last executing test programs:

14.623173258s ago: executing program 2 (id=670):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x5, 0x2)
syz_usb_connect$uac2(0x5, 0x7b, &(0x7f0000000000)=ANY=[@ANYBLOB="1201500200000040532b24004000010203010902690003012b4006080b02010103200809040000000101200009240100800909000909040100000102200009040101010102200009050109100032000908250102300001000904020000010220000904020101010220"], &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x2695, 0x1, 0x1, 0x0, 0x6})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4024587b, &(0x7f0000001800)={{<r3=>r2, &(0x7f0000000040)='\\\x00', 0x220200, &(0x7f0000000080)={@_ha_fsid={[0xc, 0x6]}, {0x7, 0xf27, 0x7, 0x9}}, 0xffffff80, &(0x7f0000000140)={@_ha_fsid}, &(0x7f0000000180)=0xffff}, 0x7, &(0x7f0000001740)=[{0x2, 0x3ff, &(0x7f0000001980)='-)\x00h\xd6\x80\xf6\xf6\x8a_\x81m]\xe0\xbe\xd1\x97\x14\xcd\x99\xb0e)\xfd\xba\xcd\xb6\xae\x14\x91O!\xa4\x1f\x15\xb3\xfbx\xe0\x85\x1f\xb8:TB\xbfP(d\xd8\x1dY\xdf\x13\x9a0\x85\x14\x86\xfcO\x06\x06\xcf\x03K\xc3\xd6\xfd\x13\xa2\x94W[\xadiB\x90B\xce\x90$\xc7\x9e\x9eO\x1a\xd8T\xb7U\x13\x9c>_E{\xf9\x85\xa7\xafD?;\xca\xba\xce\xf1\xc1\xf5\xbb\xf0\'\x1ar\x97FNf\x0f\xc4\xd9/\xa9\x9dab\v\x1cVPP]kO8\x05\xaco\x1b$\xa9B\xf7s\xcfPKI\x85nt\x95\xb8\x1bk\xcf+\x03$\x06\xbf\x89\xe1J\v\xa8\xc2\xc62\t\xd7\xdcn\xc0\xb2\xd9\xfa5,\x87\xb0\x86\xd5}\x8c\\}\x1cp1]\x1b@E,\x99\x7f\x88d\xd7\xbc,@C/W\xf5yU^z\x98\xb8\v\xca\xa6\x86<\x031l\xfb\xc1\xc7O\xe8\x8f\xabI\x80,\xb8\xa2\x7fy@\xc2\x04\x85\x7f\xdeF\xb1qj\\\xcc\xf5\xcf\x9f\xf9\xc3\x1fm]\xf3\xdd\x9f\xab\xdfx\x1cx\x04e\xac\xe7P5\x8a\xcaP\x9eR\xba>>Y\xf6\xda\xa6Z\x93\x01 \x99:\x9d\xfd\x91\xf3\xd9c-\x87B\xcd\x13C\xe7DZ\xe0\xd5\xa4q\xd6\x17IF\x8c\xcfn\xbe\xdd\t\xf4o\xbb\xa9\xde\x06>6+\xa5\x17\xc20H\x95\xc1\xd7\'\xcf\x04\x00\t\xefsX\xa2\xae\x15\x8ev\x15\xe8v,\xfb\t\xe0\xff\t:\xd3\xe5K\xcc\x01\xda\xe4\x15', &(0x7f0000000240)="cd6da9be6444ef43df174797e6517c712cd5d2427240123a0d6fa22decc2a48ab40828125830dbdc4c802bce7e3b12deb7d07d97bc70e789fcc6e19b9636822fb03bf6c2768c953dc414f87e7703898591d0b81075dd0d4688c9f901ddf1f574f6edc9201c8851905ac4997975d69e1bdf651b8812ae6d9859d11c32", 0x7c, 0x12}, {0x1, 0x800, &(0x7f0000000300)='\\\'+*\x00', &(0x7f0000000340), 0x0, 0x2}, {0x2, 0x166, &(0x7f0000000480)='mptcp_pm\x00', &(0x7f00000004c0)="cf067da4bf9a7227e421ae56a9746fa5f8ada1e9109b24643b6051020614f5cdd08cc53ba83c9f3d7832187e94596358ffc7c1be424086e7cd24142891c3cbd11dcdf69af7f02dac6bf5798a3553399e188338614d47e940a8ed60164dfb9c2532777919e0b18823adac0f31a72b9408547a6ad009012784d3bd4913173159f8766c7be08e4724621cd4ab985b72809f2d9176f4027cd4093b313ab7da6c68ef5e9a4b5297315a63b497a621e3070037718c0c14d67302da48b71db205307b038d04b0a7c956aadd7509a754a7cdac7bfd53734d2da93fe101db6a6c91a2c831b268ad16ef86ab5c9c3c1f939e19bbcdd05efcc89a4fb2fafd2669f017173f930a25c3e98aa061110b9d0b3c80c276fd2043fc6a6de0b7fb79747c73f023e94644148d070599add2d1d4b9221f39fd798162a494390fbb30bb22c86cfeee4a5fff0c29a47ff30b3633b9f67506c0408a02935d5d187a56c034bdc466aabafd3be932d6ad5ce12e3215324982698f1648e83a56225b9d91499ef07f28b21e523d7f5489cc98f15435d529191992cd36680af7d2ed7da4341907037bcf196ed995df784e6f861bb2944e136fc1d64d2bff865f3b7367cc7edc63a364f266ec424d5ffc9e9ab3716e14786b13593b3591e230f6cd145b023c853c9a1dd657c0cae26aa12606f7833499cb9231e8983ea522ab3983343dbbec736ae1f1b161c69ac70c778bb16531a7263897e50285c928d217dd1bd621280330aaf0a2abfc391b3fbc654893511e06b61964d950bee6c3733c8a867cf6f14e60f59f913746b5872cc50e0631cfa777a4d5964062358e70e99018deb990b4f161b9a640b60f12eb109080381df78ba13ae2e2136ddb1a60f5e98b1ce64881456a9366354f965e5de6d5ad75ff5ffadb0a7bb76e1481157751054013cb0c1ed92259ea52aadd5e9e54350092cadeaa51a00f818eb123530df11817da9bb66f5c5a82ae2abdbc72735e7700781c24f0ef2c8972d40c1efbf496c8c9cca89bdbf641d2c27f2b8b942e074facd75b5c7f65585ae8337849d75ff873e1962883cb8c70ca05490b54002e03bdf68b1b65981fa00a1002d4b962fd0b53188c6124670bf0de5549ea3201ccb6d6c785e42dcb06783952454a79a9b5199230b2753d9000089183d06af3861776dbeaa07502a14deb9c153230510182588ac1d6a18081a274cb3f86577975227b0e53026959f1c5fcfec4e3c17986100c548deba6fdae861aaf5e560490c461a40976922180f553173e4c89548994d7df487941af0f1b2b962c44236d03cb75765d2ee593bf18540ddc5060596b1ee8a1e7935eaa44346b855dd3e7396b208ef724eec5377de5a2728dcb30934cd3bb5b98cd23d4bab63a8e1c099a862a703973eb51966499f011cb6bebdb11f9c1fc38ff2199540091996c5cd5b74ce6226c3f71c1501c44355fda833ac620598000b563f869f3e7e47482436e0369c1fbb05c08f2b240d3927c835cf1ae8420c3e3fdada3dce0e66951421256289d0a448b1fbab836aaf8722acb9ac36b69a998a9c3b05f1edd31ef14b8cc8ec794f6ecc98ed015723cd228a8da0bb0410c20a2483958292a23925c2170eda170e0fb94c5cc719c213cc404659f7f88af14ea54389d2e90f28813ce5649b6d084cf0a10c19ded4faa115786bf012d6da659fc73b4068f3ce77547b07a0db31c076f6b562e79211fb15636e56f4d687141c353cc16778241d50db8c24f35d9c31bc7f2aab990080ecd83ce95c0b6458b1d1b9ca1c13eb4fe1da38373126ab5bd96b9709715323992eb78ff5231a8edea86dba0f41485574b5d068ca090e289adf78392ccde77b5dc158ee3d711fdf5177b2265b6927826d49a4d1bc9d44e45dc1d39184fcb33a984ff395f4bc1ab2a46cf71756a3cff0051e0ba7585e2f4d1e4cfc06ad79c66ba3c7a8476518f1ec9cf6380f6f3f81ca75c7797a3dd18862f559b740ded591e01dd0d57ee98d55bc233ecea89b0ae58fc24125fcdc50cf62350f3a29a02cb1388ce06f52960baf35ee900d5d18d694b5ec4f02a93f9fb8b40b3c420ce1feec35a91a641660cad79d297de80f57b6282060cc6af04bc001eabbe75d287b47120ee146255030bda8e816217a45cca8902094abddc9efa2cedfa69f920e712181f6c9992dcbbd780eebb151601d75838fcc6973d2fac6ad78e7cd523f2fb2eeb39741c82daec2e131eadb94144564e287645d9b0cf451d652d06909ea5929e297dc9bd39343d2c953f3921ed16fb1587cb5443d9ffcaf9b81d80e292b693e1a9aec0516e25f0d560662e980428406a8dff5f242f6269ebd4d28dcd39247ba650000f599c4b2a1f617578ded9bc38f1eb06c2debdf4c13fdae8b2ead0f62e15d0691032ce0bd1f790a7b98eb99c3a44c67b73a6ac37e43e198781257df7c19a1c3961d101c3523bd3063b82c0e5c3165847ed84b4389e887d9b1a4277da15ba48d41f28498bb36a5c7fa75bd36026c0529fb0e19c76245955905e053222b51d677752b45b14635dfb595ba1c2f6939c18a75c540fd98c35e5340bc284825806d15a1c78ed73151cb740ffbd9977bf12a66d7a4a293b9d3b64ece1c98134ee10df3184125c7f6406d3abb924ac3b4754dcde7ce760bca750974afcd0da5ead1048c15d40bbd851fba2a60807be32aaa86701f91e57fac681b7e913261b97f51ee243db74b313397ae8c9ea08ef9eda0d1e76d5aaa7b814fe6da7519518f20b0324948bc1171d4083eb052e815c45616b14d0baf1ed4390b3ec628c894f2474d6aa81b7ee2b2389745de357e4a673ebbab7c396d869a4a16bc1035cd7f6cdd31c355a24fbdca3d073e340ce062c018ac31344f832871750c0607fcf9afd6d63f1d3da6eb6d7c6d7df4cb4795fdb03af1f69c63b42deee0e5ee93c0d20c29115825f7238039575e63aafb8cbea427afebb89d866e227f22f163b63ff758f202c30329581dd9f2c4778cae64ff96eddfe7713e87b42effa7990f4ce14b344934d5f7449780ec31c94273f526012d2b2b6e60d0f599a706843298a1f7c2cf9b96195e1dc1d7cf94429d99f65a3556a72e61e95271c8b43f8309fa8ef5989ae823d048be8330fdee5e5a93da7c93fac130893ce79d864c1e217f9a16be8c137f0270b19d5212816dd18f11a1bfa90b18f8f02d609a5e750940e5d47eab0900921193bbac71c332393c403e13ae235932ebfbe23f838e2ef9ee2ab5b962a9ffd5b165a2c2377c63d580fe1671a0e893737b2296d47811beebc04f066cddaf6569d9ecb58ca983d06312ae26525becd0585a76ec94cf7ed3b34fe63d5c9fb43c45835468fa800b06edb5c8c95e2bed2d6b6e17fd0e3761d53c4869c0828ec811b23fb66ee659dd757535874ea4f70d7a9d82f6507d09e87e850527a5b4a15e5952ab888402a87470d8684fa698adc15a3b8cc08025b2647b797808dc5812e25895882c54f1a39780aa8fe044b621405c5f5d61ae307cf94cc86357cf43978a49d5a2450542cba933d12deb9a0a972a6f4e2988f0c13f37922dc5ed0db2d411528a7ae7145b17e58fa8a0ff72732f3a02fe32f38b29071c4eb389232aa32cffb289f32e353aeba50003021cdb18a1787e55fc72b2be715640ace0cfb43f3a35daeab0e5caa2535ac3e773061d4bdb2806a4257558eefa301e2a79debe6c1fcb59bd9a1ddc8ee48d3900ca7e2a4a4d027444e1b488a88da87c7be9bbd0b657dbb4039a8b4593e994de32aa3d2508288c784ca43642d2aa87bc665b241b1f76f3268be5b8fd83fd434fdce8a01332734585f93e64160a70dae3a3d9cc05e69ff6c36cfe8ff9d8439c574fe0f4a74147a9c0288d095adcb5c29738439f2d35f15589912554a645b1693b061ad75cf554c4a565340315faec62afb803c68d81cd56c6055777a6b2a8fecbd4cb6fd357f83ac870ec54499613dc1512b2ab7e781bba2226ce8ba21e59f4fa9d0e2cfda74717c0f3032015d2b137b331729c239994b4f770d6ae0004c0f2c4123bf26173d8455ed3dade466500c85414dd4774c854ebca2847d121cab22c795a6aa7e26c8f790e45a98c5d501d1387273b80378ce43ce835ba9486c024f18e0d69f03d81aefb4f3f26316fcdb5a8809e81a0aa02a78df6522969b2ec567aeadf04718666fc475b7102c24dbcf2c1068fb3260cb2e6af9b095d976e961577b8a97ca32a21d3bd623174eb9e213a18c8afa9a1773609696c0fdeebefb4ba2b47ccbf923424337be31c8785d1b02e3fee303dc09bfe43ae1750edc815ce7f6d4b0807ba5f2b53279252c5e7ad5917147843dda7c7f63a40d050ad3145ed3d9486a502f7519fb868098f886cbc2f07a6bd5df4dd60952180ed63381872d17bf508e11d1c96cac3f3f310f9c76f4f3c632099ff39b545953acfc9baff395e5a906105044fba940257d9fd1bc2fa28d6f0dff27d955b1f5c4202f173eeb738f52d1689341698d8f55292d4a86d42f816659e7edd2e2f67b789d60014f0e3b318799ff3a49efc853abe321bc78248ad1c749564bdb2dd96325604e59eef51324a3bd1d0fddd6049b55ae47cbdd64fec4e91f392555d69720d97b0fcbcca8f77c6185b62ecceb9afb281a6103621be9a3c668192e0daa1ab175a07c8c57519cef36e0cd6e040f30f43c9a755c4f3d28699530124d41d90ef22268480e2bfcfe0f57e54593874e91fa00a795d5a081e0bbfc4dcca34303d52e542093ed43ea27d8832bcd83541c2b569d6e621665e135f442bbd0ca7aaae64118a095a98907a184e0847ebf9d281ad805dbbbc1e04854d3a6fa313a072b7c65e248e9888cdd1541dd19dee2f7b3c92272d35161189b17860b85e892557a03d8dfcd36982b86213eaea77da714e9207bd165db0ee5b55e47b7c9e6d4b19674160f4d679ece94d0ad995cf000c902f6d1f30abae71ec4f7e45c1530d51356a5486ad909f11349664eddc9f6d8282df087d5cc6d73e1c88452046b6dd1386d1513da8d3cf79f90e0505174586146731adf262db1a9b13320c9009edc00ced03d9aeded2f4fd2399e80e520c7dc7fe3f74ac8458097c70e10a09be1e0e0abfaae2790c0a583939bcc836f7918c5c685470ced85e80c4b5fed0ad7672ea98c14016638127d3f97c1c82bc9f23c4c706d6018ba3dccf3245f9912cb65c2583b1d8cbee50ae58ed63e1c2e1b114a61af212703e67a4170544ece8fadb3f82bb90105e2314806d2e846b3d6d79997ba5cc227431711dcd20e1f7ae871b747704268427327cd018a017b9a084ec7192bd05bd69993af1e23ce70223fba9984c9567af8baf22221f8d2915349b5c4a8713fa0e6fb71982390c642cbcda8c4b7c8bb1fa9682435cebd811dfa0cec04a5b7c000c0c0f6fb4ab51b2a62a79aa8bf348e20d63f3f75869f9ec557c3861daeb9d7d26c934935b80cb3d1fe889f1e451db21704d0c5d8114c40be8a7126520faccb45f6d641f1c4079e7d3e93eb89a8256fe036bdac6912405de74e23eaa5d533b8bd083e01ad6fcc7cc02b5e5cdc407d267f5f8281034bf8ef236ef0f810f84aa6cc178d667adf8510b6fa187be7b48d6584507b237968845b7b2752ba7b364d48e458a351945e6cb41e3af591a863116442033fe3adbb66dab0a35b6cef77e5995d40484ee38fe1d3564e41027f0220574dc1b9e17d37aa01e3b20058997b7b7c209d6a8d43833994ea185fcf9e57feec4279c5c8a7304e16e7817975256ccbb2db9a7aceff44b472e064b1d5d2d8574d3417cf0e5d9a1849ebd7fc", 0x1000, 0x30}, {0x951bb3566cdf72f0, 0x437, &(0x7f00000014c0)='{\x00', &(0x7f0000001500), 0x0, 0x8}, {0x1, 0x4, &(0x7f00000015c0)='mptcp_pm\x00', &(0x7f0000001600), 0x0, 0x2}, {0x1, 0x7ff, &(0x7f0000001640)='mptcp_pm\x00', &(0x7f0000001680)="e8cdf4d4", 0x4, 0x30}, {0x0, 0x4, &(0x7f00000016c0)='\x00', &(0x7f0000001700)="ef8469524ce1b1427e50a73323ed8bf9d07360b351c5347d8202cfb294166c7f", 0x20}]})
ioctl$NBD_SET_BLKSIZE(r3, 0xab01, 0x9)
r4 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x1})
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r5)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
read$FUSE(r6, &(0x7f0000002140)={0x2020}, 0x2020)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000140)=@ethtool_channels={0x3d, 0x0, 0x2e, 0x0, 0x0, 0x1, 0x0, 0x8, 0x1}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r1, 0x5000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
write$nbd(r1, &(0x7f0000000340)={0x67446698, 0x0, 0x1, 0x4, 0x2, "66d181db45ef19788eea425e71807f4772b8272aa25425ee3cd13723764bcb2c84bcd89c86ebdbd58eab0194de405d773ba5d4f407a5b9621273f03bd0d88c19b44e260e30a415"}, 0x57)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000068a00800000000004000000cb200400a000000095"], &(0x7f00000001c0)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000000}, 0x94)

12.019897485s ago: executing program 1 (id=677):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$KIOCSOUND(r1, 0x4b2f, 0x7)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, 0x0, 0x804d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0), 0xc)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)
writev(r6, &(0x7f00000003c0), 0x0)
getsockopt$inet6_int(r0, 0x29, 0x7, 0x0, 0x0)

11.989049405s ago: executing program 3 (id=678):
syz_open_dev$sndctrl(0x0, 0x1, 0x48001)
getpid()
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1040}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_EMATCHES={0x40, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x20, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_LVALUE={0x5, 0x2, [@TCF_META_TYPE_VAR='m']}]}}]}]}]}}]}, 0x74}}, 0x0)

11.638146681s ago: executing program 3 (id=680):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000001}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x20581f338c8bb445, 0x0, @random=0x812, @val, @void}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b2a, &(0x7f0000000040))

10.673151009s ago: executing program 1 (id=681):
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x19)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, 0x0, 0x40000)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00\x00\x00\b\x00', @ANYRES32=0x0], 0x1c}}, 0x4000054)

8.825430766s ago: executing program 1 (id=683):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x408040, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000001c0)=ANY=[], 0x20)
r1 = io_uring_setup(0x937, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
io_uring_setup(0x21e9, &(0x7f00000001c0)={0x0, 0xfe5, 0x1000, 0x2, 0x211, 0x0, r1})
bind$alg(r2, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r3 = accept4(r2, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/237, 0xed}], 0x1}, 0x18}], 0x1, 0x101, 0x0)
sendmsg$nl_route_sched_retired(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x1, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0xfff1, 0xfff3}, {0x9, 0x8}}, [@q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x10}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x14}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x4008000)
close_range(r1, 0xffffffffffffffff, 0x0)

8.309344208s ago: executing program 4 (id=685):
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x19)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, 0x0, 0x40000)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00\x00\x00\b\x00', @ANYRES32=0x0], 0x1c}}, 0x4000054)

8.252383171s ago: executing program 3 (id=686):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r0, &(0x7f0000000400)=""/4096, 0xc00)

8.026630297s ago: executing program 3 (id=687):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80003, 0x6)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000100))
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r6})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040))
openat$panthor(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

7.571058297s ago: executing program 2 (id=688):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101142, 0xeaff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000088ab0000000000000300000018", @ANYBLOB="0000000000000000b702000014000000b703000000"], 0x0, 0x80000001, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, 0x25, r0}, 0x94)
write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[], 0x29f)

7.471675891s ago: executing program 2 (id=689):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303", @ANYRESDEC], 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x3b, &(0x7f0000000000)=ANY=[])
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r4, 0x1, 0xb, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xe0881)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000000)={{0xa, 0x4e24, 0x100, @local, 0x4}, {0xa, 0x4e23, 0x7, @empty, 0xd473}, 0x0, {[0x4, 0x7, 0x3, 0x8001, 0xe10, 0xe, 0x3]}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xe3]}}, 0x5c)
write$sndseq(r5, 0x0, 0x0)
poll(&(0x7f0000000000)=[{r5}], 0x1, 0x100)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f0000001140)={0x80, 0x1})
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r3, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x2004c840)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_genetlink_get_family_id$gtp(&(0x7f0000000480), r3)
sendmsg$GTP_CMD_GETPDP(r3, &(0x7f0000000940)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r7, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@GTPA_FLOW={0x6, 0x6, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x881)
r8 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r8, &(0x7f0000000540)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000240)=""/17, 0x11, 0x6, 0x4, 0x9, 0x4, 0xc08}}, 0x120)
read$FUSE(r8, &(0x7f0000006b40)={0x2020}, 0x2020)
write$UHID_DESTROY(r8, &(0x7f0000000180), 0x4)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000400)={'erspan0\x00', &(0x7f00000001c0)={'syztnl0\x00', <r9=>0x0, 0x8, 0x7, 0x1, 0x2, {{0x10, 0x4, 0x3, 0x37, 0x40, 0x68, 0x0, 0x4, 0x4, 0x0, @multicast2, @multicast1, {[@ssrr={0x89, 0x1b, 0x24, [@empty, @empty, @private=0xa010102, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @local]}, @generic={0x86, 0x4, "b736"}, @generic={0x94, 0xc, "9a32abdbe89402a81392"}, @noop]}}}}})
openat$ptmx(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000a80)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000980)="b0f160788ce5545e0af8ee86ff3a0e15bbcd54ce0474e91e3f4a11d9834e31b51b52b2d478ac3374df3e06bae2abd08729c76f393eb6e291453424559d61580efdd824ecd130f98d31107a43514a6f6d5799995fe3a46fff7a21ed2f5323a3398aa1c02f7eba054026128fa958cfc19e3fa30c9d3d25d8190dbf304bb927cb53d985aa76c9e5c5419c87bda7fb87361829a54f1bb733bf417d1428a84a555c383ed370ec1902582bbff1f3bf8e04391971552d77e1fa51a7ea2777bf3e29895c2286ebc0d1fa2c", 0xc7, r1}, 0x64)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b00)=ANY=[@ANYBLOB="a8020000180000042cbd7000fbdbdf251d0101001e0106005a6d3d0702442ab16dffb1324b035f7529f6cbd45b1c3aa21a2ec2f412583dfe5ec56ec561f5db5ea8eff7d65f7cf05b9c480a711bd44337fbedb1bde08466ac9734cb962beebee0b8b0a430ab2126d91935ccd90c0f8c7df709e52ee9fecd5e1c0b16756f2aa450682f2276a65feab519487a7bfae51d582a4afab47d648dce2129f77b39e99e50b3022795bcef7f8099aebe217e0e58e2580bd2b8a0ca62e2eb67d5f0d4d18f7302f99185d4b31565560ce86fb94132c58a717a8bb69dbd2f2045bfd5b3435df2f3633b194dc5b5b9657b398435622aadee302d887efeac37fd0efb88d374057a491ddd9644aba0b2880ac364d4fd0e2ec047689f3bd7e85aab8400b44f024f9f0f80ae32d3fb8f760bc173c2f51f6555efac0000080005000202fe8b15000300040000a002020000a1896ae09ea2d9d7020000001e010600702d01db1080620788b2d725fa7e3f3cde1287c50c726c72728ffdc5c3f7b1dfe15736b5cf451e8d33dcbc1c3ccf28a216694d0d188fb99302613a6d9108e059d2acf6cf375c16424f8783ced8e23cfd28f0f5344b96a67e1f2c2d7e415aa31ded79258207557af775573dae2fe504b991fc0f3f1c97a7ad799b8c3daa5af15e36641e86f69c85463267b650f4c7f4269a3b2004a00d440996e58276d18147dbb98ad03101638a13a08d198183830bea4bc29dcaee8b501ea4c3856f50e3bf2d498c9ec7482bf630f1e098b429b079fc031920d6d39d5f512be75af740995fca5d8ffe751f8ae51cd86838238828b2696693d370823d21bcb60635084ca8850b0a518eea5200526a7c12de9514001045f5d1312d0240551df4e500001500020004000040070300008ee1360c4dea13df0400000008000a00", @ANYRES32=r9, @ANYBLOB="0810e2cfbada4a8a58e2284c06e6000a00", @ANYRES32=r9, @ANYBLOB="0c000b000400002003000060"], 0x2a8}}, 0x0)

7.387350497s ago: executing program 1 (id=690):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40), 0x0, 0x0, 0x0, 0xc1a6ec5e92f4d87e}, 0x20000000)

7.161928816s ago: executing program 1 (id=691):
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x19)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, 0x0, 0x40000)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00\x00\x00\b\x00', @ANYRES32=0x0], 0x1c}}, 0x4000054)

7.159695109s ago: executing program 4 (id=692):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file3\x00', 0x1c0)
inotify_init1(0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0/file3\x00', 0x0)

6.818959632s ago: executing program 4 (id=693):
kexec_load(0x3, 0x6, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378ee8c0d0fc56a4a866c499b04ef61edca4fc06d78b964868e16d82c97be81055b072720c06a8b8b3daad5131e84447a4809d131ce0927ee8ec5", 0xd2, 0x5, 0xff}, {&(0x7f0000000100), 0x0, 0x5, 0xffffffff}, {&(0x7f0000000200)="d8f3aabb28de3faf55566e010b6ef42f8002b91bf54d78caa3135bc4a5d30a8fd06d1e70130a8d2b505e9abe3aef1de2219df6f5f695131fe4fc01630cb7751927628d8d7ec59d998200794f89eea832f53f0f9aa4c91322544bc7f07e8cdf4598c9879e4af2de4daca6cf629d11f9c6ebdccfeca156899a89ed0e61", 0x7c, 0x5, 0x4}, {&(0x7f0000000340), 0x0, 0x100, 0x9}, {0x0, 0x0, 0x7, 0x2}, {0x0, 0x0, 0x2, 0xfffffffffffffffa}], 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="4274aa814c8f", 0x6}, {0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d622301673217c8ca26b5a362745ea01486a2ba576eb6601dfa400bb8", 0xb6}], 0x4}, 0x41)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

6.525222262s ago: executing program 0 (id=694):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x1001)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x7, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
io_setup(0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x242, 0x100)
sendfile(r4, r4, 0x0, 0xe3aa6ea)
syz_open_dev$tty1(0xc, 0x4, 0x1)

5.139370064s ago: executing program 0 (id=695):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c0001800600010058c6000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x23f, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.821477883s ago: executing program 0 (id=696):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000001}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x20581f338c8bb445, 0x0, @random=0x812, @val, @void}, 0x20)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b2a, &(0x7f0000000040))

3.805628514s ago: executing program 4 (id=697):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r0, &(0x7f0000000400)=""/4096, 0xc00)

3.191772635s ago: executing program 4 (id=698):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x19)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, 0x0, 0x40000)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~\x00\x00\x00\b\x00', @ANYRES32=0x0], 0x1c}}, 0x4000054)

2.007850876s ago: executing program 4 (id=699):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000000000)='./bus\x00', 0x810, &(0x7f0000000180)={[{@discard}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@discard_async}, {@usebackuproot}, {@skip_balance}, {@autodefrag}, {@commit={'commit', 0x3d, 0x9}}, {@acl}]}, 0xff, 0x5122, &(0x7f0000006440)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paWLOSWiSzMILauJDCCNyGhrlwoxhILtpp3HvOc+fe53jPvTONjennIzPnPOd3nuc893IW93udc04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEMJzv31ypKx++vr02fMz9d2Hts1cOTC94UwIlfb2Sl7ftf3pl17fsev5idhh9sVsWav1GzLreiFrrOnZ2OrX+/NqCGEsGaCaL59aVxi1e3VfccBSNy7tPbZlf33ziaPN6rXL504VXzotE6s9gdWSn1cXF8+levv3SLJHp9116lV6TtGsf3rC/SsvAgBYkqlGe9H5OJp/xO20D6b1pF1P2s2kHT8hNLsby5GNu6bfPDel9VWaZz2LCuN955nU8/e/026k/ZN2EjWWMM/eXfNIM9FvnnNJfbXmCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA7eejN0QfK6qevT589P1PffWjbzJUD0xvOhFBrb69k5crad4/W//xm+/FDP2z98sTFZx+p5v3icrRr5/BrXHlsMoTXuioX47CX1ofQ6C20m+HzYuGN9sozsQAAAMCd5N7275FOO4uDYz3tSjtNVtr/oiws3ri099iW/fXNJ442q9cunzu1/PEafcar33S8Tru2+FPpCsYx/qbjLdbjrvsK45RLR0zz/KMXpv4q61/I/7Xy/B/fOfkfAACAf0L+T8cpNyj/f/vK7x+V9S/k/009hyzk/zjjmP9HwvLyPwAAANzObnX+rxfGKTco/4+/MPZVWf9C/p8aLv+Pdk87bvwlTnjPZAhTg6YOAAAA9BH/333xq4WY17NvDtK8/sTDh8+XjVfI//Xh8v9Y+GJ+RV8YAAAAsGzzn+18sKxeyP+N4fL/+C2dNQAAALAUb70/8V5ZvZD/Z4fL/2vzZX7lQ9bpx/hXCEcmQ5horcxlhZ9C88lOAQAAAFghMaf/8fHu78v2K+T/ufL7/8c7HcTr/3vu/1e4/r+rkN3173E3BgAAAOBuVLyeP94eP3tyQb/n7w97/f99/zv8ctnxC/n/4HD5v9q9XMnn/wEAAMAy/Nee/7ezME65Qff/v+eDt38u61/I/83h8n9crut+eScrlez9eWcyhI2tlfxugl/Hw+1JCgtjXYW2RtJjR+yRFxbGuwptc0mPrZMh3N9aOZgU/h8LzaRwdX1emE8KZ2IhPx86heNJ4WQ80z5dn083LXwXC/kFFgvxCop1nUsikh7X+vVoFW7a41zn4AAAAHeVGJ7zLDvW2wxplF2oDNph7aAdRgbtUB20w2iyQ7pjv+1htrcQtzfPbl7a8//nh8v/8a1Yky36Xf8f4vX/+XMNO9f/z8ZCLSksxEIjvWNAIx4jC7sfxmPUGnmPqxs7BQAAALijxe8Fqqs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/Zu9cYua76AOBnn+N9eHcTqAgpggXqGBe8XtvhoTYV6zRVUShlXVKiClFs7HVYvMHGdgqOADk2KEURNC2R4EOjOEKozoekFgkKNIniRsIoah4oVSOSKBFpnSCi0DSAQiESrmbuPbN3zt15+LGON/39JO+cmf953nl4zr13zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/hyNf+szftorf/9tLHn/q8qlP7t9w+fOfv+Tch0OYrj3elYW7Bq+9cernt1582/671t10x7FL396fl8vjYaj6pzu/88VY67HlIdzZFUJvGlg9nAX68vvDsb43DIdwTpgP1EvMDGYl0obD9wdCOBjmA/WqvjcQwnAhcNkj9937lWrihoEQVoQQKmkbT1ayNgbSwAX9WWAwDezozQK/Op6pB77bnQXglMU3Q/1Ff3i6McPYwuWavP76TlvHXlnp8HpiYqx5vp9tWOROFfSnD0yf0tNWqo5FUXp7HPFuWwLvttJ2vt7TVvwilX9DOT4fqoTurTPbNl81tyc+0h0mJnqa1bRIz/NjL35uy4mkl8zrMHZg7LS8Dr/60Ipbe1Z94ME7Vq949tA7Djx3qt38UWGTFtOLrRLy19ySeR6jKZ8nS+DtV/qWNO5LVwhh2yd+74Ot4qX5/1jr+X98Ocfb7obcsdaXR7K5eXxkOCZeGMnm5gAAALBkLIW9pjsm7nlPofhoJamvNP8f7+z4fzzkn0/ms9EeCWGqljgwGsJ5tcezwC2xuY+PhvDmWmq6MbAhCRwJ4fW1xKp6VUmJZbHEeBL4yUgemEoCR2NgOgl8KwauTwJfjIHDSWBLDBxJAhfHQJhtHMfvj+Tj6DgwEAObso14OJ6F8IuR2FqyrZ6oVwUAAHCa5LPDvsa7hXMdTjVDnF4eHmiXIZ6B3TRDJakhncHWp1VNa+htV0N3uxrq497Xevilmrva1Vw6DaOrMcONv/ybD4UWSvP/ydbz/8oCHekqHf8PYWPtb8zdnUfm6vFN0w0ZAAAAgFMw9L9Pf7NVvDT/n+rs/P+4T6SnkDk8EHdDbB8NYbIxkFX7h+VAdtR7KA8AAADAUlA/Hl8/Fj6b32anaKfz6XL+6RPMHw/8Ty2Yv//I3Zta9bc0/5/u7Pz/wcbbrBNHYy++NhrCskLgB7GX1UDNeAz8+L2NgXz8R+MGuC5WlZ+YUK/qulhiUwxMJoGDzUr8sF7ivMZA/mTVGz9QH8dsXqIQAAAAgDMu7g6Ix+Xj+f9v+c26z7QqV5r/bzqx8/9r8+DS6f1zQyGs6Q2hJ/1hwAOD2cKAMTDclSfuGczq6kmrumYwhIuqA0urejpf/783XWPwkYGsqhg47y2HXrygmvjmQAhrioFHP3LzO6uJPUmg3vhfDoTwpupo08a/syxrvC9t/OvLQnhjIVCv6uPLQqg21p9WdV8lv45BWtU/V0J4TSFQr+pdlRD2BgCWqPhf6dbig7v3Xr1989zczK5FTMR9+ANh2+zczMSWHXNbK036tDXpc8MyRteUx9TplW+eyJco+vDtG4c7Sdd/JzhZbCvfj186cTC/H78L9dXGua6v4e76dMhve2u5iVD4JtVsyN2LPOTBYiXzT2Kp/pi/PwyFZVftntk18dnNe/bsWpv97TT7uuxvPMyUbau16bYaXKhvHbw8mq6WlTjZbbWyWMmaPVfuXLN779WrZ6/cfMXMFTOfWvuudZMXTq6ffPeFa6qjmsz+thnqyoWqToZ6/OYOx3Uah3p+b6GSM/GpISEhsdQSO4ZWtvw/uTT/39l6/h8/deInf74+Q7Pj/2PxMH/2+Pxh/k0xcLDT4/9jzY7m108MGE8C+2Jgn8P8AAAAvDrESX7cmxn3Sv901XeebVWuNP/f19nv/0/T+v/1pesvbbbM/6pYYrLZ+v/pMv/19f/3NVv/P13mv77+/8FXYP3/q+qBZJP8wvr/AADAq8GZW/+/7fL+6QUCShnaLu+fXiCglKHtMv6dXiDghNf/f/I//+q/Qwul+f/1nc3/LdwPAAAAZ48v/NlnfqdVvDT/P9jZ/P/Mr/8Xmp3/P94sMN1sYUDr/wEAALBENVv/b+zawY+1Klea/x/ubP4fT7vobsgda315JFvTLqRr2r0wUv/JAAAAACwN3WFioq/DvA0ro244+TYfy5cCbZUuevpPjp3Y+f9HOpv/N/wu46sPrbi1Z9UHHnz5jtUrnj30jgPPzR//BwAAABZPp/slAAAAAAAAAAAAAACAV97T/7F/fat46ff/YWPt8Wa//4/X/Yu/L3htQ+5Ya/v1//L7l73/tr21JQsfGAnhrcXA9v3bzwn5tflXFgP3fnTV66qJ/WmJu5+6+Jlq4mNp4H2rz32pmrgoCWyKiyS+Pg3Eqyq+tDwJxOUV/z0NxO1xOA3054EvL8/G0ZVuq58OZ9uqK91Wjw+HMFoI1LfVncNZG13pAG9IAvUBfjoNxAH+eR7oTnt121DWqxgYjkVvGsp6BQDAWSt+C+wL22bnZibjV/h4e35v423UsGTZNeVquzps/ol8abIP375xuJN0T/pddP5a432hUh3C2tLX1WKWrtooT08tbTbda5sMud1qb91NyqVOdNP1Nx/RQDaiiS075rb2tR34+vZZ1vW2zbK2NNkpZumubdIOaumgLx2MqMNt00GX4/3uMDHRk+T6gxgcCw3avSI6/b1+cZ2/Zq+CYp5PHTvwq1b1leb/Y53N/yvFcb2UXwxgX7yy3t+NWuYfAAAAFteXN/z6G/Hfh669/9FWeUvz//HO5v9xD1Z+KDjb23EkXv//wGgItUvrj2WBW2JzHx8N4c211HQskV1Q/9JYYjIL3BJ3mKyKJTZNN1a1LAYOJ4GfjOSBI0ngaAzkeykOhXxXzt+PhPDOWmpjY4mdscRYEvhgDIwngYkYmEwCy2NgKgk8vzwPTCeBf4uBMNu4rW5fnm8rAACADtWu4ZbPs+Lx5zjtSud5h3vbZehql2GwXYbudhkqLTP0hcPNRhHvfztm6EtOXukqZOpLmx1IailliBfDb9rxtlu3fvj/h40504KlpuP5B/XzDboaM9z1nt5KaKE0/5/sbP4/2HibtX40zv/nr/+XBX4Qu/e1eOr4eAz8+L2NgXzHwNE42b2uXtV0XiKftF8XS0zFwHgS2BkDU0lg08Y8cPB1jYF8pl1v/EC98dm8RCEAAAAAZ1zcQRB308T5/027vzTUqlxp/j/V2fw/tjdUbOyLsdZjy0O4s2u+N/XA6uEsEPdjDMefx79hOIRzCjs46iVmBrMS/UnD4fsD2S/U+9OqvjeQ/fgg3r/skfvu/Uo1ccNACCsKe1/qbTxZydoYSAMX9GeBwTSwozcLxD0/9cB3u7MAnLL6XsH4gspPdakbW7hck9ffq+WaoOnwSvtAF8i30G+uFktph2u+T7XuxJ62lvtvOW1Kb48j3m1L8d025t1W/CKVf0M5Ph+qhO6tM9s2XzW3Jz5S/CVrySI9z8VfqXaSPg2vw30n39v2KmkHJpOPj8mFyy38OuyK1X31oRW39qz6wIN3rF7x7KF3HHiu4240EX8ofN/n/3X4R4XNu9gqIX/NLbnPk2mfJ0viv4Hk3T3uaQshbHz+69e1ipfm/9Odzf97k9uaX8eNuXs0hLcVNu4DcfP/8Wj2OVgIZJ+SrykHskPu/zXS9JMTAAAATrf67o76/oLZ/DY7ITydJ5fzT4dwfPQE8sf9FVML5u+034N//dEVreKl+f+m1vP/ZUk3Hf93/J9F4vj/gs72XdHL0gf2ndKu6FJ1LArH/xd0tr/bHP9fkOP/jv8vxPH/Nhz/X9DZ/rSVviXt9KUrhPDsH93zeKt4af6/s7P5v/X/Fl60r77+36Zm6//tbLb+3z7r/wEAAIuqyUJz6TyvtHpfKUO6el8pQ9sFAtsuMdh6/b8W6+y9atb/K23Uduv/PXP+k78JLZTm//s6m//Hl8NQsfWlsv7f+MYmVV0fAzstDAgAAMDZqNm+CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF5Zd/3D/2xtFb//t5c8/tTlU5/cv+Hy5z9/ybkPhzBbe7wrC3cNXnvj1M9vvfi2/Xetu+mOY5e+vZKX68tvf7chd6z15ZEQDhYeGY6JF0aqd+YDl73/tr291cQDIyG8NQsM55VsP6f691sjIawslrj3o6teV03sny+RBe5+6uJnqomPpYH3rT73pWriojzQlXb3H5dn3e1Ku/uV5SGMFgL17n5yeWNV9Tb+NA90p23803DWRgwMx6LfGM7aiIG5WGJ2WQhrekPoSau6v5JV1ZNW9S+VrKqetKovVEK4KITQm1b1VH9WVW868of7s6pi4Ly3HHrxgmriYH8Ia4qBRz9y8zuriU8ngXrjf9EfwpuqL5m08W/3ZY33pY3f0BfCG0MI/WmJX/ZmJfrTEk/3hvCaQqDe+Cd6Q9gbeFWIHz4Nn2i79169ffPc3MyuxUh8JEv0520NhG2zczMTW3bMba0kfWqmq5A+fs3Jj/2JFz+3pXr74ds3DneS7s3L9dW6vK6v4e76s733sV+DxUrmn5hS/TF/fxgKy67aPbNr4rOb9+zZtTb722n2ddnfnjyabau1S2VbrSxWsmbPlTvX7N579erZKzdfMXPFzKfWvmvd5IWT6yfffeGa6qgms7+nY6g3N4QGzsRQz+8tVLKoHwASEhJnILF2EWrubvh0mzzbP8hLX/TnO9oXKrUP6NK0opilqzbK0zHoDSc54pP5ntJ2RGtLE4dSlnULZLmmMcv60mRivpaBLEvte11pclhsrLu2SeP97jAx0dNsO4w13i1u3p+dwuZ9LN90naYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//t/8lBw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101142, 0xeaff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000088ab0000000000000300000018", @ANYBLOB="0000000000000000b702000014000000b703000000"], 0x0, 0x80000001, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, 0x25, r0}, 0x94)
write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[], 0x29f)

1.940207548s ago: executing program 2 (id=700):
syz_open_dev$sndctrl(0x0, 0x1, 0x48001)
getpid()
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1040}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_EMATCHES={0x40, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x20, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_LVALUE={0x5, 0x2, [@TCF_META_TYPE_VAR='m']}]}}]}]}]}}]}, 0x74}}, 0x0)

1.704003895s ago: executing program 0 (id=701):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40), 0x0, 0x0, 0x0, 0xc1a6ec5e92f4d87e}, 0x20000000)

1.672087941s ago: executing program 2 (id=702):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x408040, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000001c0)=ANY=[], 0x20)
r0 = io_uring_setup(0x937, &(0x7f00000002c0)={0x0, 0x32b6, 0x80, 0x0, 0x35d})
r1 = socket$alg(0x26, 0x5, 0x0)
io_uring_setup(0x21e9, &(0x7f00000001c0)={0x0, 0xfe5, 0x1000, 0x2, 0x211, 0x0, r0})
bind$alg(r1, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)
r2 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/237, 0xed}], 0x1}, 0x18}], 0x1, 0x101, 0x0)
sendmsg$nl_route_sched_retired(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x1, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xffe0}, {0xfff1, 0xfff3}, {0x9, 0x8}}, [@q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x10}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x14}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x4008000)
close_range(r0, 0xffffffffffffffff, 0x0)

1.525419401s ago: executing program 3 (id=703):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$KIOCSOUND(r1, 0x4b2f, 0x7)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, 0x0, 0x804d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0), 0xc)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, 0x0, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
getsockopt$inet6_int(r0, 0x29, 0x7, 0x0, 0x0)

1.481104811s ago: executing program 0 (id=704):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
eventfd2(0xa, 0x80000)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f00000016c0)=""/189, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

1.186184106s ago: executing program 1 (id=705):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r0 = openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f00000001c0)={0x2, {0x5, 0x9, 0xffffffff, 0x9bde}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
set_mempolicy_home_node(&(0x7f0000042000/0x2000)=nil, 0x2000, 0x0, 0x0)
getdents(0xffffffffffffffff, 0xffffffffffffffff, 0x5a)
syz_open_procfs$namespace(0x0, 0x0)
r1 = socket$kcm(0x23, 0x5, 0x0)
listen(r1, 0x65)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r3, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
accept4(r1, 0x0, 0x0, 0x0)
setsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000080)=0x1, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket(0xa, 0x800, 0x3a)
setsockopt$MRT6_ADD_MIF(r4, 0x29, 0xd0, 0x0, 0x0)
close(0x3)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000b240)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x4044000)
socket$nl_generic(0x10, 0x3, 0x10)

93.108174ms ago: executing program 3 (id=706):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x38, 0xfff, 0x3fffc, 0x180, 0x2, 0x0, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x5, 0x0, 0x45, 0xfffffffffffffffa, 0x8000000000bdb], 0xd5dd0000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

92.578321ms ago: executing program 2 (id=707):
kexec_load(0x3, 0x6, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378ee8c0d0fc56a4a866c499b04ef61edca4fc06d78b964868e16d82c97be81055b072720c06a8b8b3daad5131e84447a4809d131ce0927ee8ec5", 0xd2, 0x5, 0xff}, {&(0x7f0000000100), 0x0, 0x5, 0xffffffff}, {&(0x7f0000000200)="d8f3aabb28de3faf55566e010b6ef42f8002b91bf54d78caa3135bc4a5d30a8fd06d1e70130a8d2b505e9abe3aef1de2219df6f5f695131fe4fc01630cb7751927628d8d7ec59d998200794f89eea832f53f0f9aa4c91322544bc7f07e8cdf4598c9879e4af2de4daca6cf629d11f9c6ebdccfeca156899a89ed0e61", 0x7c, 0x5, 0x4}, {&(0x7f0000000340), 0x0, 0x100, 0x9}, {0x0, 0x0, 0x7, 0x2}, {0x0, 0x0, 0x2, 0xfffffffffffffffa}], 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="4274aa814c8f", 0x6}, {0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d622301673217c8ca26b5a362745ea01486a2ba576eb6601dfa400bb8", 0xb6}], 0x4}, 0x41)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

0s ago: executing program 0 (id=708):
kexec_load(0x3, 0x7, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378ee8c0d0fc56a4a866c499b04ef61edca4fc06d78b964868e16d82c97be81055b072720c06a8b8b3daad5131e84447a4809d131ce0927ee8ec587e37e0f2df3499327f170b861", 0xdf, 0x5, 0xff}, {&(0x7f0000000100), 0x0, 0x5, 0xffffffff}, {&(0x7f0000000200)="d8f3aabb28de3faf55566e010b6ef42f8002b91bf54d78caa3135bc4a5d30a8fd06d1e70130a8d2b505e9abe3aef1de2219df6f5f695131fe4fc01630cb7751927628d8d7ec59d998200794f89eea832f53f0f9aa4c91322544bc7f07e8cdf4598c9879e4af2de4daca6cf629d11f9c6ebdccfeca156899a89ed0e619add0bb6", 0x80, 0x5, 0x4}, {&(0x7f0000000340), 0x0, 0x100, 0x9}, {0x0, 0x0, 0x7, 0x2}, {0x0, 0x0, 0x2, 0xfffffffffffffffa}, {&(0x7f00000004c0), 0x0, 0x5, 0x6}], 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="4274aa814c8f", 0x6}, {0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d622301673217c8ca26b5a362745ea01486a2ba576eb6601dfa400b", 0xb5}], 0x4}, 0x41)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00), 0x0, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

95 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.409" name="file1" dev="loop4" ino=10 res=0 errno=0
[  280.720254][ T7452] bio_check_eod: 449 callbacks suppressed
[  280.720298][ T7452] syz.0.408: attempt to access beyond end of device
[  280.720298][ T7452] loop0: rw=2049, sector=45816, nr_sectors = 8 limit=40427
[  280.724054][ T7452] syz.0.408: attempt to access beyond end of device
[  280.724054][ T7452] loop0: rw=2049, sector=45824, nr_sectors = 8 limit=40427
[  280.746574][ T7452] syz.0.408: attempt to access beyond end of device
[  280.746574][ T7452] loop0: rw=2049, sector=45832, nr_sectors = 8 limit=40427
[  280.750961][ T7452] syz.0.408: attempt to access beyond end of device
[  280.750961][ T7452] loop0: rw=2049, sector=45840, nr_sectors = 8 limit=40427
[  280.754285][ T7452] syz.0.408: attempt to access beyond end of device
[  280.754285][ T7452] loop0: rw=2049, sector=45848, nr_sectors = 8 limit=40427
[  280.758147][ T7452] syz.0.408: attempt to access beyond end of device
[  280.758147][ T7452] loop0: rw=2049, sector=45856, nr_sectors = 8 limit=40427
[  280.761639][ T7452] syz.0.408: attempt to access beyond end of device
[  280.761639][ T7452] loop0: rw=2049, sector=45864, nr_sectors = 8 limit=40427
[  280.765421][ T7452] syz.0.408: attempt to access beyond end of device
[  280.765421][ T7452] loop0: rw=2049, sector=45872, nr_sectors = 8 limit=40427
[  280.769463][ T7452] syz.0.408: attempt to access beyond end of device
[  280.769463][ T7452] loop0: rw=2049, sector=45880, nr_sectors = 8 limit=40427
[  280.772873][ T7452] syz.0.408: attempt to access beyond end of device
[  280.772873][ T7452] loop0: rw=2049, sector=45888, nr_sectors = 8 limit=40427
[  282.348653][ T6852] CPU: 0 UID: 0 PID: 6852 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  282.348683][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  282.348696][ T6852] Workqueue: writeback wb_workfn (flush-7:4)
[  282.348731][ T6852] Call Trace:
[  282.348739][ T6852]  <TASK>
[  282.348747][ T6852]  dump_stack_lvl+0xe8/0x150
[  282.348776][ T6852]  f2fs_stop_checkpoint+0x3cd/0x590
[  282.348802][ T6852]  f2fs_write_end_io+0x1274/0x1740
[  282.348846][ T6852]  __submit_merged_bio+0x256/0x6a0
[  282.348878][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  282.348909][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  282.348952][ T6852]  f2fs_write_data_pages+0x287e/0x34f0
[  282.349010][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  282.349047][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  282.349114][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  282.349148][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  282.349187][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  282.349211][ T6852]  do_writepages+0x32e/0x550
[  282.349242][ T6852]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  282.349262][ T6852]  ? reacquire_held_locks+0x104/0x190
[  282.349285][ T6852]  ? rt_spin_lock+0x1e0/0x400
[  282.349312][ T6852]  __writeback_single_inode+0x133/0x10e0
[  282.349343][ T6852]  ? rt_spin_unlock+0x160/0x200
[  282.349366][ T6852]  writeback_sb_inodes+0x97f/0x1980
[  282.349411][ T6852]  ? lockdep_hardirqs_on+0x7a/0x110
[  282.349444][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  282.349507][ T6852]  ? rcu_is_watching+0x15/0xb0
[  282.349541][ T6852]  wb_writeback+0x445/0xb00
[  282.349573][ T6852]  ? queue_io+0x201/0x440
[  282.349607][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  282.349651][ T6852]  wb_workfn+0x3fd/0xf20
[  282.349673][ T6852]  ? look_up_lock_class+0x57/0x110
[  282.349698][ T6852]  ? trace_hrtimer_start+0x82/0x200
[  282.349730][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  282.349756][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  282.349779][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  282.349803][ T6852]  ? process_one_work+0x8be/0x1630
[  282.349833][ T6852]  ? process_one_work+0x8be/0x1630
[  282.349873][ T6852]  ? process_one_work+0x8be/0x1630
[  282.349898][ T6852]  process_one_work+0x98b/0x1630
[  282.349946][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  282.349972][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  282.350009][ T6852]  worker_thread+0xb49/0x1140
[  282.350049][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  282.350087][ T6852]  kthread+0x389/0x470
[  282.350114][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  282.350140][ T6852]  ? __pfx_kthread+0x10/0x10
[  282.350163][ T6852]  ret_from_fork+0x514/0xb70
[  282.350192][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  282.350217][ T6852]  ? __switch_to+0xc79/0x1410
[  282.350241][ T6852]  ? __pfx_kthread+0x10/0x10
[  282.350265][ T6852]  ret_from_fork_asm+0x1a/0x30
[  282.350306][ T6852]  </TASK>
[  282.383016][ T6852] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  282.384790][ T6852] CPU: 0 UID: 0 PID: 6852 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  282.384820][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  282.384832][ T6852] Workqueue: writeback wb_workfn (flush-7:0)
[  282.384866][ T6852] Call Trace:
[  282.384873][ T6852]  <TASK>
[  282.384882][ T6852]  dump_stack_lvl+0xe8/0x150
[  282.384909][ T6852]  f2fs_stop_checkpoint+0x3cd/0x590
[  282.384936][ T6852]  f2fs_write_end_io+0x1274/0x1740
[  282.384980][ T6852]  __submit_merged_bio+0x256/0x6a0
[  282.385008][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  282.385038][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  282.385079][ T6852]  f2fs_write_data_pages+0x287e/0x34f0
[  282.385143][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  282.385214][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  282.385252][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  282.385293][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  282.385319][ T6852]  do_writepages+0x32e/0x550
[  282.385350][ T6852]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  282.385369][ T6852]  ? reacquire_held_locks+0x104/0x190
[  282.385394][ T6852]  ? rt_spin_lock+0x1e0/0x400
[  282.385422][ T6852]  __writeback_single_inode+0x133/0x10e0
[  282.385453][ T6852]  ? rt_spin_unlock+0x160/0x200
[  282.385474][ T6852]  writeback_sb_inodes+0x97f/0x1980
[  282.385515][ T6852]  ? lockdep_hardirqs_on+0x7a/0x110
[  282.385547][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  282.385610][ T6852]  ? rcu_is_watching+0x15/0xb0
[  282.385644][ T6852]  wb_writeback+0x445/0xb00
[  282.385674][ T6852]  ? queue_io+0x201/0x440
[  282.385703][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  282.385743][ T6852]  wb_workfn+0x3fd/0xf20
[  282.385764][ T6852]  ? look_up_lock_class+0x57/0x110
[  282.385804][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  282.385831][ T6852]  ? do_raw_spin_unlock+0xf5/0x210
[  282.385855][ T6852]  ? process_one_work+0x8be/0x1630
[  282.385884][ T6852]  ? process_one_work+0x8be/0x1630
[  282.385921][ T6852]  ? process_one_work+0x8be/0x1630
[  282.385943][ T6852]  process_one_work+0x98b/0x1630
[  282.385986][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  282.386011][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  282.386046][ T6852]  worker_thread+0xb49/0x1140
[  282.386082][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  282.386127][ T6852]  kthread+0x389/0x470
[  282.386149][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  282.386175][ T6852]  ? __pfx_kthread+0x10/0x10
[  282.386198][ T6852]  ret_from_fork+0x514/0xb70
[  282.386224][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  282.386248][ T6852]  ? __switch_to+0xc79/0x1410
[  282.386271][ T6852]  ? __pfx_kthread+0x10/0x10
[  282.386294][ T6852]  ret_from_fork_asm+0x1a/0x30
[  282.386335][ T6852]  </TASK>
[  282.426339][ T6852] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  282.527278][    T9] loop4: lost filesystem error report for type 5 error -108
[  283.120121][ T7458] loop3: detected capacity change from 0 to 40427
[  283.138300][ T7458] F2FS-fs (loop3): invalid crc value
[  283.255411][ T7458] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  283.278710][ T7458] F2FS-fs (loop3): Start checkpoint disabled!
[  283.361556][ T7458] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  283.364774][ T7458] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  283.390080][   T38] audit: type=1800 audit(1779431286.188:10): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.413" name="file1" dev="loop3" ino=10 res=0 errno=0
[  284.690389][ T3907] CPU: 1 UID: 0 PID: 3907 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  284.690417][ T3907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  284.690430][ T3907] Workqueue: writeback wb_workfn (flush-7:3)
[  284.690461][ T3907] Call Trace:
[  284.690468][ T3907]  <TASK>
[  284.690477][ T3907]  dump_stack_lvl+0xe8/0x150
[  284.690504][ T3907]  f2fs_stop_checkpoint+0x3cd/0x590
[  284.690531][ T3907]  f2fs_write_end_io+0x1274/0x1740
[  284.690575][ T3907]  __submit_merged_bio+0x256/0x6a0
[  284.690604][ T3907]  __submit_merged_write_cond+0x3c9/0x4e0
[  284.690634][ T3907]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  284.690677][ T3907]  f2fs_write_data_pages+0x287e/0x34f0
[  284.690737][ T3907]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  284.690775][ T3907]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  284.690847][ T3907]  ? __lock_acquire+0x6b5/0x2d10
[  284.690885][ T3907]  ? __lock_acquire+0x6b5/0x2d10
[  284.690930][ T3907]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  284.690956][ T3907]  do_writepages+0x32e/0x550
[  284.690988][ T3907]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  284.691007][ T3907]  ? reacquire_held_locks+0x104/0x190
[  284.691034][ T3907]  ? rt_spin_lock+0x1e0/0x400
[  284.691063][ T3907]  __writeback_single_inode+0x133/0x10e0
[  284.691095][ T3907]  ? rt_spin_unlock+0x160/0x200
[  284.691116][ T3907]  writeback_sb_inodes+0x97f/0x1980
[  284.691162][ T3907]  ? lockdep_hardirqs_on+0x7a/0x110
[  284.691195][ T3907]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  284.691265][ T3907]  ? rcu_is_watching+0x15/0xb0
[  284.691300][ T3907]  wb_writeback+0x445/0xb00
[  284.691332][ T3907]  ? queue_io+0x201/0x440
[  284.691366][ T3907]  ? __pfx_wb_writeback+0x10/0x10
[  284.691410][ T3907]  wb_workfn+0x3fd/0xf20
[  284.691432][ T3907]  ? look_up_lock_class+0x57/0x110
[  284.691458][ T3907]  ? trace_hrtimer_start+0x82/0x200
[  284.691490][ T3907]  ? __pfx_wb_workfn+0x10/0x10
[  284.691517][ T3907]  ? do_raw_spin_lock+0x12b/0x2f0
[  284.691540][ T3907]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  284.691562][ T3907]  ? process_one_work+0x8be/0x1630
[  284.691597][ T3907]  ? process_one_work+0x8be/0x1630
[  284.691636][ T3907]  ? process_one_work+0x8be/0x1630
[  284.691661][ T3907]  process_one_work+0x98b/0x1630
[  284.691711][ T3907]  ? __pfx_process_one_work+0x10/0x10
[  284.691736][ T3907]  ? do_raw_spin_lock+0x12b/0x2f0
[  284.691772][ T3907]  worker_thread+0xb49/0x1140
[  284.691816][ T3907]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  284.691856][ T3907]  kthread+0x389/0x470
[  284.691878][ T3907]  ? __pfx_worker_thread+0x10/0x10
[  284.691904][ T3907]  ? __pfx_kthread+0x10/0x10
[  284.691927][ T3907]  ret_from_fork+0x514/0xb70
[  284.691955][ T3907]  ? __pfx_ret_from_fork+0x10/0x10
[  284.691980][ T3907]  ? __switch_to+0xc79/0x1410
[  284.692004][ T3907]  ? __pfx_kthread+0x10/0x10
[  284.692028][ T3907]  ret_from_fork_asm+0x1a/0x30
[  284.692072][ T3907]  </TASK>
[  284.708828][ T3907] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  284.800344][ T5631] Bluetooth: hci1: unexpected event for opcode 0x4889
[  285.020818][   T37] loop3: lost filesystem error report for type 5 error -108
[  285.538470][ T5631] Bluetooth: hci3: unexpected event for opcode 0x007f
[  285.629671][ T7478] loop2: detected capacity change from 0 to 40427
[  285.643924][ T7478] F2FS-fs (loop2): invalid crc value
[  285.745133][ T7478] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  285.755566][ T7478] F2FS-fs (loop2): Start checkpoint disabled!
[  285.777337][ T7478] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  285.784770][ T7478] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  285.803528][   T38] audit: type=1800 audit(1779431288.453:11): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.418" name="file1" dev="loop2" ino=10 res=0 errno=0
[  286.253002][ T7485] bio_check_eod: 462 callbacks suppressed
[  286.253049][ T7485] syz.2.418: attempt to access beyond end of device
[  286.253049][ T7485] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  286.260092][ T7485] syz.2.418: attempt to access beyond end of device
[  286.260092][ T7485] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  286.265018][ T7485] syz.2.418: attempt to access beyond end of device
[  286.265018][ T7485] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  286.269951][ T7485] syz.2.418: attempt to access beyond end of device
[  286.269951][ T7485] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  286.274391][ T7485] syz.2.418: attempt to access beyond end of device
[  286.274391][ T7485] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  286.281420][ T7485] syz.2.418: attempt to access beyond end of device
[  286.281420][ T7485] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  286.285571][ T7485] syz.2.418: attempt to access beyond end of device
[  286.285571][ T7485] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  286.289734][ T7485] syz.2.418: attempt to access beyond end of device
[  286.289734][ T7485] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  286.293571][ T7485] syz.2.418: attempt to access beyond end of device
[  286.293571][ T7485] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  286.297616][ T7485] syz.2.418: attempt to access beyond end of device
[  286.297616][ T7485] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  287.529249][ T7487] loop4: detected capacity change from 0 to 40427
[  287.541214][   T59] CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  287.541240][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  287.541257][   T59] Workqueue: writeback wb_workfn (flush-7:2)
[  287.541287][   T59] Call Trace:
[  287.541294][   T59]  <TASK>
[  287.541301][   T59]  dump_stack_lvl+0xe8/0x150
[  287.541325][   T59]  f2fs_stop_checkpoint+0x3cd/0x590
[  287.541348][   T59]  f2fs_write_end_io+0x1274/0x1740
[  287.541384][   T59]  __submit_merged_bio+0x256/0x6a0
[  287.541407][   T59]  __submit_merged_write_cond+0x3c9/0x4e0
[  287.541431][   T59]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  287.541472][   T59]  f2fs_write_data_pages+0x287e/0x34f0
[  287.541520][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  287.541549][   T59]  ? cfg80211_inform_single_bss_data+0xba3/0x1b80
[  287.541605][   T59]  ? __lock_acquire+0x6b5/0x2d10
[  287.541636][   T59]  ? unwind_next_frame+0xa6/0x2550
[  287.541677][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  287.541698][   T59]  do_writepages+0x32e/0x550
[  287.541726][   T59]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  287.541742][   T59]  ? reacquire_held_locks+0x104/0x190
[  287.541762][   T59]  ? rt_spin_lock+0x1e0/0x400
[  287.541785][   T59]  __writeback_single_inode+0x133/0x10e0
[  287.541811][   T59]  ? rt_spin_unlock+0x160/0x200
[  287.541828][   T59]  writeback_sb_inodes+0x97f/0x1980
[  287.541864][   T59]  ? lockdep_hardirqs_on+0x7a/0x110
[  287.541889][   T59]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  287.541943][   T59]  ? rcu_is_watching+0x15/0xb0
[  287.541971][   T59]  wb_writeback+0x445/0xb00
[  287.541996][   T59]  ? queue_io+0x201/0x440
[  287.542023][   T59]  ? __pfx_wb_writeback+0x10/0x10
[  287.542056][   T59]  wb_workfn+0x3fd/0xf20
[  287.542074][   T59]  ? look_up_lock_class+0x57/0x110
[  287.542107][   T59]  ? __pfx_wb_workfn+0x10/0x10
[  287.542130][   T59]  ? do_raw_spin_unlock+0xf5/0x210
[  287.542151][   T59]  ? process_one_work+0x8be/0x1630
[  287.542175][   T59]  ? process_one_work+0x8be/0x1630
[  287.542207][   T59]  ? process_one_work+0x8be/0x1630
[  287.542229][   T59]  process_one_work+0x98b/0x1630
[  287.542268][   T59]  ? __pfx_process_one_work+0x10/0x10
[  287.542290][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  287.542318][   T59]  worker_thread+0xb49/0x1140
[  287.542370][   T59]  kthread+0x389/0x470
[  287.542388][   T59]  ? __pfx_worker_thread+0x10/0x10
[  287.542411][   T59]  ? __pfx_kthread+0x10/0x10
[  287.542429][   T59]  ret_from_fork+0x514/0xb70
[  287.542451][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  287.542475][   T59]  ? __switch_to+0xc79/0x1410
[  287.542495][   T59]  ? __pfx_kthread+0x10/0x10
[  287.542513][   T59]  ret_from_fork_asm+0x1a/0x30
[  287.542547][   T59]  </TASK>
[  287.570337][   T59] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  287.592636][ T7487] F2FS-fs (loop4): invalid crc value
[  287.714608][ T7487] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  287.723133][ T7487] F2FS-fs (loop4): Start checkpoint disabled!
[  287.742582][ T7487] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  287.743274][ T7487] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  287.767314][   T38] audit: type=1800 audit(1779431290.287:12): pid=7487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.420" name="file1" dev="loop4" ino=10 res=0 errno=0
[  287.978411][ T5602] loop2: lost filesystem error report for type 5 error -108
[  289.095972][ T6852] CPU: 1 UID: 0 PID: 6852 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  289.096004][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  289.096017][ T6852] Workqueue: writeback wb_workfn (flush-7:4)
[  289.096053][ T6852] Call Trace:
[  289.096060][ T6852]  <TASK>
[  289.096069][ T6852]  dump_stack_lvl+0xe8/0x150
[  289.096098][ T6852]  f2fs_stop_checkpoint+0x3cd/0x590
[  289.096131][ T6852]  f2fs_write_end_io+0x1274/0x1740
[  289.096171][ T6852]  __submit_merged_bio+0x256/0x6a0
[  289.096193][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  289.096215][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  289.096248][ T6852]  f2fs_write_data_pages+0x287e/0x34f0
[  289.096291][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  289.096348][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  289.096398][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  289.096417][ T6852]  do_writepages+0x32e/0x550
[  289.096441][ T6852]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  289.096455][ T6852]  ? reacquire_held_locks+0x104/0x190
[  289.096477][ T6852]  ? rt_spin_lock+0x1e0/0x400
[  289.096498][ T6852]  __writeback_single_inode+0x133/0x10e0
[  289.096521][ T6852]  ? rt_spin_unlock+0x160/0x200
[  289.096536][ T6852]  writeback_sb_inodes+0x97f/0x1980
[  289.096570][ T6852]  ? lockdep_hardirqs_on+0x7a/0x110
[  289.096593][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  289.096643][ T6852]  ? rcu_is_watching+0x15/0xb0
[  289.096669][ T6852]  wb_writeback+0x445/0xb00
[  289.096692][ T6852]  ? queue_io+0x201/0x440
[  289.096716][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  289.096749][ T6852]  wb_workfn+0x3fd/0xf20
[  289.096764][ T6852]  ? look_up_lock_class+0x57/0x110
[  289.096783][ T6852]  ? trace_hrtimer_start+0x82/0x200
[  289.096808][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  289.096827][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  289.096844][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  289.096860][ T6852]  ? process_one_work+0x8be/0x1630
[  289.096882][ T6852]  ? process_one_work+0x8be/0x1630
[  289.096910][ T6852]  ? process_one_work+0x8be/0x1630
[  289.096930][ T6852]  process_one_work+0x98b/0x1630
[  289.096966][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  289.096985][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  289.097012][ T6852]  worker_thread+0xb49/0x1140
[  289.097041][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  289.097070][ T6852]  kthread+0x389/0x470
[  289.097087][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  289.097107][ T6852]  ? __pfx_kthread+0x10/0x10
[  289.097133][ T6852]  ret_from_fork+0x514/0xb70
[  289.097154][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  289.097172][ T6852]  ? __switch_to+0xc79/0x1410
[  289.097189][ T6852]  ? __pfx_kthread+0x10/0x10
[  289.097205][ T6852]  ret_from_fork_asm+0x1a/0x30
[  289.097237][ T6852]  </TASK>
[  289.104480][ T6852] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  290.968033][ T7524] loop0: detected capacity change from 0 to 512
[  292.013920][ T7524] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  293.568952][ T7524] EXT4-fs (loop0): 1 truncate cleaned up
[  293.592322][ T7524] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.033105][ T5631] Bluetooth: hci4: unexpected event for opcode 0x0000
[  294.287496][ T5620] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.314496][ T5631] Bluetooth: hci0: unexpected event for opcode 0x007f
[  296.665641][ T7559] loop2: detected capacity change from 0 to 40427
[  296.672001][ T7559] F2FS-fs (loop2): invalid crc value
[  296.759418][ T7559] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  296.773837][ T7559] F2FS-fs (loop2): Start checkpoint disabled!
[  296.802433][ T7559] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  296.805512][ T7559] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  296.824957][   T38] audit: type=1800 audit(1779431298.765:13): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.436" name="file1" dev="loop2" ino=10 res=0 errno=0
[  297.053549][ T7559] bio_check_eod: 362 callbacks suppressed
[  297.053571][ T7559] syz.2.436: attempt to access beyond end of device
[  297.053571][ T7559] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  297.054000][ T7559] syz.2.436: attempt to access beyond end of device
[  297.054000][ T7559] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  297.054475][ T7559] syz.2.436: attempt to access beyond end of device
[  297.054475][ T7559] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  297.054932][ T7559] syz.2.436: attempt to access beyond end of device
[  297.054932][ T7559] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  297.055393][ T7559] syz.2.436: attempt to access beyond end of device
[  297.055393][ T7559] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  297.056016][ T7559] syz.2.436: attempt to access beyond end of device
[  297.056016][ T7559] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  297.056416][ T7559] syz.2.436: attempt to access beyond end of device
[  297.056416][ T7559] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  297.056839][ T7559] syz.2.436: attempt to access beyond end of device
[  297.056839][ T7559] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  297.057277][ T7559] syz.2.436: attempt to access beyond end of device
[  297.057277][ T7559] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  297.057806][ T7559] syz.2.436: attempt to access beyond end of device
[  297.057806][ T7559] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  297.563734][ T7564] loop4: detected capacity change from 0 to 40427
[  297.586951][ T7564] F2FS-fs (loop4): invalid crc value
[  297.593234][   T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  297.593260][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  297.593271][   T59] Workqueue: writeback wb_workfn (flush-7:2)
[  297.593306][   T59] Call Trace:
[  297.593314][   T59]  <TASK>
[  297.593321][   T59]  dump_stack_lvl+0xe8/0x150
[  297.593350][   T59]  f2fs_stop_checkpoint+0x3cd/0x590
[  297.593377][   T59]  f2fs_write_end_io+0x1274/0x1740
[  297.593424][   T59]  __submit_merged_bio+0x256/0x6a0
[  297.593452][   T59]  __submit_merged_write_cond+0x3c9/0x4e0
[  297.593482][   T59]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  297.593527][   T59]  f2fs_write_data_pages+0x287e/0x34f0
[  297.593588][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  297.593626][   T59]  ? cfg80211_inform_single_bss_data+0xba3/0x1b80
[  297.593695][   T59]  ? __lock_acquire+0x6b5/0x2d10
[  297.593763][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  297.593789][   T59]  do_writepages+0x32e/0x550
[  297.593823][   T59]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  297.593842][   T59]  ? reacquire_held_locks+0x104/0x190
[  297.593868][   T59]  ? rt_spin_lock+0x1e0/0x400
[  297.593897][   T59]  __writeback_single_inode+0x133/0x10e0
[  297.593927][   T59]  ? rt_spin_unlock+0x160/0x200
[  297.593949][   T59]  writeback_sb_inodes+0x97f/0x1980
[  297.593993][   T59]  ? lockdep_hardirqs_on+0x7a/0x110
[  297.594027][   T59]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  297.594094][   T59]  ? rcu_is_watching+0x15/0xb0
[  297.594132][   T59]  wb_writeback+0x445/0xb00
[  297.594163][   T59]  ? queue_io+0x201/0x440
[  297.594197][   T59]  ? __pfx_wb_writeback+0x10/0x10
[  297.594246][   T59]  wb_workfn+0x3fd/0xf20
[  297.594266][   T59]  ? look_up_lock_class+0x57/0x110
[  297.594290][   T59]  ? trace_hrtimer_start+0x82/0x200
[  297.594324][   T59]  ? __pfx_wb_workfn+0x10/0x10
[  297.594349][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  297.594371][   T59]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  297.594391][   T59]  ? process_one_work+0x8be/0x1630
[  297.594417][   T59]  ? process_one_work+0x8be/0x1630
[  297.594453][   T59]  ? process_one_work+0x8be/0x1630
[  297.594476][   T59]  process_one_work+0x98b/0x1630
[  297.594521][   T59]  ? __pfx_process_one_work+0x10/0x10
[  297.594544][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  297.594576][   T59]  worker_thread+0xb49/0x1140
[  297.594629][   T59]  kthread+0x389/0x470
[  297.594650][   T59]  ? __pfx_worker_thread+0x10/0x10
[  297.594676][   T59]  ? __pfx_kthread+0x10/0x10
[  297.594699][   T59]  ret_from_fork+0x514/0xb70
[  297.594726][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  297.594748][   T59]  ? __switch_to+0xc79/0x1410
[  297.594770][   T59]  ? __pfx_kthread+0x10/0x10
[  297.594791][   T59]  ret_from_fork_asm+0x1a/0x30
[  297.594835][   T59]  </TASK>
[  297.722687][ T7564] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  297.750346][ T7564] F2FS-fs (loop4): Start checkpoint disabled!
[  297.827912][ T7564] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  297.838358][   T59] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  298.065297][ T7569] loop1: detected capacity change from 0 to 40427
[  298.069419][ T7564] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  298.090550][ T7569] F2FS-fs (loop1): invalid crc value
[  298.090772][   T38] audit: type=1800 audit(1779431299.954:14): pid=7564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.440" name="file1" dev="loop4" ino=10 res=0 errno=0
[  298.223167][ T7569] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  298.232908][ T7569] F2FS-fs (loop1): Start checkpoint disabled!
[  298.277959][ T7569] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  298.318813][ T5631] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  298.319115][ T5631] Bluetooth: hci4: Injecting HCI hardware error event
[  298.322622][ T5632] Bluetooth: hci4: hardware error 0x00
[  298.331080][ T7569] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  298.348331][   T38] audit: type=1800 audit(1779431300.188:15): pid=7569 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.443" name="file1" dev="loop1" ino=10 res=0 errno=0
[  298.892443][   T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  298.892472][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  298.892485][   T59] Workqueue: writeback wb_workfn (flush-7:4)
[  298.892519][   T59] Call Trace:
[  298.892526][   T59]  <TASK>
[  298.892535][   T59]  dump_stack_lvl+0xe8/0x150
[  298.892564][   T59]  f2fs_stop_checkpoint+0x3cd/0x590
[  298.892592][   T59]  f2fs_write_end_io+0x1274/0x1740
[  298.892640][   T59]  __submit_merged_bio+0x256/0x6a0
[  298.892668][   T59]  __submit_merged_write_cond+0x3c9/0x4e0
[  298.892699][   T59]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  298.892744][   T59]  f2fs_write_data_pages+0x287e/0x34f0
[  298.892806][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  298.892845][   T59]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  298.892911][   T59]  ? __lock_acquire+0x6b5/0x2d10
[  298.892948][   T59]  ? __lock_acquire+0x6b5/0x2d10
[  298.893003][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  298.893029][   T59]  do_writepages+0x32e/0x550
[  298.893061][   T59]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  298.893080][   T59]  ? reacquire_held_locks+0x104/0x190
[  298.893104][   T59]  ? rt_spin_lock+0x1e0/0x400
[  298.893128][   T59]  __writeback_single_inode+0x133/0x10e0
[  298.893151][   T59]  ? rt_spin_unlock+0x160/0x200
[  298.893167][   T59]  writeback_sb_inodes+0x97f/0x1980
[  298.893200][   T59]  ? lockdep_hardirqs_on+0x7a/0x110
[  298.893225][   T59]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  298.893275][   T59]  ? rcu_is_watching+0x15/0xb0
[  298.893302][   T59]  wb_writeback+0x445/0xb00
[  298.893333][   T59]  ? queue_io+0x201/0x440
[  298.893360][   T59]  ? __pfx_wb_writeback+0x10/0x10
[  298.893393][   T59]  wb_workfn+0x3fd/0xf20
[  298.893410][   T59]  ? look_up_lock_class+0x57/0x110
[  298.893431][   T59]  ? trace_hrtimer_start+0x82/0x200
[  298.893457][   T59]  ? __pfx_wb_workfn+0x10/0x10
[  298.893479][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  298.893498][   T59]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  298.893519][   T59]  ? process_one_work+0x8be/0x1630
[  298.893540][   T59]  ? process_one_work+0x8be/0x1630
[  298.893569][   T59]  ? process_one_work+0x8be/0x1630
[  298.893587][   T59]  process_one_work+0x98b/0x1630
[  298.893623][   T59]  ? __pfx_process_one_work+0x10/0x10
[  298.893641][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  298.893668][   T59]  worker_thread+0xb49/0x1140
[  298.893711][   T59]  kthread+0x389/0x470
[  298.893727][   T59]  ? __pfx_worker_thread+0x10/0x10
[  298.893747][   T59]  ? __pfx_kthread+0x10/0x10
[  298.893764][   T59]  ret_from_fork+0x514/0xb70
[  298.893786][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  298.893803][   T59]  ? __switch_to+0xc79/0x1410
[  298.893821][   T59]  ? __pfx_kthread+0x10/0x10
[  298.893839][   T59]  ret_from_fork_asm+0x1a/0x30
[  298.893872][   T59]  </TASK>
[  298.909445][ T3366] CPU: 0 UID: 0 PID: 3366 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  298.909474][ T3366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  298.909487][ T3366] Workqueue: writeback wb_workfn (flush-7:1)
[  298.909521][ T3366] Call Trace:
[  298.909528][ T3366]  <TASK>
[  298.909536][ T3366]  dump_stack_lvl+0xe8/0x150
[  298.909564][ T3366]  f2fs_stop_checkpoint+0x3cd/0x590
[  298.909591][ T3366]  f2fs_write_end_io+0x1274/0x1740
[  298.909637][ T3366]  __submit_merged_bio+0x256/0x6a0
[  298.909665][ T3366]  __submit_merged_write_cond+0x3c9/0x4e0
[  298.909695][ T3366]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  298.909738][ T3366]  f2fs_write_data_pages+0x287e/0x34f0
[  298.909796][ T3366]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  298.909832][ T3366]  ? cfg80211_inform_single_bss_data+0xba3/0x1b80
[  298.909900][ T3366]  ? __lock_acquire+0x6b5/0x2d10
[  298.909960][ T3366]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  298.909985][ T3366]  do_writepages+0x32e/0x550
[  298.910017][ T3366]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  298.910037][ T3366]  ? reacquire_held_locks+0x104/0x190
[  298.910061][ T3366]  ? rt_spin_lock+0x1e0/0x400
[  298.910087][ T3366]  __writeback_single_inode+0x133/0x10e0
[  298.910114][ T3366]  ? rt_spin_unlock+0x160/0x200
[  298.910134][ T3366]  writeback_sb_inodes+0x97f/0x1980
[  298.910179][ T3366]  ? lockdep_hardirqs_on+0x7a/0x110
[  298.910210][ T3366]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  298.910279][ T3366]  ? rcu_is_watching+0x15/0xb0
[  298.910312][ T3366]  wb_writeback+0x445/0xb00
[  298.910350][ T3366]  ? queue_io+0x201/0x440
[  298.910383][ T3366]  ? __pfx_wb_writeback+0x10/0x10
[  298.910425][ T3366]  wb_workfn+0x3fd/0xf20
[  298.910446][ T3366]  ? look_up_lock_class+0x57/0x110
[  298.910470][ T3366]  ? trace_hrtimer_start+0x82/0x200
[  298.910504][ T3366]  ? __pfx_wb_workfn+0x10/0x10
[  298.910530][ T3366]  ? do_raw_spin_lock+0x12b/0x2f0
[  298.910552][ T3366]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  298.910574][ T3366]  ? process_one_work+0x8be/0x1630
[  298.910604][ T3366]  ? process_one_work+0x8be/0x1630
[  298.910642][ T3366]  ? process_one_work+0x8be/0x1630
[  298.910668][ T3366]  process_one_work+0x98b/0x1630
[  298.910715][ T3366]  ? __pfx_process_one_work+0x10/0x10
[  298.910739][ T3366]  ? do_raw_spin_lock+0x12b/0x2f0
[  298.910775][ T3366]  worker_thread+0xb49/0x1140
[  298.910812][ T3366]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  298.910850][ T3366]  kthread+0x389/0x470
[  298.910871][ T3366]  ? __pfx_worker_thread+0x10/0x10
[  298.910897][ T3366]  ? __pfx_kthread+0x10/0x10
[  298.910919][ T3366]  ret_from_fork+0x514/0xb70
[  298.910946][ T3366]  ? __pfx_ret_from_fork+0x10/0x10
[  298.910970][ T3366]  ? __switch_to+0xc79/0x1410
[  298.910992][ T3366]  ? __pfx_kthread+0x10/0x10
[  298.911015][ T3366]  ret_from_fork_asm+0x1a/0x30
[  298.911057][ T3366]  </TASK>
[  298.934270][ T3366] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  298.994638][   T59] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  299.800580][ T5631] Bluetooth: hci1: unexpected event for opcode 0x007f
[  299.918371][ T5631] Bluetooth: hci4: unexpected event for opcode 0x0000
[  300.651993][ T7588] loop4: detected capacity change from 0 to 40427
[  300.683824][ T7591] loop1: detected capacity change from 0 to 40427
[  300.727072][ T7591] F2FS-fs (loop1): invalid crc value
[  300.855509][ T7591] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  300.866646][ T7591] F2FS-fs (loop1): Start checkpoint disabled!
[  300.921305][ T7591] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  300.930109][ T7591] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  300.950661][ T7588] F2FS-fs (loop4): invalid crc value
[  301.189891][ T7597] loop2: detected capacity change from 0 to 512
[  301.249937][   T38] audit: type=1800 audit(1779431302.630:16): pid=7591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.445" name="file1" dev="loop1" ino=10 res=0 errno=0
[  301.837423][ T5632] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  301.971983][ T7597] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  302.595107][ T7597] EXT4-fs (loop2): 1 truncate cleaned up
[  302.625998][ T7597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.880666][ T7588] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  302.892992][ T7588] F2FS-fs (loop4): Start checkpoint disabled!
[  303.470427][ T7588] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  303.485677][  T157] bio_check_eod: 733 callbacks suppressed
[  303.485695][  T157] kworker/u8:6: attempt to access beyond end of device
[  303.485695][  T157] loop1: rw=2049, sector=46624, nr_sectors = 8 limit=40427
[  303.485751][  T157] CPU: 1 UID: 0 PID: 157 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  303.485773][  T157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  303.485786][  T157] Workqueue: writeback wb_workfn (flush-7:1)
[  303.485818][  T157] Call Trace:
[  303.485826][  T157]  <TASK>
[  303.485834][  T157]  dump_stack_lvl+0xe8/0x150
[  303.485862][  T157]  f2fs_stop_checkpoint+0x3cd/0x590
[  303.485889][  T157]  f2fs_write_end_io+0x1274/0x1740
[  303.485934][  T157]  __submit_merged_bio+0x256/0x6a0
[  303.485962][  T157]  __submit_merged_write_cond+0x3c9/0x4e0
[  303.485991][  T157]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  303.486040][  T157]  f2fs_write_data_pages+0x287e/0x34f0
[  303.486100][  T157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  303.486138][  T157]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  303.486201][  T157]  ? __lock_acquire+0x6b5/0x2d10
[  303.486240][  T157]  ? __lock_acquire+0x6b5/0x2d10
[  303.486285][  T157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  303.486310][  T157]  do_writepages+0x32e/0x550
[  303.486343][  T157]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  303.486362][  T157]  ? reacquire_held_locks+0x104/0x190
[  303.486388][  T157]  ? rt_spin_lock+0x1e0/0x400
[  303.486416][  T157]  __writeback_single_inode+0x133/0x10e0
[  303.486447][  T157]  ? rt_spin_unlock+0x160/0x200
[  303.486468][  T157]  writeback_sb_inodes+0x97f/0x1980
[  303.486513][  T157]  ? lockdep_hardirqs_on+0x7a/0x110
[  303.486546][  T157]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  303.486614][  T157]  ? rcu_is_watching+0x15/0xb0
[  303.486655][  T157]  wb_writeback+0x445/0xb00
[  303.486686][  T157]  ? queue_io+0x201/0x440
[  303.486720][  T157]  ? __pfx_wb_writeback+0x10/0x10
[  303.486764][  T157]  wb_workfn+0x3fd/0xf20
[  303.486785][  T157]  ? look_up_lock_class+0x57/0x110
[  303.486827][  T157]  ? __pfx_wb_workfn+0x10/0x10
[  303.486854][  T157]  ? do_raw_spin_lock+0x12b/0x2f0
[  303.486876][  T157]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  303.486899][  T157]  ? process_one_work+0x8be/0x1630
[  303.486928][  T157]  ? process_one_work+0x8be/0x1630
[  303.486966][  T157]  ? process_one_work+0x8be/0x1630
[  303.486991][  T157]  process_one_work+0x98b/0x1630
[  303.487041][  T157]  ? __pfx_process_one_work+0x10/0x10
[  303.487066][  T157]  ? do_raw_spin_lock+0x12b/0x2f0
[  303.487103][  T157]  worker_thread+0xb49/0x1140
[  303.487157][  T157]  kthread+0x389/0x470
[  303.487179][  T157]  ? __pfx_worker_thread+0x10/0x10
[  303.487206][  T157]  ? __pfx_kthread+0x10/0x10
[  303.487229][  T157]  ret_from_fork+0x514/0xb70
[  303.487257][  T157]  ? __pfx_ret_from_fork+0x10/0x10
[  303.487281][  T157]  ? __switch_to+0xc79/0x1410
[  303.487305][  T157]  ? __pfx_kthread+0x10/0x10
[  303.487328][  T157]  ret_from_fork_asm+0x1a/0x30
[  303.487372][  T157]  </TASK>
[  303.613685][  T157] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  303.983444][ T6174] loop1: lost filesystem error report for type 5 error -108
[  304.102192][ T5621] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.815394][ T7621] netlink: 'syz.0.454': attribute type 4 has an invalid length.
[  307.071929][ T7638] netlink: 'syz.2.456': attribute type 4 has an invalid length.
[  308.594813][ T5632] Bluetooth: hci1: unexpected event for opcode 0x0000
[  308.726354][ T7644] loop2: detected capacity change from 0 to 40427
[  308.743098][ T7644] F2FS-fs (loop2): invalid crc value
[  308.834253][ T7644] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  308.840390][ T7644] F2FS-fs (loop2): Start checkpoint disabled!
[  308.871174][ T7644] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  308.871744][ T7644] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  308.895301][   T38] audit: type=1800 audit(1779431310.061:17): pid=7644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.459" name="file1" dev="loop2" ino=10 res=0 errno=0
[  309.148754][ T7644] syz.2.459: attempt to access beyond end of device
[  309.148754][ T7644] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  309.149031][ T7644] syz.2.459: attempt to access beyond end of device
[  309.149031][ T7644] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  309.149369][ T7644] syz.2.459: attempt to access beyond end of device
[  309.149369][ T7644] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  309.149652][ T7644] syz.2.459: attempt to access beyond end of device
[  309.149652][ T7644] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  309.150005][ T7644] syz.2.459: attempt to access beyond end of device
[  309.150005][ T7644] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  309.150487][ T7644] syz.2.459: attempt to access beyond end of device
[  309.150487][ T7644] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  309.150750][ T7644] syz.2.459: attempt to access beyond end of device
[  309.150750][ T7644] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  309.151099][ T7644] syz.2.459: attempt to access beyond end of device
[  309.151099][ T7644] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  309.151364][ T7644] syz.2.459: attempt to access beyond end of device
[  309.151364][ T7644] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  309.151669][ T7644] syz.2.459: attempt to access beyond end of device
[  309.151669][ T7644] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  309.391967][  T157] CPU: 0 UID: 0 PID: 157 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  309.392008][  T157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  309.392022][  T157] Workqueue: writeback wb_workfn (flush-7:2)
[  309.392070][  T157] Call Trace:
[  309.392078][  T157]  <TASK>
[  309.392086][  T157]  dump_stack_lvl+0xe8/0x150
[  309.392115][  T157]  f2fs_stop_checkpoint+0x3cd/0x590
[  309.392144][  T157]  f2fs_write_end_io+0x1274/0x1740
[  309.392194][  T157]  __submit_merged_bio+0x256/0x6a0
[  309.392225][  T157]  __submit_merged_write_cond+0x3c9/0x4e0
[  309.392256][  T157]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  309.392305][  T157]  f2fs_write_data_pages+0x287e/0x34f0
[  309.392371][  T157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  309.392412][  T157]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  309.392483][  T157]  ? __lock_acquire+0x6b5/0x2d10
[  309.392551][  T157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  309.392578][  T157]  do_writepages+0x32e/0x550
[  309.392611][  T157]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  309.392631][  T157]  ? reacquire_held_locks+0x104/0x190
[  309.392658][  T157]  ? rt_spin_lock+0x1e0/0x400
[  309.392689][  T157]  __writeback_single_inode+0x133/0x10e0
[  309.392721][  T157]  ? rt_spin_unlock+0x160/0x200
[  309.392744][  T157]  writeback_sb_inodes+0x97f/0x1980
[  309.392794][  T157]  ? lockdep_hardirqs_on+0x7a/0x110
[  309.392829][  T157]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  309.392903][  T157]  ? rcu_is_watching+0x15/0xb0
[  309.392942][  T157]  wb_writeback+0x445/0xb00
[  309.392979][  T157]  ? queue_io+0x201/0x440
[  309.393041][  T157]  ? __pfx_wb_writeback+0x10/0x10
[  309.393089][  T157]  wb_workfn+0x3fd/0xf20
[  309.393111][  T157]  ? look_up_lock_class+0x57/0x110
[  309.393139][  T157]  ? trace_hrtimer_start+0x82/0x200
[  309.393179][  T157]  ? __pfx_wb_workfn+0x10/0x10
[  309.393206][  T157]  ? do_raw_spin_lock+0x12b/0x2f0
[  309.393231][  T157]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  309.393255][  T157]  ? process_one_work+0x8be/0x1630
[  309.393285][  T157]  ? process_one_work+0x8be/0x1630
[  309.393328][  T157]  ? process_one_work+0x8be/0x1630
[  309.393354][  T157]  process_one_work+0x98b/0x1630
[  309.393408][  T157]  ? __pfx_process_one_work+0x10/0x10
[  309.393433][  T157]  ? do_raw_spin_lock+0x12b/0x2f0
[  309.393474][  T157]  worker_thread+0xb49/0x1140
[  309.393534][  T157]  kthread+0x389/0x470
[  309.393558][  T157]  ? __pfx_worker_thread+0x10/0x10
[  309.393586][  T157]  ? __pfx_kthread+0x10/0x10
[  309.393610][  T157]  ret_from_fork+0x514/0xb70
[  309.393640][  T157]  ? __pfx_ret_from_fork+0x10/0x10
[  309.393665][  T157]  ? __switch_to+0xc79/0x1410
[  309.393690][  T157]  ? __pfx_kthread+0x10/0x10
[  309.393714][  T157]  ret_from_fork_asm+0x1a/0x30
[  309.393759][  T157]  </TASK>
[  309.399590][  T157] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  309.927104][ T7663] loop1: detected capacity change from 0 to 40427
[  309.932677][ T7663] F2FS-fs (loop1): invalid crc value
[  310.027446][ T7663] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  310.043399][ T7663] F2FS-fs (loop1): Start checkpoint disabled!
[  310.069226][ T7663] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  310.077121][ T7663] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  310.359244][   T38] audit: type=1800 audit(1779431311.193:18): pid=7663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.464" name="file1" dev="loop1" ino=10 res=0 errno=0
[  310.483751][ T7667] loop0: detected capacity change from 0 to 40427
[  311.397899][ T7671] loop3: detected capacity change from 0 to 32768
[  311.399017][ T7671] btrfs: Deprecated parameter 'usebackuproot'
[  311.399036][ T7671] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  311.401578][ T7671] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.466 (7671)
[  311.404829][ T7667] F2FS-fs (loop0): invalid crc value
[  311.444542][   T59] CPU: 1 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  311.444569][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  311.444582][   T59] Workqueue: writeback wb_workfn (flush-7:1)
[  311.444616][   T59] Call Trace:
[  311.444623][   T59]  <TASK>
[  311.444630][   T59]  dump_stack_lvl+0xe8/0x150
[  311.444658][   T59]  f2fs_stop_checkpoint+0x3cd/0x590
[  311.444685][   T59]  f2fs_write_end_io+0x1274/0x1740
[  311.444730][   T59]  __submit_merged_bio+0x256/0x6a0
[  311.444758][   T59]  __submit_merged_write_cond+0x3c9/0x4e0
[  311.444787][   T59]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  311.444829][   T59]  f2fs_write_data_pages+0x287e/0x34f0
[  311.444886][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  311.444923][   T59]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  311.444985][   T59]  ? __lock_acquire+0x6b5/0x2d10
[  311.445051][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  311.445076][   T59]  do_writepages+0x32e/0x550
[  311.445107][   T59]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  311.445126][   T59]  ? reacquire_held_locks+0x104/0x190
[  311.445151][   T59]  ? rt_spin_lock+0x1e0/0x400
[  311.445177][   T59]  __writeback_single_inode+0x133/0x10e0
[  311.445208][   T59]  ? rt_spin_unlock+0x160/0x200
[  311.445229][   T59]  writeback_sb_inodes+0x97f/0x1980
[  311.445276][   T59]  ? lockdep_hardirqs_on+0x7a/0x110
[  311.445308][   T59]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  311.445372][   T59]  ? rcu_is_watching+0x15/0xb0
[  311.445406][   T59]  wb_writeback+0x445/0xb00
[  311.445435][   T59]  ? queue_io+0x201/0x440
[  311.445468][   T59]  ? __pfx_wb_writeback+0x10/0x10
[  311.445510][   T59]  wb_workfn+0x3fd/0xf20
[  311.445531][   T59]  ? look_up_lock_class+0x57/0x110
[  311.445555][   T59]  ? trace_hrtimer_start+0x82/0x200
[  311.445587][   T59]  ? __pfx_wb_workfn+0x10/0x10
[  311.445611][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  311.445631][   T59]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  311.445651][   T59]  ? process_one_work+0x8be/0x1630
[  311.445679][   T59]  ? process_one_work+0x8be/0x1630
[  311.445716][   T59]  ? process_one_work+0x8be/0x1630
[  311.445741][   T59]  process_one_work+0x98b/0x1630
[  311.445786][   T59]  ? __pfx_process_one_work+0x10/0x10
[  311.445810][   T59]  ? do_raw_spin_lock+0x12b/0x2f0
[  311.445846][   T59]  worker_thread+0xb49/0x1140
[  311.445898][   T59]  kthread+0x389/0x470
[  311.445920][   T59]  ? __pfx_worker_thread+0x10/0x10
[  311.445946][   T59]  ? __pfx_kthread+0x10/0x10
[  311.445969][   T59]  ret_from_fork+0x514/0xb70
[  311.445996][   T59]  ? __pfx_ret_from_fork+0x10/0x10
[  311.446026][   T59]  ? __switch_to+0xc79/0x1410
[  311.446048][   T59]  ? __pfx_kthread+0x10/0x10
[  311.446071][   T59]  ret_from_fork_asm+0x1a/0x30
[  311.446113][   T59]  </TASK>
[  311.446132][   T59] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  311.555279][ T7667] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  311.574597][ T7667] F2FS-fs (loop0): Start checkpoint disabled!
[  311.583733][ T7671] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  311.583774][ T7671] BTRFS info (device loop3): using crc32c checksum algorithm
[  311.593380][ T7667] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  311.595897][ T7667] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  311.628354][   T38] audit: type=1800 audit(1779431312.606:19): pid=7667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.465" name="file1" dev="loop0" ino=10 res=0 errno=0
[  311.904208][   T41] CPU: 0 UID: 0 PID: 41 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  311.904237][   T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  311.904249][   T41] Workqueue: writeback wb_workfn (flush-7:0)
[  311.904282][   T41] Call Trace:
[  311.904289][   T41]  <TASK>
[  311.904297][   T41]  dump_stack_lvl+0xe8/0x150
[  311.904324][   T41]  f2fs_stop_checkpoint+0x3cd/0x590
[  311.904350][   T41]  f2fs_write_end_io+0x1274/0x1740
[  311.904394][   T41]  __submit_merged_bio+0x256/0x6a0
[  311.904421][   T41]  __submit_merged_write_cond+0x3c9/0x4e0
[  311.904450][   T41]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  311.904495][   T41]  f2fs_write_data_pages+0x287e/0x34f0
[  311.904551][   T41]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  311.904583][   T41]  ? cfg80211_inform_single_bss_data+0xba3/0x1b80
[  311.904657][   T41]  ? __lock_acquire+0x6b5/0x2d10
[  311.904694][   T41]  ? unwind_next_frame+0xa6/0x2550
[  311.904740][   T41]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  311.904766][   T41]  do_writepages+0x32e/0x550
[  311.904797][   T41]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  311.904816][   T41]  ? reacquire_held_locks+0x104/0x190
[  311.904840][   T41]  ? rt_spin_lock+0x1e0/0x400
[  311.904868][   T41]  __writeback_single_inode+0x133/0x10e0
[  311.904898][   T41]  ? rt_spin_unlock+0x160/0x200
[  311.904919][   T41]  writeback_sb_inodes+0x97f/0x1980
[  311.904961][   T41]  ? lockdep_hardirqs_on+0x7a/0x110
[  311.904994][   T41]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  311.905055][   T41]  ? rcu_is_watching+0x15/0xb0
[  311.905089][   T41]  wb_writeback+0x445/0xb00
[  311.905120][   T41]  ? queue_io+0x201/0x440
[  311.905153][   T41]  ? __pfx_wb_writeback+0x10/0x10
[  311.905194][   T41]  wb_workfn+0x3fd/0xf20
[  311.905214][   T41]  ? look_up_lock_class+0x57/0x110
[  311.905238][   T41]  ? trace_hrtimer_start+0x82/0x200
[  311.905269][   T41]  ? __pfx_wb_workfn+0x10/0x10
[  311.905295][   T41]  ? do_raw_spin_lock+0x12b/0x2f0
[  311.905317][   T41]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  311.905337][   T41]  ? process_one_work+0x8be/0x1630
[  311.905363][   T41]  ? process_one_work+0x8be/0x1630
[  311.905398][   T41]  ? process_one_work+0x8be/0x1630
[  311.905421][   T41]  process_one_work+0x98b/0x1630
[  311.905461][   T41]  ? __pfx_process_one_work+0x10/0x10
[  311.905485][   T41]  ? do_raw_spin_lock+0x12b/0x2f0
[  311.905515][   T41]  worker_thread+0xb49/0x1140
[  311.905550][   T41]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  311.905585][   T41]  kthread+0x389/0x470
[  311.905606][   T41]  ? __pfx_worker_thread+0x10/0x10
[  311.905629][   T41]  ? __pfx_kthread+0x10/0x10
[  311.905659][   T41]  ret_from_fork+0x514/0xb70
[  311.905683][   T41]  ? __pfx_ret_from_fork+0x10/0x10
[  311.905704][   T41]  ? __switch_to+0xc79/0x1410
[  311.905727][   T41]  ? __pfx_kthread+0x10/0x10
[  311.905749][   T41]  ret_from_fork_asm+0x1a/0x30
[  311.905792][   T41]  </TASK>
[  311.943399][   T41] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  312.095429][ T6852] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  312.095585][ T7671] BTRFS error (device loop3): failed to load root extent
[  312.095622][ T7671] BTRFS warning (device loop3): try to load backup roots slot 1
[  312.102648][  T157] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  312.102793][ T7671] BTRFS warning (device loop3): couldn't read tree root
[  312.102811][ T7671] BTRFS warning (device loop3): try to load backup roots slot 2
[  312.108547][  T157] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  312.108662][ T7671] BTRFS warning (device loop3): couldn't read tree root
[  312.108682][ T7671] BTRFS warning (device loop3): try to load backup roots slot 3
[  312.154039][ T7671] BTRFS info (device loop3): rebuilding free space tree
[  312.380212][ T7671] BTRFS info (device loop3): checking UUID tree
[  312.432033][ T7671] BTRFS info (device loop3): enabling ssd optimizations
[  312.432057][ T7671] BTRFS info (device loop3): turning on async discard
[  312.432073][ T7671] BTRFS info (device loop3): enabling free space tree
[  312.432086][ T7671] BTRFS info (device loop3): force clearing of disk cache
[  312.432100][ T7671] BTRFS info (device loop3): enabling auto defrag
[  312.432114][ T7671] BTRFS info (device loop3): trying to use backup root at mount time
[  312.432132][ T7671] BTRFS info (device loop3): use zstd compression, level 3
[  312.948026][ T5632] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  312.948311][ T5632] Bluetooth: hci1: Injecting HCI hardware error event
[  312.951783][ T5632] Bluetooth: hci1: hardware error 0x00
[  312.994394][ T5624] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  313.903075][ T7703] loop1: detected capacity change from 0 to 40427
[  313.933139][ T7703] F2FS-fs (loop1): invalid crc value
[  314.040696][ T7703] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  314.044450][ T7703] F2FS-fs (loop1): Start checkpoint disabled!
[  314.067468][ T7703] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  314.075597][ T7703] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  314.096781][   T38] audit: type=1800 audit(1779431314.927:20): pid=7703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.467" name="file1" dev="loop1" ino=10 res=0 errno=0
[  314.343561][ T1163] CPU: 0 UID: 0 PID: 1163 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  314.343592][ T1163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  314.343604][ T1163] Workqueue: writeback wb_workfn (flush-7:1)
[  314.343639][ T1163] Call Trace:
[  314.343647][ T1163]  <TASK>
[  314.343655][ T1163]  dump_stack_lvl+0xe8/0x150
[  314.343684][ T1163]  f2fs_stop_checkpoint+0x3cd/0x590
[  314.343712][ T1163]  f2fs_write_end_io+0x1274/0x1740
[  314.343767][ T1163]  __submit_merged_bio+0x256/0x6a0
[  314.343796][ T1163]  __submit_merged_write_cond+0x3c9/0x4e0
[  314.343826][ T1163]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  314.343870][ T1163]  f2fs_write_data_pages+0x287e/0x34f0
[  314.343930][ T1163]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  314.343968][ T1163]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  314.344031][ T1163]  ? __lock_acquire+0x6b5/0x2d10
[  314.344071][ T1163]  ? __lock_acquire+0x6b5/0x2d10
[  314.344114][ T1163]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  314.344141][ T1163]  do_writepages+0x32e/0x550
[  314.344176][ T1163]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  314.344195][ T1163]  ? reacquire_held_locks+0x104/0x190
[  314.344221][ T1163]  ? rt_spin_lock+0x1e0/0x400
[  314.344250][ T1163]  __writeback_single_inode+0x133/0x10e0
[  314.344282][ T1163]  ? rt_spin_unlock+0x160/0x200
[  314.344303][ T1163]  writeback_sb_inodes+0x97f/0x1980
[  314.344351][ T1163]  ? lockdep_hardirqs_on+0x7a/0x110
[  314.344384][ T1163]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  314.344450][ T1163]  ? rcu_is_watching+0x15/0xb0
[  314.344485][ T1163]  wb_writeback+0x445/0xb00
[  314.344517][ T1163]  ? queue_io+0x201/0x440
[  314.344552][ T1163]  ? __pfx_wb_writeback+0x10/0x10
[  314.344605][ T1163]  wb_workfn+0x3fd/0xf20
[  314.344627][ T1163]  ? look_up_lock_class+0x57/0x110
[  314.344668][ T1163]  ? __pfx_wb_workfn+0x10/0x10
[  314.344695][ T1163]  ? do_raw_spin_lock+0x12b/0x2f0
[  314.344718][ T1163]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  314.344747][ T1163]  ? process_one_work+0x8be/0x1630
[  314.344777][ T1163]  ? process_one_work+0x8be/0x1630
[  314.344820][ T1163]  ? process_one_work+0x8be/0x1630
[  314.344846][ T1163]  process_one_work+0x98b/0x1630
[  314.344895][ T1163]  ? __pfx_process_one_work+0x10/0x10
[  314.344921][ T1163]  ? do_raw_spin_lock+0x12b/0x2f0
[  314.344957][ T1163]  worker_thread+0xb49/0x1140
[  314.345013][ T1163]  kthread+0x389/0x470
[  314.345035][ T1163]  ? __pfx_worker_thread+0x10/0x10
[  314.345063][ T1163]  ? __pfx_kthread+0x10/0x10
[  314.345085][ T1163]  ret_from_fork+0x514/0xb70
[  314.345113][ T1163]  ? __pfx_ret_from_fork+0x10/0x10
[  314.345143][ T1163]  ? __switch_to+0xc79/0x1410
[  314.345167][ T1163]  ? __pfx_kthread+0x10/0x10
[  314.345191][ T1163]  ret_from_fork_asm+0x1a/0x30
[  314.345235][ T1163]  </TASK>
[  314.356127][ T1163] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  314.920454][ T7708] loop4: detected capacity change from 0 to 40427
[  314.944803][ T7708] F2FS-fs (loop4): invalid crc value
[  315.018696][ T7711] loop2: detected capacity change from 0 to 32768
[  315.019780][ T7711] btrfs: Deprecated parameter 'usebackuproot'
[  315.019799][ T7711] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  315.047207][ T7711] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.473 (7711)
[  315.069236][ T7711] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  315.069270][ T7711] BTRFS info (device loop2): using crc32c checksum algorithm
[  315.231788][ T7708] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  315.247426][ T5632] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  315.267544][ T7708] F2FS-fs (loop4): Start checkpoint disabled!
[  315.283332][ T7708] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  315.337872][ T7708] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  315.410027][   T41] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  315.410165][ T7711] BTRFS error (device loop2): failed to load root extent
[  315.410204][ T7711] BTRFS warning (device loop2): try to load backup roots slot 1
[  315.410865][   T41] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  315.410981][ T7711] BTRFS warning (device loop2): couldn't read tree root
[  315.411000][ T7711] BTRFS warning (device loop2): try to load backup roots slot 2
[  315.411332][   T41] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  315.411432][ T7711] BTRFS warning (device loop2): couldn't read tree root
[  315.411449][ T7711] BTRFS warning (device loop2): try to load backup roots slot 3
[  315.503565][   T38] audit: type=1800 audit(1779431316.143:21): pid=7708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.474" name="file1" dev="loop4" ino=10 res=0 errno=0
[  315.667231][ T7711] BTRFS info (device loop2): rebuilding free space tree
[  315.729341][ T7729] bio_check_eod: 734 callbacks suppressed
[  315.729362][ T7729] syz.4.474: attempt to access beyond end of device
[  315.729362][ T7729] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  315.729747][ T7729] syz.4.474: attempt to access beyond end of device
[  315.729747][ T7729] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  315.730151][ T7729] syz.4.474: attempt to access beyond end of device
[  315.730151][ T7729] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  315.730539][ T7729] syz.4.474: attempt to access beyond end of device
[  315.730539][ T7729] loop4: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  315.730931][ T7729] syz.4.474: attempt to access beyond end of device
[  315.730931][ T7729] loop4: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  315.731470][ T7729] syz.4.474: attempt to access beyond end of device
[  315.731470][ T7729] loop4: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  315.731828][ T7729] syz.4.474: attempt to access beyond end of device
[  315.731828][ T7729] loop4: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  315.732174][ T7729] syz.4.474: attempt to access beyond end of device
[  315.732174][ T7729] loop4: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  315.732569][ T7729] syz.4.474: attempt to access beyond end of device
[  315.732569][ T7729] loop4: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  315.732909][ T7729] syz.4.474: attempt to access beyond end of device
[  315.732909][ T7729] loop4: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  315.760730][ T7711] BTRFS info (device loop2): checking UUID tree
[  315.814608][ T7711] BTRFS info (device loop2): enabling ssd optimizations
[  315.814636][ T7711] BTRFS info (device loop2): turning on async discard
[  315.814652][ T7711] BTRFS info (device loop2): enabling free space tree
[  315.814667][ T7711] BTRFS info (device loop2): force clearing of disk cache
[  315.814683][ T7711] BTRFS info (device loop2): enabling auto defrag
[  315.814698][ T7711] BTRFS info (device loop2): trying to use backup root at mount time
[  315.814716][ T7711] BTRFS info (device loop2): use zstd compression, level 3
[  316.058552][ T6852] CPU: 0 UID: 0 PID: 6852 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  316.058580][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  316.058593][ T6852] Workqueue: writeback wb_workfn (flush-7:4)
[  316.058627][ T6852] Call Trace:
[  316.058635][ T6852]  <TASK>
[  316.058643][ T6852]  dump_stack_lvl+0xe8/0x150
[  316.058672][ T6852]  f2fs_stop_checkpoint+0x3cd/0x590
[  316.058701][ T6852]  f2fs_write_end_io+0x1274/0x1740
[  316.058749][ T6852]  __submit_merged_bio+0x256/0x6a0
[  316.058779][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  316.058812][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  316.058860][ T6852]  f2fs_write_data_pages+0x287e/0x34f0
[  316.058923][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  316.058963][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  316.059032][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  316.059073][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  316.059120][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  316.059146][ T6852]  do_writepages+0x32e/0x550
[  316.059178][ T6852]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  316.059197][ T6852]  ? reacquire_held_locks+0x104/0x190
[  316.059222][ T6852]  ? rt_spin_lock+0x1e0/0x400
[  316.059252][ T6852]  __writeback_single_inode+0x133/0x10e0
[  316.059291][ T6852]  ? rt_spin_unlock+0x160/0x200
[  316.059314][ T6852]  writeback_sb_inodes+0x97f/0x1980
[  316.059366][ T6852]  ? lockdep_hardirqs_on+0x7a/0x110
[  316.059399][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  316.059472][ T6852]  ? rcu_is_watching+0x15/0xb0
[  316.059509][ T6852]  wb_writeback+0x445/0xb00
[  316.059540][ T6852]  ? queue_io+0x201/0x440
[  316.059576][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  316.059621][ T6852]  wb_workfn+0x3fd/0xf20
[  316.059643][ T6852]  ? look_up_lock_class+0x57/0x110
[  316.059670][ T6852]  ? trace_hrtimer_start+0x82/0x200
[  316.059705][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  316.059733][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  316.059757][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  316.059780][ T6852]  ? process_one_work+0x8be/0x1630
[  316.059810][ T6852]  ? process_one_work+0x8be/0x1630
[  316.059851][ T6852]  ? process_one_work+0x8be/0x1630
[  316.059877][ T6852]  process_one_work+0x98b/0x1630
[  316.059929][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  316.059953][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  316.059992][ T6852]  worker_thread+0xb49/0x1140
[  316.060031][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  316.060072][ T6852]  kthread+0x389/0x470
[  316.060095][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  316.060122][ T6852]  ? __pfx_kthread+0x10/0x10
[  316.060146][ T6852]  ret_from_fork+0x514/0xb70
[  316.060175][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  316.060200][ T6852]  ? __switch_to+0xc79/0x1410
[  316.060224][ T6852]  ? __pfx_kthread+0x10/0x10
[  316.060249][ T6852]  ret_from_fork_asm+0x1a/0x30
[  316.060302][ T6852]  </TASK>
[  316.279312][ T6852] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  316.688921][ T5632] Bluetooth: hci3: unexpected event for opcode 0x007f
[  316.997228][ T5621] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  317.030045][ T5798] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  317.207057][ T5798] usb 4-1: unable to get BOS descriptor or descriptor too short
[  317.208336][ T5798] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  317.208417][ T5798] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  317.208457][ T5798] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  317.294423][ T5798] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  317.294454][ T5798] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.294473][ T5798] usb 4-1: Product: syz
[  317.294487][ T5798] usb 4-1: Manufacturer: syz
[  317.294501][ T5798] usb 4-1: SerialNumber: syz
[  317.777768][ T7749] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  318.170428][ T5632] Bluetooth: hci3: unexpected event for opcode 0x007f
[  318.226424][ T5798] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  318.331500][ T5798] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22
[  320.081765][ T5632] Bluetooth: hci0: unexpected event for opcode 0x0000
[  320.146442][ T5798] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -22
[  320.174177][ T5798] usb 4-1: USB disconnect, device number 9
[  320.671202][ T7783] loop0: detected capacity change from 0 to 40427
[  320.745295][ T7783] F2FS-fs (loop0): invalid crc value
[  320.802797][ T7788] loop2: detected capacity change from 0 to 32768
[  320.803980][ T7788] btrfs: Deprecated parameter 'usebackuproot'
[  320.803998][ T7788] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  320.808277][ T7788] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.487 (7788)
[  320.888859][ T7788] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  320.888891][ T7788] BTRFS info (device loop2): using crc32c checksum algorithm
[  320.913958][ T7783] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  320.931178][ T7783] F2FS-fs (loop0): Start checkpoint disabled!
[  320.959087][ T7783] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  320.980604][ T7783] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  321.090746][   T38] audit: type=1800 audit(1779431321.393:22): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.485" name="file1" dev="loop0" ino=10 res=0 errno=0
[  321.116039][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  321.274187][ T7783] bio_check_eod: 176 callbacks suppressed
[  321.274208][ T7783] syz.0.485: attempt to access beyond end of device
[  321.274208][ T7783] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  321.274754][ T7783] syz.0.485: attempt to access beyond end of device
[  321.274754][ T7783] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  321.275220][ T7783] syz.0.485: attempt to access beyond end of device
[  321.275220][ T7783] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  321.275689][ T7783] syz.0.485: attempt to access beyond end of device
[  321.275689][ T7783] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  321.276142][ T7783] syz.0.485: attempt to access beyond end of device
[  321.276142][ T7783] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  321.276793][ T7783] syz.0.485: attempt to access beyond end of device
[  321.276793][ T7783] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  321.277233][ T7783] syz.0.485: attempt to access beyond end of device
[  321.277233][ T7783] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  321.277637][ T7783] syz.0.485: attempt to access beyond end of device
[  321.277637][ T7783] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  321.278066][ T7783] syz.0.485: attempt to access beyond end of device
[  321.278066][ T7783] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  321.278546][ T7783] syz.0.485: attempt to access beyond end of device
[  321.278546][ T7783] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  321.515524][ T3633] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  321.515654][ T7788] BTRFS error (device loop2): failed to load root extent
[  321.515692][ T7788] BTRFS warning (device loop2): try to load backup roots slot 1
[  321.525020][  T157] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  321.525129][ T7788] BTRFS warning (device loop2): couldn't read tree root
[  321.525150][ T7788] BTRFS warning (device loop2): try to load backup roots slot 2
[  321.537909][   T59] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  321.538034][ T7788] BTRFS warning (device loop2): couldn't read tree root
[  321.538052][ T7788] BTRFS warning (device loop2): try to load backup roots slot 3
[  321.671434][ T7788] BTRFS info (device loop2): rebuilding free space tree
[  321.744020][ T7788] BTRFS info (device loop2): checking UUID tree
[  321.756113][ T7788] BTRFS info (device loop2): enabling ssd optimizations
[  321.756141][ T7788] BTRFS info (device loop2): turning on async discard
[  321.756158][ T7788] BTRFS info (device loop2): enabling free space tree
[  321.756173][ T7788] BTRFS info (device loop2): force clearing of disk cache
[  321.756190][ T7788] BTRFS info (device loop2): enabling auto defrag
[  321.756205][ T7788] BTRFS info (device loop2): trying to use backup root at mount time
[  321.756222][ T7788] BTRFS info (device loop2): use zstd compression, level 3
[  321.763101][ T1163] CPU: 1 UID: 0 PID: 1163 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  321.763135][ T1163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  321.763148][ T1163] Workqueue: writeback wb_workfn (flush-7:0)
[  321.763182][ T1163] Call Trace:
[  321.763189][ T1163]  <TASK>
[  321.763197][ T1163]  dump_stack_lvl+0xe8/0x150
[  321.763225][ T1163]  f2fs_stop_checkpoint+0x3cd/0x590
[  321.763250][ T1163]  f2fs_write_end_io+0x1274/0x1740
[  321.763295][ T1163]  __submit_merged_bio+0x256/0x6a0
[  321.763330][ T1163]  __submit_merged_write_cond+0x3c9/0x4e0
[  321.763357][ T1163]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  321.763396][ T1163]  f2fs_write_data_pages+0x287e/0x34f0
[  321.763450][ T1163]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.763491][ T1163]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  321.763555][ T1163]  ? __lock_acquire+0x6b5/0x2d10
[  321.763590][ T1163]  ? __lock_acquire+0x6b5/0x2d10
[  321.763633][ T1163]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.763659][ T1163]  do_writepages+0x32e/0x550
[  321.763696][ T1163]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  321.763720][ T1163]  ? reacquire_held_locks+0x104/0x190
[  321.763747][ T1163]  ? rt_spin_lock+0x1e0/0x400
[  321.763775][ T1163]  __writeback_single_inode+0x133/0x10e0
[  321.763803][ T1163]  ? rt_spin_unlock+0x160/0x200
[  321.763822][ T1163]  writeback_sb_inodes+0x97f/0x1980
[  321.763862][ T1163]  ? lockdep_hardirqs_on+0x7a/0x110
[  321.763892][ T1163]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  321.763961][ T1163]  ? rcu_is_watching+0x15/0xb0
[  321.763993][ T1163]  wb_writeback+0x445/0xb00
[  321.764021][ T1163]  ? queue_io+0x201/0x440
[  321.764054][ T1163]  ? __pfx_wb_writeback+0x10/0x10
[  321.764097][ T1163]  wb_workfn+0x3fd/0xf20
[  321.764113][ T1163]  ? look_up_lock_class+0x57/0x110
[  321.764133][ T1163]  ? trace_hrtimer_start+0x82/0x200
[  321.764162][ T1163]  ? __pfx_wb_workfn+0x10/0x10
[  321.764186][ T1163]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.764209][ T1163]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  321.764231][ T1163]  ? process_one_work+0x8be/0x1630
[  321.764259][ T1163]  ? process_one_work+0x8be/0x1630
[  321.764301][ T1163]  ? process_one_work+0x8be/0x1630
[  321.764326][ T1163]  process_one_work+0x98b/0x1630
[  321.764373][ T1163]  ? __pfx_process_one_work+0x10/0x10
[  321.764397][ T1163]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.764432][ T1163]  worker_thread+0xb49/0x1140
[  321.764490][ T1163]  kthread+0x389/0x470
[  321.764512][ T1163]  ? __pfx_worker_thread+0x10/0x10
[  321.764538][ T1163]  ? __pfx_kthread+0x10/0x10
[  321.764561][ T1163]  ret_from_fork+0x514/0xb70
[  321.764588][ T1163]  ? __pfx_ret_from_fork+0x10/0x10
[  321.764610][ T1163]  ? __switch_to+0xc79/0x1410
[  321.764634][ T1163]  ? __pfx_kthread+0x10/0x10
[  321.764656][ T1163]  ret_from_fork_asm+0x1a/0x30
[  321.764697][ T1163]  </TASK>
[  321.795984][ T1163] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  321.820935][ T5798] loop0: lost filesystem error report for type 5 error -108
[  322.472647][ T5621] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  322.989412][ T7825] netlink: 'syz.1.492': attribute type 4 has an invalid length.
[  324.122019][ T5632] Bluetooth: hci0: unexpected event for opcode 0x007f
[  324.349971][ T6174] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  325.482045][ T7844] netlink: 'syz.2.490': attribute type 4 has an invalid length.
[  326.352225][ T6174] usb 4-1: unable to get BOS descriptor or descriptor too short
[  326.353542][ T6174] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  326.353616][ T6174] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  326.353655][ T6174] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  326.356274][ T6174] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  326.356302][ T6174] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.356321][ T6174] usb 4-1: Product: syz
[  326.356335][ T6174] usb 4-1: Manufacturer: syz
[  326.356348][ T6174] usb 4-1: SerialNumber: syz
[  326.812684][ T7846] loop0: detected capacity change from 0 to 40427
[  326.818045][ T7846] F2FS-fs (loop0): invalid crc value
[  326.946356][ T7846] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  326.958559][ T7846] F2FS-fs (loop0): Start checkpoint disabled!
[  326.990349][ T7846] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  327.037064][ T7846] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  327.076308][ T7847] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  327.230005][   T38] audit: type=1800 audit(1779431327.223:23): pid=7846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.498" name="file1" dev="loop0" ino=10 res=0 errno=0
[  327.334235][ T7851] loop2: detected capacity change from 0 to 40427
[  327.477572][ T7851] F2FS-fs (loop2): invalid crc value
[  327.655873][ T7839] loop1: detected capacity change from 0 to 40427
[  327.659032][ T7851] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  327.694270][ T7851] F2FS-fs (loop2): Start checkpoint disabled!
[  327.767149][ T7851] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  327.786419][ T7851] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  327.861614][   T38] audit: type=1800 audit(1779431327.803:24): pid=7851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.499" name="file1" dev="loop2" ino=10 res=0 errno=0
[  328.151251][ T7858] bio_check_eod: 176 callbacks suppressed
[  328.151271][ T7858] syz.0.498: attempt to access beyond end of device
[  328.151271][ T7858] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  328.151721][ T7858] syz.0.498: attempt to access beyond end of device
[  328.151721][ T7858] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  328.153329][ T7858] syz.0.498: attempt to access beyond end of device
[  328.153329][ T7858] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  328.155988][ T7858] syz.0.498: attempt to access beyond end of device
[  328.155988][ T7858] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  328.156481][ T7858] syz.0.498: attempt to access beyond end of device
[  328.156481][ T7858] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  328.158782][ T7858] syz.0.498: attempt to access beyond end of device
[  328.158782][ T7858] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  328.159331][ T7858] syz.0.498: attempt to access beyond end of device
[  328.159331][ T7858] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  328.159756][ T7858] syz.0.498: attempt to access beyond end of device
[  328.159756][ T7858] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  328.160271][ T7858] syz.0.498: attempt to access beyond end of device
[  328.160271][ T7858] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  328.160745][ T7858] syz.0.498: attempt to access beyond end of device
[  328.160745][ T7858] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  328.461664][ T7860] loop4: detected capacity change from 0 to 32768
[  328.462744][ T7860] btrfs: Deprecated parameter 'usebackuproot'
[  328.462765][ T7860] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  328.470811][ T7860] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.500 (7860)
[  328.500659][ T7860] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  328.500697][ T7860] BTRFS info (device loop4): using crc32c checksum algorithm
[  328.555321][ T6174] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  328.591736][ T6174] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22
[  328.612291][ T7839] F2FS-fs (loop1): Unable to read 1th superblock
[  328.612452][ T7839] F2FS-fs (loop1): Unable to read 2th superblock
[  328.736880][ T3366] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  328.736986][ T7860] BTRFS error (device loop4): failed to load root extent
[  328.737023][ T7860] BTRFS warning (device loop4): try to load backup roots slot 1
[  328.737526][   T41] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  328.737641][ T7860] BTRFS warning (device loop4): couldn't read tree root
[  328.737659][ T7860] BTRFS warning (device loop4): try to load backup roots slot 2
[  328.738681][   T41] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  328.738841][ T7860] BTRFS warning (device loop4): couldn't read tree root
[  328.738859][ T7860] BTRFS warning (device loop4): try to load backup roots slot 3
[  328.809278][ T7860] BTRFS info (device loop4): rebuilding free space tree
[  328.979478][ T7860] BTRFS info (device loop4): checking UUID tree
[  328.990915][ T7860] BTRFS info (device loop4): enabling ssd optimizations
[  328.990940][ T7860] BTRFS info (device loop4): turning on async discard
[  328.990956][ T7860] BTRFS info (device loop4): enabling free space tree
[  328.990972][ T7860] BTRFS info (device loop4): force clearing of disk cache
[  328.990988][ T7860] BTRFS info (device loop4): enabling auto defrag
[  328.991004][ T7860] BTRFS info (device loop4): trying to use backup root at mount time
[  328.991021][ T7860] BTRFS info (device loop4): use zstd compression, level 3
[  329.224638][ T6174] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -22
[  329.244134][ T6174] usb 4-1: USB disconnect, device number 10
[  329.404879][ T5645] udevd[5645]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  329.568186][ T5632] Bluetooth: hci3: unexpected event for opcode 0x0000
[  329.939183][ T5622] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  331.693586][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  331.693706][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  332.887555][ T5632] Bluetooth: hci3: unexpected event for opcode 0x007f
[  332.967279][  T177] CPU: 1 UID: 0 PID: 177 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  332.967308][  T177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  332.967320][  T177] Workqueue: writeback wb_workfn (flush-7:2)
[  332.967353][  T177] Call Trace:
[  332.967362][  T177]  <TASK>
[  332.967370][  T177]  dump_stack_lvl+0xe8/0x150
[  332.967399][  T177]  f2fs_stop_checkpoint+0x3cd/0x590
[  332.967426][  T177]  f2fs_write_end_io+0x1274/0x1740
[  332.967480][  T177]  __submit_merged_bio+0x256/0x6a0
[  332.967507][  T177]  __submit_merged_write_cond+0x3c9/0x4e0
[  332.967536][  T177]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  332.967580][  T177]  f2fs_write_data_pages+0x287e/0x34f0
[  332.967638][  T177]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  332.967674][  T177]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  332.967737][  T177]  ? __lock_acquire+0x6b5/0x2d10
[  332.967799][  T177]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  332.967823][  T177]  do_writepages+0x32e/0x550
[  332.967854][  T177]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  332.967872][  T177]  ? reacquire_held_locks+0x104/0x190
[  332.967897][  T177]  ? rt_spin_lock+0x1e0/0x400
[  332.967924][  T177]  __writeback_single_inode+0x133/0x10e0
[  332.967953][  T177]  ? rt_spin_unlock+0x160/0x200
[  332.967974][  T177]  writeback_sb_inodes+0x97f/0x1980
[  332.968018][  T177]  ? lockdep_hardirqs_on+0x7a/0x110
[  332.968050][  T177]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  332.968117][  T177]  ? rcu_is_watching+0x15/0xb0
[  332.968150][  T177]  wb_writeback+0x445/0xb00
[  332.968179][  T177]  ? queue_io+0x201/0x440
[  332.968213][  T177]  ? __pfx_wb_writeback+0x10/0x10
[  332.968258][  T177]  wb_workfn+0x3fd/0xf20
[  332.968278][  T177]  ? look_up_lock_class+0x57/0x110
[  332.968318][  T177]  ? __pfx_wb_workfn+0x10/0x10
[  332.968343][  T177]  ? do_raw_spin_lock+0x12b/0x2f0
[  332.968365][  T177]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  332.968387][  T177]  ? process_one_work+0x8be/0x1630
[  332.968414][  T177]  ? process_one_work+0x8be/0x1630
[  332.968457][  T177]  ? process_one_work+0x8be/0x1630
[  332.968481][  T177]  process_one_work+0x98b/0x1630
[  332.968527][  T177]  ? __pfx_process_one_work+0x10/0x10
[  332.968549][  T177]  ? do_raw_spin_lock+0x12b/0x2f0
[  332.968584][  T177]  worker_thread+0xb49/0x1140
[  332.968638][  T177]  kthread+0x389/0x470
[  332.968659][  T177]  ? __pfx_worker_thread+0x10/0x10
[  332.968683][  T177]  ? __pfx_kthread+0x10/0x10
[  332.968705][  T177]  ret_from_fork+0x514/0xb70
[  332.968733][  T177]  ? __pfx_ret_from_fork+0x10/0x10
[  332.968755][  T177]  ? __switch_to+0xc79/0x1410
[  332.968778][  T177]  ? __pfx_kthread+0x10/0x10
[  332.968800][  T177]  ret_from_fork_asm+0x1a/0x30
[  332.968842][  T177]  </TASK>
[  332.969034][ T6852] CPU: 0 UID: 0 PID: 6852 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  332.969056][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  332.969064][ T6852] Workqueue: writeback wb_workfn (flush-7:0)
[  332.969087][ T6852] Call Trace:
[  332.969092][ T6852]  <TASK>
[  332.969098][ T6852]  dump_stack_lvl+0xe8/0x150
[  332.969118][ T6852]  f2fs_stop_checkpoint+0x3cd/0x590
[  332.969138][ T6852]  f2fs_write_end_io+0x1274/0x1740
[  332.969172][ T6852]  __submit_merged_bio+0x256/0x6a0
[  332.969193][ T6852]  __submit_merged_write_cond+0x3c9/0x4e0
[  332.969216][ T6852]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  332.969248][ T6852]  f2fs_write_data_pages+0x287e/0x34f0
[  332.969292][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  332.969320][ T6852]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  332.969369][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  332.969400][ T6852]  ? __lock_acquire+0x6b5/0x2d10
[  332.969433][ T6852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  332.969454][ T6852]  do_writepages+0x32e/0x550
[  332.969477][ T6852]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  332.969491][ T6852]  ? reacquire_held_locks+0x104/0x190
[  332.969510][ T6852]  ? rt_spin_lock+0x1e0/0x400
[  332.969531][ T6852]  __writeback_single_inode+0x133/0x10e0
[  332.969555][ T6852]  ? rt_spin_unlock+0x160/0x200
[  332.969571][ T6852]  writeback_sb_inodes+0x97f/0x1980
[  332.969604][ T6852]  ? lockdep_hardirqs_on+0x7a/0x110
[  332.969628][ T6852]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  332.969678][ T6852]  ? rcu_is_watching+0x15/0xb0
[  332.969714][ T6852]  wb_writeback+0x445/0xb00
[  332.969737][ T6852]  ? queue_io+0x201/0x440
[  332.969762][ T6852]  ? __pfx_wb_writeback+0x10/0x10
[  332.969795][ T6852]  wb_workfn+0x3fd/0xf20
[  332.969811][ T6852]  ? look_up_lock_class+0x57/0x110
[  332.969830][ T6852]  ? trace_hrtimer_start+0x82/0x200
[  332.969855][ T6852]  ? __pfx_wb_workfn+0x10/0x10
[  332.969875][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  332.969892][ T6852]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  332.969909][ T6852]  ? process_one_work+0x8be/0x1630
[  332.969931][ T6852]  ? process_one_work+0x8be/0x1630
[  332.969960][ T6852]  ? process_one_work+0x8be/0x1630
[  332.969980][ T6852]  process_one_work+0x98b/0x1630
[  332.970017][ T6852]  ? __pfx_process_one_work+0x10/0x10
[  332.970036][ T6852]  ? do_raw_spin_lock+0x12b/0x2f0
[  332.970064][ T6852]  worker_thread+0xb49/0x1140
[  332.970093][ T6852]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  332.970121][ T6852]  kthread+0x389/0x470
[  332.970137][ T6852]  ? __pfx_worker_thread+0x10/0x10
[  332.970157][ T6852]  ? __pfx_kthread+0x10/0x10
[  332.970173][ T6852]  ret_from_fork+0x514/0xb70
[  332.970194][ T6852]  ? __pfx_ret_from_fork+0x10/0x10
[  332.970213][ T6852]  ? __switch_to+0xc79/0x1410
[  332.970231][ T6852]  ? __pfx_kthread+0x10/0x10
[  332.970247][ T6852]  ret_from_fork_asm+0x1a/0x30
[  332.970284][ T6852]  </TASK>
[  332.970302][ T6852] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  332.992582][   T10] loop0: lost filesystem error report for type 5 error -108
[  333.067542][  T177] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  333.907256][ T5632] Bluetooth: hci3: unexpected event for opcode 0x007f
[  336.115569][ T5632] Bluetooth: hci3: unexpected event for opcode 0x0000
[  336.421945][ T7925] loop0: detected capacity change from 0 to 40427
[  336.493655][ T7925] F2FS-fs (loop0): invalid crc value
[  336.709564][ T7925] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  336.748257][ T7925] F2FS-fs (loop0): Start checkpoint disabled!
[  336.801509][ T7925] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  336.801963][ T7925] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  336.907750][   T38] audit: type=1800 audit(1779431336.263:25): pid=7925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.511" name="file1" dev="loop0" ino=10 res=0 errno=0
[  337.003885][ T3907] bio_check_eod: 47 callbacks suppressed
[  337.003897][ T3907] kworker/u8:13: attempt to access beyond end of device
[  337.003897][ T3907] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  337.003933][ T3907] CPU: 0 UID: 0 PID: 3907 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  337.003946][ T3907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  337.003952][ T3907] Workqueue: writeback wb_workfn (flush-7:0)
[  337.003974][ T3907] Call Trace:
[  337.003978][ T3907]  <TASK>
[  337.003983][ T3907]  dump_stack_lvl+0xe8/0x150
[  337.004005][ T3907]  f2fs_stop_checkpoint+0x3cd/0x590
[  337.004030][ T3907]  f2fs_write_end_io+0x1274/0x1740
[  337.004073][ T3907]  __submit_merged_bio+0x256/0x6a0
[  337.004100][ T3907]  __submit_merged_write_cond+0x3c9/0x4e0
[  337.004129][ T3907]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  337.004163][ T3907]  f2fs_write_data_pages+0x287e/0x34f0
[  337.004194][ T3907]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  337.004213][ T3907]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  337.004246][ T3907]  ? __lock_acquire+0x6b5/0x2d10
[  337.004266][ T3907]  ? __lock_acquire+0x6b5/0x2d10
[  337.004297][ T3907]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  337.004310][ T3907]  do_writepages+0x32e/0x550
[  337.004328][ T3907]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  337.004339][ T3907]  ? reacquire_held_locks+0x104/0x190
[  337.004352][ T3907]  ? rt_spin_lock+0x1e0/0x400
[  337.004367][ T3907]  __writeback_single_inode+0x133/0x10e0
[  337.004384][ T3907]  ? rt_spin_unlock+0x160/0x200
[  337.004396][ T3907]  writeback_sb_inodes+0x97f/0x1980
[  337.004419][ T3907]  ? lockdep_hardirqs_on+0x7a/0x110
[  337.004437][ T3907]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  337.004471][ T3907]  ? rcu_is_watching+0x15/0xb0
[  337.004490][ T3907]  wb_writeback+0x445/0xb00
[  337.004507][ T3907]  ? queue_io+0x201/0x440
[  337.004524][ T3907]  ? __pfx_wb_writeback+0x10/0x10
[  337.004547][ T3907]  wb_workfn+0x3fd/0xf20
[  337.004558][ T3907]  ? look_up_lock_class+0x57/0x110
[  337.004572][ T3907]  ? trace_hrtimer_start+0x82/0x200
[  337.004589][ T3907]  ? __pfx_wb_workfn+0x10/0x10
[  337.004603][ T3907]  ? do_raw_spin_lock+0x12b/0x2f0
[  337.004615][ T3907]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  337.004627][ T3907]  ? process_one_work+0x8be/0x1630
[  337.004642][ T3907]  ? process_one_work+0x8be/0x1630
[  337.004663][ T3907]  ? process_one_work+0x8be/0x1630
[  337.004676][ T3907]  process_one_work+0x98b/0x1630
[  337.004701][ T3907]  ? __pfx_process_one_work+0x10/0x10
[  337.004715][ T3907]  ? do_raw_spin_lock+0x12b/0x2f0
[  337.004733][ T3907]  worker_thread+0xb49/0x1140
[  337.004753][ T3907]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  337.004773][ T3907]  kthread+0x389/0x470
[  337.004785][ T3907]  ? __pfx_worker_thread+0x10/0x10
[  337.004798][ T3907]  ? __pfx_kthread+0x10/0x10
[  337.004811][ T3907]  ret_from_fork+0x514/0xb70
[  337.004825][ T3907]  ? __pfx_ret_from_fork+0x10/0x10
[  337.004838][ T3907]  ? __switch_to+0xc79/0x1410
[  337.004851][ T3907]  ? __pfx_kthread+0x10/0x10
[  337.004863][ T3907]  ret_from_fork_asm+0x1a/0x30
[  337.004886][ T3907]  </TASK>
[  337.004891][ T3907] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  337.009857][ T5602] loop0: lost filesystem error report for type 5 error -108
[  338.044696][ T7961] loop2: detected capacity change from 0 to 40427
[  338.058214][ T7961] F2FS-fs (loop2): invalid crc value
[  338.168082][ T7961] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  338.175631][ T7961] F2FS-fs (loop2): Start checkpoint disabled!
[  338.189151][ T7961] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  338.189799][ T7961] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  338.250008][   T38] audit: type=1800 audit(1779431337.526:26): pid=7961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.524" name="file1" dev="loop2" ino=10 res=0 errno=0
[  339.172263][ T7968] syz.2.524: attempt to access beyond end of device
[  339.172263][ T7968] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  339.172724][ T7968] syz.2.524: attempt to access beyond end of device
[  339.172724][ T7968] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  339.175378][ T7968] syz.2.524: attempt to access beyond end of device
[  339.175378][ T7968] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  339.175867][ T7968] syz.2.524: attempt to access beyond end of device
[  339.175867][ T7968] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  339.176332][ T7968] syz.2.524: attempt to access beyond end of device
[  339.176332][ T7968] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  339.176988][ T7968] syz.2.524: attempt to access beyond end of device
[  339.176988][ T7968] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  339.177435][ T7968] syz.2.524: attempt to access beyond end of device
[  339.177435][ T7968] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  339.177864][ T7968] syz.2.524: attempt to access beyond end of device
[  339.177864][ T7968] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  339.178289][ T7968] syz.2.524: attempt to access beyond end of device
[  339.178289][ T7968] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  340.045737][ T7978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.521'.
[  340.464570][ T5632] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  340.464866][ T5632] Bluetooth: hci3: Injecting HCI hardware error event
[  340.474628][ T5631] Bluetooth: hci3: hardware error 0x00
[  340.681611][ T7984] loop0: detected capacity change from 0 to 40427
[  340.697576][ T7984] F2FS-fs (loop0): invalid crc value
[  340.799961][ T7984] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  340.805073][ T7984] F2FS-fs (loop0): Start checkpoint disabled!
[  340.861715][ T7984] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  340.870216][ T7984] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  340.904780][   T38] audit: type=1800 audit(1779431340.015:27): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.528" name="file1" dev="loop0" ino=10 res=0 errno=0
[  343.758178][ T5631] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  343.980026][ T7999] bio_check_eod: 65 callbacks suppressed
[  343.980063][ T7999] syz.0.528: attempt to access beyond end of device
[  343.980063][ T7999] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  344.185382][ T7999] syz.0.528: attempt to access beyond end of device
[  344.185382][ T7999] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  344.185915][ T7999] syz.0.528: attempt to access beyond end of device
[  344.185915][ T7999] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  344.186406][ T7999] syz.0.528: attempt to access beyond end of device
[  344.186406][ T7999] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  344.281800][ T7999] syz.0.528: attempt to access beyond end of device
[  344.281800][ T7999] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  344.282542][ T7999] syz.0.528: attempt to access beyond end of device
[  344.282542][ T7999] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  344.283019][ T7999] syz.0.528: attempt to access beyond end of device
[  344.283019][ T7999] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  344.283489][ T7999] syz.0.528: attempt to access beyond end of device
[  344.283489][ T7999] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  344.283909][ T7999] syz.0.528: attempt to access beyond end of device
[  344.283909][ T7999] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  344.284318][ T7999] syz.0.528: attempt to access beyond end of device
[  344.284318][ T7999] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  344.976569][ T8011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.163826][ T8011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.739443][ T5631] Bluetooth: Frame is too long (len 18, expected len 4)
[  346.469650][ T3366] CPU: 1 UID: 0 PID: 3366 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  346.469679][ T3366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  346.469691][ T3366] Workqueue: writeback wb_workfn (flush-7:2)
[  346.469724][ T3366] Call Trace:
[  346.469731][ T3366]  <TASK>
[  346.469739][ T3366]  dump_stack_lvl+0xe8/0x150
[  346.469765][ T3366]  f2fs_stop_checkpoint+0x3cd/0x590
[  346.469792][ T3366]  f2fs_write_end_io+0x1274/0x1740
[  346.469837][ T3366]  __submit_merged_bio+0x256/0x6a0
[  346.469864][ T3366]  __submit_merged_write_cond+0x3c9/0x4e0
[  346.469893][ T3366]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  346.469937][ T3366]  f2fs_write_data_pages+0x287e/0x34f0
[  346.469996][ T3366]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  346.470064][ T3366]  ? __lock_acquire+0x6b5/0x2d10
[  346.470121][ T3366]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  346.470145][ T3366]  do_writepages+0x32e/0x550
[  346.470176][ T3366]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  346.470194][ T3366]  ? reacquire_held_locks+0x104/0x190
[  346.470219][ T3366]  ? rt_spin_lock+0x1e0/0x400
[  346.470246][ T3366]  __writeback_single_inode+0x133/0x10e0
[  346.470275][ T3366]  ? rt_spin_unlock+0x160/0x200
[  346.470297][ T3366]  writeback_sb_inodes+0x97f/0x1980
[  346.470343][ T3366]  ? lockdep_hardirqs_on+0x7a/0x110
[  346.470373][ T3366]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  346.470438][ T3366]  ? rcu_is_watching+0x15/0xb0
[  346.470471][ T3366]  wb_writeback+0x445/0xb00
[  346.470499][ T3366]  ? queue_io+0x201/0x440
[  346.470530][ T3366]  ? __pfx_wb_writeback+0x10/0x10
[  346.470572][ T3366]  wb_workfn+0x3fd/0xf20
[  346.470593][ T3366]  ? look_up_lock_class+0x57/0x110
[  346.470631][ T3366]  ? __pfx_wb_workfn+0x10/0x10
[  346.470661][ T3366]  ? do_raw_spin_unlock+0xf5/0x210
[  346.470686][ T3366]  ? process_one_work+0x8be/0x1630
[  346.470713][ T3366]  ? process_one_work+0x8be/0x1630
[  346.470751][ T3366]  ? process_one_work+0x8be/0x1630
[  346.470777][ T3366]  process_one_work+0x98b/0x1630
[  346.470827][ T3366]  ? __pfx_process_one_work+0x10/0x10
[  346.470853][ T3366]  ? do_raw_spin_lock+0x12b/0x2f0
[  346.470890][ T3366]  worker_thread+0xb49/0x1140
[  346.470929][ T3366]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  346.470968][ T3366]  kthread+0x389/0x470
[  346.470998][ T3366]  ? __pfx_worker_thread+0x10/0x10
[  346.471024][ T3366]  ? __pfx_kthread+0x10/0x10
[  346.471047][ T3366]  ret_from_fork+0x514/0xb70
[  346.471075][ T3366]  ? __pfx_ret_from_fork+0x10/0x10
[  346.471100][ T3366]  ? __switch_to+0xc79/0x1410
[  346.471124][ T3366]  ? __pfx_kthread+0x10/0x10
[  346.471147][ T3366]  ret_from_fork_asm+0x1a/0x30
[  346.471191][ T3366]  </TASK>
[  346.605787][ T3366] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  348.077364][ T8030] loop3: detected capacity change from 0 to 32768
[  348.078461][ T8030] btrfs: Deprecated parameter 'usebackuproot'
[  348.078480][ T8030] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  348.138357][ T8033] loop4: detected capacity change from 0 to 512
[  348.896999][ T8033] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  349.005464][ T8030] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.541 (8030)
[  349.096804][ T8030] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  349.096835][ T8030] BTRFS info (device loop3): using crc32c checksum algorithm
[  349.557753][ T8033] EXT4-fs (loop4): 1 truncate cleaned up
[  349.581284][ T8033] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  351.088657][   T59] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  351.088804][ T8030] BTRFS error (device loop3): failed to load root extent
[  351.088842][ T8030] BTRFS warning (device loop3): try to load backup roots slot 1
[  351.089499][   T59] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  351.089627][ T8030] BTRFS warning (device loop3): couldn't read tree root
[  351.089646][ T8030] BTRFS warning (device loop3): try to load backup roots slot 2
[  351.090032][   T59] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  351.090151][ T8030] BTRFS warning (device loop3): couldn't read tree root
[  351.090169][ T8030] BTRFS warning (device loop3): try to load backup roots slot 3
[  351.283242][ T8030] BTRFS error (device loop3): open_ctree failed: -4
[  351.568556][ T5622] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.742725][ T8055] syz.1.543 (8055) used greatest stack depth: 16968 bytes left
[  352.791119][ T3907] bio_check_eod: 176 callbacks suppressed
[  352.791137][ T3907] kworker/u8:13: attempt to access beyond end of device
[  352.791137][ T3907] loop0: rw=2049, sector=46624, nr_sectors = 8 limit=40427
[  352.791197][ T3907] CPU: 0 UID: 0 PID: 3907 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  352.791250][ T3907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  352.791269][ T3907] Workqueue: writeback wb_workfn (flush-7:0)
[  352.791303][ T3907] Call Trace:
[  352.791311][ T3907]  <TASK>
[  352.791320][ T3907]  dump_stack_lvl+0xe8/0x150
[  352.791349][ T3907]  f2fs_stop_checkpoint+0x3cd/0x590
[  352.791385][ T3907]  f2fs_write_end_io+0x1274/0x1740
[  352.791433][ T3907]  __submit_merged_bio+0x256/0x6a0
[  352.791461][ T3907]  __submit_merged_write_cond+0x3c9/0x4e0
[  352.791493][ T3907]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  352.791539][ T3907]  f2fs_write_data_pages+0x287e/0x34f0
[  352.791605][ T3907]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  352.791642][ T3907]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  352.791707][ T3907]  ? __lock_acquire+0x6b5/0x2d10
[  352.791748][ T3907]  ? __lock_acquire+0x6b5/0x2d10
[  352.791793][ T3907]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  352.791820][ T3907]  do_writepages+0x32e/0x550
[  352.791855][ T3907]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  352.791874][ T3907]  ? reacquire_held_locks+0x104/0x190
[  352.791900][ T3907]  ? rt_spin_lock+0x1e0/0x400
[  352.791929][ T3907]  __writeback_single_inode+0x133/0x10e0
[  352.791960][ T3907]  ? rt_spin_unlock+0x160/0x200
[  352.791982][ T3907]  writeback_sb_inodes+0x97f/0x1980
[  352.792028][ T3907]  ? lockdep_hardirqs_on+0x7a/0x110
[  352.792059][ T3907]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  352.792126][ T3907]  ? rcu_is_watching+0x15/0xb0
[  352.792162][ T3907]  wb_writeback+0x445/0xb00
[  352.792214][ T3907]  ? queue_io+0x201/0x440
[  352.792248][ T3907]  ? __pfx_wb_writeback+0x10/0x10
[  352.792293][ T3907]  wb_workfn+0x3fd/0xf20
[  352.792315][ T3907]  ? look_up_lock_class+0x57/0x110
[  352.792341][ T3907]  ? trace_hrtimer_start+0x82/0x200
[  352.792383][ T3907]  ? __pfx_wb_workfn+0x10/0x10
[  352.792415][ T3907]  ? do_raw_spin_lock+0x12b/0x2f0
[  352.792439][ T3907]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  352.792462][ T3907]  ? process_one_work+0x8be/0x1630
[  352.792492][ T3907]  ? process_one_work+0x8be/0x1630
[  352.792532][ T3907]  ? process_one_work+0x8be/0x1630
[  352.792558][ T3907]  process_one_work+0x98b/0x1630
[  352.792584][ T3907]  ? irqentry_exit+0x218/0x760
[  352.792629][ T3907]  ? __pfx_process_one_work+0x10/0x10
[  352.792653][ T3907]  ? do_raw_spin_lock+0x12b/0x2f0
[  352.792691][ T3907]  worker_thread+0xb49/0x1140
[  352.792731][ T3907]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  352.792772][ T3907]  kthread+0x389/0x470
[  352.792795][ T3907]  ? __pfx_worker_thread+0x10/0x10
[  352.792822][ T3907]  ? __pfx_kthread+0x10/0x10
[  352.792845][ T3907]  ret_from_fork+0x514/0xb70
[  352.792873][ T3907]  ? __pfx_ret_from_fork+0x10/0x10
[  352.792897][ T3907]  ? __switch_to+0xc79/0x1410
[  352.792922][ T3907]  ? __pfx_kthread+0x10/0x10
[  352.792945][ T3907]  ret_from_fork_asm+0x1a/0x30
[  352.792989][ T3907]  </TASK>
[  352.816313][ T3907] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  352.873683][ T5602] loop0: lost filesystem error report for type 5 error -108
[  353.089918][ T5631] Bluetooth: hci0: unexpected event for opcode 0x0000
[  356.034087][   T37] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  356.041263][ T8096] loop2: detected capacity change from 0 to 512
[  356.072910][ T8096] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  356.145484][ T8096] EXT4-fs (loop2): 1 truncate cleaned up
[  356.171122][ T8096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  356.209945][   T37] usb 5-1: unable to get BOS descriptor or descriptor too short
[  356.212235][   T37] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  356.212307][   T37] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  356.212346][   T37] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  356.263985][   T37] usb 5-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  356.264015][   T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.264042][   T37] usb 5-1: Product: syz
[  356.264055][   T37] usb 5-1: Manufacturer: syz
[  356.264069][   T37] usb 5-1: SerialNumber: syz
[  356.865905][ T8101] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  357.306883][   T37] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  357.323057][   T37] snd-usb-audio 5-1:1.1: probe with driver snd-usb-audio failed with error -22
[  357.510258][ T8115] netlink: 'syz.3.555': attribute type 4 has an invalid length.
[  358.130576][ T5631] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  358.130903][ T5631] Bluetooth: hci0: Injecting HCI hardware error event
[  358.134766][ T5631] Bluetooth: hci0: hardware error 0x00
[  359.452280][   T37] snd-usb-audio 5-1:1.2: probe with driver snd-usb-audio failed with error -22
[  359.463366][   T37] usb 5-1: USB disconnect, device number 6
[  359.981602][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  360.076058][ T8132] netlink: 'syz.0.560': attribute type 4 has an invalid length.
[  360.966201][ T5631] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  361.818799][ T8146] loop3: detected capacity change from 0 to 40427
[  361.833963][ T8146] F2FS-fs (loop3): invalid crc value
[  361.927537][ T8146] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  361.945446][ T8146] F2FS-fs (loop3): Start checkpoint disabled!
[  361.965611][ T8146] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  361.973556][ T8146] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  361.994287][   T38] audit: type=1800 audit(1779431359.751:28): pid=8146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.566" name="file1" dev="loop3" ino=10 res=0 errno=0
[  362.323981][ T8150] syz.3.566: attempt to access beyond end of device
[  362.323981][ T8150] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  362.324452][ T8150] syz.3.566: attempt to access beyond end of device
[  362.324452][ T8150] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  362.324915][ T8150] syz.3.566: attempt to access beyond end of device
[  362.324915][ T8150] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  362.325381][ T8150] syz.3.566: attempt to access beyond end of device
[  362.325381][ T8150] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  362.325827][ T8150] syz.3.566: attempt to access beyond end of device
[  362.325827][ T8150] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  362.326466][ T8150] syz.3.566: attempt to access beyond end of device
[  362.326466][ T8150] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  362.326900][ T8150] syz.3.566: attempt to access beyond end of device
[  362.326900][ T8150] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  362.327333][ T8150] syz.3.566: attempt to access beyond end of device
[  362.327333][ T8150] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  362.327761][ T8150] syz.3.566: attempt to access beyond end of device
[  362.327761][ T8150] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  362.328281][ T8150] syz.3.566: attempt to access beyond end of device
[  362.328281][ T8150] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  362.634315][  T177] CPU: 0 UID: 0 PID: 177 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  362.634343][  T177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  362.634356][  T177] Workqueue: writeback wb_workfn (flush-7:3)
[  362.634389][  T177] Call Trace:
[  362.634397][  T177]  <TASK>
[  362.634405][  T177]  dump_stack_lvl+0xe8/0x150
[  362.634433][  T177]  f2fs_stop_checkpoint+0x3cd/0x590
[  362.634459][  T177]  f2fs_write_end_io+0x1274/0x1740
[  362.634505][  T177]  __submit_merged_bio+0x256/0x6a0
[  362.634532][  T177]  __submit_merged_write_cond+0x3c9/0x4e0
[  362.634562][  T177]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  362.634605][  T177]  f2fs_write_data_pages+0x287e/0x34f0
[  362.634659][  T177]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  362.634694][  T177]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  362.634752][  T177]  ? __lock_acquire+0x6b5/0x2d10
[  362.634791][  T177]  ? __lock_acquire+0x6b5/0x2d10
[  362.634833][  T177]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  362.634858][  T177]  do_writepages+0x32e/0x550
[  362.634891][  T177]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  362.634911][  T177]  ? reacquire_held_locks+0x104/0x190
[  362.634941][  T177]  ? rt_spin_lock+0x1e0/0x400
[  362.634969][  T177]  __writeback_single_inode+0x133/0x10e0
[  362.635000][  T177]  ? rt_spin_unlock+0x160/0x200
[  362.635023][  T177]  writeback_sb_inodes+0x97f/0x1980
[  362.635065][  T177]  ? lockdep_hardirqs_on+0x7a/0x110
[  362.635096][  T177]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  362.635159][  T177]  ? rcu_is_watching+0x15/0xb0
[  362.635190][  T177]  wb_writeback+0x445/0xb00
[  362.635221][  T177]  ? queue_io+0x201/0x440
[  362.635251][  T177]  ? __pfx_wb_writeback+0x10/0x10
[  362.635299][  T177]  wb_workfn+0x3fd/0xf20
[  362.635319][  T177]  ? look_up_lock_class+0x57/0x110
[  362.635344][  T177]  ? trace_hrtimer_start+0x82/0x200
[  362.635376][  T177]  ? __pfx_wb_workfn+0x10/0x10
[  362.635403][  T177]  ? do_raw_spin_lock+0x12b/0x2f0
[  362.635426][  T177]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  362.635448][  T177]  ? process_one_work+0x8be/0x1630
[  362.635477][  T177]  ? process_one_work+0x8be/0x1630
[  362.635516][  T177]  ? process_one_work+0x8be/0x1630
[  362.635542][  T177]  process_one_work+0x98b/0x1630
[  362.635590][  T177]  ? __pfx_process_one_work+0x10/0x10
[  362.635615][  T177]  ? do_raw_spin_lock+0x12b/0x2f0
[  362.635652][  T177]  worker_thread+0xb49/0x1140
[  362.635706][  T177]  kthread+0x389/0x470
[  362.635728][  T177]  ? __pfx_worker_thread+0x10/0x10
[  362.635754][  T177]  ? __pfx_kthread+0x10/0x10
[  362.635777][  T177]  ret_from_fork+0x514/0xb70
[  362.635806][  T177]  ? __pfx_ret_from_fork+0x10/0x10
[  362.635830][  T177]  ? __switch_to+0xc79/0x1410
[  362.635854][  T177]  ? __pfx_kthread+0x10/0x10
[  362.635877][  T177]  ret_from_fork_asm+0x1a/0x30
[  362.635923][  T177]  </TASK>
[  362.652604][  T177] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  365.308896][ T5798] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  365.323934][ T5621] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.504915][ T5798] usb 4-1: unable to get BOS descriptor or descriptor too short
[  365.506490][ T5798] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  365.506563][ T5798] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  365.506601][ T5798] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  365.510914][ T5798] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  365.510941][ T5798] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.510961][ T5798] usb 4-1: Product: syz
[  365.510974][ T5798] usb 4-1: Manufacturer: syz
[  365.510988][ T5798] usb 4-1: SerialNumber: syz
[  367.197101][ T8194] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  369.253519][ T5798] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  369.253771][ T8215] warning: `syz.0.583' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  369.361764][ T5798] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22
[  369.516339][ T8209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  369.621597][ T5798] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -22
[  369.634359][ T5798] usb 4-1: USB disconnect, device number 11
[  369.838059][ T6621] udevd[6621]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  370.133192][ T8229] loop1: detected capacity change from 0 to 512
[  370.170448][ T8229] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  370.295826][ T8236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  370.328862][ T8236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  370.581384][ T8229] EXT4-fs (loop1): 1 truncate cleaned up
[  370.605866][ T8229] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  372.896947][ T6148] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  373.274395][ T6148] usb 3-1: unable to get BOS descriptor or descriptor too short
[  373.276211][ T6148] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  373.276285][ T6148] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  373.276325][ T6148] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  373.280009][ T6148] usb 3-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  373.280035][ T6148] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.280055][ T6148] usb 3-1: Product: syz
[  373.280083][ T6148] usb 3-1: Manufacturer: syz
[  373.280194][ T6148] usb 3-1: SerialNumber: syz
[  374.346914][ T8275] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  374.545448][ T6148] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  374.616774][ T6148] snd-usb-audio 3-1:1.1: probe with driver snd-usb-audio failed with error -22
[  375.156945][ T6148] snd-usb-audio 3-1:1.2: probe with driver snd-usb-audio failed with error -22
[  375.168985][ T6148] usb 3-1: USB disconnect, device number 12
[  375.299345][ T8296] Zero length message leads to an empty skb
[  375.341984][ T6621] udevd[6621]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  376.066096][ T5623] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.624170][ T8322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  378.027328][ T8334] loop2: detected capacity change from 0 to 512
[  378.043436][ T8334] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  378.145722][ T8334] EXT4-fs (loop2): 1 truncate cleaned up
[  378.172325][ T8334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.898638][ T5760] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  379.803576][ T5760] usb 2-1: unable to get BOS descriptor or descriptor too short
[  379.805251][ T5760] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  379.805345][ T5760] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  379.805383][ T5760] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  379.808979][ T5760] usb 2-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  379.809005][ T5760] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.809023][ T5760] usb 2-1: Product: syz
[  379.809037][ T5760] usb 2-1: Manufacturer: syz
[  379.809050][ T5760] usb 2-1: SerialNumber: syz
[  380.317327][ T8357] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  380.734667][ T5760] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  380.785457][ T5760] snd-usb-audio 2-1:1.1: probe with driver snd-usb-audio failed with error -22
[  381.124745][ T5760] snd-usb-audio 2-1:1.2: probe with driver snd-usb-audio failed with error -22
[  381.165236][ T5760] usb 2-1: USB disconnect, device number 8
[  381.245020][ T6621] udevd[6621]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.784974][ T8380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.633'.
[  381.987272][ T8383] overlayfs: failed to resolve './bus': -2
[  383.917488][ T8412] netlink: 4 bytes leftover after parsing attributes in process `syz.0.644'.
[  384.469746][   T32] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  384.638880][   T32] usb 4-1: unable to get BOS descriptor or descriptor too short
[  384.651560][   T32] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  384.651639][   T32] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  384.651678][   T32] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  384.659616][   T32] usb 4-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  384.659646][   T32] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.659666][   T32] usb 4-1: Product: syz
[  384.659679][   T32] usb 4-1: Manufacturer: syz
[  384.659693][   T32] usb 4-1: SerialNumber: syz
[  386.114622][ T8435] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  386.389740][   T32] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  386.417862][   T32] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -22
[  386.657256][   T32] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -22
[  386.691031][   T32] usb 4-1: USB disconnect, device number 12
[  386.873110][ T6621] udevd[6621]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  386.921070][ T5621] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.384667][ T8448] netlink: 'syz.4.653': attribute type 4 has an invalid length.
[  388.435480][ T8458] netlink: 4 bytes leftover after parsing attributes in process `syz.0.656'.
[  390.946140][ T8470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  391.038782][ T8470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  391.051836][ T8470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  391.656302][ T8495] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'.
[  393.331938][ T8510] 
: renamed from bond_slave_0 (while UP)
[  394.601753][ T5798] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  394.688258][ T8528] netlink: 4 bytes leftover after parsing attributes in process `syz.3.678'.
[  395.760865][ T8514] loop0: detected capacity change from 0 to 32768
[  395.761947][ T8514] btrfs: Deprecated parameter 'usebackuproot'
[  395.761965][ T8514] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  395.795801][ T8514] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.673 (8514)
[  395.898996][ T5798] usb 3-1: unable to get BOS descriptor or descriptor too short
[  395.909473][ T5798] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  395.909547][ T5798] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7
[  395.909585][ T5798] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  395.912768][ T5798] usb 3-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  395.912794][ T5798] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.912812][ T5798] usb 3-1: Product: syz
[  395.912825][ T5798] usb 3-1: Manufacturer: syz
[  395.912839][ T5798] usb 3-1: SerialNumber: syz
[  396.177699][ T8535] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  396.200926][ T8514] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  396.200960][ T8514] BTRFS info (device loop0): using crc32c checksum algorithm
[  396.254880][ T8535] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  396.284308][ T8536] loop4: detected capacity change from 0 to 512
[  396.288670][ T8536] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  396.327044][ T8536] EXT4-fs (loop4): 1 truncate cleaned up
[  396.332360][ T8536] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  396.372922][ T8535] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  396.448432][ T8549] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  397.425256][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  397.425362][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  397.471448][ T5622] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.476681][ T8514] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  397.477160][ T8514] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  397.804589][ T8514] BTRFS error (device loop0): open_ctree failed: -12
[  397.940344][ T5798] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  397.992851][ T5798] snd-usb-audio 3-1:1.1: probe with driver snd-usb-audio failed with error -22
[  398.324348][ T5798] snd-usb-audio 3-1:1.2: probe with driver snd-usb-audio failed with error -22
[  398.327861][ T5798] usb 3-1: USB disconnect, device number 13
[  398.449431][ T6621] udevd[6621]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  399.722016][ T6148] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  399.900379][ T6148] usb 3-1: Using ep0 maxpacket: 8
[  399.902650][ T6148] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  399.902673][ T6148] usb 3-1: config 179 has no interface number 0
[  399.902716][ T6148] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  399.902741][ T6148] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  399.902767][ T6148] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  399.902792][ T6148] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  399.902817][ T6148] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  399.902843][ T6148] usb 3-1: config 179 interface 65 has no altsetting 0
[  399.902875][ T6148] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  399.902896][ T6148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.224455][ T6148] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input35
[  402.280859][ T4966] input input35: unable to receive magic message: -110
[  402.381771][ T4966] input input35: unable to receive magic message: -32
[  402.412012][ T5798] hid_parser_main: 7 callbacks suppressed
[  402.414035][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414126][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414153][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414178][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414204][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414287][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414313][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414346][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414371][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.414449][ T5798] hid-generic 0006:0004:0009.0007: unknown main item tag 0x0
[  402.523766][ T4966] input input35: unable to receive magic message: -32
[  402.833839][ T5639] input input35: unable to receive magic message: -32
[  402.881868][ T5798] hid-generic 0006:0004:0009.0007: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0
[  403.108182][ T4966] input input35: unable to receive magic message: -32
[  403.135484][ T8616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  403.174726][ T8612] fido_id[8612]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  403.354782][ T4966] input input35: unable to receive magic message: -32
[  403.370996][ T8613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  403.422022][ T8613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  404.646630][    T9] usb 3-1: USB disconnect, device number 14
[  404.648390][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  404.708683][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.700'.
[  405.443961][ T8641] netlink: 'syz.1.705': attribute type 2 has an invalid length.
[  405.562181][ T8642] netlink: 'syz.3.703': attribute type 4 has an invalid length.
[  406.373580][ T8625] loop4: detected capacity change from 0 to 32768
[  406.393758][ T8625] btrfs: Deprecated parameter 'usebackuproot'
[  406.393780][ T8625] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  406.548857][ T8625] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.699 (8625)
[  406.669575][ T8625] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  406.669607][ T8625] BTRFS info (device loop4): using crc32c checksum algorithm
[  406.878905][    C0] 
[  406.878918][    C0] ======================================================
[  406.878927][    C0] WARNING: possible circular locking dependency detected
[  406.878941][    C0] syzkaller #0 Not tainted
[  406.878951][    C0] ------------------------------------------------------
[  406.878959][    C0] syz.1.705/8640 is trying to acquire lock:
[  406.878971][    C0] ffff8880634fc8a0 (slock-AF_PHONET/1){+.+.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0
[  406.879025][    C0] 
[  406.879025][    C0] but task is already holding lock:
[  406.879032][    C0] ffff8880269b62e0 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[  406.879074][    C0] 
[  406.879074][    C0] which lock already depends on the new lock.
[  406.879074][    C0] 
[  406.879081][    C0] 
[  406.879081][    C0] the existing dependency chain (in reverse order) is:
[  406.879088][    C0] 
[  406.879088][    C0] -> #1 (slock-AF_PHONET){+...}-{3:3}:
[  406.879126][    C0]        rt_spin_lock+0x83/0x400
[  406.879147][    C0]        __sk_receive_skb+0x1f1/0x9e0
[  406.879168][    C0]        phonet_rcv+0x781/0xc40
[  406.879185][    C0]        process_backlog+0x5e1/0xc60
[  406.879205][    C0]        __napi_poll+0xab/0x550
[  406.879223][    C0]        net_rx_action+0x696/0xe00
[  406.879243][    C0]        handle_softirqs+0x1de/0x6d0
[  406.879274][    C0]        __local_bh_enable_ip+0x170/0x2b0
[  406.879304][    C0]        netif_rx+0xb9/0xf0
[  406.879327][    C0]        pn_send+0x62a/0x8e0
[  406.879343][    C0]        pn_skb_send+0x218/0x530
[  406.879371][    C0]        pipe_snd_status+0x1f1/0x320
[  406.879390][    C0]        pipe_do_rcv+0xf15/0x16a0
[  406.879409][    C0]        __sk_receive_skb+0x962/0x9e0
[  406.879430][    C0]        pep_do_rcv+0x685/0xaa0
[  406.879449][    C0]        __release_sock+0x2a9/0x3d0
[  406.879475][    C0]        release_sock+0x1be/0x290
[  406.879495][    C0]        pep_sock_accept+0xd47/0x11e0
[  406.879514][    C0]        pn_socket_accept+0xc1/0x310
[  406.879539][    C0]        do_accept+0x6ca/0x930
[  406.879559][    C0]        __sys_accept4+0x139/0x230
[  406.879579][    C0]        __x64_sys_accept4+0x9a/0xb0
[  406.879601][    C0]        do_syscall_64+0x15f/0x560
[  406.879624][    C0]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.879644][    C0] 
[  406.879644][    C0] -> #0 (slock-AF_PHONET/1){+.+.}-{3:3}:
[  406.879677][    C0]        __lock_acquire+0x15a5/0x2d10
[  406.879700][    C0]        lock_acquire+0x106/0x350
[  406.879722][    C0]        rt_spin_lock_nested+0x81/0x3f0
[  406.879740][    C0]        __sk_receive_skb+0x1bf/0x9e0
[  406.879760][    C0]        pep_do_rcv+0x685/0xaa0
[  406.879778][    C0]        __sk_receive_skb+0x962/0x9e0
[  406.879799][    C0]        phonet_rcv+0x781/0xc40
[  406.879815][    C0]        process_backlog+0x5e1/0xc60
[  406.879835][    C0]        __napi_poll+0xab/0x550
[  406.879853][    C0]        net_rx_action+0x696/0xe00
[  406.879878][    C0]        handle_softirqs+0x1de/0x6d0
[  406.879907][    C0]        __local_bh_enable_ip+0x170/0x2b0
[  406.879937][    C0]        netif_rx+0xb9/0xf0
[  406.879963][    C0]        pn_send+0x62a/0x8e0
[  406.879978][    C0]        pn_skb_send+0x218/0x530
[  406.880007][    C0]        pep_sock_close+0x2c1/0x5b0
[  406.880025][    C0]        pn_socket_release+0x9b/0xc0
[  406.880051][    C0]        __sock_release+0xb9/0x250
[  406.880068][    C0]        sock_close+0x1c/0x30
[  406.880096][    C0]        __fput+0x461/0xa70
[  406.880124][    C0]        task_work_run+0x1d9/0x270
[  406.880148][    C0]        exit_to_user_mode_loop+0xf3/0x4d0
[  406.880170][    C0]        do_syscall_64+0x33e/0x560
[  406.880194][    C0]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.880214][    C0] 
[  406.880214][    C0] other info that might help us debug this:
[  406.880214][    C0] 
[  406.880221][    C0]  Possible unsafe locking scenario:
[  406.880221][    C0] 
[  406.880228][    C0]        CPU0                    CPU1
[  406.880234][    C0]        ----                    ----
[  406.880240][    C0]   lock(slock-AF_PHONET);
[  406.880255][    C0]                                lock(slock-AF_PHONET/1);
[  406.880275][    C0]                                lock(slock-AF_PHONET);
[  406.880291][    C0]   lock(slock-AF_PHONET/1);
[  406.880309][    C0] 
[  406.880309][    C0]  *** DEADLOCK ***
[  406.880309][    C0] 
[  406.880315][    C0] 7 locks held by syz.1.705/8640:
[  406.880327][    C0]  #0: ffff88803fd56138 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250
[  406.880379][    C0]  #1: ffff8880634fd218 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0
[  406.880427][    C0]  #2: ffffffff8dfcaa00 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  406.880485][    C0]  #3: ffffffff8dfcaa00 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60
[  406.880534][    C0]  #4: ffff8880269b62e0 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0
[  406.880584][    C0]  #5: ffffffff8dfcaa00 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[  406.880625][    C0]  #6: ffff8880269b6398 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40
[  406.880665][    C0] 
[  406.880665][    C0] stack backtrace:
[  406.880678][    C0] CPU: 0 UID: 0 PID: 8640 Comm: syz.1.705 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  406.880700][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  406.880713][    C0] Call Trace:
[  406.880720][    C0]  <TASK>
[  406.880729][    C0]  dump_stack_lvl+0xe8/0x150
[  406.880756][    C0]  print_circular_bug+0x2e1/0x300
[  406.880789][    C0]  check_noncircular+0x12e/0x150
[  406.880822][    C0]  __lock_acquire+0x15a5/0x2d10
[  406.880847][    C0]  ? try_to_take_rt_mutex+0x840/0xb00
[  406.880881][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  406.880901][    C0]  lock_acquire+0x106/0x350
[  406.880925][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  406.880949][    C0]  ? sk_filter_trim_cap+0x8f1/0xce0
[  406.880984][    C0]  rt_spin_lock_nested+0x81/0x3f0
[  406.881002][    C0]  ? __sk_receive_skb+0x1bf/0x9e0
[  406.881024][    C0]  ? __pfx_sk_filter_trim_cap+0x10/0x10
[  406.881052][    C0]  ? __lock_acquire+0x6b5/0x2d10
[  406.881076][    C0]  ? __pfx_rt_spin_lock_nested+0x10/0x10
[  406.881099][    C0]  ? rt_spin_lock+0x1e0/0x400
[  406.881121][    C0]  __sk_receive_skb+0x1bf/0x9e0
[  406.881147][    C0]  pep_do_rcv+0x685/0xaa0
[  406.881169][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[  406.881192][    C0]  ? __pfx_pep_do_rcv+0x10/0x10
[  406.881213][    C0]  ? phonet_rcv+0x781/0xc40
[  406.881231][    C0]  __sk_receive_skb+0x962/0x9e0
[  406.881258][    C0]  phonet_rcv+0x781/0xc40
[  406.881275][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  406.881306][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[  406.881326][    C0]  ? process_backlog+0x271/0xc60
[  406.881348][    C0]  ? process_backlog+0x271/0xc60
[  406.881371][    C0]  ? __pfx_phonet_rcv+0x10/0x10
[  406.881390][    C0]  process_backlog+0x5e1/0xc60
[  406.881420][    C0]  __napi_poll+0xab/0x550
[  406.881441][    C0]  net_rx_action+0x696/0xe00
[  406.881469][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  406.881490][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  406.881520][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  406.881550][    C0]  ? enqueue_to_backlog+0x340/0xcb0
[  406.881585][    C0]  handle_softirqs+0x1de/0x6d0
[  406.881620][    C0]  __local_bh_enable_ip+0x170/0x2b0
[  406.881654][    C0]  netif_rx+0xb9/0xf0
[  406.881682][    C0]  pn_send+0x62a/0x8e0
[  406.881704][    C0]  pn_skb_send+0x218/0x530
[  406.881738][    C0]  pep_sock_close+0x2c1/0x5b0
[  406.881761][    C0]  pn_socket_release+0x9b/0xc0
[  406.881790][    C0]  __sock_release+0xb9/0x250
[  406.881808][    C0]  ? __pfx_sock_close+0x10/0x10
[  406.881838][    C0]  sock_close+0x1c/0x30
[  406.881874][    C0]  __fput+0x461/0xa70
[  406.881908][    C0]  task_work_run+0x1d9/0x270
[  406.881935][    C0]  ? __pfx_task_work_run+0x10/0x10
[  406.881964][    C0]  exit_to_user_mode_loop+0xf3/0x4d0
[  406.881985][    C0]  ? rcu_is_watching+0x15/0xb0
[  406.882012][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.882029][    C0]  do_syscall_64+0x33e/0x560
[  406.882051][    C0]  ? trace_irq_disable+0x3b/0x140
[  406.882071][    C0]  ? clear_bhb_loop+0x40/0x90
[  406.882104][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.882124][    C0] RIP: 0033:0x7f6034b9ce59
[  406.882148][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  406.882164][    C0] RSP: 002b:00007ffe9f5f46c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  406.882184][    C0] RAX: 0000000000000000 RBX: 00007f6034e17da0 RCX: 00007f6034b9ce59
[  406.882198][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  406.882209][    C0] RBP: 00007f6034e17da0 R08: 0000000000000006 R09: 0000000000000000
[  406.882222][    C0] R10: 00007f6034e17cb0 R11: 0000000000000246 R12: 000000000005e8d5
[  406.882235][    C0] R13: 00007f6034e15fac R14: 000000000005e8a3 R15: 00007f6034e15fa0
[  406.882256][    C0]  </TASK>
[  406.887996][   T59] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  406.888095][ T8625] BTRFS error (device loop4): failed to load root extent
[  406.888128][ T8625] BTRFS warning (device loop4): try to load backup roots slot 1
[  406.888326][   T59] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  406.888394][ T8625] BTRFS warning (device loop4): couldn't read tree root
[  406.888412][ T8625] BTRFS warning (device loop4): try to load backup roots slot 2
[  406.888590][   T59] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  406.889860][ T8625] BTRFS warning (device loop4): couldn't read tree root
[  406.889888][ T8625] BTRFS warning (device loop4): try to load backup roots slot 3
[  406.897137][ T8640] gprs0: detached
[  406.949727][ T8625] BTRFS info (device loop4): rebuilding free space tree
[  406.971649][ T8625] BTRFS info (device loop4): checking UUID tree
[  406.972791][ T8625] BTRFS info (device loop4): enabling ssd optimizations
[  406.972812][ T8625] BTRFS info (device loop4): turning on async discard
[  406.972827][ T8625] BTRFS info (device loop4): enabling free space tree
[  406.972842][ T8625] BTRFS info (device loop4): force clearing of disk cache
[  406.972856][ T8625] BTRFS info (device loop4): enabling auto defrag
[  406.972870][ T8625] BTRFS info (device loop4): trying to use backup root at mount time
[  406.972887][ T8625] BTRFS info (device loop4): use zstd compression, level 3
[  407.252694][ T5622] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf