last executing test programs:

2m34.594757951s ago: executing program 4 (id=10):
syz_emit_vhci(0x0, 0x1d)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000080)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc0cec0f01310f019c09000f01c2", 0x71}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002e80), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
rseq(0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

2m28.351002395s ago: executing program 4 (id=14):
r0 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @loopback, 0xa3c}, {0xa, 0xfffe, 0xfffffffd, @dev, 0x4}, 0x1000, {[0x9, 0x0, 0xfffffffe, 0xfffffef9, 0x0, 0x1, 0x2]}}, 0x5c)
syz_emit_ethernet(0x66, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6002adf700303a00fe880000000000000000000000000001ff0200000000000000000000ef93c87797031055ff0000006000000000043a00fc020000000000000000000000000000fc0100"/99], 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)
sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2m22.62325102s ago: executing program 4 (id=20):
syz_emit_vhci(0x0, 0x1d)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000080)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc0cec0f01310f019c09000f01c2", 0x71}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002e80), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
rseq(0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

2m18.574868755s ago: executing program 0 (id=23):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@creator={'creator', 0x3d, "a426dba3"}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='.\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208c822, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x20040600)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r4, 0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000580)=0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000780)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0xb, 0xa, 0x100, "3258c5c0d651aa231b00280000000000000000000000ed00", 0x32435750})
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="000204"], 0x18)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0)

2m16.62142702s ago: executing program 4 (id=27):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
move_mount(0xffffffffffffffff, &(0x7f0000000900)='./file0\x00', 0xffffffffffffffff, 0x0, 0x200)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d3, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0)
sendmsg$inet6(r4, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x6}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x00\v\x00\x00\x00\x00'], 0x30}, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x40, 0x2}, 0x2}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x2008440, &(0x7f0000000300)='trans=rdma,')

2m13.439893588s ago: executing program 4 (id=32):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x29, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40)
socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r5, 0x18000000000002a0, 0x1c, 0x0, &(0x7f00000011c0)="b9ffddc1ddcccdf175537d53888edfcef6e296510cff24fc83423368", 0x0, 0x600, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0xffffffffffffff9d, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2m13.411780638s ago: executing program 0 (id=33):
eventfd2(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
prctl$PR_SET_MM_MAP(0x3c, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000001)
r4 = socket$netlink(0x10, 0x3, 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r6, 0x0, &(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6, 0x0, 0x0, 0x0, 0x0, 0x1})
close_range(r4, 0xffffffffffffffff, 0x0)

2m10.077730617s ago: executing program 4 (id=35):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

2m9.250405795s ago: executing program 0 (id=36):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000080)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc0cec0f01310f019c09000f01c2", 0x71}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002e80), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
rseq(0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

2m7.329684841s ago: executing program 0 (id=39):
r0 = socket$inet6(0xa, 0x2, 0x3a)
ioperm(0x0, 0x9, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = creat(&(0x7f00000002c0)='./file1\x00', 0x38)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
read$FUSE(r3, &(0x7f0000000800)={0x2020}, 0x2020)
ioctl$TCGETS2(r3, 0x802c542a, &(0x7f0000000040))
preadv(r2, 0x0, 0x0, 0x0, 0x3f)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x3, 0xfffff801, 0x6, 0x101, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0xfffffffe, 0x4}, 0x50)
r4 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x40}, @dev={0xac, 0x14, 0x14, 0x3a}}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x48}, @noop, @ssrr={0x89, 0x3, 0xdc}, @end, @generic={0x7, 0x2}]}}}], 0x40}, 0x4840)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @local, 0x80000006}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000100)="8000102e75243301", 0x49}], 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="20000000000000002900000004000000000000000000000004018f000000000018000000000000002900000004"], 0x38}}], 0x1, 0x40000000)

2m1.978662909s ago: executing program 0 (id=46):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$DVB_DVR_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000300)={0x401, 0x80000})
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2800000, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f000000cf00)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z")
creat(0x0, 0x1a)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x880}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x1800, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x24, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x293eb9efc70f92ef, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
r3 = openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x183b41, 0x51)
ioctl$F2FS_IOC_SET_PIN_FILE(r3, 0x4004f50d, &(0x7f0000000340)=0xdffefefc)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000001480)=@raw={'raw\x00', 0x8000038, 0x3, 0x270, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xd0, 0x1a0, 0xffffffff, 0xffffffff, 0x1a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [], 'ip6tnl0\x00', 'nicvf0\x00', {}, {}, 0x3a, 0x0, 0x0, 0x2}, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, [], [0x0, 0x0, 0xff000000], 'veth1\x00', 'bond0\x00', {0x8499377069aa4b5f}, {}, 0x2b, 0x80, 0x4}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0xb5a3, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2d0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x800800})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
close(0x3)

1m53.951873674s ago: executing program 32 (id=35):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

1m52.313741089s ago: executing program 0 (id=55):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

1m35.832383475s ago: executing program 33 (id=55):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

19.675514233s ago: executing program 2 (id=135):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000080)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc0cec0f01310f019c09000f01c2", 0x71}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002e80), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
rseq(0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

18.243803635s ago: executing program 2 (id=137):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@creator={'creator', 0x3d, "a426dba3"}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='.\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208c822, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x20040600)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r4, 0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000580)=0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0xb, 0xa, 0x100, "3258c5c0d651aa231b00280000000000000000000000ed00", 0x32435750})
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="000204"], 0x18)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0)

16.654824018s ago: executing program 2 (id=138):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10002, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x4, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x2, 0x2, 0x100, 0xd8ce, 0xf, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x9, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x807})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$OCFS2_IOC_REFLINK(0xffffffffffffffff, 0x40186f04, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

15.097364868s ago: executing program 3 (id=139):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@creator={'creator', 0x3d, "a426dba3"}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='.\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208c822, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x20040600)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r4, 0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000580)=0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0xb, 0xa, 0x100, "3258c5c0d651aa231b00280000000000000000000000ed00", 0x32435750})
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="000204"], 0x18)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0)

14.669788944s ago: executing program 1 (id=140):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
move_mount(0xffffffffffffffff, &(0x7f0000000900)='./file0\x00', 0xffffffffffffffff, 0x0, 0x200)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d3, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4000009b, 0x0, 0x4de}]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0)
sendmsg$inet6(r4, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x6}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB], 0x30}, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x40, 0x2}, 0x2}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x2008440, &(0x7f0000000300)='trans=rdma,')

12.880088194s ago: executing program 1 (id=141):
r0 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_pidfd_open(r2, 0x0)
pidfd_getfd(r4, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r5, 0xc048aec8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x181801, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r7, 0xf504, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

11.96780051s ago: executing program 3 (id=142):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20004000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000b00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008041}, 0x4004000)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x9, &(0x7f0000000600)=@generic={0x0, 0x11, 0x10}, 0xc)
socket$alg(0x26, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r5, &(0x7f0000001400)=""/4090, 0x3fc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r6, 0x0, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, 0x0, 0x4000052)

9.726589459s ago: executing program 1 (id=143):
r0 = socket$inet6(0xa, 0x2, 0x3a)
ioperm(0x0, 0x9, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50)
r5 = creat(&(0x7f00000002c0)='./file1\x00', 0x38)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
read$FUSE(r6, &(0x7f0000000800)={0x2020}, 0x2020)
preadv(r5, 0x0, 0x0, 0x0, 0x3f)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x3, 0xfffff801, 0x6, 0x101, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0xfffffffe, 0x4}, 0x50)
r7 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r7, 0x88, 0x67, 0x0, 0x0)
sendmsg$inet(r7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x40}, @dev={0xac, 0x14, 0x14, 0x3a}}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x48}, @noop, @ssrr={0x89, 0x3, 0xdc}, @end, @generic={0x7, 0x2}, @end]}}}], 0x40}, 0x4840)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @local, 0x80000006}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="20000000000000002900000004000000000000000000000004018f000000000018000000000000002900000004"], 0x38}}], 0x1, 0x40000000)

8.169974105s ago: executing program 2 (id=144):
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000080)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc0cec0f01310f019c09000f01c2", 0x71}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002e80), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

8.165517883s ago: executing program 3 (id=145):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@creator={'creator', 0x3d, "a426dba3"}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='.\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208c822, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x20040600)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r4, 0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000580)=0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000780)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0xb, 0xa, 0x100, "3258c5c0d651aa231b00280000000000000000000000ed00", 0x32435750})
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="000204"], 0x18)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0)

7.437742119s ago: executing program 2 (id=146):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20004000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000b00)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008041}, 0x4004000)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x9, &(0x7f0000000600)=@generic={0x0, 0x11, 0x10}, 0xc)
socket$alg(0x26, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r5, &(0x7f0000001400)=""/4090, 0x3fc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r6, 0x0, 0x50)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x8041}, 0x4000052)

5.764536566s ago: executing program 1 (id=147):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@codepage={'codepage', 0x3d, 'cp860'}}, {@creator={'creator', 0x3d, "a426dba3"}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ")
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='.\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x208c822, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x20040600)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r4, 0x0)
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000000580)=0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94)
ioctl$KVM_GET_STATS_FD_cpu(r4, 0xaece)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0xb, 0xa, 0x100, "3258c5c0d651aa231b00280000000000000000000000ed00", 0x32435750})
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYBLOB="000204"], 0x18)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0)

4.112681496s ago: executing program 3 (id=148):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semop(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000740)}}], 0x2, 0x4004c010)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009)
sendfile(r1, r3, 0x0, 0x7ffff004)

3.746966987s ago: executing program 2 (id=149):
syz_emit_vhci(0x0, 0x1d)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x2000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000080)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc0cec0f01310f019c09000f01c2", 0x71}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002e80), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
rseq(0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x275a, 0x0)

2.554645292s ago: executing program 1 (id=150):
r0 = socket$inet6(0xa, 0x2, 0x3a)
ioperm(0x0, 0x9, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50)
r5 = creat(&(0x7f00000002c0)='./file1\x00', 0x38)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
read$FUSE(r6, &(0x7f0000000800)={0x2020}, 0x2020)
preadv(r5, 0x0, 0x0, 0x0, 0x3f)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x3, 0xfffff801, 0x6, 0x101, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0xfffffffe, 0x4}, 0x50)
r7 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r7, 0x88, 0x67, 0x0, 0x0)
sendmsg$inet(r7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x40}, @dev={0xac, 0x14, 0x14, 0x3a}}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x48}, @ssrr={0x89, 0x3, 0xdc}, @end, @generic={0x7, 0x2}, @end]}}}], 0x40}, 0x4840)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @local, 0x80000006}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000100)="8000102e75243301", 0x49}], 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="20000000000000002900000004000000000000000000000004018f000000000018000000000000002900000004"], 0x38}}], 0x1, 0x40000000)

1.359974777s ago: executing program 3 (id=151):
r0 = socket$inet6(0xa, 0x2, 0x3a)
ioperm(0x0, 0x9, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50)
r5 = creat(&(0x7f00000002c0)='./file1\x00', 0x38)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
read$FUSE(r6, &(0x7f0000000800)={0x2020}, 0x2020)
preadv(r5, 0x0, 0x0, 0x0, 0x3f)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x3, 0xfffff801, 0x6, 0x101, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0xfffffffe, 0x4}, 0x50)
r7 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r7, 0x88, 0x67, 0x0, 0x0)
sendmsg$inet(r7, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x40}, @dev={0xac, 0x14, 0x14, 0x3a}}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x48}, @noop, @ssrr={0x89, 0x3, 0xdc}, @end, @generic={0x7, 0x2}, @end]}}}], 0x40}, 0x4840)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @local, 0x80000006}, 0x1c, &(0x7f0000000540), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="20000000000000002900000004000000000000000000000004018f000000000018000000000000002900000004"], 0x38}}], 0x1, 0x40000000)

1.176986228s ago: executing program 1 (id=152):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10002, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x4, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x2, 0x2, 0x100, 0xd8ce, 0xf, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0x11, 0x8, 0xf, 0x0, 0x5, 0x9, 0x86, 0x6, 0x48, 0x86, 0xdd, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x8, '\x00', 0x1, 0x807})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$OCFS2_IOC_REFLINK(0xffffffffffffffff, 0x40186f04, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

0s ago: executing program 3 (id=153):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
move_mount(0xffffffffffffffff, &(0x7f0000000900)='./file0\x00', 0xffffffffffffffff, 0x0, 0x200)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d3, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4000009b, 0x0, 0x4de}]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0)
sendmsg$inet6(r4, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x6}, 0x1c, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x00\v\x00\x00\x00'], 0x30}, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x40, 0x2}, 0x2}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x2008440, &(0x7f0000000300)='trans=rdma,')

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts.
[   90.855016][ T5590] cgroup: Unknown subsys name 'net'
[   91.096625][ T5590] cgroup: Unknown subsys name 'cpuset'
[   91.150571][ T5590] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.124549][  T821] cfg80211: failed to load regulatory.db
[   93.354840][ T5590] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.041105][ T5608] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   96.055615][ T5608] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   96.066454][ T5608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   96.069550][ T5608] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   96.086168][ T5608] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   96.107923][ T5608] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   96.109073][ T5615] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   96.159018][ T5612] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   96.195903][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   96.198451][ T5619] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.229756][ T5619] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   96.251642][ T5617] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.255275][ T5617] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   96.257001][ T5622] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   96.264112][ T5622] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   96.266023][ T5617] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.271495][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   96.274162][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   96.287070][ T5615] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   96.342082][ T5615] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   96.344460][ T5617] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.361120][ T5622] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.371250][ T5615] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   96.390347][ T5615] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   96.435451][ T5617] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   98.491450][ T5612] Bluetooth: hci3: command tx timeout
[   98.491455][ T5615] Bluetooth: hci0: command tx timeout
[   98.501251][ T5612] Bluetooth: hci4: command tx timeout
[   98.580446][ T5612] Bluetooth: hci1: command tx timeout
[   98.580464][ T5615] Bluetooth: hci2: command tx timeout
[   99.452911][ T5606] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.454308][ T5606] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.454554][ T5606] bridge_slave_0: entered allmulticast mode
[   99.458299][ T5606] bridge_slave_0: entered promiscuous mode
[   99.556614][ T5606] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.556916][ T5606] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.557189][ T5606] bridge_slave_1: entered allmulticast mode
[   99.559766][ T5606] bridge_slave_1: entered promiscuous mode
[   99.584436][ T5607] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.585520][ T5607] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.586418][ T5607] bridge_slave_0: entered allmulticast mode
[   99.596485][ T5607] bridge_slave_0: entered promiscuous mode
[   99.618988][ T5605] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.619315][ T5605] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.619610][ T5605] bridge_slave_0: entered allmulticast mode
[   99.628594][ T5605] bridge_slave_0: entered promiscuous mode
[   99.649282][ T5604] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.649621][ T5604] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.664664][ T5604] bridge_slave_0: entered allmulticast mode
[   99.667232][ T5604] bridge_slave_0: entered promiscuous mode
[   99.714003][ T5607] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.714318][ T5607] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.714782][ T5607] bridge_slave_1: entered allmulticast mode
[   99.717252][ T5607] bridge_slave_1: entered promiscuous mode
[   99.718494][ T5605] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.719424][ T5605] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.719772][ T5605] bridge_slave_1: entered allmulticast mode
[   99.771523][ T5605] bridge_slave_1: entered promiscuous mode
[   99.773012][ T5604] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.773276][ T5604] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.773485][ T5604] bridge_slave_1: entered allmulticast mode
[   99.776147][ T5604] bridge_slave_1: entered promiscuous mode
[   99.910561][ T5606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.996936][ T5606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.013707][ T5607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.019222][ T5605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.042033][ T5604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.042490][ T5603] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.042920][ T5603] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.043205][ T5603] bridge_slave_0: entered allmulticast mode
[  100.046723][ T5603] bridge_slave_0: entered promiscuous mode
[  100.101988][ T5607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.106221][ T5605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.112499][ T5604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.113134][ T5603] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.114128][ T5603] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.118996][ T5603] bridge_slave_1: entered allmulticast mode
[  100.133755][ T5603] bridge_slave_1: entered promiscuous mode
[  100.267991][ T5606] team0: Port device team_slave_0 added
[  100.348063][ T5606] team0: Port device team_slave_1 added
[  100.358230][ T5607] team0: Port device team_slave_0 added
[  100.368208][ T5605] team0: Port device team_slave_0 added
[  100.378574][ T5604] team0: Port device team_slave_0 added
[  100.390896][ T5603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.421606][ T5607] team0: Port device team_slave_1 added
[  100.424928][ T5605] team0: Port device team_slave_1 added
[  100.428314][ T5604] team0: Port device team_slave_1 added
[  100.452430][ T5603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.554195][ T5606] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.554208][ T5606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.554228][ T5606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.569985][ T5615] Bluetooth: hci0: command tx timeout
[  100.573101][ T5615] Bluetooth: hci4: command tx timeout
[  100.573191][ T5615] Bluetooth: hci3: command tx timeout
[  100.650125][ T5612] Bluetooth: hci2: command tx timeout
[  100.650158][ T5612] Bluetooth: hci1: command tx timeout
[  100.693681][ T5606] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.693694][ T5606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.693715][ T5606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.696219][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.696232][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.696251][ T5607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.698647][ T5605] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.698659][ T5605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.698678][ T5605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.715904][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.715952][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.716028][ T5604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.765866][ T5603] team0: Port device team_slave_0 added
[  100.872667][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.872722][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.872799][ T5607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.899177][ T5605] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.899240][ T5605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.899319][ T5605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.282878][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.282892][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.282917][ T5604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.286371][ T5603] team0: Port device team_slave_1 added
[  101.438339][ T5603] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.438353][ T5603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.438373][ T5603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.550310][ T5603] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.550323][ T5603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.550344][ T5603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.561824][ T5606] hsr_slave_0: entered promiscuous mode
[  101.576099][ T5606] hsr_slave_1: entered promiscuous mode
[  101.740591][ T5607] hsr_slave_0: entered promiscuous mode
[  101.742274][ T5607] hsr_slave_1: entered promiscuous mode
[  101.743701][ T5607] debugfs: 'hsr0' already exists in 'hsr'
[  101.743783][ T5607] Cannot create hsr debugfs directory
[  101.775220][ T5605] hsr_slave_0: entered promiscuous mode
[  101.778490][ T5605] hsr_slave_1: entered promiscuous mode
[  101.792272][ T5605] debugfs: 'hsr0' already exists in 'hsr'
[  101.792299][ T5605] Cannot create hsr debugfs directory
[  101.809475][ T5604] hsr_slave_0: entered promiscuous mode
[  101.816644][ T5604] hsr_slave_1: entered promiscuous mode
[  101.822894][ T5604] debugfs: 'hsr0' already exists in 'hsr'
[  101.822915][ T5604] Cannot create hsr debugfs directory
[  102.224575][ T5603] hsr_slave_0: entered promiscuous mode
[  102.226130][ T5603] hsr_slave_1: entered promiscuous mode
[  102.227443][ T5603] debugfs: 'hsr0' already exists in 'hsr'
[  102.227473][ T5603] Cannot create hsr debugfs directory
[  102.650198][ T5615] Bluetooth: hci0: command tx timeout
[  102.650231][ T5615] Bluetooth: hci3: command tx timeout
[  102.650262][ T5615] Bluetooth: hci4: command tx timeout
[  102.731407][ T5612] Bluetooth: hci1: command tx timeout
[  102.731455][ T5612] Bluetooth: hci2: command tx timeout
[  103.179589][ T5606] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  103.237116][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  103.246876][ T5606] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  103.288600][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  103.299305][ T5606] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  103.327403][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  103.357098][ T5606] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  103.391875][ T5606] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  103.528224][ T5605] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  103.576827][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  103.593572][ T5605] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  103.625920][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  103.641216][ T5605] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  103.676350][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  103.708115][ T5605] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  103.748967][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  103.933927][ T5604] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  103.988795][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.015493][ T5604] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  104.046719][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.062156][ T5604] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  104.095994][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.136178][ T5604] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  104.165429][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.327897][ T5603] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.377289][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.407162][ T5603] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.438828][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.478324][ T5603] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.504995][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.520883][ T5603] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.568686][ T5603] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.703294][ T5606] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.730111][ T5615] Bluetooth: hci4: command tx timeout
[  104.730142][ T5615] Bluetooth: hci3: command tx timeout
[  104.732582][ T5615] Bluetooth: hci0: command tx timeout
[  104.772933][ T5607] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.810568][ T5612] Bluetooth: hci2: command tx timeout
[  104.810602][ T5612] Bluetooth: hci1: command tx timeout
[  104.814986][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.838685][ T5607] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  104.874382][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.904366][ T5607] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  104.936145][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.959006][ T5607] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.996140][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  105.082564][ T5606] 8021q: adding VLAN 0 to HW filter on device team0
[  105.151070][ T2176] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.151257][ T2176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.247931][ T1458] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.248083][ T1458] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.287950][ T5605] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.439186][ T5605] 8021q: adding VLAN 0 to HW filter on device team0
[  105.481435][ T5604] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.511550][  T661] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.511729][  T661] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.584829][ T2176] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.584959][ T2176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.695671][ T5604] 8021q: adding VLAN 0 to HW filter on device team0
[  105.755970][ T5603] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.779079][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.779329][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.876046][ T1196] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.876223][ T1196] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.044694][ T5603] 8021q: adding VLAN 0 to HW filter on device team0
[  106.087605][ T5607] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.125843][ T1458] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.126015][ T1458] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.188227][ T1458] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.188344][ T1458] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.352428][ T5607] 8021q: adding VLAN 0 to HW filter on device team0
[  106.427234][  T661] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.427412][  T661] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.563116][  T194] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.586308][  T194] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.995529][ T5606] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.587242][ T5605] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.645589][ T5606] veth0_vlan: entered promiscuous mode
[  107.751294][ T5606] veth1_vlan: entered promiscuous mode
[  108.154126][ T5606] veth0_macvtap: entered promiscuous mode
[  108.234500][ T5604] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.284912][ T5606] veth1_macvtap: entered promiscuous mode
[  108.404251][ T5606] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.497322][ T5606] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.662218][ T1509] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.669164][ T1509] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.669599][ T1509] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.673224][ T1509] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.794811][ T5603] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.900656][ T5607] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.034704][ T5604] veth0_vlan: entered promiscuous mode
[  109.247321][ T5604] veth1_vlan: entered promiscuous mode
[  109.390018][ T5605] veth0_vlan: entered promiscuous mode
[  109.542925][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.542949][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.619195][ T5605] veth1_vlan: entered promiscuous mode
[  109.644327][ T5603] veth0_vlan: entered promiscuous mode
[  109.657466][ T5607] veth0_vlan: entered promiscuous mode
[  109.749261][ T5604] veth0_macvtap: entered promiscuous mode
[  109.761487][ T5603] veth1_vlan: entered promiscuous mode
[  109.788966][ T5607] veth1_vlan: entered promiscuous mode
[  109.824916][ T5604] veth1_macvtap: entered promiscuous mode
[  109.843534][  T661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.843555][  T661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.985588][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.986727][ T5605] veth0_macvtap: entered promiscuous mode
[  110.077885][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.079806][ T5605] veth1_macvtap: entered promiscuous mode
[  110.166437][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.183318][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.184374][ T5603] veth0_macvtap: entered promiscuous mode
[  110.226012][ T5607] veth0_macvtap: entered promiscuous mode
[  110.256169][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.289107][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.334326][ T5603] veth1_macvtap: entered promiscuous mode
[  110.351826][ T5607] veth1_macvtap: entered promiscuous mode
[  110.504581][ T5605] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.974782][ T5605] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.801965][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.833378][  T661] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.883976][ T5603] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.884402][  T661] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.959155][  T661] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.997314][  T661] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.025261][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.093441][ T5603] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.205892][  T194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.205913][  T194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.207153][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.268103][ T2176] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.321993][ T2176] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.379066][ T2176] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.423717][ T2176] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.661877][ T5807] loop3: detected capacity change from 0 to 40427
[  113.757359][ T5807] F2FS-fs (loop3): invalid crc value
[  113.921185][ T5807] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  113.924073][ T5807] F2FS-fs (loop3): Start checkpoint disabled!
[  114.006820][ T2176] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.025274][ T5807] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  114.050553][ T5807] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  114.156042][ T2176] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.545099][ T2176] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.760028][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.760049][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.342930][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.342951][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.604182][ T2176] kworker/u8:13: attempt to access beyond end of device
[  116.604182][ T2176] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  116.613949][ T1445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.613968][ T1445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.657600][ T2176] CPU: 0 UID: 0 PID: 2176 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  116.657632][ T2176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  116.657645][ T2176] Workqueue: writeback wb_workfn (flush-7:3)
[  116.657689][ T2176] Call Trace:
[  116.657697][ T2176]  <TASK>
[  116.657706][ T2176]  dump_stack_lvl+0xe8/0x150
[  116.657733][ T2176]  f2fs_stop_checkpoint+0x383/0x540
[  116.657768][ T2176]  f2fs_write_end_io+0x1274/0x1740
[  116.657810][ T2176]  __submit_merged_bio+0x256/0x6a0
[  116.657836][ T2176]  __submit_merged_write_cond+0x3c9/0x4e0
[  116.657876][ T2176]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  116.657923][ T2176]  f2fs_write_data_pages+0x287e/0x34f0
[  116.657974][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.657993][ T2176]  ? __kasan_check_byte+0x12/0x40
[  116.658026][ T2176]  ? rcu_is_watching+0x15/0xb0
[  116.658077][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  116.658115][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  116.658160][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  116.658185][ T2176]  do_writepages+0x32e/0x550
[  116.658207][ T2176]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  116.658227][ T2176]  ? reacquire_held_locks+0x104/0x190
[  116.658245][ T2176]  ? rt_spin_lock+0x1e0/0x400
[  116.658273][ T2176]  __writeback_single_inode+0x133/0x10e0
[  116.658296][ T2176]  ? rt_spin_unlock+0x160/0x200
[  116.658332][ T2176]  writeback_sb_inodes+0x97f/0x1980
[  116.658365][ T2176]  ? lockdep_hardirqs_on+0x7a/0x110
[  116.658396][ T2176]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  116.658446][ T2176]  ? rcu_is_watching+0x15/0xb0
[  116.658470][ T2176]  wb_writeback+0x445/0xb00
[  116.658491][ T2176]  ? queue_io+0x221/0x440
[  116.658514][ T2176]  ? __pfx_wb_writeback+0x10/0x10
[  116.658544][ T2176]  wb_workfn+0x3fd/0xf20
[  116.658568][ T2176]  ? look_up_lock_class+0x57/0x110
[  116.658606][ T2176]  ? __pfx_wb_workfn+0x10/0x10
[  116.658635][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  116.658660][ T2176]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  116.658685][ T2176]  ? process_one_work+0x8b7/0x1710
[  116.658708][ T2176]  ? process_one_work+0x8b7/0x1710
[  116.658739][ T2176]  ? process_one_work+0x8b7/0x1710
[  116.658760][ T2176]  process_one_work+0x9a3/0x1710
[  116.658810][ T2176]  ? __pfx_process_one_work+0x10/0x10
[  116.658830][ T2176]  ? do_raw_spin_lock+0x26c/0x2f0
[  116.658868][ T2176]  worker_thread+0xba8/0x11e0
[  116.658897][ T2176]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  116.658924][ T2176]  ? __kthread_parkme+0x7a/0x1f0
[  116.658948][ T2176]  ? __kthread_parkme+0x19c/0x1f0
[  116.658981][ T2176]  kthread+0x388/0x470
[  116.659008][ T2176]  ? __pfx_worker_thread+0x10/0x10
[  116.659028][ T2176]  ? __pfx_kthread+0x10/0x10
[  116.659055][ T2176]  ret_from_fork+0x514/0xb70
[  116.659084][ T2176]  ? __pfx_ret_from_fork+0x10/0x10
[  116.659107][ T2176]  ? __switch_to+0xc79/0x1410
[  116.659129][ T2176]  ? __pfx_kthread+0x10/0x10
[  116.659156][ T2176]  ret_from_fork_asm+0x1a/0x30
[  116.659196][ T2176]  </TASK>
[  116.673090][ T2176] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  117.116245][ T1445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.116264][ T1445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.557045][ T5815] loop2: detected capacity change from 0 to 40427
[  117.557291][ T2176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.557309][ T2176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.635351][ T5815] F2FS-fs (loop2): invalid crc value
[  117.767523][ T5815] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  117.783301][ T5815] F2FS-fs (loop2): Start checkpoint disabled!
[  117.856328][ T5815] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  117.888727][ T5815] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  118.237850][ T2176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.237871][ T2176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.988697][ T3180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.988718][ T3180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.703829][ T5830] =======================================================
[  120.703829][ T5830] WARNING: The mand mount option has been deprecated and
[  120.703829][ T5830]          and is ignored by this kernel. Remove the mand
[  120.703829][ T5830]          option from the mount to silence this warning.
[  120.703829][ T5830] =======================================================
[  124.178641][ T5847] loop3: detected capacity change from 0 to 64
[  124.479887][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  124.510749][ T5849] loop2: detected capacity change from 0 to 40427
[  124.556830][ T5849] F2FS-fs (loop2): invalid crc value
[  124.700319][ T5849] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  124.723658][ T5849] F2FS-fs (loop2): Start checkpoint disabled!
[  124.755269][ T5849] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  124.756985][ T5849] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  128.652726][ T5868] loop1: detected capacity change from 0 to 64
[  129.668654][   T42] kworker/u8:2: attempt to access beyond end of device
[  129.668654][   T42] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  129.668733][   T42] CPU: 0 UID: 0 PID: 42 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  129.668758][   T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  129.668772][   T42] Workqueue: writeback wb_workfn (flush-7:2)
[  129.668820][   T42] Call Trace:
[  129.668829][   T42]  <TASK>
[  129.668839][   T42]  dump_stack_lvl+0xe8/0x150
[  129.668872][   T42]  f2fs_stop_checkpoint+0x383/0x540
[  129.668913][   T42]  f2fs_write_end_io+0x1274/0x1740
[  129.668966][   T42]  __submit_merged_bio+0x256/0x6a0
[  129.669003][   T42]  __submit_merged_write_cond+0x3c9/0x4e0
[  129.669051][   T42]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  129.669113][   T42]  f2fs_write_data_pages+0x287e/0x34f0
[  129.669182][   T42]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  129.669206][   T42]  ? __kasan_check_byte+0x12/0x40
[  129.669287][   T42]  ? __lock_acquire+0x6b5/0x2d10
[  129.669362][   T42]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  129.669390][   T42]  do_writepages+0x32e/0x550
[  129.669416][   T42]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  129.669440][   T42]  ? reacquire_held_locks+0x104/0x190
[  129.669462][   T42]  ? rt_spin_lock+0x1e0/0x400
[  129.669493][   T42]  __writeback_single_inode+0x133/0x10e0
[  129.669518][   T42]  ? rt_spin_unlock+0x160/0x200
[  129.669542][   T42]  writeback_sb_inodes+0x97f/0x1980
[  129.669580][   T42]  ? lockdep_hardirqs_on+0x7a/0x110
[  129.669616][   T42]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  129.669673][   T42]  ? rcu_is_watching+0x15/0xb0
[  129.669702][   T42]  wb_writeback+0x445/0xb00
[  129.669726][   T42]  ? queue_io+0x221/0x440
[  129.669751][   T42]  ? __pfx_wb_writeback+0x10/0x10
[  129.669789][   T42]  wb_workfn+0x3fd/0xf20
[  129.669817][   T42]  ? look_up_lock_class+0x57/0x110
[  129.669864][   T42]  ? __pfx_wb_workfn+0x10/0x10
[  129.669895][   T42]  ? do_raw_spin_lock+0x12b/0x2f0
[  129.669926][   T42]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  129.669956][   T42]  ? process_one_work+0x8b7/0x1710
[  129.669983][   T42]  ? process_one_work+0x8b7/0x1710
[  129.670022][   T42]  ? process_one_work+0x8b7/0x1710
[  129.670045][   T42]  process_one_work+0x9a3/0x1710
[  129.670093][   T42]  ? __pfx_process_one_work+0x10/0x10
[  129.670116][   T42]  ? do_raw_spin_lock+0x12b/0x2f0
[  129.670170][   T42]  worker_thread+0xba8/0x11e0
[  129.670227][   T42]  kthread+0x388/0x470
[  129.670261][   T42]  ? __pfx_worker_thread+0x10/0x10
[  129.670286][   T42]  ? __pfx_kthread+0x10/0x10
[  129.670318][   T42]  ret_from_fork+0x514/0xb70
[  129.670348][   T42]  ? __pfx_ret_from_fork+0x10/0x10
[  129.670374][   T42]  ? __switch_to+0xc79/0x1410
[  129.670399][   T42]  ? __pfx_kthread+0x10/0x10
[  129.670432][   T42]  ret_from_fork_asm+0x1a/0x30
[  129.670480][   T42]  </TASK>
[  129.672240][   T42] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  135.145243][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  135.145380][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  136.771281][ T5900] loop0: detected capacity change from 0 to 64
[  137.971665][ T5913] Bluetooth: MGMT ver 1.23
[  140.434163][ T5921] loop1: detected capacity change from 0 to 40427
[  141.089634][ T5921] F2FS-fs (loop1): invalid crc value
[  141.426445][ T5921] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  141.439576][ T5921] F2FS-fs (loop1): Start checkpoint disabled!
[  141.485009][ T5921] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  141.491720][ T5921] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  141.518341][ T5929] loop3: detected capacity change from 0 to 64
[  145.205497][ T5950] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  147.007030][ T5958] overlayfs: failed to resolve './file1': -2
[  149.171007][ T5970] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  150.459885][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.479877][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.489882][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.499868][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.509881][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.519862][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.529868][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.539867][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  150.549883][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  151.042533][ T5984] loop3: detected capacity change from 0 to 64
[  152.502402][   T37] audit: type=1800 audit(1777484316.285:2): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.42" name="file1" dev="overlay" ino=69 res=0 errno=0
[  154.812545][   T37] audit: type=1800 audit(1777484318.605:3): pid=5991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.38" name="file1" dev="overlay" ino=90 res=0 errno=0
[  157.796704][ T6003] loop0: detected capacity change from 0 to 40427
[  157.805049][ T6006] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  158.503648][ T6003] F2FS-fs (loop0): invalid crc value
[  158.617753][ T6003] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  158.669558][ T6003] F2FS-fs (loop0): Start checkpoint disabled!
[  158.696062][ T6003] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  158.708488][ T6003] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  164.342251][ T6033] loop2: detected capacity change from 0 to 64
[  165.006308][ T6039] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  167.174727][ T6045] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  169.533774][ T2176] kworker/u8:13: attempt to access beyond end of device
[  169.533774][ T2176] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  169.533843][ T2176] CPU: 1 UID: 0 PID: 2176 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  169.533870][ T2176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  169.533884][ T2176] Workqueue: writeback wb_workfn (flush-7:0)
[  169.533925][ T2176] Call Trace:
[  169.533933][ T2176]  <TASK>
[  169.533943][ T2176]  dump_stack_lvl+0xe8/0x150
[  169.533975][ T2176]  f2fs_stop_checkpoint+0x383/0x540
[  169.534016][ T2176]  f2fs_write_end_io+0x1274/0x1740
[  169.534065][ T2176]  __submit_merged_bio+0x256/0x6a0
[  169.534095][ T2176]  __submit_merged_write_cond+0x3c9/0x4e0
[  169.534140][ T2176]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  169.534200][ T2176]  f2fs_write_data_pages+0x287e/0x34f0
[  169.534265][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.534307][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  169.534379][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  169.534453][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  169.534483][ T2176]  do_writepages+0x32e/0x550
[  169.534512][ T2176]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  169.534536][ T2176]  ? reacquire_held_locks+0x104/0x190
[  169.534559][ T2176]  ? rt_spin_lock+0x1e0/0x400
[  169.534595][ T2176]  __writeback_single_inode+0x133/0x10e0
[  169.534632][ T2176]  ? rt_spin_unlock+0x160/0x200
[  169.534661][ T2176]  writeback_sb_inodes+0x97f/0x1980
[  169.534714][ T2176]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  169.534778][ T2176]  ? __pfx_rt_spin_lock+0x10/0x10
[  169.534800][ T2176]  ? rt_spin_unlock+0x14f/0x200
[  169.534835][ T2176]  wb_writeback+0x445/0xb00
[  169.534862][ T2176]  ? queue_io+0x221/0x440
[  169.534891][ T2176]  ? __pfx_wb_writeback+0x10/0x10
[  169.534931][ T2176]  wb_workfn+0x3fd/0xf20
[  169.534959][ T2176]  ? look_up_lock_class+0x57/0x110
[  169.535008][ T2176]  ? __pfx_wb_workfn+0x10/0x10
[  169.535043][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  169.535075][ T2176]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  169.535107][ T2176]  ? process_one_work+0x8b7/0x1710
[  169.535136][ T2176]  ? process_one_work+0x8b7/0x1710
[  169.535180][ T2176]  ? process_one_work+0x8b7/0x1710
[  169.535205][ T2176]  process_one_work+0x9a3/0x1710
[  169.535256][ T2176]  ? __pfx_process_one_work+0x10/0x10
[  169.535281][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  169.535327][ T2176]  worker_thread+0xba8/0x11e0
[  169.535365][ T2176]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  169.535399][ T2176]  ? __kthread_parkme+0x7a/0x1f0
[  169.535428][ T2176]  ? __kthread_parkme+0x19c/0x1f0
[  169.535466][ T2176]  kthread+0x388/0x470
[  169.535498][ T2176]  ? __pfx_worker_thread+0x10/0x10
[  169.535524][ T2176]  ? __pfx_kthread+0x10/0x10
[  169.535560][ T2176]  ret_from_fork+0x514/0xb70
[  169.535591][ T2176]  ? __pfx_ret_from_fork+0x10/0x10
[  169.535618][ T2176]  ? __switch_to+0xc79/0x1410
[  169.535651][ T2176]  ? __pfx_kthread+0x10/0x10
[  169.535685][ T2176]  ret_from_fork_asm+0x1a/0x30
[  169.535733][ T2176]  </TASK>
[  169.545125][ T2176] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  170.448073][ T6053] overlayfs: overlapping lowerdir path
[  171.307003][ T6055] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  172.258201][ T6057] overlayfs: overlapping lowerdir path
[  174.002060][ T5612] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  174.045953][ T5612] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  174.180232][ T6068] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  175.026219][ T5612] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  175.028749][ T5612] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  175.029570][ T5612] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  178.758989][ T5612] Bluetooth: hci5: command tx timeout
[  179.664439][ T6083] loop3: detected capacity change from 0 to 64
[  180.828344][ T5615] Bluetooth: hci5: command tx timeout
[  181.566940][   T37] audit: type=1800 audit(1777484345.265:4): pid=6092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.68" name="file1" dev="overlay" ino=138 res=0 errno=0
[  181.808808][ T5612] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  181.864770][ T5612] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  181.890175][ T5612] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  181.902804][ T5612] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  181.946621][ T5612] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  182.469034][ T6098] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  183.234655][ T5615] Bluetooth: hci5: command tx timeout
[  184.840892][ T6110] loop3: detected capacity change from 0 to 64
[  186.674221][ T5615] Bluetooth: hci5: command tx timeout
[  186.674468][ T5615] Bluetooth: hci6: command tx timeout
[  186.772252][   T37] audit: type=1800 audit(1777484350.535:5): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.73" name="file1" dev="overlay" ino=159 res=0 errno=0
[  187.160971][ T6120] overlayfs: overlapping lowerdir path
[  187.220797][ T6121] overlayfs: overlapping lowerdir path
[  188.730068][ T5615] Bluetooth: hci6: command tx timeout
[  189.572269][ T6134] loop2: detected capacity change from 0 to 40427
[  189.585062][ T6140] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  190.277169][ T6134] F2FS-fs (loop2): invalid crc value
[  190.698928][ T6144] loop1: detected capacity change from 0 to 40427
[  190.737330][ T6144] F2FS-fs (loop1): invalid crc value
[  190.820370][ T5615] Bluetooth: hci6: command tx timeout
[  190.830713][ T6134] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  190.863406][ T6134] F2FS-fs (loop2): Start checkpoint disabled!
[  190.865063][ T6144] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  190.895282][ T6144] F2FS-fs (loop1): Start checkpoint disabled!
[  190.943226][ T6134] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  190.948858][ T6134] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  191.020754][ T6144] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  191.024359][ T6144] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  192.234526][ T6150] loop3: detected capacity change from 0 to 64
[  192.899930][ T5615] Bluetooth: hci6: command tx timeout
[  192.977869][ T6155] loop3: detected capacity change from 0 to 64
[  194.168004][ T5947] kworker/u8:17: attempt to access beyond end of device
[  194.168004][ T5947] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  194.196844][ T5947] CPU: 0 UID: 0 PID: 5947 Comm: kworker/u8:17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  194.196870][ T5947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  194.196884][ T5947] Workqueue: writeback wb_workfn (flush-7:1)
[  194.196920][ T5947] Call Trace:
[  194.196926][ T5947]  <TASK>
[  194.196939][ T5947]  dump_stack_lvl+0xe8/0x150
[  194.196966][ T5947]  f2fs_stop_checkpoint+0x383/0x540
[  194.197000][ T5947]  f2fs_write_end_io+0x1274/0x1740
[  194.197040][ T5947]  __submit_merged_bio+0x256/0x6a0
[  194.197065][ T5947]  __submit_merged_write_cond+0x3c9/0x4e0
[  194.197104][ T5947]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  194.197153][ T5947]  f2fs_write_data_pages+0x287e/0x34f0
[  194.197175][ T5947]  ? unwind_next_frame+0xa6/0x2550
[  194.197235][ T5947]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.197266][ T5947]  ? __lock_acquire+0x6b5/0x2d10
[  194.197321][ T5947]  ? __lock_acquire+0x6b5/0x2d10
[  194.197358][ T5947]  ? unwind_next_frame+0xa6/0x2550
[  194.197400][ T5947]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  194.197423][ T5947]  do_writepages+0x32e/0x550
[  194.197449][ T5947]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  194.197470][ T5947]  ? reacquire_held_locks+0x104/0x190
[  194.197488][ T5947]  ? rt_spin_lock+0x1e0/0x400
[  194.197517][ T5947]  __writeback_single_inode+0x133/0x10e0
[  194.197538][ T5947]  ? rt_spin_unlock+0x160/0x200
[  194.197570][ T5947]  writeback_sb_inodes+0x97f/0x1980
[  194.197604][ T5947]  ? lockdep_hardirqs_on+0x7a/0x110
[  194.197638][ T5947]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  194.197693][ T5947]  ? rcu_is_watching+0x15/0xb0
[  194.197717][ T5947]  wb_writeback+0x445/0xb00
[  194.197737][ T5947]  ? queue_io+0x221/0x440
[  194.197760][ T5947]  ? __pfx_wb_writeback+0x10/0x10
[  194.197790][ T5947]  wb_workfn+0x3fd/0xf20
[  194.197815][ T5947]  ? look_up_lock_class+0x57/0x110
[  194.197852][ T5947]  ? __pfx_wb_workfn+0x10/0x10
[  194.197879][ T5947]  ? do_raw_spin_lock+0x12b/0x2f0
[  194.197904][ T5947]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  194.197929][ T5947]  ? process_one_work+0x8b7/0x1710
[  194.197952][ T5947]  ? process_one_work+0x8b7/0x1710
[  194.197981][ T5947]  ? process_one_work+0x8b7/0x1710
[  194.198001][ T5947]  process_one_work+0x9a3/0x1710
[  194.198040][ T5947]  ? __pfx_process_one_work+0x10/0x10
[  194.198059][ T5947]  ? do_raw_spin_lock+0x12b/0x2f0
[  194.198104][ T5947]  worker_thread+0xba8/0x11e0
[  194.198142][ T5947]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  194.198176][ T5947]  ? __kthread_parkme+0x7a/0x1f0
[  194.198207][ T5947]  ? __kthread_parkme+0x19c/0x1f0
[  194.198243][ T5947]  kthread+0x388/0x470
[  194.198275][ T5947]  ? __pfx_worker_thread+0x10/0x10
[  194.198299][ T5947]  ? __pfx_kthread+0x10/0x10
[  194.198332][ T5947]  ret_from_fork+0x514/0xb70
[  194.198363][ T5947]  ? __pfx_ret_from_fork+0x10/0x10
[  194.198390][ T5947]  ? __switch_to+0xc79/0x1410
[  194.198415][ T5947]  ? __pfx_kthread+0x10/0x10
[  194.198450][ T5947]  ret_from_fork_asm+0x1a/0x30
[  194.198498][ T5947]  </TASK>
[  194.198507][ T5947] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  194.494084][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  194.494191][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  196.301645][ T6172] loop2: detected capacity change from 0 to 40427
[  196.340007][ T6172] F2FS-fs (loop2): invalid crc value
[  196.565024][ T6172] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  196.707971][ T6172] F2FS-fs (loop2): Start checkpoint disabled!
[  197.220799][ T6172] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  197.230426][ T6172] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  197.886545][   T37] audit: type=1800 audit(1777484361.675:6): pid=6175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.84" name="file1" dev="overlay" ino=191 res=0 errno=0
[  199.022814][   T37] audit: type=1800 audit(1777484362.815:7): pid=6181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.87" name="file1" dev="overlay" ino=200 res=0 errno=0
[  199.901419][   T37] audit: type=1800 audit(1777484363.695:8): pid=6188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.88" name="file1" dev="overlay" ino=206 res=0 errno=0
[  200.223748][ T5873] kworker/u8:16: attempt to access beyond end of device
[  200.223748][ T5873] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  200.223837][ T5873] CPU: 0 UID: 0 PID: 5873 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  200.223862][ T5873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  200.223876][ T5873] Workqueue: writeback wb_workfn (flush-7:2)
[  200.223915][ T5873] Call Trace:
[  200.223923][ T5873]  <TASK>
[  200.223933][ T5873]  dump_stack_lvl+0xe8/0x150
[  200.223966][ T5873]  f2fs_stop_checkpoint+0x383/0x540
[  200.224011][ T5873]  f2fs_write_end_io+0x1274/0x1740
[  200.224068][ T5873]  __submit_merged_bio+0x256/0x6a0
[  200.224099][ T5873]  __submit_merged_write_cond+0x3c9/0x4e0
[  200.224145][ T5873]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  200.224204][ T5873]  f2fs_write_data_pages+0x287e/0x34f0
[  200.224266][ T5873]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  200.224348][ T5873]  ? __lock_acquire+0x6b5/0x2d10
[  200.224424][ T5873]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  200.224450][ T5873]  do_writepages+0x32e/0x550
[  200.224477][ T5873]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  200.224502][ T5873]  ? reacquire_held_locks+0x104/0x190
[  200.224526][ T5873]  ? rt_spin_lock+0x1e0/0x400
[  200.224560][ T5873]  __writeback_single_inode+0x133/0x10e0
[  200.224587][ T5873]  ? rt_spin_unlock+0x160/0x200
[  200.224616][ T5873]  writeback_sb_inodes+0x97f/0x1980
[  200.224669][ T5873]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  200.224732][ T5873]  ? rcu_is_watching+0x15/0xb0
[  200.224766][ T5873]  wb_writeback+0x445/0xb00
[  200.224793][ T5873]  ? queue_io+0x221/0x440
[  200.224822][ T5873]  ? __pfx_wb_writeback+0x10/0x10
[  200.224862][ T5873]  wb_workfn+0x3fd/0xf20
[  200.224893][ T5873]  ? look_up_lock_class+0x57/0x110
[  200.224942][ T5873]  ? __pfx_wb_workfn+0x10/0x10
[  200.224978][ T5873]  ? do_raw_spin_unlock+0xf5/0x210
[  200.225009][ T5873]  ? process_one_work+0x8b7/0x1710
[  200.225035][ T5873]  ? process_one_work+0x8b7/0x1710
[  200.225079][ T5873]  ? process_one_work+0x8b7/0x1710
[  200.225102][ T5873]  process_one_work+0x9a3/0x1710
[  200.225147][ T5873]  ? __pfx_process_one_work+0x10/0x10
[  200.225169][ T5873]  ? do_raw_spin_lock+0x12b/0x2f0
[  200.225211][ T5873]  worker_thread+0xba8/0x11e0
[  200.225262][ T5873]  kthread+0x388/0x470
[  200.225294][ T5873]  ? __pfx_worker_thread+0x10/0x10
[  200.225317][ T5873]  ? __pfx_kthread+0x10/0x10
[  200.225349][ T5873]  ret_from_fork+0x514/0xb70
[  200.225378][ T5873]  ? __pfx_ret_from_fork+0x10/0x10
[  200.225404][ T5873]  ? __switch_to+0xc79/0x1410
[  200.225428][ T5873]  ? __pfx_kthread+0x10/0x10
[  200.225462][ T5873]  ret_from_fork_asm+0x1a/0x30
[  200.225507][ T5873]  </TASK>
[  200.227981][ T5873] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  202.502980][ T6201] loop2: detected capacity change from 0 to 40427
[  202.521975][ T6201] F2FS-fs (loop2): invalid crc value
[  202.583252][ T6191] loop3: detected capacity change from 0 to 40427
[  202.658313][ T6204] loop1: detected capacity change from 0 to 64
[  202.672377][ T6201] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  202.678448][ T6201] F2FS-fs (loop2): Start checkpoint disabled!
[  202.705287][ T6201] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  202.707156][ T6201] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  204.183969][ T6191] F2FS-fs (loop3): invalid crc value
[  204.184114][ T6191] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-4)
[  206.027477][ T2176] kworker/u8:13: attempt to access beyond end of device
[  206.027477][ T2176] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  206.027549][ T2176] CPU: 0 UID: 0 PID: 2176 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  206.027575][ T2176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  206.027589][ T2176] Workqueue: writeback wb_workfn (flush-7:2)
[  206.027629][ T2176] Call Trace:
[  206.027638][ T2176]  <TASK>
[  206.027647][ T2176]  dump_stack_lvl+0xe8/0x150
[  206.027680][ T2176]  f2fs_stop_checkpoint+0x383/0x540
[  206.027722][ T2176]  f2fs_write_end_io+0x1274/0x1740
[  206.027772][ T2176]  __submit_merged_bio+0x256/0x6a0
[  206.027816][ T2176]  __submit_merged_write_cond+0x3c9/0x4e0
[  206.027860][ T2176]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  206.027920][ T2176]  f2fs_write_data_pages+0x287e/0x34f0
[  206.027984][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  206.028050][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  206.028113][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  206.028163][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  206.028184][ T2176]  do_writepages+0x32e/0x550
[  206.028203][ T2176]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  206.028220][ T2176]  ? reacquire_held_locks+0x104/0x190
[  206.028237][ T2176]  ? rt_spin_lock+0x1e0/0x400
[  206.028261][ T2176]  __writeback_single_inode+0x133/0x10e0
[  206.028280][ T2176]  ? rt_spin_unlock+0x160/0x200
[  206.028300][ T2176]  writeback_sb_inodes+0x97f/0x1980
[  206.028336][ T2176]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  206.028379][ T2176]  ? __pfx_rt_spin_lock+0x10/0x10
[  206.028394][ T2176]  ? rt_spin_unlock+0x14f/0x200
[  206.028419][ T2176]  wb_writeback+0x445/0xb00
[  206.028437][ T2176]  ? queue_io+0x221/0x440
[  206.028457][ T2176]  ? __pfx_wb_writeback+0x10/0x10
[  206.028483][ T2176]  wb_workfn+0x3fd/0xf20
[  206.028504][ T2176]  ? look_up_lock_class+0x57/0x110
[  206.028539][ T2176]  ? __pfx_wb_workfn+0x10/0x10
[  206.028565][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  206.028587][ T2176]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  206.028609][ T2176]  ? process_one_work+0x8b7/0x1710
[  206.028630][ T2176]  ? process_one_work+0x8b7/0x1710
[  206.028657][ T2176]  ? process_one_work+0x8b7/0x1710
[  206.028674][ T2176]  process_one_work+0x9a3/0x1710
[  206.028708][ T2176]  ? __pfx_process_one_work+0x10/0x10
[  206.028725][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  206.028757][ T2176]  worker_thread+0xba8/0x11e0
[  206.028784][ T2176]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  206.028813][ T2176]  ? __kthread_parkme+0x7a/0x1f0
[  206.028834][ T2176]  ? __kthread_parkme+0x19c/0x1f0
[  206.028859][ T2176]  kthread+0x388/0x470
[  206.028883][ T2176]  ? __pfx_worker_thread+0x10/0x10
[  206.028901][ T2176]  ? __pfx_kthread+0x10/0x10
[  206.028926][ T2176]  ret_from_fork+0x514/0xb70
[  206.028948][ T2176]  ? __pfx_ret_from_fork+0x10/0x10
[  206.028968][ T2176]  ? __switch_to+0xc79/0x1410
[  206.028986][ T2176]  ? __pfx_kthread+0x10/0x10
[  206.029010][ T2176]  ret_from_fork_asm+0x1a/0x30
[  206.029045][ T2176]  </TASK>
[  206.029061][ T2176] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  206.971239][ T6221] loop3: detected capacity change from 0 to 40427
[  206.980440][ T6221] F2FS-fs (loop3): invalid crc value
[  207.095758][ T6221] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  207.100431][ T6221] F2FS-fs (loop3): Start checkpoint disabled!
[  207.125411][ T6221] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  207.125955][ T6221] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  208.516916][ T6228] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  209.451022][ T1196] kworker/u8:9: attempt to access beyond end of device
[  209.451022][ T1196] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  209.451094][ T1196] CPU: 0 UID: 0 PID: 1196 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  209.451116][ T1196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  209.451127][ T1196] Workqueue: writeback wb_workfn (flush-7:3)
[  209.451162][ T1196] Call Trace:
[  209.451169][ T1196]  <TASK>
[  209.451176][ T1196]  dump_stack_lvl+0xe8/0x150
[  209.451202][ T1196]  f2fs_stop_checkpoint+0x383/0x540
[  209.451237][ T1196]  f2fs_write_end_io+0x1274/0x1740
[  209.451286][ T1196]  __submit_merged_bio+0x256/0x6a0
[  209.451310][ T1196]  __submit_merged_write_cond+0x3c9/0x4e0
[  209.451348][ T1196]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  209.451396][ T1196]  f2fs_write_data_pages+0x287e/0x34f0
[  209.451452][ T1196]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  209.451492][ T1196]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  209.451560][ T1196]  ? __lock_acquire+0x6b5/0x2d10
[  209.451629][ T1196]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  209.451658][ T1196]  do_writepages+0x32e/0x550
[  209.451686][ T1196]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  209.451710][ T1196]  ? reacquire_held_locks+0x104/0x190
[  209.451733][ T1196]  ? rt_spin_lock+0x1e0/0x400
[  209.451768][ T1196]  __writeback_single_inode+0x133/0x10e0
[  209.451795][ T1196]  ? rt_spin_unlock+0x160/0x200
[  209.451823][ T1196]  writeback_sb_inodes+0x97f/0x1980
[  209.451865][ T1196]  ? lockdep_hardirqs_on+0x7a/0x110
[  209.451903][ T1196]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  209.451969][ T1196]  ? rcu_is_watching+0x15/0xb0
[  209.452002][ T1196]  wb_writeback+0x445/0xb00
[  209.452028][ T1196]  ? queue_io+0x221/0x440
[  209.452058][ T1196]  ? __pfx_wb_writeback+0x10/0x10
[  209.452097][ T1196]  wb_workfn+0x3fd/0xf20
[  209.452125][ T1196]  ? look_up_lock_class+0x57/0x110
[  209.452172][ T1196]  ? __pfx_wb_workfn+0x10/0x10
[  209.452208][ T1196]  ? do_raw_spin_lock+0x12b/0x2f0
[  209.452244][ T1196]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  209.452283][ T1196]  ? process_one_work+0x8b7/0x1710
[  209.452310][ T1196]  ? process_one_work+0x8b7/0x1710
[  209.452348][ T1196]  ? process_one_work+0x8b7/0x1710
[  209.452373][ T1196]  process_one_work+0x9a3/0x1710
[  209.452422][ T1196]  ? __pfx_process_one_work+0x10/0x10
[  209.452446][ T1196]  ? do_raw_spin_lock+0x12b/0x2f0
[  209.452490][ T1196]  worker_thread+0xba8/0x11e0
[  209.452545][ T1196]  kthread+0x388/0x470
[  209.452579][ T1196]  ? __pfx_worker_thread+0x10/0x10
[  209.452605][ T1196]  ? __pfx_kthread+0x10/0x10
[  209.452638][ T1196]  ret_from_fork+0x514/0xb70
[  209.452670][ T1196]  ? __pfx_ret_from_fork+0x10/0x10
[  209.452699][ T1196]  ? __switch_to+0xc79/0x1410
[  209.452724][ T1196]  ? __pfx_kthread+0x10/0x10
[  209.452757][ T1196]  ret_from_fork_asm+0x1a/0x30
[  209.452806][ T1196]  </TASK>
[  209.453152][ T1196] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  210.594910][   T37] audit: type=1800 audit(1777484374.385:9): pid=6231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.100" name="file1" dev="overlay" ino=261 res=0 errno=0
[  210.967621][ T6236] loop2: detected capacity change from 0 to 40427
[  210.985090][ T6236] F2FS-fs (loop2): invalid crc value
[  211.085749][ T6236] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  211.089306][ T6236] F2FS-fs (loop2): Start checkpoint disabled!
[  211.112558][ T6236] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  211.119863][ T6236] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  212.036889][ T6243] loop1: detected capacity change from 0 to 64
[  213.955709][ T6249] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  215.367492][  T661] kworker/u8:7: attempt to access beyond end of device
[  215.367492][  T661] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  215.367551][  T661] CPU: 0 UID: 0 PID: 661 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  215.367576][  T661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  215.367590][  T661] Workqueue: writeback wb_workfn (flush-7:2)
[  215.367630][  T661] Call Trace:
[  215.367638][  T661]  <TASK>
[  215.367647][  T661]  dump_stack_lvl+0xe8/0x150
[  215.367680][  T661]  f2fs_stop_checkpoint+0x383/0x540
[  215.367721][  T661]  f2fs_write_end_io+0x1274/0x1740
[  215.367781][  T661]  __submit_merged_bio+0x256/0x6a0
[  215.367814][  T661]  __submit_merged_write_cond+0x3c9/0x4e0
[  215.367861][  T661]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  215.367922][  T661]  f2fs_write_data_pages+0x287e/0x34f0
[  215.367989][  T661]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  215.368030][  T661]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  215.368099][  T661]  ? __lock_acquire+0x6b5/0x2d10
[  215.368149][  T661]  ? __lock_acquire+0x6b5/0x2d10
[  215.368206][  T661]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  215.368234][  T661]  do_writepages+0x32e/0x550
[  215.368262][  T661]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  215.368287][  T661]  ? reacquire_held_locks+0x104/0x190
[  215.368310][  T661]  ? rt_spin_lock+0x1e0/0x400
[  215.368345][  T661]  __writeback_single_inode+0x133/0x10e0
[  215.368371][  T661]  ? rt_spin_unlock+0x160/0x200
[  215.368400][  T661]  writeback_sb_inodes+0x97f/0x1980
[  215.368442][  T661]  ? lockdep_hardirqs_on+0x7a/0x110
[  215.368481][  T661]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  215.368550][  T661]  ? rcu_is_watching+0x15/0xb0
[  215.368582][  T661]  wb_writeback+0x445/0xb00
[  215.368608][  T661]  ? queue_io+0x221/0x440
[  215.368637][  T661]  ? __pfx_wb_writeback+0x10/0x10
[  215.368677][  T661]  wb_workfn+0x3fd/0xf20
[  215.368706][  T661]  ? look_up_lock_class+0x57/0x110
[  215.368754][  T661]  ? __pfx_wb_workfn+0x10/0x10
[  215.368796][  T661]  ? do_raw_spin_lock+0x12b/0x2f0
[  215.368827][  T661]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  215.368858][  T661]  ? process_one_work+0x8b7/0x1710
[  215.368886][  T661]  ? process_one_work+0x8b7/0x1710
[  215.368926][  T661]  ? process_one_work+0x8b7/0x1710
[  215.368951][  T661]  process_one_work+0x9a3/0x1710
[  215.369001][  T661]  ? __pfx_process_one_work+0x10/0x10
[  215.369025][  T661]  ? do_raw_spin_lock+0x12b/0x2f0
[  215.369073][  T661]  worker_thread+0xba8/0x11e0
[  215.369129][  T661]  kthread+0x388/0x470
[  215.369162][  T661]  ? __pfx_worker_thread+0x10/0x10
[  215.369188][  T661]  ? __pfx_kthread+0x10/0x10
[  215.369222][  T661]  ret_from_fork+0x514/0xb70
[  215.369254][  T661]  ? __pfx_ret_from_fork+0x10/0x10
[  215.369282][  T661]  ? __switch_to+0xc79/0x1410
[  215.369309][  T661]  ? __pfx_kthread+0x10/0x10
[  215.369343][  T661]  ret_from_fork_asm+0x1a/0x30
[  215.369391][  T661]  </TASK>
[  215.380018][  T661] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  215.785366][ T6254] loop1: detected capacity change from 0 to 64
[  217.679776][ T6265] overlay: Unknown parameter '/'
[  218.588735][ T6267] loop1: detected capacity change from 0 to 40427
[  218.596678][ T6267] F2FS-fs (loop1): invalid crc value
[  218.742075][ T6270] loop2: detected capacity change from 0 to 64
[  218.752162][ T6267] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  218.766023][ T6267] F2FS-fs (loop1): Start checkpoint disabled!
[  218.804248][ T6267] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  218.805441][ T6267] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  222.375100][ T6280] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  223.145028][ T6284] loop2: detected capacity change from 0 to 64
[  224.593815][ T4925] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  224.606141][ T4925] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  224.608691][ T4925] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  224.609981][ T4925] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  224.610799][ T4925] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  224.617382][ T4925] Bluetooth: hci3: command 0x0406 tx timeout
[  224.620566][ T4925] Bluetooth: hci4: command 0x0406 tx timeout
[  224.620665][ T4925] Bluetooth: hci1: command 0x0406 tx timeout
[  224.866709][ T6289] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  227.103946][ T6298] Bluetooth: MGMT ver 1.23
[  228.456432][ T6304] loop2: detected capacity change from 0 to 64
[  228.851998][ T6306] loop3: detected capacity change from 0 to 40427
[  228.882915][ T6306] F2FS-fs (loop3): invalid crc value
[  229.412081][ T6311] loop1: detected capacity change from 0 to 64
[  229.566175][ T6306] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  229.587036][ T6306] F2FS-fs (loop3): Start checkpoint disabled!
[  229.620985][ T6306] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  229.767471][ T6306] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  231.997144][ T5612] Bluetooth: hci0: command tx timeout
[  232.657680][ T6316] loop2: detected capacity change from 0 to 40427
[  232.693314][ T6318] loop1: detected capacity change from 0 to 40427
[  232.720784][ T6316] F2FS-fs (loop2): invalid crc value
[  232.720967][ T6318] F2FS-fs (loop1): invalid crc value
[  232.842876][ T6316] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  232.854246][ T6318] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  232.866499][ T6316] F2FS-fs (loop2): Start checkpoint disabled!
[  232.885138][ T6318] F2FS-fs (loop1): Start checkpoint disabled!
[  232.891621][ T6316] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  232.905958][ T6316] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  232.920626][ T6318] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  232.923613][ T6318] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  234.020045][ T5612] Bluetooth: hci0: command tx timeout
[  235.035116][ T1196] kworker/u8:9: attempt to access beyond end of device
[  235.035116][ T1196] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.035194][ T1196] CPU: 0 UID: 0 PID: 1196 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  235.035219][ T1196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  235.035232][ T1196] Workqueue: writeback wb_workfn (flush-7:2)
[  235.035272][ T1196] Call Trace:
[  235.035281][ T1196]  <TASK>
[  235.035290][ T1196]  dump_stack_lvl+0xe8/0x150
[  235.035323][ T1196]  f2fs_stop_checkpoint+0x383/0x540
[  235.035373][ T1196]  f2fs_write_end_io+0x1274/0x1740
[  235.035429][ T1196]  __submit_merged_bio+0x256/0x6a0
[  235.035463][ T1196]  __submit_merged_write_cond+0x3c9/0x4e0
[  235.035513][ T1196]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  235.035580][ T1196]  f2fs_write_data_pages+0x287e/0x34f0
[  235.035649][ T1196]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.035742][ T1196]  ? __lock_acquire+0x6b5/0x2d10
[  235.035824][ T1196]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.035853][ T1196]  do_writepages+0x32e/0x550
[  235.035880][ T1196]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  235.035904][ T1196]  ? reacquire_held_locks+0x104/0x190
[  235.035928][ T1196]  ? rt_spin_lock+0x1e0/0x400
[  235.035966][ T1196]  __writeback_single_inode+0x133/0x10e0
[  235.035994][ T1196]  ? rt_spin_unlock+0x160/0x200
[  235.036023][ T1196]  writeback_sb_inodes+0x97f/0x1980
[  235.036097][ T1196]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  235.036172][ T1196]  ? rcu_is_watching+0x15/0xb0
[  235.036208][ T1196]  wb_writeback+0x445/0xb00
[  235.036237][ T1196]  ? queue_io+0x221/0x440
[  235.036269][ T1196]  ? __pfx_wb_writeback+0x10/0x10
[  235.036313][ T1196]  wb_workfn+0x3fd/0xf20
[  235.036350][ T1196]  ? look_up_lock_class+0x57/0x110
[  235.036384][ T1196]  ? lapic_next_event+0x11/0x20
[  235.036428][ T1196]  ? __pfx_wb_workfn+0x10/0x10
[  235.036469][ T1196]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.036502][ T1196]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  235.036535][ T1196]  ? process_one_work+0x8b7/0x1710
[  235.036565][ T1196]  ? process_one_work+0x8b7/0x1710
[  235.036608][ T1196]  ? process_one_work+0x8b7/0x1710
[  235.036633][ T1196]  process_one_work+0x9a3/0x1710
[  235.036689][ T1196]  ? __pfx_process_one_work+0x10/0x10
[  235.036714][ T1196]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.036764][ T1196]  worker_thread+0xba8/0x11e0
[  235.036826][ T1196]  kthread+0x388/0x470
[  235.036860][ T1196]  ? __pfx_worker_thread+0x10/0x10
[  235.036885][ T1196]  ? __pfx_kthread+0x10/0x10
[  235.036920][ T1196]  ret_from_fork+0x514/0xb70
[  235.036953][ T1196]  ? __pfx_ret_from_fork+0x10/0x10
[  235.036981][ T1196]  ? __switch_to+0xc79/0x1410
[  235.037008][ T1196]  ? __pfx_kthread+0x10/0x10
[  235.037043][ T1196]  ret_from_fork_asm+0x1a/0x30
[  235.037106][ T1196]  </TASK>
[  235.039746][ T1196] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  235.612053][ T2176] kworker/u8:13: attempt to access beyond end of device
[  235.612053][ T2176] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  235.612118][ T2176] CPU: 0 UID: 0 PID: 2176 Comm: kworker/u8:13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  235.612143][ T2176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  235.612158][ T2176] Workqueue: writeback wb_workfn (flush-7:1)
[  235.612204][ T2176] Call Trace:
[  235.612212][ T2176]  <TASK>
[  235.612222][ T2176]  dump_stack_lvl+0xe8/0x150
[  235.612260][ T2176]  f2fs_stop_checkpoint+0x383/0x540
[  235.612303][ T2176]  f2fs_write_end_io+0x1274/0x1740
[  235.612353][ T2176]  __submit_merged_bio+0x256/0x6a0
[  235.612384][ T2176]  __submit_merged_write_cond+0x3c9/0x4e0
[  235.612430][ T2176]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  235.612491][ T2176]  f2fs_write_data_pages+0x287e/0x34f0
[  235.612556][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.612597][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  235.612713][ T2176]  ? __lock_acquire+0x6b5/0x2d10
[  235.612788][ T2176]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  235.612817][ T2176]  do_writepages+0x32e/0x550
[  235.612843][ T2176]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  235.612866][ T2176]  ? reacquire_held_locks+0x104/0x190
[  235.612888][ T2176]  ? rt_spin_lock+0x1e0/0x400
[  235.612921][ T2176]  __writeback_single_inode+0x133/0x10e0
[  235.612948][ T2176]  ? rt_spin_unlock+0x160/0x200
[  235.612975][ T2176]  writeback_sb_inodes+0x97f/0x1980
[  235.613034][ T2176]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  235.613097][ T2176]  ? __pfx_rt_spin_lock+0x10/0x10
[  235.613119][ T2176]  ? rt_spin_unlock+0x14f/0x200
[  235.613153][ T2176]  wb_writeback+0x445/0xb00
[  235.613180][ T2176]  ? queue_io+0x221/0x440
[  235.613209][ T2176]  ? __pfx_wb_writeback+0x10/0x10
[  235.613248][ T2176]  wb_workfn+0x3fd/0xf20
[  235.613275][ T2176]  ? look_up_lock_class+0x57/0x110
[  235.613324][ T2176]  ? __pfx_wb_workfn+0x10/0x10
[  235.613357][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.613387][ T2176]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  235.613418][ T2176]  ? process_one_work+0x8b7/0x1710
[  235.613445][ T2176]  ? process_one_work+0x8b7/0x1710
[  235.613482][ T2176]  ? process_one_work+0x8b7/0x1710
[  235.613505][ T2176]  process_one_work+0x9a3/0x1710
[  235.613554][ T2176]  ? __pfx_process_one_work+0x10/0x10
[  235.613578][ T2176]  ? do_raw_spin_lock+0x12b/0x2f0
[  235.613623][ T2176]  worker_thread+0xba8/0x11e0
[  235.613661][ T2176]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  235.613695][ T2176]  ? __kthread_parkme+0x7a/0x1f0
[  235.613724][ T2176]  ? __kthread_parkme+0x19c/0x1f0
[  235.613775][ T2176]  kthread+0x388/0x470
[  235.613809][ T2176]  ? __pfx_worker_thread+0x10/0x10
[  235.613834][ T2176]  ? __pfx_kthread+0x10/0x10
[  235.613866][ T2176]  ret_from_fork+0x514/0xb70
[  235.613897][ T2176]  ? __pfx_ret_from_fork+0x10/0x10
[  235.613925][ T2176]  ? __switch_to+0xc79/0x1410
[  235.613953][ T2176]  ? __pfx_kthread+0x10/0x10
[  235.613987][ T2176]  ret_from_fork_asm+0x1a/0x30
[  235.614044][ T2176]  </TASK>
[  235.616182][ T2176] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  236.091097][ T5612] Bluetooth: hci0: command tx timeout
[  236.511748][ T6328] loop3: detected capacity change from 0 to 40427
[  236.527425][ T6328] F2FS-fs (loop3): invalid crc value
[  236.668855][ T6330] loop2: detected capacity change from 0 to 40427
[  236.673709][ T6330] F2FS-fs (loop2): invalid crc value
[  236.811412][ T6328] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  236.824085][ T6330] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  236.836028][ T6328] F2FS-fs (loop3): Start checkpoint disabled!
[  236.836320][ T6330] F2FS-fs (loop2): Start checkpoint disabled!
[  236.865290][ T6330] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  236.865302][ T6328] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  236.887990][ T6328] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  236.888815][ T6330] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  238.172419][ T5615] Bluetooth: hci0: command tx timeout
[  239.013425][ T5873] kworker/u8:16: attempt to access beyond end of device
[  239.013425][ T5873] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  239.013496][ T5873] CPU: 0 UID: 0 PID: 5873 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  239.013521][ T5873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  239.013536][ T5873] Workqueue: writeback wb_workfn (flush-7:3)
[  239.013577][ T5873] Call Trace:
[  239.013586][ T5873]  <TASK>
[  239.013595][ T5873]  dump_stack_lvl+0xe8/0x150
[  239.013629][ T5873]  f2fs_stop_checkpoint+0x383/0x540
[  239.013672][ T5873]  f2fs_write_end_io+0x1274/0x1740
[  239.013727][ T5873]  __submit_merged_bio+0x256/0x6a0
[  239.013761][ T5873]  __submit_merged_write_cond+0x3c9/0x4e0
[  239.013811][ T5873]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  239.013877][ T5873]  f2fs_write_data_pages+0x287e/0x34f0
[  239.013951][ T5873]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  239.014053][ T5873]  ? __lock_acquire+0x6b5/0x2d10
[  239.014139][ T5873]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  239.014170][ T5873]  do_writepages+0x32e/0x550
[  239.014198][ T5873]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  239.014223][ T5873]  ? reacquire_held_locks+0x104/0x190
[  239.014247][ T5873]  ? rt_spin_lock+0x1e0/0x400
[  239.014285][ T5873]  __writeback_single_inode+0x133/0x10e0
[  239.014313][ T5873]  ? rt_spin_unlock+0x160/0x200
[  239.014342][ T5873]  writeback_sb_inodes+0x97f/0x1980
[  239.014422][ T5873]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  239.014515][ T5873]  ? __pfx_rt_spin_lock+0x10/0x10
[  239.014539][ T5873]  ? rt_spin_unlock+0x14f/0x200
[  239.014578][ T5873]  wb_writeback+0x445/0xb00
[  239.014607][ T5873]  ? queue_io+0x221/0x440
[  239.014639][ T5873]  ? __pfx_wb_writeback+0x10/0x10
[  239.014682][ T5873]  wb_workfn+0x3fd/0xf20
[  239.014711][ T5873]  ? look_up_lock_class+0x57/0x110
[  239.014764][ T5873]  ? __pfx_wb_workfn+0x10/0x10
[  239.014802][ T5873]  ? do_raw_spin_lock+0x12b/0x2f0
[  239.014835][ T5873]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  239.014868][ T5873]  ? process_one_work+0x8b7/0x1710
[  239.014898][ T5873]  ? process_one_work+0x8b7/0x1710
[  239.014941][ T5873]  ? process_one_work+0x8b7/0x1710
[  239.014968][ T5873]  process_one_work+0x9a3/0x1710
[  239.015023][ T5873]  ? __pfx_process_one_work+0x10/0x10
[  239.015056][ T5873]  ? do_raw_spin_lock+0x12b/0x2f0
[  239.015107][ T5873]  worker_thread+0xba8/0x11e0
[  239.015170][ T5873]  kthread+0x388/0x470
[  239.015206][ T5873]  ? __pfx_worker_thread+0x10/0x10
[  239.015231][ T5873]  ? __pfx_kthread+0x10/0x10
[  239.015268][ T5873]  ret_from_fork+0x514/0xb70
[  239.015301][ T5873]  ? __pfx_ret_from_fork+0x10/0x10
[  239.015329][ T5873]  ? __switch_to+0xc79/0x1410
[  239.015357][ T5873]  ? __pfx_kthread+0x10/0x10
[  239.015392][ T5873]  ret_from_fork_asm+0x1a/0x30
[  239.015445][ T5873]  </TASK>
[  239.017304][ T5873] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  239.835846][ T6341] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  240.553475][ T5873] kworker/u8:16: attempt to access beyond end of device
[  240.553475][ T5873] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  240.553544][ T5873] CPU: 1 UID: 0 PID: 5873 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  240.553571][ T5873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  240.553585][ T5873] Workqueue: writeback wb_workfn (flush-7:2)
[  240.553626][ T5873] Call Trace:
[  240.553635][ T5873]  <TASK>
[  240.553645][ T5873]  dump_stack_lvl+0xe8/0x150
[  240.553691][ T5873]  f2fs_stop_checkpoint+0x383/0x540
[  240.553734][ T5873]  f2fs_write_end_io+0x1274/0x1740
[  240.553790][ T5873]  __submit_merged_bio+0x256/0x6a0
[  240.553823][ T5873]  __submit_merged_write_cond+0x3c9/0x4e0
[  240.553872][ T5873]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  240.553939][ T5873]  f2fs_write_data_pages+0x287e/0x34f0
[  240.554012][ T5873]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  240.554057][ T5873]  ? __lock_acquire+0x6b5/0x2d10
[  240.554138][ T5873]  ? __lock_acquire+0x6b5/0x2d10
[  240.554221][ T5873]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  240.554251][ T5873]  do_writepages+0x32e/0x550
[  240.554280][ T5873]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  240.554304][ T5873]  ? reacquire_held_locks+0x104/0x190
[  240.554327][ T5873]  ? rt_spin_lock+0x1e0/0x400
[  240.554369][ T5873]  __writeback_single_inode+0x133/0x10e0
[  240.554397][ T5873]  ? rt_spin_unlock+0x160/0x200
[  240.554426][ T5873]  writeback_sb_inodes+0x97f/0x1980
[  240.554486][ T5873]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  240.554561][ T5873]  ? rcu_is_watching+0x15/0xb0
[  240.554596][ T5873]  wb_writeback+0x445/0xb00
[  240.554624][ T5873]  ? queue_io+0x221/0x440
[  240.554661][ T5873]  ? __pfx_wb_writeback+0x10/0x10
[  240.554706][ T5873]  wb_workfn+0x3fd/0xf20
[  240.554734][ T5873]  ? look_up_lock_class+0x57/0x110
[  240.554787][ T5873]  ? __pfx_wb_workfn+0x10/0x10
[  240.554823][ T5873]  ? __pfx___schedule+0x10/0x10
[  240.554854][ T5873]  ? irqentry_exit+0x218/0x730
[  240.554883][ T5873]  ? trace_irq_disable+0x3b/0x140
[  240.554917][ T5873]  ? process_one_work+0x8b7/0x1710
[  240.554946][ T5873]  ? process_one_work+0x8b7/0x1710
[  240.554978][ T5873]  ? preempt_schedule_thunk+0x16/0x30
[  240.555009][ T5873]  ? process_one_work+0x8b7/0x1710
[  240.555035][ T5873]  process_one_work+0x9a3/0x1710
[  240.555091][ T5873]  ? __pfx_process_one_work+0x10/0x10
[  240.555116][ T5873]  ? do_raw_spin_lock+0x12b/0x2f0
[  240.555167][ T5873]  worker_thread+0xba8/0x11e0
[  240.555230][ T5873]  kthread+0x388/0x470
[  240.555264][ T5873]  ? __pfx_worker_thread+0x10/0x10
[  240.555289][ T5873]  ? __pfx_kthread+0x10/0x10
[  240.555325][ T5873]  ret_from_fork+0x514/0xb70
[  240.555359][ T5873]  ? __pfx_ret_from_fork+0x10/0x10
[  240.555387][ T5873]  ? __switch_to+0xc79/0x1410
[  240.555415][ T5873]  ? __pfx_kthread+0x10/0x10
[  240.555450][ T5873]  ret_from_fork_asm+0x1a/0x30
[  240.555504][ T5873]  </TASK>
[  240.565344][ T5873] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  242.270789][ T6349] loop3: detected capacity change from 0 to 64
[  242.520564][ T5612] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  242.545839][ T5612] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  242.547748][ T5612] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  242.554659][ T5612] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  242.555753][ T5612] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  245.561294][ T5615] Bluetooth: hci2: command tx timeout
[  247.030286][ T6372] loop2: detected capacity change from 0 to 40427
[  247.045745][ T6372] F2FS-fs (loop2): invalid crc value
[  247.151148][ T6372] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  247.179863][ T6372] F2FS-fs (loop2): Start checkpoint disabled!
[  247.196481][ T6372] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  247.198976][ T6372] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  247.736744][ T5615] Bluetooth: hci2: command tx timeout
[  248.000630][ T6379] loop1: detected capacity change from 0 to 40427
[  248.045400][ T6379] F2FS-fs (loop1): invalid crc value
[  248.154377][ T6379] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  248.162869][ T6379] F2FS-fs (loop1): Start checkpoint disabled!
[  248.197151][ T6379] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  248.198819][ T6379] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  249.070648][   T37] audit: type=1800 audit(1777484412.865:10): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.128" name="file1" dev="overlay" ino=299 res=0 errno=0
[  249.343803][  T194] kworker/u8:6: attempt to access beyond end of device
[  249.343803][  T194] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  249.343885][  T194] CPU: 0 UID: 0 PID: 194 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  249.343915][  T194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  249.343933][  T194] Workqueue: writeback wb_workfn (flush-7:1)
[  249.343974][  T194] Call Trace:
[  249.343983][  T194]  <TASK>
[  249.343992][  T194]  dump_stack_lvl+0xe8/0x150
[  249.344029][  T194]  f2fs_stop_checkpoint+0x383/0x540
[  249.344060][  T194]  f2fs_write_end_io+0x1274/0x1740
[  249.344099][  T194]  __submit_merged_bio+0x256/0x6a0
[  249.344122][  T194]  __submit_merged_write_cond+0x3c9/0x4e0
[  249.344164][  T194]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  249.344214][  T194]  f2fs_write_data_pages+0x287e/0x34f0
[  249.344263][  T194]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  249.344294][  T194]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  249.344348][  T194]  ? __lock_acquire+0x6b5/0x2d10
[  249.344405][  T194]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  249.344425][  T194]  do_writepages+0x32e/0x550
[  249.344445][  T194]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  249.344463][  T194]  ? reacquire_held_locks+0x104/0x190
[  249.344479][  T194]  ? rt_spin_lock+0x1e0/0x400
[  249.344505][  T194]  __writeback_single_inode+0x133/0x10e0
[  249.344524][  T194]  ? rt_spin_unlock+0x160/0x200
[  249.344544][  T194]  writeback_sb_inodes+0x97f/0x1980
[  249.344575][  T194]  ? lockdep_hardirqs_on+0x7a/0x110
[  249.344604][  T194]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  249.344654][  T194]  ? rcu_is_watching+0x15/0xb0
[  249.344678][  T194]  wb_writeback+0x445/0xb00
[  249.344697][  T194]  ? queue_io+0x221/0x440
[  249.344718][  T194]  ? __pfx_wb_writeback+0x10/0x10
[  249.344747][  T194]  wb_workfn+0x3fd/0xf20
[  249.344767][  T194]  ? look_up_lock_class+0x57/0x110
[  249.344804][  T194]  ? __pfx_wb_workfn+0x10/0x10
[  249.344829][  T194]  ? do_raw_spin_lock+0x12b/0x2f0
[  249.344852][  T194]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  249.344875][  T194]  ? process_one_work+0x8b7/0x1710
[  249.344897][  T194]  ? process_one_work+0x8b7/0x1710
[  249.344926][  T194]  ? process_one_work+0x8b7/0x1710
[  249.344944][  T194]  process_one_work+0x9a3/0x1710
[  249.344981][  T194]  ? __pfx_process_one_work+0x10/0x10
[  249.344999][  T194]  ? do_raw_spin_lock+0x12b/0x2f0
[  249.345033][  T194]  worker_thread+0xba8/0x11e0
[  249.345076][  T194]  kthread+0x388/0x470
[  249.345100][  T194]  ? __pfx_worker_thread+0x10/0x10
[  249.345118][  T194]  ? __pfx_kthread+0x10/0x10
[  249.345148][  T194]  ret_from_fork+0x514/0xb70
[  249.345172][  T194]  ? __pfx_ret_from_fork+0x10/0x10
[  249.345192][  T194]  ? __switch_to+0xc79/0x1410
[  249.345211][  T194]  ? __pfx_kthread+0x10/0x10
[  249.345236][  T194]  ret_from_fork_asm+0x1a/0x30
[  249.345273][  T194]  </TASK>
[  249.354912][  T194] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  249.770202][ T5615] Bluetooth: hci2: command tx timeout
[  249.776327][ T6234] kworker/u8:20: attempt to access beyond end of device
[  249.776327][ T6234] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  249.776400][ T6234] CPU: 1 UID: 0 PID: 6234 Comm: kworker/u8:20 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  249.776425][ T6234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  249.776439][ T6234] Workqueue: writeback wb_workfn (flush-7:2)
[  249.776480][ T6234] Call Trace:
[  249.776488][ T6234]  <TASK>
[  249.776498][ T6234]  dump_stack_lvl+0xe8/0x150
[  249.776532][ T6234]  f2fs_stop_checkpoint+0x383/0x540
[  249.776578][ T6234]  f2fs_write_end_io+0x1274/0x1740
[  249.776634][ T6234]  __submit_merged_bio+0x256/0x6a0
[  249.776668][ T6234]  __submit_merged_write_cond+0x3c9/0x4e0
[  249.776719][ T6234]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  249.776787][ T6234]  f2fs_write_data_pages+0x287e/0x34f0
[  249.776860][ T6234]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  249.776955][ T6234]  ? __lock_acquire+0x6b5/0x2d10
[  249.777008][ T6234]  ? __lock_acquire+0x6b5/0x2d10
[  249.777070][ T6234]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  249.777101][ T6234]  do_writepages+0x32e/0x550
[  249.777129][ T6234]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  249.777162][ T6234]  ? reacquire_held_locks+0x104/0x190
[  249.777189][ T6234]  ? rt_spin_lock+0x1e0/0x400
[  249.777227][ T6234]  __writeback_single_inode+0x133/0x10e0
[  249.777255][ T6234]  ? rt_spin_unlock+0x160/0x200
[  249.777285][ T6234]  writeback_sb_inodes+0x97f/0x1980
[  249.777332][ T6234]  ? lockdep_hardirqs_on+0x7a/0x110
[  249.777374][ T6234]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  249.777449][ T6234]  ? rcu_is_watching+0x15/0xb0
[  249.777485][ T6234]  wb_writeback+0x445/0xb00
[  249.777514][ T6234]  ? queue_io+0x221/0x440
[  249.777546][ T6234]  ? __pfx_wb_writeback+0x10/0x10
[  249.777590][ T6234]  wb_workfn+0x3fd/0xf20
[  249.777619][ T6234]  ? look_up_lock_class+0x57/0x110
[  249.777670][ T6234]  ? __pfx_wb_workfn+0x10/0x10
[  249.777703][ T6234]  ? do_raw_spin_lock+0x12b/0x2f0
[  249.777735][ T6234]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  249.777768][ T6234]  ? process_one_work+0x8b7/0x1710
[  249.777798][ T6234]  ? process_one_work+0x8b7/0x1710
[  249.777841][ T6234]  ? process_one_work+0x8b7/0x1710
[  249.777866][ T6234]  process_one_work+0x9a3/0x1710
[  249.777922][ T6234]  ? __pfx_process_one_work+0x10/0x10
[  249.777947][ T6234]  ? do_raw_spin_lock+0x12b/0x2f0
[  249.777997][ T6234]  worker_thread+0xba8/0x11e0
[  249.778034][ T6234]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  249.778069][ T6234]  ? __kthread_parkme+0x7a/0x1f0
[  249.778099][ T6234]  ? __kthread_parkme+0x19c/0x1f0
[  249.778139][ T6234]  kthread+0x388/0x470
[  249.778179][ T6234]  ? __pfx_worker_thread+0x10/0x10
[  249.778205][ T6234]  ? __pfx_kthread+0x10/0x10
[  249.778240][ T6234]  ret_from_fork+0x514/0xb70
[  249.778273][ T6234]  ? __pfx_ret_from_fork+0x10/0x10
[  249.778302][ T6234]  ? __switch_to+0xc79/0x1410
[  249.778330][ T6234]  ? __pfx_kthread+0x10/0x10
[  249.778366][ T6234]  ret_from_fork_asm+0x1a/0x30
[  249.778420][ T6234]  </TASK>
[  249.883827][ T6234] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  250.137466][ T6386] loop3: detected capacity change from 0 to 64
[  251.840467][ T6390] loop3: detected capacity change from 0 to 64
[  251.850330][ T5615] Bluetooth: hci2: command tx timeout
[  252.418415][ T6392] loop1: detected capacity change from 0 to 40427
[  253.345155][ T6392] F2FS-fs (loop1): invalid crc value
[  253.465016][ T6392] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  253.473267][ T6392] F2FS-fs (loop1): Start checkpoint disabled!
[  253.540672][ T6392] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  253.549616][ T6392] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  256.140208][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  256.168709][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  256.280844][ T6234] kworker/u8:20: attempt to access beyond end of device
[  256.280844][ T6234] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  256.280929][ T6234] CPU: 1 UID: 0 PID: 6234 Comm: kworker/u8:20 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  256.280947][ T6234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  256.280957][ T6234] Workqueue: writeback wb_workfn (flush-7:1)
[  256.280988][ T6234] Call Trace:
[  256.280994][ T6234]  <TASK>
[  256.281001][ T6234]  dump_stack_lvl+0xe8/0x150
[  256.281025][ T6234]  f2fs_stop_checkpoint+0x383/0x540
[  256.281056][ T6234]  f2fs_write_end_io+0x1274/0x1740
[  256.281095][ T6234]  __submit_merged_bio+0x256/0x6a0
[  256.281117][ T6234]  __submit_merged_write_cond+0x3c9/0x4e0
[  256.281152][ T6234]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  256.281199][ T6234]  f2fs_write_data_pages+0x287e/0x34f0
[  256.281249][ T6234]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  256.281280][ T6234]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  256.281334][ T6234]  ? __lock_acquire+0x6b5/0x2d10
[  256.281372][ T6234]  ? __lock_acquire+0x6b5/0x2d10
[  256.281414][ T6234]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  256.281434][ T6234]  do_writepages+0x32e/0x550
[  256.281454][ T6234]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  256.281472][ T6234]  ? reacquire_held_locks+0x104/0x190
[  256.281488][ T6234]  ? rt_spin_lock+0x1e0/0x400
[  256.281514][ T6234]  __writeback_single_inode+0x133/0x10e0
[  256.281541][ T6234]  ? rt_spin_unlock+0x160/0x200
[  256.281561][ T6234]  writeback_sb_inodes+0x97f/0x1980
[  256.281592][ T6234]  ? lockdep_hardirqs_on+0x7a/0x110
[  256.281623][ T6234]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  256.281673][ T6234]  ? rcu_is_watching+0x15/0xb0
[  256.281697][ T6234]  wb_writeback+0x445/0xb00
[  256.281716][ T6234]  ? queue_io+0x221/0x440
[  256.281738][ T6234]  ? __pfx_wb_writeback+0x10/0x10
[  256.281767][ T6234]  wb_workfn+0x3fd/0xf20
[  256.281787][ T6234]  ? look_up_lock_class+0x57/0x110
[  256.281824][ T6234]  ? __pfx_wb_workfn+0x10/0x10
[  256.281849][ T6234]  ? do_raw_spin_lock+0x12b/0x2f0
[  256.281872][ T6234]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  256.281895][ T6234]  ? process_one_work+0x8b7/0x1710
[  256.281916][ T6234]  ? process_one_work+0x8b7/0x1710
[  256.281945][ T6234]  ? process_one_work+0x8b7/0x1710
[  256.281962][ T6234]  process_one_work+0x9a3/0x1710
[  256.282000][ T6234]  ? __pfx_process_one_work+0x10/0x10
[  256.282017][ T6234]  ? do_raw_spin_lock+0x12b/0x2f0
[  256.282052][ T6234]  worker_thread+0xba8/0x11e0
[  256.282080][ T6234]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  256.282104][ T6234]  ? __kthread_parkme+0x7a/0x1f0
[  256.282125][ T6234]  ? __kthread_parkme+0x19c/0x1f0
[  256.282152][ T6234]  kthread+0x388/0x470
[  256.282176][ T6234]  ? __pfx_worker_thread+0x10/0x10
[  256.282194][ T6234]  ? __pfx_kthread+0x10/0x10
[  256.282219][ T6234]  ret_from_fork+0x514/0xb70
[  256.282242][ T6234]  ? __pfx_ret_from_fork+0x10/0x10
[  256.282262][ T6234]  ? __switch_to+0xc79/0x1410
[  256.282282][ T6234]  ? __pfx_kthread+0x10/0x10
[  256.282307][ T6234]  ret_from_fork_asm+0x1a/0x30
[  256.282345][ T6234]  </TASK>
[  256.282353][ T6234] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  257.007094][ T6411] loop2: detected capacity change from 0 to 64
[  258.668128][ T6422] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  259.292066][ T6426] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  260.256339][ T6429] loop3: detected capacity change from 0 to 64
[  263.843181][ T6439] ptrace attach of "./syz-executor exec"[6440] was attempted by "./syz-executor exec"[6439]
[  267.489971][   T37] audit: type=1800 audit(1777484431.275:11): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.144" name="file1" dev="overlay" ino=218 res=0 errno=0
[  267.649341][ T6449] loop3: detected capacity change from 0 to 64
[  270.350276][ T6461] loop1: detected capacity change from 0 to 64
[  273.526769][ T6465] syz.3.148 (6465) used greatest stack depth: 17912 bytes left
[  275.790844][   T38] INFO: task kworker/u8:11:1458 blocked for more than 143 seconds.
[  275.790940][   T38]       Not tainted syzkaller #0
[  275.791027][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  275.791113][   T38] task:kworker/u8:11   state:D stack:21952 pid:1458  tgid:1458  ppid:2      task_flags:0x4208060 flags:0x00080000
[  275.791630][   T38] Workqueue: ipv6_addrconf addrconf_dad_work
[  275.791812][   T38] Call Trace:
[  275.791896][   T38]  <TASK>
[  275.792041][   T38]  __schedule+0x169e/0x54f0
[  275.792543][   T38]  ? __pfx___schedule+0x10/0x10
[  275.792874][   T38]  rt_mutex_schedule+0x76/0xf0
[  275.792976][   T38]  rt_mutex_slowlock_block+0x508/0x680
[  275.793310][   T38]  rt_mutex_slowlock+0x2dc/0x780
[  275.793528][   T38]  ? rt_mutex_slowlock+0x1fd/0x780
[  275.793687][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  275.793789][   T38]  ? __rtnl_unlock+0xc8/0xf0
[  275.794846][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  275.795007][   T38]  ? addrconf_dad_work+0x124/0x1680
[  275.795104][   T38]  mutex_lock_nested+0x168/0x1d0
[  275.795195][   T38]  ? addrconf_dad_work+0x124/0x1680
[  275.795349][   T38]  addrconf_dad_work+0x124/0x1680
[  275.795633][   T38]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  275.795797][   T38]  ? __pfx_addrconf_dad_work+0x10/0x10
[  275.795896][   T38]  ? process_one_work+0x8b7/0x1710
[  275.796160][   T38]  ? process_one_work+0x8b7/0x1710
[  275.796252][   T38]  process_one_work+0x9a3/0x1710
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  275.796570][   T38]  ? __pfx_process_one_work+0x10/0x10
[  275.796719][   T38]  ? move_linked_works+0x238/0x250
[  275.797010][   T38]  worker_thread+0xba8/0x11e0
[  275.797217][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  275.797367][   T38]  ? __kthread_parkme+0x7a/0x1f0
[  275.797463][   T38]  ? __kthread_parkme+0x19c/0x1f0
[  275.797760][   T38]  kthread+0x388/0x470
[  275.797861][   T38]  ? __pfx_worker_thread+0x10/0x10
[  275.797969][   T38]  ? __pfx_kthread+0x10/0x10
[  275.798120][   T38]  ret_from_fork+0x514/0xb70
[  275.798271][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  275.798366][   T38]  ? __switch_to+0xc79/0x1410
[  275.798813][   T38]  ? __pfx_kthread+0x10/0x10
[  275.798917][   T38]  ret_from_fork_asm+0x1a/0x30
[  275.799360][   T38]  </TASK>
[  276.303589][   T38] INFO: task kworker/1:3:5677 blocked for more than 143 seconds.
[  276.303615][   T38]       Not tainted syzkaller #0
[  276.303628][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  276.303637][   T38] task:kworker/1:3     state:D stack:21336 pid:5677  tgid:5677  ppid:2      task_flags:0x4208060 flags:0x00080000
[  276.303698][   T38] Workqueue: events netdev_rx_mode_work
[  276.303738][   T38] Call Trace:
[  276.303746][   T38]  <TASK>
[  276.303760][   T38]  __schedule+0x169e/0x54f0
[  276.303803][   T38]  ? wakeup_preempt_fair+0x7a4/0xb60
[  276.303846][   T38]  ? __pfx___schedule+0x10/0x10
[  276.303895][   T38]  rt_mutex_schedule+0x76/0xf0
[  276.303915][   T38]  rt_mutex_slowlock_block+0x508/0x680
[  276.303949][   T38]  rt_mutex_slowlock+0x2dc/0x780
[  276.303971][   T38]  ? rt_mutex_slowlock+0x1fd/0x780
[  276.303990][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  276.304018][   T38]  ? netdev_rx_mode_work+0x1c/0x460
[  276.304047][   T38]  ? process_one_work+0x8b7/0x1710
[  276.304074][   T38]  ? netdev_rx_mode_work+0x1c/0x460
[  276.304098][   T38]  mutex_lock_nested+0x168/0x1d0
[  276.304120][   T38]  ? process_one_work+0x8b7/0x1710
[  276.304141][   T38]  netdev_rx_mode_work+0x1c/0x460
[  276.304170][   T38]  ? process_one_work+0x8b7/0x1710
[  276.304190][   T38]  process_one_work+0x9a3/0x1710
[  276.304230][   T38]  ? __pfx_process_one_work+0x10/0x10
[  276.304251][   T38]  ? do_raw_spin_lock+0x12b/0x2f0
[  276.304288][   T38]  worker_thread+0xba8/0x11e0
[  276.304317][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  276.304344][   T38]  ? __kthread_parkme+0x7a/0x1f0
[  276.304368][   T38]  ? __kthread_parkme+0x19c/0x1f0
[  276.304398][   T38]  kthread+0x388/0x470
[  276.304424][   T38]  ? __pfx_worker_thread+0x10/0x10
[  276.304443][   T38]  ? __pfx_kthread+0x10/0x10
[  276.304470][   T38]  ret_from_fork+0x514/0xb70
[  276.304497][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  276.304518][   T38]  ? __switch_to+0xc79/0x1410
[  276.304540][   T38]  ? __pfx_kthread+0x10/0x10
[  276.304567][   T38]  ret_from_fork_asm+0x1a/0x30
[  276.304606][   T38]  </TASK>
[  276.316367][   T38] INFO: task kworker/1:5:5741 blocked for more than 143 seconds.
[  276.316434][   T38]       Not tainted syzkaller #0
[  276.316468][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  276.316499][   T38] task:kworker/1:5     state:D stack:22144 pid:5741  tgid:5741  ppid:2      task_flags:0x4208060 flags:0x00080000
[  276.316758][   T38] Workqueue: events_power_efficient crda_timeout_work
[  276.316844][   T38] Call Trace:
[  276.316866][   T38]  <TASK>
[  276.316894][   T38]  __schedule+0x169e/0x54f0
[  276.317070][   T38]  ? preempt_schedule_common+0x82/0xd0
[  276.317191][   T38]  ? __pfx___schedule+0x10/0x10
[  276.317310][   T38]  rt_mutex_schedule+0x76/0xf0
[  276.317397][   T38]  rt_mutex_slowlock_block+0x508/0x680
[  276.317515][   T38]  rt_mutex_slowlock+0x2dc/0x780
[  276.317584][   T38]  ? rt_mutex_slowlock+0x1fd/0x780
[  276.317670][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  276.317760][   T38]  ? crda_timeout_work+0x16/0x80
[  276.321343][   T38]  ? process_one_work+0x8b7/0x1710
[  276.321440][   T38]  ? crda_timeout_work+0x16/0x80
[  276.321551][   T38]  ? crda_timeout_work+0x16/0x80
[  276.321649][   T38]  mutex_lock_nested+0x168/0x1d0
[  276.321677][   T38]  ? process_one_work+0x8b7/0x1710
[  276.321765][   T38]  crda_timeout_work+0x16/0x80
[  276.321868][   T38]  process_one_work+0x9a3/0x1710
[  276.321993][   T38]  ? __pfx_process_one_work+0x10/0x10
[  276.322059][   T38]  ? do_raw_spin_lock+0x12b/0x2f0
[  276.322181][   T38]  worker_thread+0xba8/0x11e0
[  276.322279][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  276.322367][   T38]  ? __kthread_parkme+0x7a/0x1f0
[  276.322445][   T38]  ? __kthread_parkme+0x19c/0x1f0
[  276.322543][   T38]  kthread+0x388/0x470
[  276.322632][   T38]  ? __pfx_worker_thread+0x10/0x10
[  276.322698][   T38]  ? __pfx_kthread+0x10/0x10
[  276.322787][   T38]  ret_from_fork+0x514/0xb70
[  276.327743][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  276.327848][   T38]  ? __switch_to+0xc79/0x1410
[  276.327910][   T38]  ? __pfx_kthread+0x10/0x10
[  276.328015][   T38]  ret_from_fork_asm+0x1a/0x30
[  276.328178][   T38]  </TASK>
[  276.328240][   T38] 
[  276.328240][   T38] Showing all locks held in the system:
[  276.328265][   T38] 4 locks held by pr/legacy/17:
[  276.328299][   T38]  #0: ffffffff8dfba460 (console_lock){+.+.}-{0:0}, at: legacy_kthread_func+0x1a3/0x250
[  276.328476][   T38]  #1: ffffffff8dea1d58 (console_srcu){....}-{0:0}, at: console_flush_one_record+0xfa/0xb90
[  276.328649][   T38]  #2: ffffffff99b638b8 (&port_lock_key){+.+.}-{3:3}, at: serial8250_console_write+0x179/0x1b90
[  276.328805][   T38]  #3: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[  276.328962][   T38] 4 locks held by kworker/1:0/32:
[  276.328995][   T38]  #0: ffff88813fe43938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.329139][   T38]  #1: ffffc90000a6fc40 (reg_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.334317][   T38]  #2: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0xa80
[  276.334461][   T38]  #3: ffff888061e908b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0x8d/0x170
[  276.334649][   T38] 1 lock held by khungtaskd/38:
[  276.334682][   T38]  #0: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  276.334806][   T38] 8 locks held by kworker/u8:5/69:
[  276.334833][   T38]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.334972][   T38]  #1: ffffc9000154fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.335157][   T38]  #2: ffff8880602be310 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0
[  276.335290][   T38]  #3: ffff88806030e920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0
[  276.335454][   T38]  #4: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[  276.335597][   T38]  #5: ffffffff8de5f340 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  276.337435][   T38]  #6: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  276.337589][   T38]  #7: ffff8880b8638f78 ((bh_lock)){+...}-{3:3}, at: napi_skb_cache_get+0xbf/0x410
[  276.337772][   T38] 3 locks held by kworker/u8:8/1027:
[  276.337812][   T38]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.337960][   T38]  #1: ffffc90005b3fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.338105][   T38]  #2: ffff8880632a08b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460
[  276.338272][   T38] 5 locks held by kworker/u8:10/1445:
[  276.338305][   T38]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.338469][   T38]  #1: ffffc900068ffc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.338543][   T38]  #2: ffff888061e908b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460
[  276.338756][   T38]  #3: ffffffff8de5f340 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  276.344941][   T38]  #4: ffff8880b86246c8 (psi_seq){-...}-{0:0}, at: psi_task_switch+0x53/0x880
[  276.345101][   T38] 3 locks held by kworker/u8:11/1458:
[  276.345121][   T38]  #0: ffff888032859138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.345301][   T38]  #1: ffffc9000689fc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.345455][   T38]  #2: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680
[  276.345621][   T38] 3 locks held by kworker/u8:12/1509:
[  276.345654][   T38]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.345806][   T38]  #1: ffffc90006affc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.345945][   T38]  #2: ffff8880617908b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460
[  276.346158][   T38] 2 locks held by getty/5361:
[  276.346191][   T38]  #0: ffff88803660b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  276.346296][   T38]  #1: ffffc90003cb62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0
[  276.348131][   T38] 1 lock held by syz-executor/5603:
[  276.348172][   T38]  #0: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  276.348331][   T38] 3 locks held by kworker/1:3/5677:
[  276.348380][   T38]  #0: ffff88813fe43938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.348525][   T38]  #1: ffffc90004fdfc40 (rx_mode_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.348678][   T38]  #2: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: netdev_rx_mode_work+0x1c/0x460
[  276.348820][   T38] 3 locks held by kworker/1:4/5740:
[  276.348833][   T38]  #0: ffff88813fe42538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.349016][   T38]  #1: ffffc9000570fc40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.349167][   T38]  #2: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xab/0x1090
[  276.349287][   T38] 3 locks held by kworker/1:5/5741:
[  276.349319][   T38]  #0: ffff88813fe42538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.349464][   T38]  #1: ffffc9000571fc40 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.367209][   T38]  #2: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x16/0x80
[  276.367400][   T38] 3 locks held by kworker/1:7/5805:
[  276.367435][   T38]  #0: ffff88813fe42538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.367590][   T38]  #1: ffffc900058c7c40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.367766][   T38]  #2: ffffffff8eab2a38 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: wg_ratelimiter_gc_entries+0x5d/0x480
[  276.367926][   T38] 3 locks held by kworker/u8:17/5947:
[  276.367959][   T38]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.375064][   T38]  #1: ffffc90005e8fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.375200][   T38]  #2: ffff88804e9308b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460
[  276.375360][   T38] 1 lock held by syz.4.35/5953:
[  276.375373][   T38]  #0: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  276.385376][   T38] 1 lock held by syz-executor/6062:
[  276.385422][   T38]  #0: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  276.385621][   T38] 10 locks held by kworker/1:10/6076:
[  276.385654][   T38]  #0: ffff888036c56538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.385801][   T38]  #1: ffffc900061ffc40 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.385958][   T38]  #2: ffffffff8de5f340 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  276.386080][   T38]  #3: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  276.386235][   T38]  #4: ffff888060627780 (&peer->endpoint_lock){++..}-{3:3}, at: wg_socket_send_skb_to_peer+0x6e/0x200
[  276.386404][   T38]  #5: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x277/0x4b0
[  276.386548][   T38]  #6: ffffffff8de5f340 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  276.386702][   T38]  #7: ffffffff8dfc8220 (rcu_read_lock_bh){....}-{1:3}, at: send6+0x255/0x910
[  276.386859][   T38]  #8: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550
[  276.387011][   T38]  #9: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xa1/0x3a0
[  276.400601][   T38] 1 lock held by syz-executor/6093:
[  276.400638][   T38]  #0: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  276.400768][   T38] 1 lock held by syz-executor/6287:
[  276.400822][   T38]  #0: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  276.400999][   T38] 3 locks held by kworker/u8:21/6325:
[  276.401032][   T38]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  276.401178][   T38]  #1: ffffc9000430fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  276.401283][   T38]  #2: ffff8880636508b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460
[  276.401436][   T38] 1 lock held by syz-executor/6350:
[  276.401469][   T38]  #0: ffffffff8f36edb8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  276.401624][   T38] 2 locks held by syz.2.149/6479:
[  276.401650][   T38]  #0: ffff888034c24480 (sb_writers#5){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160
[  276.401815][   T38]  #1: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[  276.401968][   T38] 1 lock held by syz.1.152/6477:
[  276.402033][   T38]  #0: ffff8880402b6bb0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x237/0x4f0
[  276.428279][   T38] 2 locks held by syz.1.152/6480:
[  276.428326][   T38]  #0: ffff88806b9dac20 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x283/0xfe0
[  276.428533][   T38]  #1: ffff888060db57a0 (&kvm->arch.nx_once){+.+.}-{4:4}, at: kvm_mmu_post_init_vm+0x8f/0x2d0
[  276.428657][   T38] 2 locks held by syz.1.152/6482:
[  276.428690][   T38]  #0: ffff888060db40e8 (&kvm->slots_lock){+.+.}-{4:4}, at: kvm_vm_ioctl_set_memory_region+0x5e/0xb0
[  276.428859][   T38]  #1: ffff888060db4168 (&kvm->slots_arch_lock){+.+.}-{4:4}, at: kvm_set_memslot+0x3b/0x1220
[  276.428990][   T38] 
[  276.428995][   T38] =============================================
[  276.428995][   T38] 
[  276.429034][   T38] NMI backtrace for cpu 0
[  276.429093][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  276.429172][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  276.429213][   T38] Call Trace:
[  276.429235][   T38]  <TASK>
[  276.429258][   T38]  dump_stack_lvl+0xe8/0x150
[  276.429337][   T38]  nmi_cpu_backtrace+0x274/0x2d0
[  276.429404][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  276.429483][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  276.429560][   T38]  sys_info+0x135/0x170
[  276.429613][   T38]  watchdog+0xfd3/0x1030
[  276.429712][   T38]  ? watchdog+0x1c9/0x1030
[  276.429782][   T38]  kthread+0x388/0x470
[  276.429815][   T38]  ? __pfx_watchdog+0x10/0x10
[  276.429846][   T38]  ? __pfx_kthread+0x10/0x10
[  276.429915][   T38]  ret_from_fork+0x514/0xb70
[  276.429996][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  276.430078][   T38]  ? __switch_to+0xc79/0x1410
[  276.430144][   T38]  ? __pfx_kthread+0x10/0x10
[  276.430226][   T38]  ret_from_fork_asm+0x1a/0x30
[  276.430339][   T38]  </TASK>
[  276.430501][   T38] Sending NMI from CPU 0 to CPUs 1:
[  276.430540][    C1] NMI backtrace for cpu 1
[  276.430555][    C1] CPU: 1 UID: 0 PID: 17 Comm: pr/legacy Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  276.430576][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  276.430593][    C1] RIP: 0010:io_serial_in+0x77/0xc0
[  276.430622][    C1] Code: e8 be ed 86 fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 7f 76 f0 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
[  276.430637][    C1] RSP: 0018:ffffc900001679d0 EFLAGS: 00000202
[  276.430652][    C1] RAX: 1ffffffff336c700 RBX: 00000000000003fd RCX: 0000000000000000
[  276.430665][    C1] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000
[  276.430676][    C1] RBP: ffffffff99b63b70 R08: 0000000000000000 R09: 0000000000000000
[  276.430687][    C1] R10: dffffc0000000000 R11: ffffffff853da870 R12: dffffc0000000000
[  276.430705][    C1] R13: 0000000000000000 R14: ffffffff99b638e0 R15: 0000000000000000
[  276.430717][    C1] FS:  0000000000000000(0000) GS:ffff88812602d000(0000) knlGS:0000000000000000
[  276.430732][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  276.430744][    C1] CR2: 0000001b3330dff8 CR3: 000000002ae5c000 CR4: 00000000003526f0
[  276.430761][    C1] Call Trace:
[  276.430767][    C1]  <TASK>
[  276.430775][    C1]  wait_for_lsr+0x1aa/0x2f0
[  276.430803][    C1]  serial8250_console_write+0x1391/0x1b90
[  276.430837][    C1]  ? __pfx_serial8250_console_write+0x10/0x10
[  276.430862][    C1]  ? console_flush_one_record+0xfa/0xb90
[  276.430891][    C1]  ? console_flush_one_record+0x48f/0xb90
[  276.430919][    C1]  console_flush_one_record+0x68b/0xb90
[  276.430949][    C1]  ? console_flush_one_record+0xfa/0xb90
[  276.430976][    C1]  ? __pfx_console_flush_one_record+0x10/0x10
[  276.431003][    C1]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  276.431032][    C1]  legacy_kthread_func+0x1b6/0x250
[  276.431059][    C1]  ? __pfx_legacy_kthread_func+0x10/0x10
[  276.431084][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[  276.431118][    C1]  ? __kthread_parkme+0x7a/0x1f0
[  276.431145][    C1]  kthread+0x388/0x470
[  276.431171][    C1]  ? __pfx_legacy_kthread_func+0x10/0x10
[  276.431194][    C1]  ? __pfx_kthread+0x10/0x10
[  276.431220][    C1]  ret_from_fork+0x514/0xb70
[  276.431244][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  276.431265][    C1]  ? __switch_to+0xc79/0x1410
[  276.431284][    C1]  ? __pfx_kthread+0x10/0x10
[  276.431311][    C1]  ret_from_fork_asm+0x1a/0x30
[  276.431343][    C1]  </TASK>
[  276.457658][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  276.457693][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  276.457719][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  276.457733][   T38] Call Trace:
[  276.457741][   T38]  <TASK>
[  276.457751][   T38]  vpanic+0x56c/0xa60
[  276.457791][   T38]  ? __pfx___schedule+0x10/0x10
[  276.457823][   T38]  ? __pfx_vpanic+0x10/0x10
[  276.457871][   T38]  panic+0xc5/0xd0
[  276.457900][   T38]  ? __pfx_panic+0x10/0x10
[  276.457933][   T38]  ? preempt_schedule_thunk+0x16/0x30
[  276.457962][   T38]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  276.457991][   T38]  watchdog+0x102c/0x1030
[  276.458028][   T38]  ? watchdog+0x1c9/0x1030
[  276.458061][   T38]  kthread+0x388/0x470
[  276.458096][   T38]  ? __pfx_watchdog+0x10/0x10
[  276.458122][   T38]  ? __pfx_kthread+0x10/0x10
[  276.458156][   T38]  ret_from_fork+0x514/0xb70
[  276.458188][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  276.458220][   T38]  ? __switch_to+0xc79/0x1410
[  276.458247][   T38]  ? __pfx_kthread+0x10/0x10
[  276.458283][   T38]  ret_from_fork_asm+0x1a/0x30
[  276.458330][   T38]  </TASK>
[  276.458944][   T38] Kernel Offset: disabled