674377][   T26] audit: type=1400 audit(1760795746.536:45): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=12308 comm="syz.4.1953"
[  842.721267][T12320] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  845.908995][   T26] audit: type=1400 audit(1760795750.766:46): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=12362 comm="syz.6.1968"
[  851.740516][T12434] loop6: detected capacity change from 0 to 16
[  851.771759][T12434] erofs: (device loop6): mounted with root inode @ nid 36.
[  851.859072][T12437] loop3: detected capacity change from 0 to 128
[  852.557252][T12459] loop4: detected capacity change from 0 to 128
[  853.588240][T12467] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  853.781710][T12467] erofs: (device loop6): z_erofs_lz4_decompress: failed to decompress -44 in[46, 4050] out[1851]
[  853.827645][T12467] erofs: (device loop6): z_erofs_readpage: failed to read, err [-117]
[  856.351514][T12514] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  856.369786][T12514] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  856.527285][T12518] loop2: detected capacity change from 0 to 128
[  859.140477][T12529] loop3: detected capacity change from 0 to 128
[  860.586245][T12553] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  860.604203][T12553] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  864.412024][T12597] misc userio: Invalid payload size
[  864.417777][T12597] misc userio: No port type given on /dev/userio
[  864.433137][T12597] misc userio: The device must be registered before sending interrupts
[  867.399868][T12636] misc userio: Invalid payload size
[  867.405722][T12636] misc userio: No port type given on /dev/userio
[  867.413481][T12636] misc userio: The device must be registered before sending interrupts
[  867.834076][T12641] fuse: Bad value for 'fd'
[  870.095026][ T1426] ieee802154 phy0 wpan0: encryption failed: -22
[  870.106547][ T1426] ieee802154 phy1 wpan1: encryption failed: -22
[  870.864978][T12672] misc userio: Invalid payload size
[  870.870527][T12672] misc userio: No port type given on /dev/userio
[  870.877455][T12672] misc userio: The device must be registered before sending interrupts
[  871.216255][T12674] loop2: detected capacity change from 0 to 8192
[  873.622425][   T26] audit: type=1326 audit(1760795777.896:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.039944][T12706] misc userio: Invalid payload size
[  874.045682][T12706] misc userio: No port type given on /dev/userio
[  874.052152][T12706] misc userio: The device must be registered before sending interrupts
[  874.083001][   T26] audit: type=1326 audit(1760795777.896:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.106208][   T26] audit: type=1326 audit(1760795777.896:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.152972][   T26] audit: type=1326 audit(1760795777.896:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.235977][   T26] audit: type=1326 audit(1760795777.896:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.352514][   T26] audit: type=1326 audit(1760795777.896:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.450042][   T26] audit: type=1326 audit(1760795777.896:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  874.786124][   T26] audit: type=1326 audit(1760795777.896:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12695 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7faa4d53ffc9 code=0x7ffc0000
[  876.672210][T12749] misc userio: Invalid payload size
[  876.677841][T12749] misc userio: No port type given on /dev/userio
[  876.684773][T12749] misc userio: The device must be registered before sending interrupts
[  877.569551][T12785] misc userio: Invalid payload size
[  877.580833][T12785] misc userio: No port type given on /dev/userio
[  877.587838][T12785] misc userio: The device must be registered before sending interrupts
[  878.770705][T12799] loop6: detected capacity change from 0 to 128
[  880.003682][ T8247] 
[  880.006066][ T8247] ======================================================
[  880.013177][ T8247] WARNING: possible circular locking dependency detected
[  880.020217][ T8247] syzkaller #0 Not tainted
[  880.024648][ T8247] ------------------------------------------------------
[  880.031674][ T8247] syz-executor/8247 is trying to acquire lock:
[  880.038022][ T8247] ffff888076f06138 ((wq_completion)loop6){+.+.}-{0:0}, at: flush_workqueue+0x126/0x1380
[  880.047885][ T8247] 
[  880.047885][ T8247] but task is already holding lock:
[  880.055260][ T8247] ffff88802029b468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90
[  880.064239][ T8247] 
[  880.064239][ T8247] which lock already depends on the new lock.
[  880.064239][ T8247] 
[  880.074654][ T8247] 
[  880.074654][ T8247] the existing dependency chain (in reverse order) is:
[  880.083674][ T8247] 
[  880.083674][ T8247] -> #8 (&lo->lo_mutex){+.+.}-{3:3}:
[  880.091155][ T8247]        __mutex_lock_common+0x1eb/0x2390
[  880.096965][ T8247]        mutex_lock_killable_nested+0x17/0x20
[  880.103040][ T8247]        lo_open+0x6a/0x100
[  880.107549][ T8247]        blkdev_get_whole+0x90/0x390
[  880.112918][ T8247]        blkdev_get_by_dev+0x2d0/0xa60
[  880.118471][ T8247]        blkdev_open+0x12d/0x2c0
[  880.123414][ T8247]        do_dentry_open+0x7ff/0xf80
[  880.128684][ T8247]        path_openat+0x2682/0x2f30
[  880.133842][ T8247]        do_filp_open+0x1b3/0x3e0
[  880.139141][ T8247]        do_sys_openat2+0x142/0x4a0
[  880.144352][ T8247]        __x64_sys_openat+0x135/0x160
[  880.149737][ T8247]        do_syscall_64+0x4c/0xa0
[  880.154755][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.161207][ T8247] 
[  880.161207][ T8247] -> #7 (&disk->open_mutex){+.+.}-{3:3}:
[  880.169026][ T8247]        __mutex_lock_common+0x1eb/0x2390
[  880.174750][ T8247]        mutex_lock_nested+0x17/0x20
[  880.180039][ T8247]        blkdev_get_by_dev+0x157/0xa60
[  880.185505][ T8247]        swsusp_check+0x9b/0x2a0
[  880.190518][ T8247]        software_resume+0xc6/0x3b0
[  880.195722][ T8247]        resume_store+0xe4/0x130
[  880.200664][ T8247]        kernfs_fop_write_iter+0x379/0x4c0
[  880.206563][ T8247]        vfs_write+0x712/0xd00
[  880.211333][ T8247]        ksys_write+0x14d/0x250
[  880.216192][ T8247]        do_syscall_64+0x4c/0xa0
[  880.221129][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.227553][ T8247] 
[  880.227553][ T8247] -> #6 (system_transition_mutex/1){+.+.}-{3:3}:
[  880.236076][ T8247]        __mutex_lock_common+0x1eb/0x2390
[  880.241799][ T8247]        mutex_lock_nested+0x17/0x20
[  880.247093][ T8247]        software_resume+0x7c/0x3b0
[  880.252294][ T8247]        resume_store+0xe4/0x130
[  880.257237][ T8247]        kernfs_fop_write_iter+0x379/0x4c0
[  880.263045][ T8247]        vfs_write+0x712/0xd00
[  880.267807][ T8247]        ksys_write+0x14d/0x250
[  880.272661][ T8247]        do_syscall_64+0x4c/0xa0
[  880.277625][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.284065][ T8247] 
[  880.284065][ T8247] -> #5 (&of->mutex){+.+.}-{3:3}:
[  880.291289][ T8247]        __mutex_lock_common+0x1eb/0x2390
[  880.297020][ T8247]        mutex_lock_nested+0x17/0x20
[  880.302310][ T8247]        kernfs_seq_start+0x51/0x3c0
[  880.307604][ T8247]        seq_read_iter+0x3c4/0xd50
[  880.312747][ T8247]        vfs_read+0x725/0xcf0
[  880.317427][ T8247]        ksys_read+0x14d/0x250
[  880.322212][ T8247]        do_syscall_64+0x4c/0xa0
[  880.327151][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.333590][ T8247] 
[  880.333590][ T8247] -> #4 (&p->lock){+.+.}-{3:3}:
[  880.340631][ T8247]        __mutex_lock_common+0x1eb/0x2390
[  880.346469][ T8247]        mutex_lock_nested+0x17/0x20
[  880.351782][ T8247]        seq_read_iter+0xad/0xd50
[  880.356835][ T8247]        proc_reg_read_iter+0x1a9/0x270
[  880.362419][ T8247]        generic_file_splice_read+0x3a2/0x590
[  880.368759][ T8247]        splice_file_to_pipe+0x1c6/0x330
[  880.374415][ T8247]        do_sendfile+0x56b/0xec0
[  880.379376][ T8247]        __se_sys_sendfile64+0xd6/0x190
[  880.384928][ T8247]        do_syscall_64+0x4c/0xa0
[  880.389872][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.396298][ T8247] 
[  880.396298][ T8247] -> #3 (&pipe->mutex/1){+.+.}-{3:3}:
[  880.403865][ T8247]        __mutex_lock_common+0x1eb/0x2390
[  880.409589][ T8247]        mutex_lock_nested+0x17/0x20
[  880.414986][ T8247]        iter_file_splice_write+0x195/0xc40
[  880.420883][ T8247]        do_splice+0xe65/0x1640
[  880.425731][ T8247]        __se_sys_splice+0x327/0x410
[  880.431016][ T8247]        do_syscall_64+0x4c/0xa0
[  880.435955][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.442373][ T8247] 
[  880.442373][ T8247] -> #2 (sb_writers#3){.+.+}-{0:0}:
[  880.449769][ T8247]        lo_write_bvec+0x193/0x770
[  880.454887][ T8247]        loop_process_work+0x1d62/0x2480
[  880.460523][ T8247]        process_one_work+0x863/0x1000
[  880.465986][ T8247]        worker_thread+0xaa8/0x12a0
[  880.471186][ T8247]        kthread+0x436/0x520
[  880.475865][ T8247]        ret_from_fork+0x1f/0x30
[  880.480819][ T8247] 
[  880.480819][ T8247] -> #1 ((work_completion)(&worker->work)){+.+.}-{0:0}:
[  880.489942][ T8247]        process_one_work+0x7bf/0x1000
[  880.495405][ T8247]        worker_thread+0xaa8/0x12a0
[  880.500612][ T8247]        kthread+0x436/0x520
[  880.505204][ T8247]        ret_from_fork+0x1f/0x30
[  880.510142][ T8247] 
[  880.510142][ T8247] -> #0 ((wq_completion)loop6){+.+.}-{0:0}:
[  880.518233][ T8247]        __lock_acquire+0x2c33/0x7c60
[  880.523711][ T8247]        lock_acquire+0x197/0x3f0
[  880.528761][ T8247]        flush_workqueue+0x142/0x1380
[  880.534137][ T8247]        drain_workqueue+0xcf/0x380
[  880.539433][ T8247]        destroy_workqueue+0x7b/0xb20
[  880.544807][ T8247]        __loop_clr_fd+0x234/0xb90
[  880.549918][ T8247]        blkdev_put+0x53f/0x7d0
[  880.554774][ T8247]        deactivate_locked_super+0x93/0xf0
[  880.560588][ T8247]        cleanup_mnt+0x418/0x4d0
[  880.565626][ T8247]        task_work_run+0x125/0x1a0
[  880.570755][ T8247]        exit_to_user_mode_loop+0x10f/0x130
[  880.576907][ T8247]        exit_to_user_mode_prepare+0xee/0x180
[  880.582977][ T8247]        syscall_exit_to_user_mode+0x16/0x40
[  880.588961][ T8247]        do_syscall_64+0x58/0xa0
[  880.593896][ T8247]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.600311][ T8247] 
[  880.600311][ T8247] other info that might help us debug this:
[  880.600311][ T8247] 
[  880.610532][ T8247] Chain exists of:
[  880.610532][ T8247]   (wq_completion)loop6 --> &disk->open_mutex --> &lo->lo_mutex
[  880.610532][ T8247] 
[  880.624009][ T8247]  Possible unsafe locking scenario:
[  880.624009][ T8247] 
[  880.631458][ T8247]        CPU0                    CPU1
[  880.636825][ T8247]        ----                    ----
[  880.642187][ T8247]   lock(&lo->lo_mutex);
[  880.646442][ T8247]                                lock(&disk->open_mutex);
[  880.653560][ T8247]                                lock(&lo->lo_mutex);
[  880.660323][ T8247]   lock((wq_completion)loop6);
[  880.665174][ T8247] 
[  880.665174][ T8247]  *** DEADLOCK ***
[  880.665174][ T8247] 
[  880.673315][ T8247] 2 locks held by syz-executor/8247:
[  880.678600][ T8247]  #0: ffff88801fec9918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0
[  880.687916][ T8247]  #1: ffff88802029b468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90
[  880.697568][ T8247] 
[  880.697568][ T8247] stack backtrace:
[  880.703457][ T8247] CPU: 0 PID: 8247 Comm: syz-executor Not tainted syzkaller #0
[  880.711175][ T8247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  880.721355][ T8247] Call Trace:
[  880.724658][ T8247]  <TASK>
[  880.727748][ T8247]  dump_stack_lvl+0x168/0x230
[  880.732474][ T8247]  ? load_image+0x3b0/0x3b0
[  880.737059][ T8247]  ? show_regs_print_info+0x20/0x20
[  880.742270][ T8247]  ? print_circular_bug+0x12b/0x1a0
[  880.747474][ T8247]  check_noncircular+0x274/0x310
[  880.752457][ T8247]  ? add_chain_block+0x940/0x940
[  880.757396][ T8247]  ? lockdep_lock+0xdc/0x1e0
[  880.762004][ T8247]  ? mark_lock+0x94/0x320
[  880.766356][ T8247]  __lock_acquire+0x2c33/0x7c60
[  880.771243][ T8247]  ? verify_lock_unused+0x140/0x140
[  880.776457][ T8247]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  880.782447][ T8247]  ? verify_lock_unused+0x140/0x140
[  880.787743][ T8247]  ? __perf_event_task_sched_in+0x4c4/0x550
[  880.793710][ T8247]  ? verify_lock_unused+0x140/0x140
[  880.798929][ T8247]  ? verify_lock_unused+0x140/0x140
[  880.804142][ T8247]  ? memset+0x1e/0x40
[  880.808206][ T8247]  lock_acquire+0x197/0x3f0
[  880.812719][ T8247]  ? flush_workqueue+0x126/0x1380
[  880.817751][ T8247]  ? __mutex_trylock_common+0x14f/0x250
[  880.823302][ T8247]  ? read_lock_is_recursive+0x10/0x10
[  880.828682][ T8247]  ? __init_swait_queue_head+0xa5/0x150
[  880.834376][ T8247]  flush_workqueue+0x142/0x1380
[  880.839240][ T8247]  ? flush_workqueue+0x126/0x1380
[  880.844267][ T8247]  ? __lock_acquire+0x7c60/0x7c60
[  880.849298][ T8247]  ? lock_chain_count+0x20/0x20
[  880.854155][ T8247]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[  880.859651][ T8247]  ? lockdep_hardirqs_off+0x70/0x100
[  880.864948][ T8247]  ? rcu_work_rcufn+0x110/0x110
[  880.869813][ T8247]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  880.875455][ T8247]  ? finish_wait+0xc0/0x1d0
[  880.879968][ T8247]  drain_workqueue+0xcf/0x380
[  880.884654][ T8247]  destroy_workqueue+0x7b/0xb20
[  880.889520][ T8247]  __loop_clr_fd+0x234/0xb90
[  880.894120][ T8247]  ? lo_release+0x172/0x1f0
[  880.898632][ T8247]  ? lo_open+0x100/0x100
[  880.902908][ T8247]  blkdev_put+0x53f/0x7d0
[  880.907263][ T8247]  deactivate_locked_super+0x93/0xf0
[  880.912579][ T8247]  cleanup_mnt+0x418/0x4d0
[  880.917010][ T8247]  ? lockdep_hardirqs_on+0x94/0x140
[  880.922219][ T8247]  task_work_run+0x125/0x1a0
[  880.926830][ T8247]  exit_to_user_mode_loop+0x10f/0x130
[  880.932213][ T8247]  exit_to_user_mode_prepare+0xee/0x180
[  880.937769][ T8247]  syscall_exit_to_user_mode+0x16/0x40
[  880.943260][ T8247]  do_syscall_64+0x58/0xa0
[  880.947680][ T8247]  ? clear_bhb_loop+0x30/0x80
[  880.952364][ T8247]  ? clear_bhb_loop+0x30/0x80
[  880.957045][ T8247]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  880.962952][ T8247] RIP: 0033:0x7faa4d5412f7
[  880.967388][ T8247] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  880.987015][ T8247] RSP: 002b:00007ffce0de5cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  880.995440][ T8247] RAX: 0000000000000000 RBX: 00007faa4d5c2d7d RCX: 00007faa4d5412f7
[  881.003416][ T8247] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffce0de5db0
[  881.011398][ T8247] RBP: 00007ffce0de5db0 R08: 0000000000000000 R09: 0000000000000000
[  881.019387][ T8247] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffce0de6e40
[  881.027361][ T8247] R13: 00007faa4d5c2d7d R14: 00000000000d6bf6 R15: 00007ffce0de6e80
[  881.035432][ T8247]  </TASK>