last executing test programs:

16m41.460814304s ago: executing program 2 (id=3):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100))

16m41.142271829s ago: executing program 2 (id=6):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r2, 0x40806685, &(0x7f0000000d40)={0x0, 0x0, {}, {}, 0xffffffffffffffff})

16m37.746682176s ago: executing program 2 (id=11):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)

16m36.256871317s ago: executing program 2 (id=16):
syz_mount_image$btrfs(&(0x7f0000000040), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f00000002c0), 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000008c0)='.\x00', 0x40000, 0x1aa)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000002480)={{r1}, 0x0, 0x0, @unused, @subvolid=0x3})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r2, 0x5000943f, &(0x7f0000001480)={{}, 0x0, 0x0, @inherit={0x60, 0x0}, @subvolid=0x40003})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x20, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

16m35.610148736s ago: executing program 32 (id=16):
syz_mount_image$btrfs(&(0x7f0000000040), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f00000002c0), 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000008c0)='.\x00', 0x40000, 0x1aa)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000002480)={{r1}, 0x0, 0x0, @unused, @subvolid=0x3})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r2, 0x5000943f, &(0x7f0000001480)={{}, 0x0, 0x0, @inherit={0x60, 0x0}, @subvolid=0x40003})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x20, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

23.35764101s ago: executing program 0 (id=2311):
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
r0 = socket(0x40, 0x5, 0x3)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}}, 0x24}}, 0x44050)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
memfd_create(0x0, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x5)
fchdir(r4)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x400, 0x0)
r5 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

21.993407679s ago: executing program 0 (id=2313):
write(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188)
read$hiddev(r4, &(0x7f0000000080)=""/39, 0x27)

19.188407277s ago: executing program 5 (id=2327):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/rcu_normal', 0x20a02, 0x21)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket(0x2, 0x80805, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$kcm(0x10, 0x2, 0x10)
syz_io_uring_setup(0x5be, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x2, 0x348}, 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r1], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))

16.392967196s ago: executing program 4 (id=2321):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000700000a4c000000090a010200000000000000000100000008000340000400a408000a40000000000900020073797a32000000000900010073798e30000000000800044000000001080005400000002c1400000010000100"/113], 0x74}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r4, 0x0)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000000)="77690addcfbe1fbb66ec", 0xfd9c}], 0x1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
readv(r8, &(0x7f0000001a80)=[{&(0x7f00000008c0)=""/4093, 0xffd}, {&(0x7f0000000780)=""/241}, {&(0x7f00000018c0)=""/104}, {&(0x7f0000001940)=""/148}, {&(0x7f0000001a00)=""/97}], 0x1000000000000203)
r9 = syz_open_dev$evdev(0x0, 0x0, 0x0)
ioctl$EVIOCGMASK(r9, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
splice(r7, 0x0, r6, 0x0, 0x10000008ebc, 0x0)
splice(r5, 0x0, r8, 0x0, 0x25a5, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="24100000002d5320c1ad96d3090348000000000000f300fdffff0808000340000000080800052a000000082497939cf3c384716eea72ac31c450dc3f43fa3df372f053921e9bc3c59c85f7f1263230ecbd4e472c442ddbb8512227518f7aaac0eebddabc8f4799f44e915b4990b72b8f2893eca70d61a3a292fa33da2cb69c09578dade92766d4801c8afc65049817d7ae31d3475eebfa56e1f88d25e1849c904f0f"], 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x5)
ioctl$SNDCTL_SEQ_NRSYNTHS(r11, 0x40045109, &(0x7f0000001280))
sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4800)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r12, 0x8933, &(0x7f0000000140))
sendmsg$BATADV_CMD_GET_NEIGHBORS(r12, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x8948)
r13 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_msfilter(r13, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="0a141402ac14140f000000000000080000000400"], 0x18)

16.307971466s ago: executing program 0 (id=2322):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0xc, 0x45)
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

14.888295866s ago: executing program 1 (id=2324):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x22000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x1a031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r6, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000000000080ffffffff000000006f5e00000700000000000000080000807f"])
r7 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r8, &(0x7f0000000000), 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f00000001c0)="d6"})

14.881530306s ago: executing program 0 (id=2325):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x44, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

14.787000547s ago: executing program 3 (id=2326):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000180)={@dev, @local}, &(0x7f0000000200)=0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000440)=@nullb, &(0x7f0000000300)='./cgroup\x00', &(0x7f00000001c0)='hfs\x00', 0x200480, 0x0)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = eventfd2(0x0, 0x0)
writev(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3477, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957eff13d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
sendmsg(r3, 0x0, 0x0)

14.730750238s ago: executing program 5 (id=2328):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_io_uring_setup(0x239, 0x0, &(0x7f0000002240)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000003440)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x31a0}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r4, &(0x7f0000000040), 0x2, 0x0)
rmdir(&(0x7f00000000c0)='./cgroup/../file0\x00')
dup(r3)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x4008080}, 0x840)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000100), 0x10080, &(0x7f0000003880)=ANY=[])
r6 = syz_open_procfs(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r6, 0x2c9ab000)

14.116956896s ago: executing program 4 (id=2329):
write(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="050000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188)
read$hiddev(r3, &(0x7f0000000080)=""/39, 0x27)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket(0x2b, 0x1, 0x1)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept4$unix(r5, 0x0, 0x0, 0x80000)

12.765761035s ago: executing program 0 (id=2330):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
timer_create(0xfffffffc, 0x0, &(0x7f0000000040))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$igmp6(0xa, 0x3, 0x2)
mount_setattr(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x1000, &(0x7f0000000240)={0x20006b, 0x0, 0x120000}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000600)=0xdfa, 0x4)

12.333614661s ago: executing program 4 (id=2331):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x2, &(0x7f0000006680))
r1 = semget$private(0x0, 0x6, 0x3b1)
semctl$SEM_STAT_ANY(r1, 0x1, 0x14, &(0x7f0000000580)=""/133)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x12, 0xffffffffffffffff, 0x7bc09000)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
pread64(r4, &(0x7f00000001c0)=""/200, 0xc8, 0x0)
lseek(r4, 0x0, 0x1)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1, 0x3})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000140)={{@my=0x0}, 0x1})
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
syz_io_uring_setup(0x759e, &(0x7f0000000480)={0x0, 0x6d55, 0x400, 0x0, 0x8307, 0x0, r3}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
write$vga_arbiter(r6, &(0x7f00000000c0), 0xf)

11.309867025s ago: executing program 1 (id=2332):
socket(0x848000000015, 0x805, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000034000)=""/102400, 0x19000)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0)
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="01"], 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1}, 0x0)

11.277045686s ago: executing program 4 (id=2333):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x80040, 0x0)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16, @ANYBLOB="010028bd7000010000000f00"], 0x2c}}, 0x80)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b19, &(0x7f0000000000)={'wlan1\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r5, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x6a39}, &(0x7f0000000100)=0x8)
r6 = socket(0x2c, 0x3, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r7, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r6}, 0x20)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@ipv4_newroute={0x2c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_NH_ID={0x8, 0x1e, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0)
pipe(&(0x7f0000000080))
pipe(&(0x7f0000000300))

11.219117497s ago: executing program 3 (id=2334):
fchdir(0xffffffffffffffff)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x1, 0xa, 0x3, "2e85f85a3b9156e89e82960ad936188f4429f4bf777d1b56926c75b050d4c3f0", 0x3132564e})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4c)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1}, 0x80)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
getresuid(&(0x7f0000000000)=<r5=>0x0, &(0x7f0000000040), &(0x7f0000000080))
quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, r5, &(0x7f00000000c0))
ioctl$KDSKBLED(r4, 0x4b65, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910000000000000c3000018000100009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

10.592810765s ago: executing program 5 (id=2335):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x22000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x1a031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r6, 0x4008ae8a, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r8, &(0x7f0000000000), 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f00000001c0)="d6"})

9.588533558s ago: executing program 3 (id=2336):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0xc, 0x45)
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

7.184487042s ago: executing program 3 (id=2337):
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
r0 = socket(0x40, 0x5, 0x3)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}}, 0x24}}, 0x44050)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
memfd_create(0x0, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x5)
fchdir(r4)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x400, 0x0)
r5 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

6.866683196s ago: executing program 3 (id=2338):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
timer_create(0xfffffffc, 0x0, &(0x7f0000000040))
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x460, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x390, 0xffffffff, 0xffffffff, 0x390, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x2f, 0x0, 0x3}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'nicvf0\x00', {0x3f66}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, [0xffffffff], [], 'wg1\x00', 'gre0\x00', {}, {0xff}}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x563e4515, 0x0, 0x7, 0x3fc, 0x20}}}, @common=@inet=@hashlimit3={{0x158}, {'veth0_vlan\x00', {0x3, 0x0, 0x48, 0x0, 0x15ab, 0x1000, 0x6, 0x5}}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x2, 0x5, {0x6}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4c0)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000600)=0xdfa, 0x4)

6.865927446s ago: executing program 1 (id=2348):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000001640)=0xc, 0x45)
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

6.54910887s ago: executing program 4 (id=2339):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10)
sendto$inet6(r0, &(0x7f0000000000)="b7", 0x1, 0x4000014, &(0x7f000005ffe4)={0xa, 0x4e23, 0xfffffffc, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
dup(0xffffffffffffffff)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x120, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x106f)

5.86337411s ago: executing program 1 (id=2340):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
listen(0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x239, 0x0, &(0x7f0000002240)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000003440)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x31a0}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r4, &(0x7f0000000040), 0x2, 0x0)
rmdir(&(0x7f00000000c0)='./cgroup/../file0\x00')
dup(r3)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x4008080}, 0x840)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000100), 0x10080, &(0x7f0000003880)=ANY=[])
r6 = syz_open_procfs(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r6, 0x2c9ab000)

5.649812543s ago: executing program 5 (id=2341):
write(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="050000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188)
read$hiddev(r4, &(0x7f0000000080)=""/39, 0x27)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket(0x2b, 0x1, 0x1)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept4$unix(r6, 0x0, 0x0, 0x80000)

4.765336505s ago: executing program 1 (id=2342):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
listen(0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x239, 0x0, &(0x7f0000002240)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000003440)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x31a0}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r4, &(0x7f0000000040), 0x2, 0x0)
rmdir(&(0x7f00000000c0)='./cgroup/../file0\x00')
dup(r3)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x4008080}, 0x840)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000100), 0x10080, &(0x7f0000003880)=ANY=[])
r6 = syz_open_procfs(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r6, 0x2c9ab000)

3.088284808s ago: executing program 5 (id=2343):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0xe8, 0x0, 0x260, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xff, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'veth1_to_hsr\x00', {}, {}, 0x87, 0x6, 0x4, 0xa}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbc, 0x7, 0x5aa9, @remote, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3980}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x0, {0x2000000}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x0, @loopback, @mcast1, @private1, [0x0, 0x0, 0xff], [], [], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x2, &(0x7f0000006680))
r1 = semget$private(0x0, 0x6, 0x3b1)
semctl$SEM_STAT_ANY(r1, 0x1, 0x14, &(0x7f0000000580)=""/133)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x12, 0xffffffffffffffff, 0x7bc09000)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0)
pread64(r4, &(0x7f00000001c0)=""/200, 0xc8, 0x0)
lseek(r4, 0x0, 0x1)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1, 0x3})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000140)={{@my=0x0}, 0x1})
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
syz_io_uring_setup(0x759e, &(0x7f0000000480)={0x0, 0x6d55, 0x400, 0x0, 0x8307, 0x0, r3}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
write$vga_arbiter(r6, &(0x7f00000000c0), 0xf)

149.338118ms ago: executing program 3 (id=2344):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x22000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
msgctl$IPC_SET(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x1a031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r6, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000000000080ffffffff000000006f5e00000700000000000000080000807f"])
r7 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r8, &(0x7f0000000000), 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f00000001c0)="d6"})

140.980848ms ago: executing program 0 (id=2355):
write(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="050000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80540, 0x188)
read$hiddev(r4, &(0x7f0000000080)=""/39, 0x27)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket(0x2b, 0x1, 0x1)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept4$unix(r6, 0x0, 0x0, 0x80000)

140.237358ms ago: executing program 1 (id=2345):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_io_uring_setup(0x239, 0x0, &(0x7f0000002240)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000003440)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x31a0}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r4, &(0x7f0000000040), 0x2, 0x0)
rmdir(&(0x7f00000000c0)='./cgroup/../file0\x00')
dup(r3)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x4008080}, 0x840)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000100), 0x10080, &(0x7f0000003880)=ANY=[])
r6 = syz_open_procfs(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r6, 0x2c9ab000)

30.59741ms ago: executing program 4 (id=2346):
fchdir(0xffffffffffffffff)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x1, 0xa, 0x3, "2e85f85a3b9156e89e82960ad936188f4429f4bf777d1b56926c75b050d4c3f0", 0x3132564e})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4c)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1}, 0x80)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
getresuid(&(0x7f0000000000)=<r5=>0x0, &(0x7f0000000040), &(0x7f0000000080))
quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, r5, &(0x7f00000000c0))
ioctl$KDSKBLED(r4, 0x4b65, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910000000000000c3000018000100009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

0s ago: executing program 5 (id=2347):
socket(0x848000000015, 0x805, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000034000)=""/102400, 0x19000)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @multicast}, 0x0)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$nbd(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="01"], 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x45d}}, 0x0, 0x404, 0x0, 0x0, 0x41000, 0x41, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0xa, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000600)=[{0x1, 0x4, 0x5, 0x6}], 0x10, 0xfffffaf3, @void, @value}, 0x94)
connect$tipc(r3, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000301050000000000000000000000000a0600124000010000ef7c0caf4e126c5c8fb5de5d7b0a5ccd7cd98750d4cb13e50a64b8126e253f5b35766bdcd027291facbdea46b79528da8002f7ee528c4b476475e5431532191c6c189747c8c52d56ffe7438fb2077110ecfd3449d5ba852895f8b0c388ce7edcd0a6f76853dacc16d9692a9bcc86453e761b2a6b2468c2f967733805"], 0x1c}, 0x1, 0x0, 0x0, 0x88d1}, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
mincore(&(0x7f0000000000/0x11000)=nil, 0x11000, &(0x7f0000000240)=""/134)
bind$802154_raw(r5, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x100, 0x0)

kernel console output (not intermixed with test programs):

d: -4
[  533.969490][T10118] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  533.977754][T10118] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  533.986682][T10118] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  533.998411][T10118] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  534.007022][T10118] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  534.017717][T10118] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  534.027861][T10118] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  534.184579][T10120] loop4: detected capacity change from 0 to 32768
[  534.380351][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  534.431975][T10120] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  534.452517][T10120] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  534.631492][T10120] BTRFS info (device loop4): doing ref verification
[  534.941198][T10148] ax25_connect(): syz.3.1208 uses autobind, please contact jreuter@yaina.de
[  534.951976][T10120] BTRFS info (device loop4): using free space tree
[  535.158464][   T27] audit: type=1326 audit(1747520526.940:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10134 comm="syz.3.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e918e969 code=0x7fc00000
[  535.253131][T10156] fuse: Bad value for 'rootmode'
[  535.769761][T10178] siw: device registration error -23
[  535.861416][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  535.980575][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  535.987015][ T8857] Bluetooth: hci3: command 0x0c1a tx timeout
[  536.060441][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  536.309462][T10159] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  536.390531][T10159] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  536.465982][T10159] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  536.529879][T10159] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  536.546830][T10159] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  536.567626][T10181] Cannot find del_set index 4 as target
[  536.584600][T10159] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  536.616657][T10177] loop5: detected capacity change from 0 to 4096
[  536.659614][T10177] ntfs3: Unknown parameter 'XI'
[  536.694963][T10159] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  536.715477][T10120] BTRFS error (device loop4): open_ctree failed: -12
[  536.731579][T10159] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  536.737638][T10159] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  536.748204][T10159] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  536.771976][T10159] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  536.795431][T10159] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  536.817010][T10159] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  536.827375][T10159] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  536.846305][T10159] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  537.670777][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  538.590792][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  538.710565][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  538.802898][ T8857] Bluetooth: hci4: command 0x0c1a tx timeout
[  538.810414][   T46] Bluetooth: (null): Invalid header checksum
[  538.816442][   T46] Bluetooth: (null): Invalid header checksum
[  538.860336][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  538.926147][   T46] Bluetooth: (null): Invalid header checksum
[  538.934031][   T46] Bluetooth: (null): Invalid header checksum
[  538.940121][   T46] Bluetooth: (null): Invalid header checksum
[  540.031255][T10197] Cannot find del_set index 4 as target
[  540.323740][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  540.578504][T10206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.620359][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  540.780291][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  540.860461][ T4259] Bluetooth: hci4: command 0x0406 tx timeout
[  540.974103][T10208] loop9: detected capacity change from 0 to 7
[  541.049314][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  541.064750][T10208] Dev loop9: unable to read RDB block 7
[  541.070656][T10208]  loop9: unable to read partition table
[  541.076509][T10208] loop9: partition table beyond EOD, truncated
[  541.082781][T10208] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  542.189928][T10220] ax25_connect(): syz.5.1222 uses autobind, please contact jreuter@yaina.de
[  542.403542][T10221] fuse: Bad value for 'rootmode'
[  542.687847][T10225] loop0: detected capacity change from 0 to 4096
[  542.701161][T10225] ntfs3: Unknown parameter 'XI'
[  542.791936][T10230] siw: device registration error -23
[  542.898690][   T27] audit: type=1326 audit(1747520534.680:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10215 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f942398e969 code=0x7fc00000
[  546.602917][T10252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  548.163373][T10262] loop9: detected capacity change from 0 to 7
[  548.340667][T10262] Dev loop9: unable to read RDB block 7
[  548.346400][T10262]  loop9: unable to read partition table
[  548.352293][T10262] loop9: partition table beyond EOD, truncated
[  548.358657][T10262] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  548.664079][T10267] fuse: Unknown parameter 'use00000000000000000000'
[  548.918082][T10275] siw: device registration error -23
[  551.445047][T10272] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  551.487364][T10272] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  551.523516][T10272] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  551.537381][T10272] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  551.725901][T10272] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  551.732654][T10289] Cannot find del_set index 4 as target
[  551.868357][T10272] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  551.887404][T10272] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  551.900362][T10272] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  551.919809][T10272] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  551.930315][T10272] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  551.949959][T10272] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  551.964118][T10272] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  551.974219][T10272] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  551.980730][T10272] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  551.987168][T10272] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  552.608803][T10298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  552.940372][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  553.131952][T10285] loop0: detected capacity change from 0 to 32768
[  553.288010][T10285] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.1245 (10285)
[  553.303280][T10302] loop9: detected capacity change from 0 to 7
[  553.325076][T10302] Dev loop9: unable to read RDB block 7
[  553.330818][T10302]  loop9: unable to read partition table
[  553.336697][T10302] loop9: partition table beyond EOD, truncated
[  553.342989][T10302] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  553.480541][T10285] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  553.535450][T10285] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  553.580358][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  553.910440][ T8857] Bluetooth: hci3: command 0x0c1a tx timeout
[  553.980391][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  553.986557][ T8857] Bluetooth: hci4: command 0x0c1a tx timeout
[  555.030285][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  555.249571][T10285] BTRFS info (device loop0): doing ref verification
[  555.323003][T10285] BTRFS info (device loop0): using free space tree
[  556.260481][T10326] siw: device registration error -23
[  558.114454][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  558.695466][ T8857] Bluetooth: hci3: command 0x0406 tx timeout
[  558.701836][ T8857] Bluetooth: hci2: command 0x0406 tx timeout
[  558.708142][ T8857] Bluetooth: hci4: command 0x0406 tx timeout
[  558.886669][T10285] BTRFS error (device loop0): open_ctree failed: -12
[  558.897287][ T4372] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by udevd (4372)
[  559.061502][T10333] fuse: Unknown parameter 'use00000000000000000000'
[  561.617445][T10361] Cannot find del_set index 4 as target
[  561.988925][T10343] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  562.071106][T10343] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  562.097173][T10343] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  562.272633][T10343] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  562.283407][T10343] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  562.289641][T10343] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  562.299489][T10343] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  562.450532][T10343] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  562.461600][T10343] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  562.469310][T10343] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  562.475911][T10343] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  562.493347][T10343] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  562.540500][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[  562.548276][T10343] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  562.554423][T10364] Cannot find del_set index 4 as target
[  562.838914][T10367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  563.010409][T10343] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  563.021347][T10343] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  564.720534][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  564.726643][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  564.740769][ T8857] Bluetooth: hci2: command 0x0c1a tx timeout
[  564.746848][ T8857] Bluetooth: hci4: command 0x0c1a tx timeout
[  564.752947][ T8857] Bluetooth: hci0: command 0x0406 tx timeout
[  566.055032][T10387] fuse: Unknown parameter 'use00000000000000000000'
[  566.110143][T10388] hfs: can't find a HFS filesystem on dev nullb0
[  566.906373][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  566.906395][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  566.912499][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  566.918484][ T8857] Bluetooth: hci1: command 0x0406 tx timeout
[  568.394008][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  568.401346][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  571.841846][T10430] siw: device registration error -23
[  572.491352][T10411] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  572.518463][T10411] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  572.526989][T10411] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  572.612352][T10411] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  572.635064][T10411] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  572.649131][T10411] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  572.658189][T10440] fuse: Bad value for 'fd'
[  572.665901][T10411] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  572.676472][T10411] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  572.682740][T10411] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  572.692835][T10411] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  572.699244][T10411] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  572.705731][T10411] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  572.719646][T10411] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  572.737617][T10411] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  572.748266][T10411] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  573.150017][ T4340] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  573.460445][ T4340] usb 2-1: Using ep0 maxpacket: 8
[  573.477047][ T4340] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  573.567736][ T4340] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  573.678570][ T4340] usb 2-1: config 0 has no interface number 0
[  574.205328][ T4340] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  574.229740][ T4340] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  574.282506][ T4340] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  574.299240][ T4340] usb 2-1: config 0 interface 52 has no altsetting 0
[  574.540318][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  574.589850][ T4340] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  574.613856][ T4340] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  574.620388][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  574.637183][ T4340] usb 2-1: Manufacturer: syz
[  574.668527][ T4340] usb 2-1: config 0 descriptor??
[  574.700338][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  574.706414][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  574.780398][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  574.892884][ T4340] synaptics_usb 2-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  574.920620][ T4340] synaptics_usb: probe of 2-1:0.52 failed with error -5
[  575.160550][ T4259] Bluetooth: hci0: unexpected event for opcode 0x0c1a
[  575.169299][ T4244] usb 2-1: USB disconnect, device number 5
[  575.622679][T10465] hfs: can't find a HFS filesystem on dev nullb0
[  576.710378][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  576.780419][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  576.780473][ T8857] Bluetooth: hci4: command 0x0406 tx timeout
[  576.873781][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  579.276796][T10480] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  579.283394][T10480] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  579.337312][T10488] fuse: Unknown parameter 'user_i00000000000000000000'
[  579.362573][T10480] vhci_hcd vhci_hcd.0: Device attached
[  579.401387][T10483] vhci_hcd: connection closed
[  579.404905][ T4480] vhci_hcd: stop threads
[  579.416437][ T4480] vhci_hcd: release socket
[  579.425623][ T4480] vhci_hcd: disconnect device
[  586.741686][T10530] fuse: Unknown parameter 'user_i00000000000000000000'
[  587.238148][T10534] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  587.244733][T10534] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  587.520425][T10534] vhci_hcd vhci_hcd.0: Device attached
[  587.545905][T10540] vhci_hcd: connection closed
[  587.556473][ T4506] vhci_hcd: stop threads
[  587.566607][ T4506] vhci_hcd: release socket
[  587.586815][ T4506] vhci_hcd: disconnect device
[  587.862293][T10524] loop3: detected capacity change from 0 to 32768
[  587.903076][T10524] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  587.923662][T10524] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  587.943931][T10524] BTRFS info (device loop3): doing ref verification
[  587.960274][T10524] BTRFS info (device loop3): using free space tree
[  588.081504][T10548] siw: device registration error -23
[  588.251574][T10524] BTRFS info (device loop3): enabling ssd optimizations
[  588.370433][   T27] audit: type=1800 audit(1747520580.130:76): pid=10524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1304" name="file1" dev="loop3" ino=260 res=0 errno=0
[  588.449564][  T951] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  588.750328][  T951] usb 5-1: Using ep0 maxpacket: 8
[  588.757272][  T951] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  588.780764][  T951] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  588.808538][  T951] usb 5-1: config 0 has no interface number 0
[  589.005583][  T951] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  589.017611][  T951] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  589.028129][  T951] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  589.047079][  T951] usb 5-1: config 0 interface 52 has no altsetting 0
[  589.078371][  T951] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  589.651138][ T4267] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  589.795186][  T951] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  589.817418][  T951] usb 5-1: Manufacturer: syz
[  589.969787][  T951] usb 5-1: config 0 descriptor??
[  590.263340][  T951] synaptics_usb 5-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  590.283096][  T951] synaptics_usb: probe of 5-1:0.52 failed with error -5
[  590.605988][ T4259] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[  590.616148][ T4301] usb 5-1: USB disconnect, device number 2
[  591.083677][T10597] fuse: Unknown parameter 'user_id00000000000000000000'
[  594.532847][T10627] loop9: detected capacity change from 0 to 7
[  594.833276][ T4372] Dev loop9: unable to read RDB block 7
[  594.864050][ T4372]  loop9: unable to read partition table
[  594.967423][ T4372] loop9: partition table beyond EOD, truncated
[  595.492510][T10627] Dev loop9: unable to read RDB block 7
[  595.525161][T10627]  loop9: unable to read partition table
[  595.555145][T10627] loop9: partition table beyond EOD, truncated
[  595.586075][T10611] loop3: detected capacity change from 0 to 32768
[  595.597211][T10627] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  595.650277][T10611] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.1322 (10611)
[  595.766526][T10611] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  595.806446][T10611] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  595.816486][T10611] BTRFS info (device loop3): doing ref verification
[  595.856046][T10639] siw: device registration error -23
[  595.965892][T10611] BTRFS info (device loop3): using free space tree
[  597.012641][T10611] BTRFS error (device loop3): open_ctree failed: -12
[  597.019922][ T4372] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by udevd (4372)
[  598.175277][T10670] fuse: Unknown parameter 'user_id00000000000000000000'
[  600.969678][T10702] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  600.976276][T10702] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  600.992826][T10702] vhci_hcd vhci_hcd.0: Device attached
[  601.040348][T10705] vhci_hcd: connection closed
[  601.040783][ T4484] vhci_hcd: stop threads
[  601.057673][ T4484] vhci_hcd: release socket
[  601.066753][ T4484] vhci_hcd: disconnect device
[  601.263378][T10714] siw: device registration error -23
[  602.547372][T10724] fuse: Unknown parameter 'user_id00000000000000000000'
[  602.723106][T10715] loop5: detected capacity change from 0 to 32768
[  602.750294][ T4460] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  602.758947][T10715] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  602.771759][T10715] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  602.782296][T10715] BTRFS info (device loop5): doing ref verification
[  602.788948][T10715] BTRFS info (device loop5): using free space tree
[  602.864473][T10715] BTRFS info (device loop5): enabling ssd optimizations
[  602.911640][   T27] audit: type=1800 audit(1747520594.700:77): pid=10715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1341" name="file1" dev="loop5" ino=260 res=0 errno=0
[  602.940327][ T4460] usb 1-1: Using ep0 maxpacket: 8
[  602.970015][ T4460] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  603.011474][ T4460] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.070404][ T4460] usb 1-1: config 0 has no interface number 0
[  603.129116][ T4460] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  603.206462][ T4460] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  603.220409][ T4460] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  603.236291][ T4460] usb 1-1: config 0 interface 52 has no altsetting 0
[  603.402049][ T4460] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  603.412240][ T4474] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  604.158902][ T4460] usb 1-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  604.167716][ T4460] usb 1-1: Manufacturer: syz
[  604.224891][ T4460] usb 1-1: config 0 descriptor??
[  604.507966][ T4460] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  604.517007][ T4460] synaptics_usb: probe of 1-1:0.52 failed with error -5
[  604.785991][ T4259] Bluetooth: hci1: unexpected event for opcode 0x0c1a
[  604.786865][ T4460] usb 1-1: USB disconnect, device number 3
[  605.120894][T10759] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1350'.
[  607.260830][T10772] loop9: detected capacity change from 0 to 7
[  607.430955][T10773] siw: device registration error -23
[  608.244985][T10772] Dev loop9: unable to read RDB block 7
[  608.251017][T10772]  loop9: unable to read partition table
[  608.257808][T10772] loop9: partition table beyond EOD, truncated
[  608.264211][T10772] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  609.051943][T10785] fuse: Bad value for 'fd'
[  611.692962][T10812] siw: device registration error -23
[  613.971255][T10827] loop9: detected capacity change from 0 to 7
[  614.389287][T10827] Dev loop9: unable to read RDB block 7
[  614.395026][T10827]  loop9: unable to read partition table
[  614.401494][T10827] loop9: partition table beyond EOD, truncated
[  614.407724][T10827] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  615.051548][T10834] fuse: Bad value for 'fd'
[  615.767947][T10848] xt_hashlimit: size too large, truncated to 1048576
[  618.462162][ T4481] Bluetooth: (null): Invalid header checksum
[  618.476389][ T4481] Bluetooth: (null): Invalid header checksum
[  618.633145][ T4481] Bluetooth: (null): Invalid header checksum
[  618.694209][ T4484] Bluetooth: (null): Invalid header checksum
[  620.171418][T10879] xt_hashlimit: size too large, truncated to 1048576
[  621.063593][T10884] fuse: Bad value for 'fd'
[  621.792614][T10891] ax25_connect(): syz.1.1384 uses autobind, please contact jreuter@yaina.de
[  621.964772][   T27] audit: type=1326 audit(1747520613.750:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.1.1384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  622.374598][T10894] loop9: detected capacity change from 0 to 7
[  622.410414][T10894] Dev loop9: unable to read RDB block 7
[  622.416088][T10894]  loop9: unable to read partition table
[  622.422064][T10894] loop9: partition table beyond EOD, truncated
[  622.428287][T10894] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  623.019448][T10898] xt_hashlimit: size too large, truncated to 1048576
[  625.815394][T10902] loop0: detected capacity change from 0 to 32768
[  625.874521][T10902] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.1387 (10902)
[  625.963162][T10902] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  626.004483][T10902] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  626.030973][T10902] BTRFS info (device loop0): doing ref verification
[  626.047304][T10902] BTRFS info (device loop0): using free space tree
[  627.127798][T10902] BTRFS error (device loop0): open_ctree failed: -12
[  628.228376][T10959] siw: device registration error -23
[  629.433803][T10961] xt_hashlimit: size too large, truncated to 1048576
[  629.833444][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  629.839798][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  632.889828][T10988] ax25_connect(): syz.3.1402 uses autobind, please contact jreuter@yaina.de
[  633.003220][   T27] audit: type=1326 audit(1747520624.790:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10979 comm="syz.3.1402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e918e969 code=0x7fc00000
[  634.347377][T10987] loop0: detected capacity change from 0 to 32768
[  634.391804][T10987] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.1404 (10987)
[  634.491686][T10987] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  634.536552][T10987] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  634.553679][T10987] BTRFS info (device loop0): doing ref verification
[  634.638462][T11006] hfs: can't find a HFS filesystem on dev nullb0
[  634.653393][T10987] BTRFS info (device loop0): using free space tree
[  634.920890][T11014] netlink: 'syz.4.1408': attribute type 1 has an invalid length.
[  635.491681][T11033] 8021q: adding VLAN 0 to HW filter on device bond1
[  637.070921][T10987] BTRFS error (device loop0): open_ctree failed: -22
[  637.081493][ T4372] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by udevd (4372)
[  637.932738][T11055] xt_hashlimit: size too large, truncated to 1048576
[  640.963835][T11071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  641.451765][T11071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1415'.
[  643.904537][T11101] netlink: 'syz.1.1422': attribute type 1 has an invalid length.
[  644.252766][T11105] siw: device registration error -23
[  646.282916][T11117] xt_hashlimit: size too large, truncated to 1048576
[  649.142748][T11134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  649.183832][T11134] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1431'.
[  650.060792][T11142] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  650.067368][T11142] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  650.096699][T11142] vhci_hcd vhci_hcd.0: Device attached
[  650.099234][T11147] netlink: 'syz.5.1435': attribute type 1 has an invalid length.
[  650.116566][T11144] vhci_hcd: connection closed
[  650.118272][ T4484] vhci_hcd: stop threads
[  650.134072][ T4484] vhci_hcd: release socket
[  650.138544][ T4484] vhci_hcd: disconnect device
[  650.298806][T11150] fuse: Unknown parameter '0x0000000000000004'
[  653.441605][T11183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  653.474345][T11183] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1445'.
[  653.683912][T11173] loop4: detected capacity change from 0 to 32768
[  653.703351][T11187] netlink: 'syz.5.1446': attribute type 1 has an invalid length.
[  653.747837][T11173] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  653.779235][T11173] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  653.800472][T11173] BTRFS info (device loop4): doing ref verification
[  653.853018][T11173] BTRFS info (device loop4): using free space tree
[  654.117157][T11193] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  654.183446][T11193] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  654.189755][T11173] BTRFS info (device loop4): enabling ssd optimizations
[  654.234701][T11193] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  654.262710][T11193] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  654.279519][T11193] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  654.292879][T11193] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  654.301854][T11193] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  654.308086][T11193] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  654.318040][T11193] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  654.326035][T11193] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  654.335436][T11193] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  654.342285][T11193] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  654.354989][T11193] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  654.357261][   T27] audit: type=1800 audit(1747520646.140:80): pid=11173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1442" name="file1" dev="loop4" ino=260 res=0 errno=0
[  654.361661][T11193] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  654.389899][T11193] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  655.291956][ T4261] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  656.060319][ T8857] Bluetooth: hci0: command 0x0c1a tx timeout
[  656.320280][ T8857] Bluetooth: hci1: command 0x0c1a tx timeout
[  656.386815][ T8857] Bluetooth: hci2: command 0x0c1a tx timeout
[  656.390342][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  656.399046][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  658.140338][ T8857] Bluetooth: hci0: command 0x0406 tx timeout
[  658.171046][T11240] fuse: Unknown parameter '0x0000000000000004'
[  658.470286][ T8857] Bluetooth: hci1: command 0x0406 tx timeout
[  658.476499][ T8857] Bluetooth: hci2: command 0x0406 tx timeout
[  658.482599][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  658.488626][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  659.330378][T11244] siw: device registration error -23
[  659.718384][T11247] hfs: can't find a HFS filesystem on dev nullb0
[  660.641222][T11253] netlink: 'syz.5.1457': attribute type 1 has an invalid length.
[  662.758721][T11277] Cannot find del_set index 4 as target
[  663.649806][T11259] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  663.666263][T11259] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  664.504647][T11259] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  664.548052][T11259] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  664.622315][T11259] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  664.653814][T11259] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  664.717781][T11297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.730419][T11297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.742701][T11297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.752643][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  664.843529][T11259] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  664.896088][T11259] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  664.948888][T11259] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  664.985097][T11259] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  665.012680][T11259] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  665.048279][T11259] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  665.070480][T11259] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  665.098660][T11259] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  665.120351][T11259] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  665.301813][T11301] fuse: Unknown parameter '0x0000000000000004'
[  665.338521][T11303] netlink: 'syz.3.1470': attribute type 1 has an invalid length.
[  666.310422][T11305] siw: device registration error -23
[  666.660250][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  666.790253][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  666.860291][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  667.020275][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  667.112722][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  668.249536][   T75] Bluetooth: (null): Invalid header checksum
[  668.279841][   T75] Bluetooth: (null): Invalid header checksum
[  668.327234][T11317] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  668.333792][T11317] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  668.349596][T11317] vhci_hcd vhci_hcd.0: Device attached
[  668.358315][    T9] Bluetooth: (null): Invalid header checksum
[  668.369344][T11320] vhci_hcd: connection closed
[  668.369677][    T9] vhci_hcd: stop threads
[  668.390487][    T9] vhci_hcd: release socket
[  668.395602][    T9] vhci_hcd: disconnect device
[  668.544254][   T75] Bluetooth: (null): Invalid header checksum
[  668.720332][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  669.251973][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  669.258041][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  669.264149][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  670.453260][T11346] netlink: 'syz.1.1481': attribute type 1 has an invalid length.
[  671.123727][T11354] fuse: Unknown parameter 'fd0x0000000000000004'
[  672.988910][T11371] hfs: can't find a HFS filesystem on dev nullb0
[  673.443912][T11367] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  673.450580][T11367] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  673.523957][T11367] vhci_hcd vhci_hcd.0: Device attached
[  673.545070][T11369] vhci_hcd: connection closed
[  673.546590][ T4484] vhci_hcd: stop threads
[  673.580307][ T4484] vhci_hcd: release socket
[  673.584807][ T4484] vhci_hcd: disconnect device
[  674.171960][ T4481] Bluetooth: (null): Invalid header checksum
[  674.178221][ T4481] Bluetooth: (null): Invalid header checksum
[  674.286020][ T4506] Bluetooth: (null): Invalid header checksum
[  674.390544][   T11] Bluetooth: (null): Invalid header checksum
[  674.503725][ T4499] Bluetooth: (null): Invalid header checksum
[  675.298627][T11390] netlink: 'syz.1.1493': attribute type 1 has an invalid length.
[  675.337608][T11386] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  675.344903][T11390] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1493'.
[  675.358934][T11386] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  675.539036][T11386] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  675.562053][T11386] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  675.569414][T11386] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  675.663384][T11400] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  676.416971][T11386] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  676.580934][T11386] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  676.587467][T11386] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  676.610385][T11386] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  676.633534][T11386] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  676.656691][T11386] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  677.211509][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  677.589495][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  677.609886][T11386] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  677.639530][T11386] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  677.655586][T11386] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  677.677476][T11386] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  678.745935][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  678.752069][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  679.295174][T11429] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1501'.
[  679.642386][T11428] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  679.862397][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  679.863427][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  679.874648][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  680.200281][T11433] hfs: can't find a HFS filesystem on dev nullb0
[  680.780270][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  680.786557][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  680.794330][T11441] netlink: 'syz.4.1507': attribute type 1 has an invalid length.
[  680.804234][T11441] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1507'.
[  680.892298][T11444] siw: device registration error -23
[  681.900254][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[  682.476708][T11454] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1510'.
[  683.846322][T11448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.873161][T11448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  683.898440][T11448] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  684.042032][T11463] fuse: Unknown parameter 'fd0x0000000000000004'
[  686.380284][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[  686.394014][T11469] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  686.643744][T11484] xt_hashlimit: size too large, truncated to 1048576
[  688.240227][T11469] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  688.295663][T11469] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  688.324977][T11469] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  688.344674][T11469] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  688.355784][T11469] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  688.359759][T11490] netlink: 'syz.1.1518': attribute type 1 has an invalid length.
[  688.385725][T11469] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  688.403963][T11469] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  688.404403][T11490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1518'.
[  688.452525][T11469] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  688.470036][T11469] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  688.485099][T11469] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  688.527990][T11469] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  688.568040][T11469] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  688.594794][T11469] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  688.615066][T11469] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  688.620602][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  690.392025][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  690.460281][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  690.519301][T11502] autofs4:pid:11502:autofs_fill_super: called with bogus options
[  690.540473][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  690.620470][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  691.013353][T11514] loop9: detected capacity change from 0 to 7
[  691.020993][T11514] Dev loop9: unable to read RDB block 7
[  691.026620][T11514]  loop9: unable to read partition table
[  691.032529][T11514] loop9: partition table beyond EOD, truncated
[  691.038920][T11514] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  691.274305][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  691.283147][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  692.595738][T11527] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1527'.
[  692.620015][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[  692.629219][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  692.636217][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  692.700241][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[  693.838807][T11536] xt_hashlimit: size too large, truncated to 1048576
[  696.081152][T11544] netlink: 'syz.3.1532': attribute type 1 has an invalid length.
[  696.102893][T11544] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1532'.
[  699.631346][T11564] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  699.650268][T11564] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  700.342880][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  701.592266][T11564] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  702.057417][T11564] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  702.140495][T11564] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  702.381615][T11564] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  702.388818][T11564] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  702.394946][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  702.423840][T11564] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  702.429910][T11564] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  703.370592][T11564] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  703.471726][T11564] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  703.510544][T11564] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  703.550382][T11564] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  703.590382][T11564] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  703.603081][T11564] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  703.633893][T11605] netlink: 'syz.3.1545': attribute type 1 has an invalid length.
[  703.647755][T11605] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1545'.
[  704.061159][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  704.161960][T11616] siw: device registration error -23
[  704.490270][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  705.350397][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  705.580452][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  705.769465][T11628] loop9: detected capacity change from 0 to 7
[  705.855731][T11628] Dev loop9: unable to read RDB block 7
[  705.881202][T11628]  loop9: unable to read partition table
[  705.929546][T11628] loop9: partition table beyond EOD, truncated
[  706.014466][T11628] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  706.140290][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  706.540288][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  706.776464][T11627] ax25_connect(): syz.1.1551 uses autobind, please contact jreuter@yaina.de
[  706.909489][   T27] audit: type=1326 audit(1747520698.690:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11625 comm="syz.1.1551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  707.427927][ T4259] Bluetooth: hci4: command 0x0406 tx timeout
[  707.661031][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  709.288402][T11657] netlink: 'syz.5.1559': attribute type 1 has an invalid length.
[  709.311487][T11657] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1559'.
[  710.152827][T11663] xt_hashlimit: size too large, truncated to 1048576
[  712.410474][T11667] siw: device registration error -23
[  712.702281][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  712.710666][T11654] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  712.731528][T11654] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  713.423568][T11654] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  713.433941][T11654] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  713.442375][T11654] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  713.448508][T11654] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  713.457123][T11654] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  713.463555][T11654] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  713.470631][T11654] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  713.478482][T11654] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  713.484925][T11654] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  713.492372][T11654] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  713.505071][T11654] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  713.512713][T11654] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  713.519400][T11654] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  714.146029][T11686] ax25_connect(): syz.5.1562 uses autobind, please contact jreuter@yaina.de
[  714.390251][   T27] audit: type=1326 audit(1747520706.150:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11672 comm="syz.5.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f942398e969 code=0x7fc00000
[  714.790256][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  715.500276][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  715.506391][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  715.506478][ T8857] Bluetooth: hci1: command 0x0c1a tx timeout
[  715.580310][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  717.580294][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  717.586422][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  717.592517][ T8857] Bluetooth: hci4: command 0x0406 tx timeout
[  717.660238][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  718.488193][T11714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1573'.
[  719.238182][T11728] siw: device registration error -23
[  720.304467][T11731] sctp: [Deprecated]: syz.4.1574 (pid 11731) Use of struct sctp_assoc_value in delayed_ack socket option.
[  720.304467][T11731] Use struct sctp_sack_info instead
[  721.900425][T11743] xt_hashlimit: size too large, truncated to 1048576
[  722.629470][T11745] ax25_connect(): syz.5.1578 uses autobind, please contact jreuter@yaina.de
[  722.774048][   T27] audit: type=1326 audit(1747520714.560:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11732 comm="syz.5.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f942398e969 code=0x7fc00000
[  727.375429][T11781] siw: device registration error -23
[  728.499371][T11796] siw: device registration error -23
[  729.570258][   T27] audit: type=1326 audit(1747520721.350:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11792 comm="syz.1.1591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  729.699925][   T27] audit: type=1326 audit(1747520721.420:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11763 comm="syz.4.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad3d8e969 code=0x7fc00000
[  730.102747][T11807] xt_hashlimit: size too large, truncated to 1048576
[  733.631258][T11830] ax25_connect(): syz.5.1597 uses autobind, please contact jreuter@yaina.de
[  734.060298][   T27] audit: type=1326 audit(1747520725.830:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11823 comm="syz.5.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f942398e969 code=0x7fc00000
[  735.509417][T11850] siw: device registration error -23
[  736.614483][T11858] xt_hashlimit: size too large, truncated to 1048576
[  738.169994][T11861] sctp: [Deprecated]: syz.0.1603 (pid 11861) Use of struct sctp_assoc_value in delayed_ack socket option.
[  738.169994][T11861] Use struct sctp_sack_info instead
[  739.330211][   T27] audit: type=1326 audit(1747520731.110:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11862 comm="syz.4.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad3d8e969 code=0x7fc00000
[  740.605114][T11879] xt_hashlimit: size too large, truncated to 1048576
[  743.399925][T11905] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  743.406507][T11905] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  743.415698][T11905] vhci_hcd vhci_hcd.0: Device attached
[  743.431411][T11906] vhci_hcd: connection closed
[  743.433286][ T4499] vhci_hcd: stop threads
[  743.446838][ T4499] vhci_hcd: release socket
[  743.454625][ T4499] vhci_hcd: disconnect device
[  743.991160][T11916] xt_hashlimit: size too large, truncated to 1048576
[  744.900446][T11917] ax25_connect(): syz.4.1617 uses autobind, please contact jreuter@yaina.de
[  745.200344][   T27] audit: type=1326 audit(1747520736.980:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11912 comm="syz.4.1617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad3d8e969 code=0x7fc00000
[  747.290493][T11929] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  747.329654][T11929] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  747.496703][T11929] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  747.510467][T11929] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  747.516799][T11929] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  748.140257][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  748.520408][T11944] loop9: detected capacity change from 0 to 7
[  748.720287][T11929] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  748.870685][T11944] Dev loop9: unable to read RDB block 7
[  748.876286][T11944]  loop9: unable to read partition table
[  748.882158][T11944] loop9: partition table beyond EOD, truncated
[  748.888361][T11944] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  749.581847][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  749.670276][T11929] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  749.711934][T11929] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  749.718058][T11929] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  749.727243][T11929] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  749.735679][T11929] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  749.749336][T11929] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  749.761558][T11929] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  749.769670][T11929] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  749.776698][T11929] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  750.220330][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  751.489820][T11963] siw: device registration error -23
[  751.703324][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  751.740543][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  751.916248][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  751.922377][ T8857] Bluetooth: hci2: command 0x0c1a tx timeout
[  752.880615][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  752.886996][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  753.550707][T11988] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  753.557296][T11988] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  753.644828][T11988] vhci_hcd vhci_hcd.0: Device attached
[  753.752876][T11991] vhci_hcd: connection closed
[  753.753155][ T4482] vhci_hcd: stop threads
[  753.783240][ T4482] vhci_hcd: release socket
[  753.809600][ T4482] vhci_hcd: disconnect device
[  753.980628][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  753.986954][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  753.993133][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  754.703183][T11997] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  754.711449][T11997] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  754.729585][T11997] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  754.738632][T11997] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  754.745801][T11997] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  754.754079][T11997] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  754.766080][T11997] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  754.773014][T11997] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  754.935905][T11997] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  755.447306][T11997] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  755.607376][T11997] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  755.619436][T11997] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  755.635753][T11997] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  755.708666][T12014] xt_hashlimit: size too large, truncated to 1048576
[  757.193067][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  757.199619][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  757.202593][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  757.216140][T11997] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  757.232880][T11997] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  757.531765][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  757.730312][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  759.154739][T12022] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  759.161317][T12022] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  759.307689][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  759.314231][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  759.320326][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  759.799111][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  759.805506][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  760.080701][T12022] vhci_hcd vhci_hcd.0: Device attached
[  760.202808][T12031] vhci_hcd: connection closed
[  760.242496][ T4322] vhci_hcd: stop threads
[  760.257255][ T4322] vhci_hcd: release socket
[  760.275939][ T4322] vhci_hcd: disconnect device
[  764.218711][T12083] netlink: 'syz.3.1656': attribute type 1 has an invalid length.
[  765.032131][T12093] netlink: 'syz.3.1670': attribute type 1 has an invalid length.
[  765.396941][T12098] xt_hashlimit: size too large, truncated to 1048576
[  766.527552][T12109] ax25_connect(): syz.3.1662 uses autobind, please contact jreuter@yaina.de
[  766.926833][   T27] audit: type=1326 audit(1747520758.710:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12097 comm="syz.3.1662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e918e969 code=0x7fc00000
[  769.671488][T12130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.722862][T12130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  769.804320][T12135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  771.686653][T12143] netlink: 'syz.4.1672': attribute type 1 has an invalid length.
[  773.401013][T12167] ax25_connect(): syz.1.1675 uses autobind, please contact jreuter@yaina.de
[  774.361704][   T27] audit: type=1326 audit(1747520766.150:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12157 comm="syz.1.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  779.840682][T12206] netlink: 'syz.1.1687': attribute type 1 has an invalid length.
[  779.903857][T12199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.142244][T12199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  780.153958][T12199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  782.151365][T12228] ax25_connect(): syz.1.1690 uses autobind, please contact jreuter@yaina.de
[  783.658636][   T27] audit: type=1326 audit(1747520775.440:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12222 comm="syz.1.1690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  787.346621][T12264] netlink: 'syz.0.1701': attribute type 1 has an invalid length.
[  790.430364][T12282] hfs: can't find a HFS filesystem on dev nullb0
[  791.109132][T12288] ax25_connect(): syz.0.1708 uses autobind, please contact jreuter@yaina.de
[  792.449759][T12294] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  792.494041][T12294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1710'.
[  795.155393][T12313] netlink: 'syz.0.1714': attribute type 1 has an invalid length.
[  798.026215][T12340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  798.211075][T12343] ax25_connect(): syz.4.1720 uses autobind, please contact jreuter@yaina.de
[  798.542393][T12340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1722'.
[  799.688776][T12361] netlink: 'syz.3.1727': attribute type 1 has an invalid length.
[  799.728710][T12361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1727'.
[  800.200349][T12360] loop9: detected capacity change from 0 to 7
[  800.713849][T12360] Dev loop9: unable to read RDB block 7
[  800.719613][T12360]  loop9: unable to read partition table
[  800.725549][T12360] loop9: partition table beyond EOD, truncated
[  800.731828][T12360] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  805.169201][T12401] ax25_connect(): syz.3.1735 uses autobind, please contact jreuter@yaina.de
[  805.887983][T12406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  805.935391][T12406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1737'.
[  806.093681][T12410] netlink: 'syz.3.1739': attribute type 1 has an invalid length.
[  806.103099][T12410] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1739'.
[  806.620247][T12411] vivid-003: disconnect
[  807.515978][T12403] vivid-003: reconnect
[  810.619472][T12439] siw: device registration error -23
[  811.904136][T12451] sctp: [Deprecated]: syz.4.1747 (pid 12451) Use of struct sctp_assoc_value in delayed_ack socket option.
[  811.904136][T12451] Use struct sctp_sack_info instead
[  812.450027][T12463] ax25_connect(): syz.1.1749 uses autobind, please contact jreuter@yaina.de
[  813.226989][T12465] netlink: 'syz.4.1750': attribute type 1 has an invalid length.
[  813.295631][T12465] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1750'.
[  813.458458][T12471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  813.555907][T12471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1752'.
[  814.170919][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  814.177572][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  817.593529][T12509] ax25_connect(): syz.3.1761 uses autobind, please contact jreuter@yaina.de
[  817.985053][T12512] siw: device registration error -23
[  818.734824][T12521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  818.748877][T12522] netlink: 'syz.3.1764': attribute type 1 has an invalid length.
[  818.786124][T12521] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1766'.
[  822.863639][T12553] ax25_connect(): syz.5.1774 uses autobind, please contact jreuter@yaina.de
[  824.907013][T12564] netlink: 'syz.5.1777': attribute type 1 has an invalid length.
[  825.900958][T12568] siw: device registration error -23
[  826.541174][T12572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  829.069580][T12604] ax25_connect(): syz.5.1786 uses autobind, please contact jreuter@yaina.de
[  831.100494][T12618] netlink: 'syz.1.1790': attribute type 1 has an invalid length.
[  831.593664][T12626] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  833.805225][T12605] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  833.855508][T12605] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  833.882422][T12605] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  833.923024][T12605] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  834.100199][T12605] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  834.116565][T12605] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  835.399708][T12605] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  835.438127][T12605] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  835.579264][T12605] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  835.630345][T12605] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  835.636409][T12605] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  835.658012][T12605] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  835.672046][T12605] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  835.678059][T12605] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  835.708648][T12648] Cannot find del_set index 4 as target
[  835.820221][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[  835.980242][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  836.129198][T12605] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  836.645316][T12653] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  836.704588][T12655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  836.766759][T12655] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1798'.
[  836.825765][T12650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  836.837855][T12650] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  837.159335][T12662] ax25_connect(): syz.4.1799 uses autobind, please contact jreuter@yaina.de
[  837.420310][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  837.660168][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  837.740582][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  838.800301][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[  838.833299][T12672] netlink: 'syz.3.1803': attribute type 1 has an invalid length.
[  838.911681][ T4260] Bluetooth: hci0: command 0x0406 tx timeout
[  840.030973][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  840.030996][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  840.037102][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  842.797333][T12708] ax25_connect(): syz.1.1811 uses autobind, please contact jreuter@yaina.de
[  843.539712][T12712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.555973][T12712] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1813'.
[  843.820308][T12699] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  843.899360][T12714] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  844.460151][T12699] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  844.482797][T12699] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  844.517847][T12699] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  844.701554][T12699] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  844.717547][T12699] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  844.726140][T12699] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  844.734436][T12699] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  844.742585][T12699] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  845.506915][T12699] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  845.510379][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[  845.530418][T12699] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  845.536503][T12699] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  845.621217][T12699] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  845.627381][T12699] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  845.643572][T12699] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  845.810352][T12718] Cannot find del_set index 4 as target
[  846.564866][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  847.403201][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  847.431814][T12731] netlink: 'syz.3.1818': attribute type 1 has an invalid length.
[  847.580216][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  847.580432][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  847.660284][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  848.024336][T12748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  848.172945][T12748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  848.434848][T12756] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  848.530617][T12756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1824'.
[  848.580362][T12757] ax25_connect(): syz.5.1823 uses autobind, please contact jreuter@yaina.de
[  848.600309][T12738] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  849.470640][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  849.476865][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[  849.665994][ T4259] Bluetooth: hci4: command 0x0406 tx timeout
[  849.740306][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  850.330225][ T4460] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  850.517712][T12771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  850.530976][ T4460] usb 2-1: Using ep0 maxpacket: 8
[  850.537856][ T4460] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  850.567246][ T4460] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  850.669835][T12771] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1838'.
[  850.779519][ T4460] usb 2-1: config 0 has no interface number 0
[  850.786840][ T4460] usb 2-1: too many endpoints for config 0 interface 52 altsetting 48: 48, using maximum allowed: 30
[  850.798099][ T4460] usb 2-1: config 0 interface 52 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  850.811621][ T4460] usb 2-1: config 0 interface 52 has no altsetting 0
[  850.833246][ T4460] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  850.842527][ T4460] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  850.851020][ T4460] usb 2-1: Manufacturer: syz
[  850.860723][ T4460] usb 2-1: config 0 descriptor??
[  851.001860][T12783] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  851.812195][ T4460] usb 2-1: selecting invalid altsetting 1
[  851.818242][ T4460] usb 2-1: Can not set alternate setting to 1, error: -22
[  851.827502][ T4460] synaptics_usb: probe of 2-1:0.52 failed with error -22
[  852.362200][ T4460] usb 2-1: USB disconnect, device number 6
[  852.486869][T12772] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  852.514545][T12772] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  852.611413][T12772] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  852.622093][T12772] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  852.629518][T12772] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  852.638683][T12772] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  852.647670][T12772] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  852.657437][T12772] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  852.666935][T12772] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  852.940687][T12772] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  852.947045][T12772] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  853.100312][T12772] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  853.110567][T12772] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  853.130329][T12772] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  853.851816][T12772] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  854.300187][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  854.503943][T12800] netlink: 'syz.5.1834': attribute type 1 has an invalid length.
[  854.830145][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  854.848832][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  854.938530][T12801] hfs: can't find a HFS filesystem on dev nullb0
[  855.020225][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  855.180552][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  855.914548][T12816] ax25_connect(): syz.4.1839 uses autobind, please contact jreuter@yaina.de
[  856.848701][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  856.860290][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  856.940184][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  857.100525][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  857.260251][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  857.455108][T12830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  858.112354][T12830] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1843'.
[  858.511457][T12807] Cannot find del_set index 4 as target
[  858.663043][T12813] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  858.675770][T12813] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  858.717298][T12813] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  858.730278][T12813] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  858.741094][T12813] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  858.755671][T12813] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  858.765454][T12813] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  858.771978][T12813] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  858.778130][T12813] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  858.787169][T12813] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  858.793812][T12813] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  858.805695][T12813] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  858.814119][T12813] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  858.825630][T12813] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  858.832004][T12813] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  858.945968][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  859.088994][T12837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.125137][T12837] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1854'.
[  859.713035][    T7] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  860.261199][    T7] usb 4-1: Using ep0 maxpacket: 8
[  860.268186][    T7] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  860.349044][    T7] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  860.371683][    T7] usb 4-1: config 0 has no interface number 0
[  860.384630][    T7] usb 4-1: too many endpoints for config 0 interface 52 altsetting 48: 48, using maximum allowed: 30
[  860.407958][    T7] usb 4-1: config 0 interface 52 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  860.463449][    T7] usb 4-1: config 0 interface 52 has no altsetting 0
[  860.483817][    T7] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  860.540201][    T7] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  860.575013][    T7] usb 4-1: Manufacturer: syz
[  860.621848][    T7] usb 4-1: config 0 descriptor??
[  860.816475][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  860.816825][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  860.861049][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  860.868102][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  861.331512][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[  861.370804][ T4270] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  861.379481][    T7] usb 4-1: selecting invalid altsetting 1
[  861.395501][    T7] usb 4-1: Can not set alternate setting to 1, error: -22
[  861.403094][    T7] synaptics_usb: probe of 4-1:0.52 failed with error -22
[  861.417828][    T7] usb 4-1: USB disconnect, device number 2
[  861.854726][T12866] netlink: 'syz.0.1850': attribute type 1 has an invalid length.
[  862.298388][T12871] ax25_connect(): syz.4.1851 uses autobind, please contact jreuter@yaina.de
[  862.323213][T12872] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1850'.
[  862.860243][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[  862.866351][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  863.095659][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[  863.846271][T12861] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  863.856392][T12861] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  863.863573][T12861] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  863.886527][T12861] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  863.895299][T12861] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  863.901819][T12861] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  863.919500][T12861] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  864.540181][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  864.863415][T12861] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  864.870398][T12861] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  864.929075][T12861] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  864.940476][T12861] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  864.947623][T12861] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  864.957878][T12861] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  864.965132][T12861] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  864.971513][T12861] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  865.057952][T12894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  865.073625][T12894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1859'.
[  865.910565][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  865.980528][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  866.390844][T12896] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  866.430159][T12896] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  866.436204][T12896] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  866.466100][T12896] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  866.473439][T12915] netlink: 'syz.0.1864': attribute type 1 has an invalid length.
[  866.496431][T12896] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  866.504431][T12896] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  866.516024][T12910] Cannot find del_set index 4 as target
[  866.522597][T12896] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  866.528567][T12917] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1864'.
[  866.542260][T12896] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  866.551658][T12896] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  866.573890][T12896] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  866.587274][T12896] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  866.597287][T12896] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  867.160201][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  867.573300][T12896] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  867.652173][T12896] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  867.658255][T12896] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  868.500339][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  868.594083][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  868.600189][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  868.620246][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  869.580266][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  870.540951][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[  870.620208][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[  870.620460][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  870.660447][   T27] audit: type=1326 audit(1747520862.450:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12923 comm="syz.1.1867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  870.700229][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  870.775569][T12946] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  870.782123][T12946] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  870.878272][T12946] vhci_hcd vhci_hcd.0: Device attached
[  871.073697][T12950] vhci_hcd: connection closed
[  871.086541][ T4499] vhci_hcd: stop threads
[  871.140277][   T26] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  871.308574][ T4499] vhci_hcd: release socket
[  871.460300][ T4499] vhci_hcd: disconnect device
[  871.544293][T12956] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  871.559126][T12956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1874'.
[  871.630585][T12952] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  871.646691][T12958] autofs4:pid:12958:autofs_fill_super: called with bogus options
[  871.660207][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[  871.666457][T12952] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  871.702528][T12952] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  871.918853][T12952] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  872.531377][T12952] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  872.540524][T12952] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  872.558130][T12952] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  872.657457][T12952] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  872.692075][T12952] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  872.712344][T12952] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  872.742685][T12952] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  872.775874][T12952] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  872.792021][T12970] netlink: 'syz.3.1878': attribute type 1 has an invalid length.
[  872.801138][T12952] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  872.830329][T12952] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  872.940188][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  873.768681][T12952] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  873.790866][T12970] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1878'.
[  873.980264][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[  874.630479][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  875.541514][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  875.547611][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  875.566635][ T4259] Bluetooth: hci0: command 0x0c1a tx timeout
[  875.582276][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  875.589082][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  875.819863][T12999] autofs4:pid:12999:autofs_fill_super: called with bogus options
[  876.060187][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[  876.172532][T12991] loop9: detected capacity change from 0 to 7
[  876.290007][T12991] Dev loop9: unable to read RDB block 7
[  876.295736][T12991]  loop9: unable to read partition table
[  876.301682][T12991] loop9: partition table beyond EOD, truncated
[  876.307908][T12991] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  876.318231][   T26] vhci_hcd: vhci_device speed not set
[  876.646868][T13007] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  876.653463][T13007] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  876.687197][T13007] vhci_hcd vhci_hcd.0: Device attached
[  876.700741][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[  876.715776][T13009] vhci_hcd: connection closed
[  876.716029][   T11] vhci_hcd: stop threads
[  876.758732][   T11] vhci_hcd: release socket
[  876.763505][   T11] vhci_hcd: disconnect device
[  876.865095][T13012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  876.988298][T13012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1887'.
[  877.610433][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[  877.617327][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[  877.888284][T13031] netlink: 'syz.4.1893': attribute type 1 has an invalid length.
[  877.897692][T13031] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1893'.
[  878.146573][T13033] ax25_connect(): syz.3.1883 uses autobind, please contact jreuter@yaina.de
[  878.717115][   T27] audit: type=1326 audit(1747520870.500:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12995 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e918e969 code=0x7fc00000
[  878.953369][T13042] fuse: Bad value for 'fd'
[  879.453052][T13028] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  879.467201][T13028] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  879.483768][T13028] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  879.491719][T13028] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  879.508084][T13028] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  879.518020][T13028] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  879.544013][T13028] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  879.563639][T13028] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  879.569976][T13028] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  879.584831][T13028] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  879.593835][T13028] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  879.608366][T13028] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  879.653050][T13028] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  879.664949][T13028] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  879.666165][T13046] netlink: 372 bytes leftover after parsing attributes in process `syz.0.1896'.
[  879.673644][T13028] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  880.109969][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  880.149803][T13051] autofs4:pid:13051:autofs_fill_super: called with bogus options
[  880.634315][T13057] loop9: detected capacity change from 0 to 7
[  881.549223][ T4259] Bluetooth: hci1: command 0x0c1a tx timeout
[  881.580222][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[  881.733761][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  881.733773][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  881.759786][T13057] Dev loop9: unable to read RDB block 7
[  881.765518][T13057]  loop9: unable to read partition table
[  881.771419][T13057] loop9: partition table beyond EOD, truncated
[  881.777622][T13057] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  882.160295][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  883.319990][T13070] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  883.403863][T13073] netlink: 'syz.3.1905': attribute type 1 has an invalid length.
[  883.581174][T13070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1904'.
[  883.602820][T13073] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1905'.
[  883.660254][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  883.740221][ T4259] Bluetooth: hci4: command 0x0406 tx timeout
[  883.820453][ T4259] Bluetooth: hci1: command 0x0406 tx timeout
[  883.826581][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  885.363048][T13095] autofs4:pid:13095:autofs_fill_super: called with bogus options
[  885.492896][T13096] Cannot find del_set index 4 as target
[  885.684893][T13086] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  885.725872][T13086] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  885.780979][T13086] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  885.861006][T13086] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  885.910539][T13086] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  885.916941][T13086] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  885.950424][T13086] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  885.970172][T13086] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  886.014674][T13086] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  886.072112][T13101] fuse: Bad value for 'fd'
[  886.097261][T13086] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  886.146882][T13086] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  886.166393][T13086] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  886.191290][T13086] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  886.215841][T13086] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  886.261453][T13086] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  887.420172][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  887.697157][T13106] loop9: detected capacity change from 0 to 7
[  887.776990][T13106] Dev loop9: unable to read RDB block 7
[  887.782783][T13106]  loop9: unable to read partition table
[  887.788537][T13106] loop9: partition table beyond EOD, truncated
[  887.794769][T13106] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  887.900176][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[  887.982766][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[  888.387719][ T4259] Bluetooth: hci2: command 0x0c1a tx timeout
[  888.393852][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[  888.428545][T13119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  888.660785][T13119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1919'.
[  889.500217][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  889.582540][T13130] autofs4:pid:13130:autofs_fill_super: called with bogus options
[  890.044091][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  890.060346][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[  890.460256][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[  890.460917][ T4259] Bluetooth: hci2: command 0x0406 tx timeout
[  893.646511][T13163] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  894.583638][T13169] ax25_connect(): syz.5.1929 uses autobind, please contact jreuter@yaina.de
[  895.243029][   T27] audit: type=1326 audit(1747520887.010:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13161 comm="syz.5.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f942398e969 code=0x7fc00000
[  896.882353][T13179] autofs4:pid:13179:autofs_fill_super: called with bogus options
[  898.562858][T13192] autofs4:pid:13192:autofs_fill_super: called with bogus options
[  900.767281][T13222] hfs: can't find a HFS filesystem on dev nullb0
[  902.728128][T13225] loop9: detected capacity change from 0 to 7
[  902.832699][T13225] Dev loop9: unable to read RDB block 7
[  902.838390][T13225]  loop9: unable to read partition table
[  902.844353][T13225] loop9: partition table beyond EOD, truncated
[  902.850635][T13225] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  904.224269][T13244] autofs4:pid:13244:autofs_fill_super: called with bogus options
[  909.900997][T13296] hfs: can't find a HFS filesystem on dev nullb0
[  911.460346][T13300] loop9: detected capacity change from 0 to 7
[  911.778151][T13300] Dev loop9: unable to read RDB block 7
[  911.784008][T13300]  loop9: unable to read partition table
[  911.789802][T13300] loop9: partition table beyond EOD, truncated
[  911.796047][T13300] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  912.662258][T13314] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  915.965746][T13341] xt_hashlimit: size too large, truncated to 1048576
[  920.510348][T13361] loop9: detected capacity change from 0 to 7
[  920.750751][T13361] Dev loop9: unable to read RDB block 7
[  920.756469][T13361]  loop9: unable to read partition table
[  920.762334][T13361] loop9: partition table beyond EOD, truncated
[  920.768715][T13361] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  922.387632][T13373] hfs: can't find a HFS filesystem on dev nullb0
[  923.290921][T13380] ax25_connect(): syz.4.1980 uses autobind, please contact jreuter@yaina.de
[  923.850190][   T27] audit: type=1326 audit(1747520915.630:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13374 comm="syz.4.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad3d8e969 code=0x7fc00000
[  924.972315][T13394] netlink: 372 bytes leftover after parsing attributes in process `syz.4.1984'.
[  926.686553][T13410] loop9: detected capacity change from 0 to 7
[  927.361974][T13410] Dev loop9: unable to read RDB block 7
[  927.367621][T13410]  loop9: unable to read partition table
[  927.373564][T13410] loop9: partition table beyond EOD, truncated
[  927.379763][T13410] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  934.634216][T13450] autofs4:pid:13450:autofs_fill_super: called with bogus options
[  936.413362][T13478] hfs: can't find a HFS filesystem on dev nullb0
[  937.140697][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  937.147145][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  937.483307][T13492] ax25_connect(): syz.3.2008 uses autobind, please contact jreuter@yaina.de
[  938.220184][   T27] audit: type=1326 audit(1747520929.970:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13483 comm="syz.3.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e918e969 code=0x7fc00000
[  938.596079][T13497] fuse: Bad value for 'fd'
[  938.607245][T13497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2005'.
[  938.890256][   T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  939.080216][   T26] usb 5-1: Using ep0 maxpacket: 8
[  939.112017][   T26] usb 5-1: config 0 has an invalid interface number: 52 but max is 0
[  939.144361][   T26] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  939.710097][   T26] usb 5-1: config 0 has no interface number 0
[  940.047079][   T26] usb 5-1: config 0 interface 52 altsetting 1 has an invalid endpoint with address 0x35, skipping
[  940.069095][   T26] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  940.092690][   T26] usb 5-1: config 0 interface 52 has no altsetting 0
[  940.113285][   T26] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  940.230600][   T26] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  940.241136][   T26] usb 5-1: Manufacturer: syz
[  940.270571][   T26] usb 5-1: config 0 descriptor??
[  940.992355][ T4259] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[  941.003955][  T126] usb 5-1: USB disconnect, device number 3
[  942.421401][T13527] netlink: 372 bytes leftover after parsing attributes in process `syz.3.2018'.
[  944.840785][T13549] ax25_connect(): syz.4.2024 uses autobind, please contact jreuter@yaina.de
[  945.137263][   T27] audit: type=1326 audit(1747520936.920:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.4.2024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ad3d8e969 code=0x7fc00000
[  949.521717][T13582] ax25_connect(): syz.1.2033 uses autobind, please contact jreuter@yaina.de
[  950.030870][   T27] audit: type=1326 audit(1747520941.820:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13577 comm="syz.1.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24a9b8e969 code=0x7fc00000
[  951.732524][T13608] hfs: can't find a HFS filesystem on dev nullb0
[  952.188519][T13613] loop9: detected capacity change from 0 to 7
[  952.297443][T13613] Dev loop9: unable to read RDB block 7
[  952.338891][T13613]  loop9: unable to read partition table
[  952.347052][T13613] loop9: partition table beyond EOD, truncated
[  952.356996][T13613] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  955.024502][T13638] erofs: (device nullb0): erofs_read_superblock: cannot find valid erofs superblock
[  955.544715][T13644] fuse: Bad value for 'fd'
[  955.567012][T13644] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2044'.
[  962.012194][T13722] loop9: detected capacity change from 0 to 7
[  962.038552][T13722] Dev loop9: unable to read RDB block 7
[  962.057943][T13722]  loop9: unable to read partition table
[  962.180279][T13722] loop9: partition table beyond EOD, truncated
[  962.428701][T13722] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  967.971888][   T11] Bluetooth: (null): Invalid header checksum
[  967.979676][   T11] Bluetooth: (null): Invalid header checksum
[  967.989575][   T11] Bluetooth: (null): Invalid header checksum
[  968.082907][   T46] Bluetooth: (null): Invalid header checksum
[  968.192922][   T11] Bluetooth: (null): Invalid header checksum
[  969.491200][T13768] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  969.497362][T13768] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  969.506494][T13768] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  969.581679][T13768] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  970.134168][T13768] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  970.196792][T13768] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  970.231590][T13768] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  970.241102][T13768] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  970.249983][T13768] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  970.329905][T13768] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  970.344394][T13768] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  970.367965][T13768] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  970.376989][T13768] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  970.485360][T13768] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  970.530415][T13768] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  970.579481][T13790] netlink: 'syz.3.2085': attribute type 1 has an invalid length.
[  970.591853][T13790] bond1: (slave vcan9): The slave device specified does not support setting the MAC address
[  970.653003][T13790] bond1: (slave vcan9): Enslaving as a backup interface with an up link
[  970.981786][T13797] netlink: 'syz.5.2097': attribute type 1 has an invalid length.
[  971.005847][T13797] bond1: (slave vcan7): The slave device specified does not support setting the MAC address
[  971.029170][T13797] bond1: (slave vcan7): Enslaving as a backup interface with an up link
[  971.565166][ T4259] Bluetooth: hci0: command 0x0406 tx timeout
[  972.245533][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[  972.300226][ T4259] Bluetooth: hci3: command 0x0c1a tx timeout
[  972.380236][ T4259] Bluetooth: hci4: command 0x0c1a tx timeout
[  972.386994][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[  973.122362][T13817] ax25_connect(): syz.3.2090 uses autobind, please contact jreuter@yaina.de
[  973.568515][   T27] audit: type=1326 audit(1747520965.260:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13806 comm="syz.3.2090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19e918e969 code=0x7fc00000
[  974.378514][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[  974.474796][ T8857] Bluetooth: hci2: command 0x0406 tx timeout
[  974.474844][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[  974.477658][ T4259] Bluetooth: hci3: command 0x0406 tx timeout
[  974.500092][ T4259] Bluetooth: hci4: command 0x0406 tx timeout
[  975.750460][T13833] hfs: can't find a HFS filesystem on dev nullb0
[  977.951859][T13857] netlink: 'syz.5.2102': attribute type 1 has an invalid length.
[  977.962929][T13856] Cannot find del_set index 4 as target
[  978.214811][T13857] bond1: (slave vcan8): The slave device specified does not support setting the MAC address
[  978.257888][T13857] bond1: (slave vcan8): Enslaving as a backup interface with an up link
[  979.496934][T13853] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  979.980272][T13821] Bluetooth: hci0: command 0x0406 tx timeout
[  980.467766][T13853] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  980.489198][T13853] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  980.530581][T13853] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  980.543608][T13853] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  980.566662][T13853] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  980.587532][T13853] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  980.628149][T13853] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  980.660269][T13876] loop9: detected capacity change from 0 to 7
[  980.667060][T13876] Dev loop9: unable to read RDB block 7
[  980.672830][T13876]  loop9: unable to read partition table
[  980.678657][T13876] loop9: partition table beyond EOD, truncated
[  980.684900][T13876] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  980.698978][T13853] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  980.730413][T13853] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  980.750415][T13853] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  980.785530][T13853] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  980.935365][T13853] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  981.003392][T13853] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  981.019818][T13853] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  981.433324][ T4302] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  981.660188][ T4302] usb 2-1: Using ep0 maxpacket: 8
[  981.667139][ T4302] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  981.756676][T13889] vivid-000: disconnect
[  982.432494][T13881] vivid-000: reconnect
[  982.460154][T13821] Bluetooth: hci0: command 0x0c1a tx timeout
[  982.550103][T13821] Bluetooth: hci1: command 0x0c1a tx timeout
[  982.620278][ T4302] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  982.630650][T13821] Bluetooth: hci3: command 0x0c1a tx timeout
[  982.651320][ T4302] usb 2-1: config 0 has no interface number 0
[  982.668742][ T4302] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  982.707641][ T4302] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  982.794688][T13821] Bluetooth: hci4: command 0x0c1a tx timeout
[  982.810253][ T4302] usb 2-1: config 0 interface 52 has no altsetting 0
[  982.821228][ T4302] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  982.835594][ T4302] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  982.940802][T13821] Bluetooth: hci2: command 0x0c1a tx timeout
[  983.194823][ T4302] usb 2-1: Manufacturer: syz
[  983.249497][ T4302] usb 2-1: config 0 descriptor??
[  984.017879][ T4302] usb 2-1: USB disconnect, device number 7
[  984.620336][T13821] Bluetooth: hci1: command 0x0406 tx timeout
[  984.700409][T13821] Bluetooth: hci3: command 0x0406 tx timeout
[  984.860141][T13821] Bluetooth: hci4: command 0x0406 tx timeout
[  985.020507][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[  985.303769][T13913] hfs: can't find a HFS filesystem on dev nullb0
[  989.115177][T13948] ax25_connect(): syz.0.2123 uses autobind, please contact jreuter@yaina.de
[  989.468938][   T27] audit: type=1326 audit(1747520981.220:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13934 comm="syz.0.2123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e2fb8e969 code=0x7fc00000
[  990.048823][ T4302] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  990.210175][ T4456] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  990.244872][T13963] loop9: detected capacity change from 0 to 7
[  990.366211][T13963] Dev loop9: unable to read RDB block 7
[  990.371994][T13963]  loop9: unable to read partition table
[  990.378640][T13963] loop9: partition table beyond EOD, truncated
[  990.385077][T13963] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  990.430150][ T4456] usb 6-1: Using ep0 maxpacket: 8
[  990.491840][ T4456] usb 6-1: config 0 has an invalid interface number: 52 but max is 0
[  990.626494][ T4456] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  990.868320][ T4302] usb 2-1: Using ep0 maxpacket: 8
[  990.875315][ T4302] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  990.896113][ T4456] usb 6-1: config 0 has no interface number 0
[  990.902353][ T4456] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  990.913586][ T4456] usb 6-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  990.926712][ T4456] usb 6-1: config 0 interface 52 has no altsetting 0
[  990.961039][ T4456] usb 6-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  991.000120][ T4302] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  991.010630][ T4302] usb 2-1: config 0 has no interface number 0
[  991.017564][ T4302] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  991.028626][ T4302] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  991.028995][ T4456] usb 6-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  991.057562][ T4302] usb 2-1: config 0 interface 52 has no altsetting 0
[  991.072649][ T4302] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  991.090959][ T4302] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  991.099098][ T4302] usb 2-1: Manufacturer: syz
[  991.111674][ T4456] usb 6-1: Manufacturer: syz
[  991.123306][ T4302] usb 2-1: config 0 descriptor??
[  991.135658][ T4456] usb 6-1: config 0 descriptor??
[  991.569060][T13970] ax25_connect(): syz.0.2130 uses autobind, please contact jreuter@yaina.de
[  992.068320][   T27] audit: type=1326 audit(1747520983.810:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13966 comm="syz.0.2130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e2fb8e969 code=0x7fc00000
[  992.101329][ T4456] usb 2-1: USB disconnect, device number 8
[  992.121812][T13821] Bluetooth: hci2: unexpected event for opcode 0x0c1a
[  992.172115][ T4309] usb 6-1: USB disconnect, device number 4
[  993.463808][T13978] hfs: can't find a HFS filesystem on dev nullb0
[  996.834956][T14007] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  996.841467][T14007] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  996.848777][T14007] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  996.856900][T14007] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  996.863475][T14007] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  996.870661][T14007] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  996.880240][T14007] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  996.886698][T14007] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  996.895628][T14007] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  996.904098][T14007] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  996.911280][T14007] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  996.918510][T14007] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  996.930337][T14007] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  996.939182][T14007] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  996.951231][T14007] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  998.525368][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  998.531747][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  998.652778][T14007] Cannot find del_set index 4 as target
[  998.776182][T14027] netlink: 372 bytes leftover after parsing attributes in process `syz.1.2143'.
[  998.790348][T13821] Bluetooth: hci0: command 0x0c1a tx timeout
[  998.860145][T13821] Bluetooth: hci1: command 0x0c1a tx timeout
[  998.940237][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[  998.946312][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[  998.960148][T13821] Bluetooth: hci3: command 0x0c1a tx timeout
[  999.124497][T14030] ax25_connect(): syz.5.2142 uses autobind, please contact jreuter@yaina.de
[  999.670185][   T27] audit: type=1326 audit(1747520991.400:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14023 comm="syz.5.2142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f942398e969 code=0x7fc00000
[ 1000.880159][ T8857] Bluetooth: hci0: command 0x0406 tx timeout
[ 1000.950365][ T8857] Bluetooth: hci1: command 0x0406 tx timeout
[ 1001.693813][ T8857] Bluetooth: hci4: command 0x0406 tx timeout
[ 1001.699896][ T8857] Bluetooth: hci3: command 0x0406 tx timeout
[ 1001.706339][ T8857] Bluetooth: hci2: command 0x0406 tx timeout
[ 1002.704313][T14052] hfs: can't find a HFS filesystem on dev nullb0
[ 1004.103531][T14065] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2151'.
[ 1006.015983][T14072] loop9: detected capacity change from 0 to 7
[ 1006.100510][T14072] Dev loop9: unable to read RDB block 7
[ 1006.106191][T14072]  loop9: unable to read partition table
[ 1006.112056][T14072] loop9: partition table beyond EOD, truncated
[ 1006.118235][T14072] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[ 1007.970094][ T4471] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1008.200078][ T4471] usb 4-1: Using ep0 maxpacket: 8
[ 1008.207049][ T4471] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[ 1008.236155][ T4471] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1008.351528][T14086] Cannot find del_set index 4 as target
[ 1008.707199][ T4471] usb 4-1: config 0 has no interface number 0
[ 1008.738886][ T4471] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1008.764016][ T4471] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1008.797347][ T4471] usb 4-1: config 0 interface 52 has no altsetting 0
[ 1008.828831][ T4471] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[ 1008.854578][ T4471] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[ 1008.861750][T14084] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1008.863487][ T4471] usb 4-1: Manufacturer: syz
[ 1008.874729][T14084] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1008.882973][ T4471] usb 4-1: config 0 descriptor??
[ 1008.894377][T14084] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1009.033688][T14084] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1009.046457][T14084] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1009.060495][T14084] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1009.068030][T14084] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1009.077886][T14084] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1009.084278][T14084] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1009.094317][T14084] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1009.123329][T14084] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1009.142395][T14084] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1009.149955][T14084] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1009.158756][T14084] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1009.165605][T14084] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1010.009166][ T4471] usb 4-1: USB disconnect, device number 3
[ 1010.060991][T13821] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1010.286843][T14105] hfs: can't find a HFS filesystem on dev nullb0
[ 1011.180365][ T8857] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1011.186760][ T8857] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1011.193563][T13821] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1011.603533][T14116] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2167'.
[ 1012.060276][ T8857] Bluetooth: hci4: command 0x0406 tx timeout
[ 1012.158988][ T8857] Bluetooth: hci0: command 0x0406 tx timeout
[ 1012.335947][T14119] loop9: detected capacity change from 0 to 7
[ 1012.365069][T14119] Dev loop9: unable to read RDB block 7
[ 1012.370752][T14119]  loop9: unable to read partition table
[ 1012.376563][T14119] loop9: partition table beyond EOD, truncated
[ 1012.382942][T14119] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[ 1013.196972][T14128] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1013.203571][T14128] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1013.260252][ T8857] Bluetooth: hci3: command 0x0406 tx timeout
[ 1013.266838][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[ 1013.273160][T13821] Bluetooth: hci1: command 0x0406 tx timeout
[ 1013.335365][T14128] vhci_hcd vhci_hcd.0: Device attached
[ 1013.448457][T14131] vhci_hcd: connection closed
[ 1013.449106][   T75] vhci_hcd: stop threads
[ 1013.509188][   T75] vhci_hcd: release socket
[ 1013.589273][   T75] vhci_hcd: disconnect device
[ 1013.610170][ T4302] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[ 1014.350120][T14144] hfs: can't find a HFS filesystem on dev nullb0
[ 1014.829790][T14135] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1014.836949][T14135] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1014.843046][T14135] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1014.869070][T14135] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1014.978540][T14135] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1014.988624][T14135] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1015.098692][T14135] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1015.110106][T14135] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1015.116143][T14135] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1015.124012][T14135] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1015.131335][T14135] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1015.138468][T14135] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1015.149542][T14135] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1015.157863][T14135] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1015.166611][T14135] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1016.300489][ T8857] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1016.741552][T14161] hfs: can't find a HFS filesystem on dev nullb0
[ 1017.173770][T13821] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1017.179875][ T8857] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1017.190118][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1017.196197][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[ 1018.359185][T14177] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2183'.
[ 1018.380489][T13821] Bluetooth: hci0: command 0x0406 tx timeout
[ 1018.979820][ T4302] vhci_hcd: vhci_device speed not set
[ 1019.262225][ T8857] Bluetooth: hci3: command 0x0406 tx timeout
[ 1019.262705][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[ 1019.270211][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1019.280942][T13821] Bluetooth: hci2: command 0x0406 tx timeout
[ 1021.640151][T14206] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1021.646230][T14206] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1021.737180][T14206] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1021.782575][T14206] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1021.788616][T14206] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1021.806132][T14206] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1021.813857][T14206] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1021.827443][T14206] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1021.833895][T14206] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1021.847310][T14206] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1021.853724][T14206] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1021.866147][T14206] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1021.873980][T14206] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1021.884236][T14206] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1022.080695][T14206] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1023.100909][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1024.085034][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1024.086341][T13821] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1024.091139][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1024.097101][T13821] Bluetooth: hci4: command 0x0406 tx timeout
[ 1024.732689][T14243] hfs: can't find a HFS filesystem on dev nullb0
[ 1025.180454][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[ 1025.907568][T14253] sctp: [Deprecated]: syz.5.2203 (pid 14253) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1025.907568][T14253] Use struct sctp_sack_info instead
[ 1026.150376][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1026.157713][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[ 1026.165218][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[ 1026.844274][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[ 1027.548676][T14269] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[ 1027.555262][T14269] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1027.647905][T14269] vhci_hcd vhci_hcd.0: Device attached
[ 1027.730663][T14279] vhci_hcd: connection closed
[ 1027.731141][   T41] vhci_hcd: stop threads
[ 1027.772523][   T41] vhci_hcd: release socket
[ 1027.807009][   T41] vhci_hcd: disconnect device
[ 1029.881907][T14301] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1031.236444][T14312] hfs: can't find a HFS filesystem on dev nullb0
[ 1031.705045][T14307] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1031.760189][T14307] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1031.802776][T14307] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1031.847196][T14307] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1031.900276][T14307] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1031.908192][T14307] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1032.003628][T14317] Cannot find del_set index 4 as target
[ 1032.394540][T14307] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1032.423876][T14307] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1032.429969][T14307] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1032.437658][T14307] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1032.443964][T14307] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1032.450413][T14307] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1032.690273][T14307] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1032.708005][T14307] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1032.754925][T14307] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1033.740457][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1033.917983][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1034.380195][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1034.460471][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[ 1034.700196][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1035.631958][T14337] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1035.653059][T14337] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1035.990323][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[ 1036.055083][T14337] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1036.097179][T14337] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1036.107465][T14337] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1036.114407][T14337] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1036.197041][T14337] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1036.624001][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1036.641643][T14337] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1036.647833][T14337] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1036.660649][T14337] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1036.674089][T14337] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1036.684319][T14337] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1036.708077][T14337] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1036.725088][T14337] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1036.753327][T14337] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1036.938845][T14359] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1037.270508][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1038.207177][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1038.429889][T14370] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1038.436672][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1038.453299][T14373] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1038.472721][T14370] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1038.531504][T14369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1038.543660][T14370] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1038.551599][T14370] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1038.562747][T14370] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1038.568764][T14370] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1038.577794][T14370] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1038.584192][T14370] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1038.590421][T14370] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1038.615981][T14370] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1038.629329][T14370] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1038.693457][T14370] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1038.707991][T14370] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1038.715030][T14370] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1038.722067][T14370] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1039.220426][T14385] Cannot find del_set index 4 as target
[ 1040.210238][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1040.350213][T14389] hfs: can't find a HFS filesystem on dev nullb0
[ 1040.620143][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1040.630078][T13821] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1040.650630][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1040.782615][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[ 1042.196820][T14395] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1042.233112][T14395] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1042.246000][T14395] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1042.263396][T14395] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1042.279744][T14395] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1042.294189][T14395] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1042.479270][T14395] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1042.488920][T14395] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1042.700287][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[ 1042.860082][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1043.110172][T14412] vivid-001: disconnect
[ 1043.660086][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1043.705301][T14395] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1043.720218][T14395] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1043.740580][T14395] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1044.111025][T14395] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1044.291518][T14409] vivid-001: reconnect
[ 1044.300355][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1044.590482][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1044.970098][T13821] Bluetooth: hci2: command 0x0406 tx timeout
[ 1045.332073][T14395] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1045.351451][T14395] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1045.384384][T14395] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1046.274339][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[ 1046.280456][T13821] Bluetooth: hci0: command 0x0406 tx timeout
[ 1046.487089][T13821] Bluetooth: hci1: command 0x0406 tx timeout
[ 1046.620377][T13821] Bluetooth: hci3: command 0x0406 tx timeout
[ 1047.996023][T13821] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1048.099042][T14440] hfs: can't find a HFS filesystem on dev nullb0
[ 1048.472025][T13821] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1049.273087][T14444] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1049.310318][T14443] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1050.060181][T13821] Bluetooth: hci2: command 0x0406 tx timeout
[ 1050.275980][T14460] Cannot find del_set index 4 as target
[ 1052.063683][T13821] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1052.071935][T14454] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1052.616274][T14454] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1052.655473][T14454] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1052.664075][T14454] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1052.675050][T14454] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1052.681670][T14479] Cannot find del_set index 4 as target
[ 1052.928401][T14454] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1053.006992][T14454] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1053.130629][T14454] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1053.151964][T14454] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1053.189745][T14454] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1053.226450][T14454] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1053.239786][T14454] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1053.288463][T14454] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1053.298235][T14454] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1053.318589][T14454] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1054.170220][T13821] Bluetooth: hci0: command 0x0406 tx timeout
[ 1054.700087][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1055.020129][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1055.282922][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[ 1055.341529][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1056.780107][ T4260] Bluetooth: hci1: command 0x0406 tx timeout
[ 1057.100075][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[ 1057.340139][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1057.420111][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[ 1058.140528][T14517] siw: device registration error -23
[ 1059.903506][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.912013][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1060.743723][T14536] Cannot find del_set index 4 as target
[ 1062.194997][T14526] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1062.203432][T14526] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1062.209760][T14526] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1062.217389][T14526] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1062.226250][T14526] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1062.232710][T14526] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1062.300092][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1062.321428][T14547] vivid-000: disconnect
[ 1063.140907][T14544] vivid-000: reconnect
[ 1063.317838][T14526] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1063.362219][T14526] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1063.370575][T14526] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1063.874548][T14526] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1063.887549][T14526] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1063.897439][T14526] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1063.909562][T14526] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1063.917490][T14526] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1063.934868][T14526] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1064.220274][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1064.410469][T13821] Bluetooth: hci0: command 0x0406 tx timeout
[ 1065.372528][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1065.930224][T13821] Bluetooth: hci4: command 0x0406 tx timeout
[ 1065.980113][T13821] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1066.204860][T14578] Driver unsupported XDP return value 0 on prog  (id 195) dev N/A, expect packet loss!
[ 1066.550264][T13821] Bluetooth: hci1: command 0x0406 tx timeout
[ 1067.420165][ T4260] Bluetooth: hci3: command 0x0406 tx timeout
[ 1067.980390][ T4260] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1068.090225][ T4260] Bluetooth: hci2: command 0x0406 tx timeout
[ 1071.075556][T14607] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1071.082980][T14607] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1071.089740][T14607] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1071.098769][T14607] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1071.105183][T14607] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1071.245597][T14607] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1071.256246][T14607] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1071.275442][T14607] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1071.315651][T14607] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1071.554567][T14607] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1071.560635][T14624] Cannot find del_set index 4 as target
[ 1072.140331][ T4260] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1072.980276][T14607] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1072.987549][T14607] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1072.997459][T14607] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1073.005958][T14607] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1073.023200][T14607] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1073.180179][ T4260] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1073.270716][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1073.495092][ T4260] Bluetooth: hci4: command 0x0406 tx timeout
[ 1074.246035][T13821] Bluetooth: hci0: command 0x0406 tx timeout
[ 1074.361914][T14659] xt_hashlimit: size too large, truncated to 1048576
[ 1075.081025][T13821] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1075.260403][T13821] Bluetooth: hci1: command 0x0406 tx timeout
[ 1075.350134][T13821] Bluetooth: hci3: command 0x0406 tx timeout
[ 1075.580232][T13821] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1077.807565][T13821] Bluetooth: hci2: command 0x0406 tx timeout
[ 1078.444249][T14686] autofs4:pid:14686:autofs_fill_super: called with bogus options
[ 1080.271760][T14691] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1080.282034][T14691] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1080.289538][T14691] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1080.298856][T14691] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1080.305255][T14691] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1080.333742][T14691] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1080.489030][T14691] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1080.500346][T14691] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1080.509945][T14691] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1080.518317][T14691] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1080.525975][T14691] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1080.534946][T14691] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1080.542736][T14691] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1080.549801][T14691] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1080.558330][T14691] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1081.580145][T13821] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1082.494817][T13821] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1082.540291][T13821] Bluetooth: hci4: command 0x0406 tx timeout
[ 1082.540327][ T4260] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1082.620337][ T4260] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1082.786654][T14727] hfs: can't find a HFS filesystem on dev nullb0
[ 1083.670129][ T4260] Bluetooth: hci0: command 0x0406 tx timeout
[ 1084.540080][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[ 1084.620199][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[ 1084.626628][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1084.734692][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[ 1089.868584][ T4270] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1090.215482][T14753] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1090.328015][T14753] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1090.345499][T14753] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[ 1090.359048][T14753] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1090.379342][T14753] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1090.390185][T14753] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[ 1090.407645][T14753] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1090.417788][T14753] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1090.431322][T14753] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[ 1090.439385][T14753] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1090.452511][T14753] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1090.463554][T14753] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[ 1090.475274][T14753] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1090.486208][T14753] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1090.498898][T14753] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[ 1092.380100][ T4270] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1092.386251][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[ 1092.460162][ T4270] Bluetooth: hci4: command 0x0406 tx timeout
[ 1092.466278][ T4270] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1092.540521][ T4270] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1093.784418][T14788] xt_hashlimit: size too large, truncated to 1048576
[ 1094.460211][ T4270] Bluetooth: hci1: command 0x0406 tx timeout
[ 1094.540191][ T4270] Bluetooth: hci3: command 0x0406 tx timeout
[ 1094.546309][ T4270] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1094.620209][ T4270] Bluetooth: hci2: command 0x0406 tx timeout
[ 1098.789989][T14816] 
[ 1098.792370][T14816] ======================================================
[ 1098.799407][T14816] WARNING: possible circular locking dependency detected
[ 1098.806463][T14816] 6.1.138-syzkaller #0 Not tainted
[ 1098.811594][T14816] ------------------------------------------------------
[ 1098.818623][T14816] syz.0.2355/14816 is trying to acquire lock:
[ 1098.824700][T14816] ffff88805718d7d0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xd4/0xa60
[ 1098.836148][T14816] 
[ 1098.836148][T14816] but task is already holding lock:
[ 1098.843559][T14816] ffff88805718c4b0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530
[ 1098.852583][T14816] 
[ 1098.852583][T14816] which lock already depends on the new lock.
[ 1098.852583][T14816] 
[ 1098.863263][T14816] 
[ 1098.863263][T14816] the existing dependency chain (in reverse order) is:
[ 1098.872297][T14816] 
[ 1098.872297][T14816] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}:
[ 1098.880073][T14816]        lock_sock_nested+0x44/0x100
[ 1098.885390][T14816]        smc_listen_out+0x109/0x3d0
[ 1098.890611][T14816]        process_one_work+0x898/0x1160
[ 1098.896085][T14816]        worker_thread+0xaa2/0x1250
[ 1098.901302][T14816]        kthread+0x29d/0x330
[ 1098.905917][T14816]        ret_from_fork+0x1f/0x30
[ 1098.910884][T14816] 
[ 1098.910884][T14816] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}:
[ 1098.921073][T14816]        __lock_acquire+0x2cf8/0x7c50
[ 1098.926472][T14816]        lock_acquire+0x1b4/0x490
[ 1098.931543][T14816]        __flush_work+0xed/0xa60
[ 1098.936515][T14816]        __cancel_work_timer+0x3ac/0x520
[ 1098.942266][T14816]        smc_clcsock_release+0x5c/0xe0
[ 1098.947751][T14816]        __smc_release+0x661/0x7d0
[ 1098.952883][T14816]        smc_close_non_accepted+0xd1/0x1f0
[ 1098.958710][T14816]        smc_close_active+0xb00/0xea0
[ 1098.964102][T14816]        __smc_release+0x8d/0x7d0
[ 1098.969144][T14816]        smc_release+0x2ca/0x530
[ 1098.974104][T14816]        sock_close+0xd5/0x240
[ 1098.978877][T14816]        __fput+0x22c/0x920
[ 1098.983384][T14816]        task_work_run+0x1ca/0x250
[ 1098.988529][T14816]        get_signal+0x11a6/0x1350
[ 1098.993564][T14816]        arch_do_signal_or_restart+0xb0/0x1230
[ 1098.999727][T14816]        exit_to_user_mode_loop+0x70/0x110
[ 1099.005555][T14816]        exit_to_user_mode_prepare+0xb1/0x140
[ 1099.011642][T14816]        syscall_exit_to_user_mode+0x16/0x40
[ 1099.017622][T14816]        do_syscall_64+0x58/0xa0
[ 1099.022566][T14816]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1099.028993][T14816] 
[ 1099.028993][T14816] other info that might help us debug this:
[ 1099.028993][T14816] 
[ 1099.039222][T14816]  Possible unsafe locking scenario:
[ 1099.039222][T14816] 
[ 1099.046756][T14816]        CPU0                    CPU1
[ 1099.052116][T14816]        ----                    ----
[ 1099.057482][T14816]   lock(sk_lock-AF_SMC/1);
[ 1099.062008][T14816]                                lock((work_completion)(&new_smc->smc_listen_work));
[ 1099.071461][T14816]                                lock(sk_lock-AF_SMC/1);
[ 1099.078504][T14816]   lock((work_completion)(&new_smc->smc_listen_work));
[ 1099.085493][T14816] 
[ 1099.085493][T14816]  *** DEADLOCK ***
[ 1099.085493][T14816] 
[ 1099.093636][T14816] 2 locks held by syz.0.2355/14816:
[ 1099.098828][T14816]  #0: ffff888074396210 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240
[ 1099.109023][T14816]  #1: ffff88805718c4b0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530
[ 1099.118500][T14816] 
[ 1099.118500][T14816] stack backtrace:
[ 1099.124386][T14816] CPU: 0 PID: 14816 Comm: syz.0.2355 Not tainted 6.1.138-syzkaller #0
[ 1099.132539][T14816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1099.142612][T14816] Call Trace:
[ 1099.145896][T14816]  <TASK>
[ 1099.148830][T14816]  dump_stack_lvl+0x168/0x22e
[ 1099.153528][T14816]  ? load_image+0x3b0/0x3b0
[ 1099.158038][T14816]  ? show_regs_print_info+0x12/0x12
[ 1099.163252][T14816]  ? print_circular_bug+0x12b/0x1a0
[ 1099.168565][T14816]  check_noncircular+0x274/0x310
[ 1099.173593][T14816]  ? add_chain_block+0x940/0x940
[ 1099.178632][T14816]  ? lockdep_lock+0xdc/0x1e0
[ 1099.183253][T14816]  ? rcu_is_watching+0x11/0xa0
[ 1099.188040][T14816]  ? lock_release+0xd4/0x910
[ 1099.192673][T14816]  ? _find_first_zero_bit+0xcf/0x100
[ 1099.198069][T14816]  __lock_acquire+0x2cf8/0x7c50
[ 1099.202941][T14816]  ? __lock_acquire+0x7c50/0x7c50
[ 1099.207991][T14816]  ? is_bpf_text_address+0x28b/0x2a0
[ 1099.213308][T14816]  ? hlock_conflict+0x59/0x1f0
[ 1099.218084][T14816]  ? verify_lock_unused+0x140/0x140
[ 1099.223382][T14816]  ? __bfs+0x2a3/0x5c0
[ 1099.227466][T14816]  ? check_path+0x40/0x40
[ 1099.231807][T14816]  ? mark_lock+0x94/0x320
[ 1099.236166][T14816]  ? __lock_acquire+0x13c0/0x7c50
[ 1099.241210][T14816]  ? add_chain_block+0x940/0x940
[ 1099.246165][T14816]  lock_acquire+0x1b4/0x490
[ 1099.250691][T14816]  ? __flush_work+0xd4/0xa60
[ 1099.255304][T14816]  ? __lock_acquire+0x13c0/0x7c50
[ 1099.260452][T14816]  ? read_lock_is_recursive+0x10/0x10
[ 1099.265836][T14816]  ? verify_lock_unused+0x140/0x140
[ 1099.271047][T14816]  ? __flush_work+0xd4/0xa60
[ 1099.275649][T14816]  __flush_work+0xed/0xa60
[ 1099.280080][T14816]  ? __flush_work+0xd4/0xa60
[ 1099.284688][T14816]  ? verify_lock_unused+0x140/0x140
[ 1099.289898][T14816]  ? flush_work+0x20/0x20
[ 1099.294240][T14816]  ? try_to_grab_pending+0xf1/0x840
[ 1099.299454][T14816]  ? lockdep_hardirqs_off+0x70/0x100
[ 1099.304754][T14816]  ? mark_lock+0x94/0x320
[ 1099.309095][T14816]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 1099.315086][T14816]  ? lock_chain_count+0x20/0x20
[ 1099.319962][T14816]  ? __cancel_work_timer+0x331/0x520
[ 1099.325279][T14816]  __cancel_work_timer+0x3ac/0x520
[ 1099.330410][T14816]  ? cancel_work_sync+0x20/0x20
[ 1099.335297][T14816]  ? __smc_release+0x659/0x7d0
[ 1099.340079][T14816]  ? __local_bh_enable_ip+0x12a/0x1b0
[ 1099.345466][T14816]  ? lockdep_hardirqs_on+0x94/0x140
[ 1099.350679][T14816]  ? __local_bh_enable_ip+0x12a/0x1b0
[ 1099.356062][T14816]  ? _local_bh_enable+0xa0/0xa0
[ 1099.360938][T14816]  smc_clcsock_release+0x5c/0xe0
[ 1099.365900][T14816]  __smc_release+0x661/0x7d0
[ 1099.370505][T14816]  ? do_raw_spin_unlock+0x11d/0x230
[ 1099.375725][T14816]  smc_close_non_accepted+0xd1/0x1f0
[ 1099.381027][T14816]  smc_close_active+0xb00/0xea0
[ 1099.385887][T14816]  ? sock_no_sendpage_locked+0x160/0x160
[ 1099.391534][T14816]  __smc_release+0x8d/0x7d0
[ 1099.396048][T14816]  ? do_raw_spin_unlock+0x11d/0x230
[ 1099.401261][T14816]  smc_release+0x2ca/0x530
[ 1099.405685][T14816]  sock_close+0xd5/0x240
[ 1099.409926][T14816]  ? sock_mmap+0x90/0x90
[ 1099.414183][T14816]  __fput+0x22c/0x920
[ 1099.418173][T14816]  task_work_run+0x1ca/0x250
[ 1099.422773][T14816]  ? task_work_cancel+0x230/0x230
[ 1099.427805][T14816]  ? kasan_save_stack+0x4c/0x60
[ 1099.432670][T14816]  ? __kasan_record_aux_stack+0xb2/0xc0
[ 1099.438217][T14816]  ? task_work_add+0x79/0x330
[ 1099.442904][T14816]  ? fput+0xd9/0x1a0
[ 1099.446807][T14816]  ? __sys_accept4+0xe7/0x100
[ 1099.451495][T14816]  ? __x64_sys_accept4+0x96/0xb0
[ 1099.456445][T14816]  get_signal+0x11a6/0x1350
[ 1099.460971][T14816]  arch_do_signal_or_restart+0xb0/0x1230
[ 1099.466618][T14816]  ? __phys_addr+0xb6/0x170
[ 1099.471135][T14816]  ? get_sigframe_size+0x10/0x10
[ 1099.476076][T14816]  ? task_work_add+0x250/0x330
[ 1099.480852][T14816]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1099.486328][T14816]  exit_to_user_mode_loop+0x70/0x110
[ 1099.491649][T14816]  exit_to_user_mode_prepare+0xb1/0x140
[ 1099.497215][T14816]  syscall_exit_to_user_mode+0x16/0x40
[ 1099.502688][T14816]  do_syscall_64+0x58/0xa0
[ 1099.507119][T14816]  ? clear_bhb_loop+0x45/0xa0
[ 1099.511801][T14816]  ? clear_bhb_loop+0x45/0xa0
[ 1099.516484][T14816]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1099.522391][T14816] RIP: 0033:0x7f9e2fb8e969
[ 1099.526829][T14816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1099.546446][T14816] RSP: 002b:00007f9e30a34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 1099.554867][T14816] RAX: fffffffffffffe00 RBX: 00007f9e2fdb6160 RCX: 00007f9e2fb8e969
[ 1099.562842][T14816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[ 1099.570814][T14816] RBP: 00007f9e2fc10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1099.578783][T14816] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000000
[ 1099.586754][T14816] R13: 0000000000000000 R14: 00007f9e2fdb6160 R15: 00007fff369422a8
[ 1099.594737][T14816]  </TASK>