last executing test programs:

16m24.314044636s ago: executing program 1 (id=2):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0xf5ff, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)

16m22.11205438s ago: executing program 1 (id=18):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x1e94c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r3 = io_uring_setup(0xa71, &(0x7f0000000240)={0x0, 0x86a1, 0x1, 0x3, 0x276})
r4 = socket$kcm(0x29, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r6 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r6, &(0x7f0000000200)={&(0x7f0000000240)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x2404c851)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r6, r5})
close_range(r3, 0xffffffffffffffff, 0x0)

16m20.642414123s ago: executing program 1 (id=19):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x28, 0x2, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x12}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x3, 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000809}, 0x4000010)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

16m14.089569037s ago: executing program 1 (id=29):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x1b, &(0x7f0000000240)={@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x20)

16m11.741699322s ago: executing program 1 (id=30):
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_open_procfs$userns(0x0, &(0x7f0000000300))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x41, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f22e0", 0xffffffffffffff8b}], 0x1, 0x50, 0x0, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pipe(&(0x7f0000000240))
ioctl$KVM_RUN(r4, 0xae80, 0x0)

15m54.455844533s ago: executing program 32 (id=30):
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_open_procfs$userns(0x0, &(0x7f0000000300))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x41, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f22e0", 0xffffffffffffff8b}], 0x1, 0x50, 0x0, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pipe(&(0x7f0000000240))
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13m55.992463751s ago: executing program 2 (id=173):
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x30008c1, &(0x7f0000000280)=ANY=[], 0x11, 0x2f5, &(0x7f0000000340)="$eJzs3ctu00ocx/HfOEmbc1ql7mmPkFgWVYIN4rJBSCgSyoonYFUBTSpVREVAEZdVQawQgj07FrwCD8EGxAuwY8UDlJXRjO04vuVScqH0+5FaOY5n/J+MM/7/QWABOLGut759uPzd/hipoor06qrkSapLVUn/61T90d7+7n630x7UUcW1sD9GYUuTO2Z7r1PU1LZzLSK+fVXVcv++0NLRBolSQZD7kHECuW9/AU9a1ELyuj7DmEbx/IjtDiYcx7xdy+4Y8rU2hzrUEzWmGBIA4BiI7v9emMlrOcrfPU/ajG77Lj+I7v8Lcw73tx3OO4CpCwa+23f/d5lCYOz8rri3knrPlXD2fS+uEkc5cy3z2l0sXibBNMOqSheLF6zsdjvnt+91255eqBnpO2zd/W6Hl25sSLQbBbXpACOM3RRnlK5e9Wo7u93OpTD+x5JS8a+Nc8atccIuC/WT+WK2jK93avfyv2pg7DS5mfIzMxXGf6G8RzvKmm+PUrRsNJtNL3XIqjvJ6fTCkR9lalrqxRWJ4itqNZPk+sPidK3+y7QKR3dxSKu1VKt/4jmN+yhptZ5qZUezE1/N5eebNvPG3DQb+qGPavXl/56Nb1MDv5nx9CSDcp94OJ6SW0LV9enb6UytC/mvS+9TXCwL/Wd2TbvxPhi8zKHMa93RFTUePn12t9Ltdh7YjdsFG/eXe3tqL6XCY2az0Sh7SwfJnkUFTq55fPFNP1SjeM+5ifZs14+hB9v8bJyex/tYFqTG/C6AP2ej9XkWF9LEN+wSPfLBc1ybMDPJpM87EsyJzbtMWP8l9Uo1TPbsL7+wGsn+RUBBDqykAgpsjt2r4JK2QZiRS/p3QAWXTwiXyiu4fM2VqxldzXXmbLrfvjMW9e1Hcf4lTEtfdYs//wcAAAAAAAAAAAAAAAAAADhuZvFvD+Jz8T/NAAAAAAAAAAAAAAAAAAAAAABwNL3n/yp+/q9Ge/5v9rkrk3z+79s9FT//F8Ak/QoAAP//6Yl2nA==")
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0)
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000000700)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000440)={@flat=@weak_handle, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x1}}, 0x0}}], 0x0, 0x0, 0x0})

13m49.349371305s ago: executing program 2 (id=180):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000cc0)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000001d040000000000007f000000000000005504000001ed0a002500000017ff2000dd40000000000000730a00fe000000001f04000000000000e5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800d9b3a69b37caa964e4b7000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325a904514d8e90131bfc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f49e4dcc1b7af0b51b9cafeda067b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
timer_create(0x2, &(0x7f0000000140)={0x0, 0x20, 0x4}, &(0x7f00000000c0)=<r1=>0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_usb_connect(0x0, 0x51, &(0x7f0000000640)={{0x12, 0x1, 0x110, 0x73, 0xd6, 0x1e, 0x8, 0x1199, 0x218, 0x9a82, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3f, 0x1, 0xff, 0x5, 0x20, 0x3c, "", [{{0x9, 0x4, 0x6a, 0xf, 0x5, 0xef, 0x9b, 0xe4, 0x7f, [], [{{0x9, 0x5, 0xd, 0x3, 0x3ff, 0x5, 0x6, 0x9}}, {{0x9, 0x5, 0xe, 0x4, 0x400, 0x7f, 0x3, 0x1}}, {{0x9, 0x5, 0x6, 0x10, 0x200, 0x2, 0x8, 0x4}}, {{0x9, 0x5, 0x3, 0x10, 0x20, 0x9, 0x1, 0x1}}, {{0x9, 0x5, 0x7, 0xc, 0x400, 0x49, 0x84, 0xff}}]}}]}}]}}, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000, 0x0, 0x4000000000000000})
timer_settime(r1, 0x1, 0x0, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/meminfo\x00', 0x0, 0x0)
ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x3f096)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r6, 0x80487436, &(0x7f0000000540))
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r3, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, r5, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xb1, 0x6e}}}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x1}, @NL80211_MESHCONF_AUTO_OPEN_PLINKS={0x5, 0x7, 0xe6}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0x79}, @NL80211_MESHCONF_AUTO_OPEN_PLINKS={0x5, 0x7, 0x3}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0xa5}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x810}, 0x4008015)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

13m44.229535061s ago: executing program 2 (id=187):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
read$FUSE(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000080)=<r5=>0xffffffffffffffff)
ioctl$MEDIA_REQUEST_IOC_QUEUE(r5, 0x7c80, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r7, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @loopback, 0x4}, 0x1c)
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./bus\x00', 0xa00004, &(0x7f0000000500)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@utf8}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'cp866'}}, {@mode={'mode', 0x3d, 0x8}}, {}, {@adinicb}, {@gid_forget}, {@uid_forget}, {@umask}, {@anchor={'anchor', 0x3d, 0x907}}]}, 0x1, 0xc4d, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=")

13m40.443095476s ago: executing program 2 (id=189):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x12)
madvise(&(0x7f0000213000/0x4000)=nil, 0x4000, 0x1)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x40045731, &(0x7f0000000300))
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b36, &(0x7f0000000000)={'wlan0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000040)}, 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
connect$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)

13m37.855815717s ago: executing program 2 (id=193):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380))
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$unix(0x1, 0x1, 0x0)
pipe(&(0x7f00000001c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000800000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4dd4f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69c584146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c032e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69239500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb477ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad750f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181070000005e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8504000000000000004fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3d99e3568c51cd1eab8a26b232ac46bf0ab829c262fb637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d89f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf96283447366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce56902007f5d6a6270ff0f0f4c371029ca8489571b55841b06de003bc81460fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef0a96e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246bae0d0b04bec8e30b6772b8950f32e87beda060f9af2a0ccd4a8eab8e395ee3628eb976b7fff835e6c1bdc4a6e00acd0fe63ba8425b21845db903b38c80148e6aa497dbf0e2baf938d3ecbd433527602d89f10aca419ff54e47354194f75e343d4c75227448530b0d8d59b9f94a3fa0ca9210177926c58ef46dcd09e79c343d35aa954d12f89410c47ac29c881f8a6bda8dd40df0d1e5881338d2c5a01bf1ee6b28169fef18df13c759e767d3442ae6598106496f42b73074bb804e8763915c3e04400ad44e9f3130e904062d204d385c026722a094255db1572d66e7a4917bba2a0f6a1a574"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010001d0025bd7000fadbdf2500000000", @ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r0], 0x44}}, 0x8000)

13m35.919165881s ago: executing program 2 (id=196):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x200488c0}, 0x4048801)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket(0x2b, 0xa, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x181880, 0x0)
ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080))
sendmmsg(r1, &(0x7f0000005b00)=[{{0x0, 0x0, &(0x7f0000004280)=[{&(0x7f0000003fc0)='q', 0x1}], 0x1}}], 0x1, 0x20001000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r5)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000580)=<r7=>0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000140)={r3})
splice(0xffffffffffffffff, &(0x7f0000000180)=0x7, 0xffffffffffffffff, &(0x7f00000001c0)=0x8000093f, 0x0, 0x0)
sendmsg$NFC_CMD_SE_IO(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={0x2c, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_APDU={0x5, 0x19, "d8"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

13m20.144258303s ago: executing program 33 (id=196):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x200488c0}, 0x4048801)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
r4 = socket(0x2b, 0xa, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x181880, 0x0)
ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080))
sendmmsg(r1, &(0x7f0000005b00)=[{{0x0, 0x0, &(0x7f0000004280)=[{&(0x7f0000003fc0)='q', 0x1}], 0x1}}], 0x1, 0x20001000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r5)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000580)=<r7=>0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000140)={r3})
splice(0xffffffffffffffff, &(0x7f0000000180)=0x7, 0xffffffffffffffff, &(0x7f00000001c0)=0x8000093f, 0x0, 0x0)
sendmsg$NFC_CMD_SE_IO(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={0x2c, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_APDU={0x5, 0x19, "d8"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

12m32.703989817s ago: executing program 4 (id=251):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
socket(0x400000000010, 0x3, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000002440)=ANY=[@ANYBLOB="666f7263652c6e6c733d6575632d6a702c626172726965722c747970653d883b7f382c756d61736b3d30303030303030303030303030303030303030303030362c666f7263652c626172726965722c747970653d49d388242c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c005dc15e246d930a23b5f4093707c10226afb28f3e2838bb917886a27afece1cbcf9ae2d32c2c3f5bf4bb6fcd73d5c59e4638f863f2887a03f9aa6fceaeb5840cbeb145a56ad674e7f2f8c49eaf5b1c65eb6d762300b8c5c2ff69671e6b209000000"], 0x2, 0x6e2, &(0x7f0000000c80)="$eJzs3UtoHOcdAPD/rFarXRUcOfEjLYEsMaSlorZkobTqpW4pRYdQQnroebHlWHgtB0kpsim10se9h5x6Sg+6hR5Keje054ZA8VXHQCGXnHRTmdmZ1Ui72l3ZeiX9/cTMfDPfc/6zM7MPxATwf2txOqpPI4nF6bc30vXtrbn22NbcRJ7djohaRFQiqp1FJCuR5d7Kp/h2ujEvn8R4/34+Wl5499lX21901qr5lNWrlOqPota7aTOfohkRY/my1yFji08Pdr+vvduHtjeqpLuHacCuFYGLv7xQq/DCdntsdvM++U82H1T9KOctcE4lnftmj6mIyYioR3Tu+vnVoXK6ozt+m2c9AAAAADiqxtGrvLQTO7ERF05iOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBNlT//P8mnSpFuRlI8/7+Wb4s8fQ4NfxDi5xOd5dOTHwwAAAAAAAAAnLjXd2InNuJCsb6bZL/5v1H6jf9b8UGsxVKsxvXYiFasx3qsxmxETJUaqm201tdXZ7Oa0bg0oObN+KxPzZuHj/HWce80AAAAAAAAAJxv9SH598d7t/0+Fvd+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPMgiRjrLLLpUpGeiko1IuoRUUvLbUZ8VqS/JpJ+G5+e/jgAAADghdT3ryb1Eeq89CR2YiMuFOu7SfaZ/0r2ebkeH8RKrMdyrEc7luJO/hk6/dRf2d6aa29vzT1Ip952f/rlkYaetRid7x769/xqVqIRd2M523I9bkcSu5lK3sqr21tz6fJB/3F9mI4p+UluwGjGSuk76ezqp1n6z/u/RageaRefU+XQnKksd7wbkZl8bGmNi0UE+kdi6NGpDuxpNirdb34uDe6pf8w/HNz75IFSfb+5ORMHI3EzKt0jdGVwJCK++49Pfn2vvXL/3t216fOzS309GVriYCTmSpG4+g2KxHAzWSQud9cX4xfxq5iOLyfeidVYjt9EK9ZjqVnkt/LXczqfGhypzyfLa+8MG0l6Tja7169+Y2rGvjFFM36epVrxRnZML8RyJPEwIpbirezvZsx2rwZ7R/jyCGd9ZYQrbcm172WLbpiicXjZv43W5HFJ43qxFNfyNXcqyytv2YvSy32jVNzrRr8flVS/kyfSFv4w8P5w2g5GYrYUiVcOe710QvrX3XS+1l65v3qv9f6I/b2ZL9Pz6E/n6i6RHuGXo57v3MVsnmTn1EyW90r3Drs/XrX8F5eOSk/e5W69zpn6y3gYd/adqT+M+ZiPhaz0laz0eM8dK8272m1p/zU8zUvfaVW7P+yU3289jHbn/RAA59vk9ydrjf82/t34uPHHxr3G2/WfTfxo4rVajP9r/MfVmbE3K68lf4+P43d7n/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDnt/bo8f1Wu7202j9R6Z+VDK7Vau8WDxIbUGZfIskflTNC4WTt0ePdoQ0OTkzkw3vO6seZKJ7WOLxw8wSHkWwePF714ceieMrTCF0kPQFPKz/3mIue97aMn4NDeTDRHFImiZEbLF6wpayjv3ob/Y7XWETfYQy5cIwdx9UHOEs31h+8f2Pt0eMfLD9ovbf03tLK+Pz8wszC/FtzN+4ut5dmOvNShVN5+C1wGspvJ7pqEfH68LoDHtQKAAAAAAAAAAAAnKDT+F+Is95HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OttcTqqTyOJ2ZnrM+n69tZcO52K9F7JakRUIiL5bUTyz4hb8eTZrTRjqtRcclg/Hy0vvPvsq+0v9tqqFuUrEZuH1hvNZj5FMyLG8uVxtXd7eHu1veREn+ykG5k0YNfyJZy5/wUAAP//GP3tFA==")
setxattr(0x0, 0x0, 0x0, 0x0, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x124)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
setxattr$security_capability(&(0x7f00000002c0)='./file2\x00', &(0x7f0000000300), 0x0, 0x0, 0x1)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
memfd_create(&(0x7f00000031c0)='\x103q}2\x9a\xce\xaf\x03\xdf\x8f[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x1aX\x87\xf5\x1aP\x06\x9a\xa9\xa0\x98 )\xe3\xa1\xa2\xb1D\xe0\x15S\x89/m\xb71%\x80\x04Q\x1dN\xb0\x19\x81\x16@\xc0\xc4\"g\xd7Z\xb3\x17\xd1\xe7\x1b\xbd\xdck\x95\x16\x17\x95\xce\xa6\x92_\xe4\x9a\xaeA-\x02\x161\x8c\xe7\xa6.)\xadpM\x19\x1c\xcd\xf6S\x9a(:\x90\xb1\x8ft\xeb#\x82\x17\x8d\x00\xcaY\xe9\xf7\xee\x91\bx\x80\xa4\xa0\x16\b\x8b,\xdb\x88\x1e\xc1m\x91\xf0S\xc4\xc9\xefEBT\x8e\xff6\xff\xbb\xd4\xbe&\xf5St\v\xe1\x98;q\\\x1c\xe9\xcc\xfeV\xc3M5\xa9\xec\xc9\x8a\xee7\xbb\xa4\x1f\xc8\xfb\xaar15\xdf\\\xf4d\xc0\xc7\xf3\x88\x13\x94^0.\xfc_\x91B\xacp\x8f\xfdx\xa5\xa9_t\x86\xe3%\xf1q\x00\x89c\x05H\x92\xa6\x93je\xfa\xd148\xd0N7\xa6\bn\x95J\x99[[\xda@\x80\xda\xf8\xc6N\xf1R\xb0N', 0x2)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x0, 0x0)
read$FUSE(r2, &(0x7f0000001180)={0x2020}, 0x2020)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth1_to_team\x00'})
syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00')
ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000040))

12m31.308776371s ago: executing program 4 (id=252):
r0 = socket(0x2b, 0x1, 0x1)
socket$nl_crypto(0x10, 0x3, 0x15)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="d6501abb833079b16e326d0c8334d7b351a228a95e3b3e6fbea57bc99e6f956cf2303f3b2b12623690ec6324b7c953453e48d7", @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r4})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000300)={r6, <r7=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000140)={r7})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c64d2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000020c0)={0x2020}, 0x2020)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r9 = dup3(0xffffffffffffffff, r8, 0x0)
ioctl$MON_IOCG_STATS(r9, 0xc0109207, &(0x7f0000000180))
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c)

12m24.404916918s ago: executing program 4 (id=255):
syz_open_dev$usbfs(0x0, 0x1ff, 0xa401)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(0xffffffffffffffff, 0x3b70, &(0x7f0000000040)={0x30})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}], 0x10)
read$FUSE(0xffffffffffffffff, &(0x7f00000012c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
write$cgroup_pid(r1, &(0x7f0000003300)=r2, 0x12)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0xe, 0x8000, 0x6)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b28, &(0x7f00000002c0)={'wlan0\x00'})
r7 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, r7)
getsockname$packet(r7, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00)

12m21.73343639s ago: executing program 4 (id=257):
r0 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r0, 0x0, 0x0)
ioctl$XFS_IOC_GETBMAPA(r0, 0xc020582c, &(0x7f0000000040)={0x100000001, 0x6, 0x9, 0x3ff, 0x40000})
set_mempolicy(0x3ffe, 0x0, 0x7)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1b, 0x3, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe2$9p(0x0, 0x880)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r2, 0x0)
setpgid(0x0, r2)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001)

12m21.425591815s ago: executing program 4 (id=259):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x106f)
r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4})
ioctl$DVB_DEMUX_DMX_REMOVE_PID(r5, 0x40026f34, &(0x7f0000000040)=0x1)
ioctl$DVB_DEMUX_DMX_ADD_PID(r5, 0x40026f33, 0x0)
socket(0x400000000010, 0x3, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x20000)
close_range(r0, 0xffffffffffffffff, 0x0)

12m18.980429644s ago: executing program 4 (id=260):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x1, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x12002, 0x3348a}}, 0x20}}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[], 0x1c)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x4}}}}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x4}, 0x28)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r7 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000040)={0x0, 0x1000000})
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
r9 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = getpgid(r1)
ioprio_get$pid(0x2, r10)
r11 = fsmount(r9, 0x1, 0x16)
renameat2(r11, &(0x7f00000000c0)='./file0\x00', r11, &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

12m17.916011227s ago: executing program 34 (id=260):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x1, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x12002, 0x3348a}}, 0x20}}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[], 0x1c)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x4}}}}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x4}, 0x28)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r7 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000040)={0x0, 0x1000000})
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
r9 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = getpgid(r1)
ioprio_get$pid(0x2, r10)
r11 = fsmount(r9, 0x1, 0x16)
renameat2(r11, &(0x7f00000000c0)='./file0\x00', r11, &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

7m40.192029078s ago: executing program 7 (id=1015):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x3, 0x397})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x20, 0x4, 0x4, {0x0, 0x0, 0x0, 0x0, {0x4, 0xfff3}, {0x0, 0xa}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x4000005)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

7m37.388274105s ago: executing program 7 (id=1022):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x28, 0x0, 0xfd, 0xc8e}, {0x16}]}, 0x10)
sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880088fb4803", 0x10001, 0x0, &(0x7f0000000040)={0x11, 0x8864, r1, 0x1, 0x0, 0x6, @remote}, 0x14)

7m36.800033617s ago: executing program 7 (id=1025):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)

7m36.040695015s ago: executing program 7 (id=1029):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x122dfb579e447c7a)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000200)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x3, 0x0, 0x0, 0x4, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000007700000c00002000", "036c47c678082004cb59d654cb9b1b165263bdbcef549ba197fce47ddfdd753abd950100172a00ffffff00f7ffffff000000f3e7f20000000200000000000600", "b7326736181c208220fffff2ff00000000000000000e00", [0x4]})
write$cgroup_int(r0, &(0x7f0000000080)=0x4, 0x12)

7m34.484034977s ago: executing program 7 (id=1034):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200e01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0xc008744c, &(0x7f0000000180))

7m32.461502718s ago: executing program 7 (id=1039):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xd, &(0x7f0000000400)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2c62b2b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50)

7m31.775979816s ago: executing program 35 (id=1039):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xd, &(0x7f0000000400)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2c62b2b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50)

6m35.552421219s ago: executing program 8 (id=1221):
r0 = io_uring_setup(0xdac, &(0x7f0000000180))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000500)=0xd0)
recvmsg$can_raw(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1}, 0x40000003)
sendmsg$can_raw(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@canfd={{0x1, 0x1, 0x1}, 0x3c, 0x1, 0x0, 0x0, "6be0e960b5da641929ee32891fcfea80c33efca1be0ebe4d496125043495d7231a29cde9f4444e8f3a95e001d809b8e87277cedbf1de62225eaa3635e925888a"}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)

6m34.366512212s ago: executing program 8 (id=1226):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
sendmsg$NL80211_CMD_GET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='(', @ANYBLOB="020025bd7000fbdb", @ANYBLOB="0c0099"], 0x28}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x20000, 0x1c, 0x0, 0x5, 0x1], 0x0, 0x41981})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m32.204110639s ago: executing program 8 (id=1234):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=@getchain={0x24, 0x66, 0x903, 0x1000, 0x25dfdc03, {0x0, 0x0, 0x0, r5, {0xb, 0xb}, {0xd, 0xfff1}, {0x6, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x8000)

6m30.419403188s ago: executing program 8 (id=1239):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000001380)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002700000095"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
sendto$inet(r0, &(0x7f0000000ac0)="4d51022a340e4aedb6ee57d0", 0xc, 0x80000, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
recvmmsg$unix(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000000f00)=""/128, 0x80}], 0x1}}], 0x2, 0x0, 0x0)
shutdown(r0, 0x1)

6m30.021256954s ago: executing program 8 (id=1241):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x2004000, &(0x7f0000000240)={[{@clear_cache}, {@user_subvol_rm}, {@nodiscard}, {@user_subvol_rm}, {@autodefrag}, {@autodefrag}, {@max_inline={'max_inline', 0x3d, [0x7, 0x32, 0x35, 0x39, 0x32, 0x38, 0x67, 0x2d, 0x2d, 0x37]}}, {@ssd_spread}]}, 0x0, 0x559e, &(0x7f00000103c0)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
chdir(&(0x7f0000000080)='./file0\x00')
ioctl$BTRFS_IOC_QUOTA_CTL(r1, 0xc0109428, &(0x7f0000000580)={0x1})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, &(0x7f0000000340)={0x0, {0x50979c6b8b4af6fa, 0x0, 0x56, 0x2, 0xffffffffffffff60}})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x5}}, 0x20)

6m28.269101305s ago: executing program 0 (id=1245):
syz_io_uring_setup(0x18da, &(0x7f0000000040)={0x0, 0x2, 0x10000, 0x3, 0xb8}, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000b80)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x40}, 0x1c, 0x0}}], 0x1, 0x340000d0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x3, 0x180, 0x2, 0x10, 0xf1, 0x100000001, 0x10, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbd9], 0x4000, 0x43180})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x8000, 0x6, 0x4, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x9, 0x8, 0x8000000009, 0x803, 0x0, 0x9, 0x9], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0xeeee3001, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x33000, 0x3, 0x0, 0x42, 0x5, 0x75, 0x6, 0x36, 0xd, 0x6, 0x89}, {0x0, 0xd000, 0x1e, 0x5, 0x8, 0x7, 0x0, 0x9, 0x1, 0x24, 0x5, 0x5}, {0x0, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0x0, 0x8, 0x7, 0xe}, {0xf000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0x4, 0x8, 0x7, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x4, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0xff, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0xffff1000, 0x7}, 0x80000021, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x0, [0x6800000000000000, 0x5, 0x2, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m27.06564345s ago: executing program 8 (id=1248):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x0, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

6m26.106625651s ago: executing program 0 (id=1252):
pipe(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080))

6m24.950778364s ago: executing program 0 (id=1253):
syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
close(0x3)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00')
fanotify_init(0x4, 0x101000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000b00)=ANY=[@ANYBLOB="020000000100060000000000040000000000000008000100", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="08000400", @ANYRES32=r0, @ANYBLOB="100002000000000020"], 0x3c, 0x3)
setuid(0xee00)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x6a182, 0x8)

6m24.909268189s ago: executing program 0 (id=1255):
r0 = syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000c80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000280)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000180)={0x0, 0x6, 0x2, "c364"}, 0x0, 0x0, 0x0, 0x0, 0x0})

6m21.686000714s ago: executing program 0 (id=1261):
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x80000000, 0x0, 0xffffffffffffffff, 0x0, 0x0})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x9, 0x9}, 0x80, &(0x7f0000000240)}, 0x8001)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xbf7, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x845, 0x9, 0xfffffffffffffffd, 0x8, 0x10000, 0x0, 0x4002004c2, 0x2000000000fff, 0x1400000000000000, 0x0, 0x3fd, 0x1080, 0x3, 0x0, 0x8, 0x4000000000008d], 0x100000, 0x80})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m21.180904494s ago: executing program 0 (id=1264):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/uts\x00')
unshare(0x6a040000)
r0 = socket(0x8, 0x4, 0x3)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x61d0, 0x0)

6m10.354289311s ago: executing program 36 (id=1248):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x0, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

6m5.935159282s ago: executing program 37 (id=1264):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/uts\x00')
unshare(0x6a040000)
r0 = socket(0x8, 0x4, 0x3)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x61d0, 0x0)

2m42.230804666s ago: executing program 3 (id=1651):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mount$cgroup(0x0, 0x0, 0x0, 0x10012, 0x0)

2m40.715474769s ago: executing program 3 (id=1655):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="2c0000003f000701ddff"], 0x2c}}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2m39.277434623s ago: executing program 3 (id=1661):
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r4, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0)

2m38.087791863s ago: executing program 3 (id=1663):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1210010, &(0x7f0000000340)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d372c757466383d312c696f636861727365743d63703835372c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c7379735f696d6d757461626c652c73686f72746e616d653d6c6f7765722c696f636861727365743d61736369692c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c757466383d312c71756965742c756e695f786c6174653d312c756e695f786c6174653d3100000000000000026d653d6d697865642c72736469722c756e695f786c6174653d302c757466383d302c00"], 0x1, 0x379, &(0x7f0000000880)="$eJzs3U1oI1UcAPB/OmnSLmh7EwUhehO0bPemF1ukC4u9qAQ/DmJwuypJFVostodN60HxKHjUkzcFPXgQjyII4s2DV1cQP/Cge1vZxSfJ5GOapN2u2ErZ3w+avL73/u//JjMk02Hy+sJSNC9Ox6WrV3+OmZlSlJceW4prpZiPLPp2Y1xlQh0AcDpcSyn+TLnRtpnJIaUTmBYAcIy6n/8vRUQt5vOaN78+rH/y6Q8Ap17v7//Zw/occB0g4rVjmRIAcMzGrv/fv6+50v0p938tF+4KAABOq6eefe7x5dWIJ2u1mYj1t7fqW/V4ZNi+fCleiVasxdmYixsR+YlC56HUfTx/YXXlbK1Wa8cv81GPiKleYD0/U1jOuvHVWIy5mO/F9842UkrZ+c9WVxZrXRGx2+7mj/XSVn06zvTy/3Am1oYnHv1Buk8RF1ZXztV6A9TX+/HtiL3hjQqd+S/EXHz34mCYlPp3MK6uXF7sT3oYv1WvxsXBqzB+BeTQCyYAAAAAAAAAAAAAAAAAAAAAAHATC7WB+cH6OanznK+Us7Awob27Pk4e31sfaC9fHyhVU6T0xxsP1d/JYt/6QKPr82xZSBAAAAAAAAAAAAAAAAAAAAAGNrcr0Wi11jY2t3eaxUJ7Y3N7KiI6Na9+88lXszHe5yaFcp6iGjFIUeul3Wk2UtbvnLKI8fCsk7xf89HngxkX+1QHWzFxGtWDm1qtO+776f1hzb1Zf+S/h32ymLyBWWEaj46MvH5nPqVbeaEGhXPFmup49isppULNW8Xwy8+PDxiliPKt77id5lQc3Cd1CtfTy3f3X/3Glyn3wINzT19578Pfmo1WJ3N092BlY/NGajZK/c5HyN4bLnV3wfDYKEVeKBWPhPJhA+7tr2lk3//+zD3vfntw9igPa1Kx6fXO8TzSOcs359PRcSp5oTPNkabZYfh0byNaa9MjB/+E/T5W+Bf79K4Pvvg4pR9/PWpU4U1iauxto/TfvPsAAAAAAAAAAAAAAAAAAABFhe+K97503c4bpg+LeviJE5oeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyI4f//LxT2dmOk5iiF6+0JUdW1jc2IyoTMf/0PWwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO3qnwAAAP//7gFmJg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x80000, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
getdents64(r0, &(0x7f0000000080)=""/4096, 0x1000)

2m37.090790206s ago: executing program 3 (id=1666):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000003c0)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000000)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYBLOB="613ff3df9a92a98be924297cd7956310c8537e1dc0be494c"])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

2m35.036674656s ago: executing program 3 (id=1671):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000002c0)={0x1, 0x0, @pic={0x5, 0x5, 0x2, 0x7f, 0x0, 0x6, 0x4, 0xfc, 0x8, 0x3, 0xff, 0x10, 0xe, 0xa, 0x6, 0xfc}})

2m34.532215435s ago: executing program 38 (id=1671):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000002c0)={0x1, 0x0, @pic={0x5, 0x5, 0x2, 0x7f, 0x0, 0x6, 0x4, 0xfc, 0x8, 0x3, 0xff, 0x10, 0xe, 0xa, 0x6, 0xfc}})

15.842607157s ago: executing program 5 (id=1907):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getrusage(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r6, 0x25, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x8, 0x2, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x44085}, 0x2000a824)

13.969821075s ago: executing program 5 (id=1909):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000280)={0x2, 0x0, [{0x80000008, 0x3, 0x0, 0x81, 0xd5, 0x4, 0x4}, {0xc0000001, 0xcb7, 0x3, 0x73, 0x3}]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

10.858476233s ago: executing program 5 (id=1912):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002800)=ANY=[@ANYBLOB], 0xe0}}, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000400)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
flock(r5, 0x0)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00070000420091"], 0xfe33)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x40, 0x0)

9.804245888s ago: executing program 5 (id=1913):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
accept4(r0, 0x0, 0x0, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="030f0000000000000000070000003000028008000200000000000700"], 0x44}, 0x1, 0x0, 0x0, 0x4040c40}, 0x0)
prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1b}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
gettid()
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x34, 0x3e, 0x107, 0x70bd27, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="725eb862"]}, @typed={0x8, 0x7, 0x0, 0x0, @pid}]}, 0x34}, 0x1, 0x0, 0x0, 0xc020}, 0x4040)

8.594034967s ago: executing program 5 (id=1914):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$btrfs(&(0x7f0000000300), &(0x7f0000000000)='./bus\x00', 0x810, &(0x7f0000000280)={[{@discard}, {@space_cache}, {@nobarrier}, {@usebackuproot}, {@skip_balance}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x74, 0x6c, 0x67, 0x6b, 0x32, 0x34]}}]}, 0x3, 0x5136, &(0x7f0000000340)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h795j5Lrqw4Gffc6+vLsJ/ETID4GBOsYFr9d2eKhNxTpNVRRKWZeUqEIUG3sdFm+wsZ2CI0CODUpRBE1LJPijKI4QqvkjqUWCAk2iuJEwipoHStWIJEpEWieIKJAGUChEwtXMvWf2zrk7D8e7jjf9fCTvnJnved55eM69d84FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/G4594VN/2yp+7+8uefSJy6c+fnDT5c9+9pJzHwxhuvZ4VxbuGrr261O/uPniWw7eseHG205c+tb+vFweD8PVP935nc/HWk+sCOH2rhB608DakSzQl98fifW9biSEc8J8oF5iZigrkTYcvj8YwuEwH6hX9b3BEEYKgcseuufuL1UTNwyGsCqEUEnbeLyStTGYBi7ozwJDaWBXbxb49clMPfDd7iwApy2+Geov+qPTjRnGFy7X5PXXt2gde3mlw+uJifHm+X62aYk7VdCfPjB9Wk9bqTqWROntccy7bRm820rb+XpPW/GLVP4N5eR8qBK6t8/s2HrV3L74SHeYmOhpVtMSPc+PPP+ZbaeSXjavw9iB8UV5HX75gVU396x53/23rV319JG3HXrmdLv5o8ImLaaXWiXkr7ll8zxGUz5PlsHbr/QtaaUvXSGEHR/7vfe3ipfm/+Ot5//x5Rxvuxtyx1pfHM3m5vGRkZh4bjSbmwMAAMCysRz2mu6auOtdheJjlaS+0vx/ZWfH/+Mh/3wyn432WAhTtcShsRDOqz2eBb4Vm/voWAhvrKWmGwObksCxEF5bS6ypV5WUGIglViaBn4zmgakkcDwGppPAN2Pg+iTw+Rg4mgS2xcCxJHBxDITZxnH8/mg+jo4DgzGwJduIR+NZCL8cja0l2+qxelUAAACLJJ8d9jXeLZzrcLoZ4vTy6GC7DPEM7KYZKkkN6Qy2Pq1qWkNvuxq629VQH/eB1sMv1dzVrubSaRhdjRm+/qu/+UBooTT/n2w9/6/Md2Q8ttNVOv4fwuba35i7O4/M1eNbphsyAAAAAKdh+H+e/EareGn+P9XZ+f9xn0hPIXO4L+6G2DkWwmRjIKv2D8uB7Kj3cB4AAACA5aB+PL5+LHw2v81O0U7n0+X806eYPx74n1owf/+xO7e06m9p/j/d2fn/Q423WSeOx158ZSyEgULgB7GX1UDNyhj48bsbA/n4j8cNcF2sKj8xoV7VdbHElhiYTAKHm5X4Yb3EeY2B/MmqN36oPo7ZvEQhAAAAAGdc3B0Qj8vH8//f9NsNn2pVrjT/39Lx+f81tXlw6fT+ueEQ1vWG0JP+MOC+oWxhwBgY6coTdw1ldfWkVV0zFMJF1YElVXU/ma//35uuMfjQYFZVDJz3piPPX1BNfGMwhHXFwMMfuunt1cS+JFBv/C8HQ3hDdbTpOL4zkDXelzb+1YEQXl8I1Kv66EAI1cb606ruqeTXMUir+udKCK8qBOpVvaMSwv4AwDIV/yvdXnxw7/6rd26dm5vZs4SJuA9/MOyYnZuZ2LZrbnulSZ+2J31uWMbomvKYOr3yzWP5EkUfvHXzSCfp+u8EJ4tt5fvxSycO5vfjd6G+2jg39DXc3ZgO+S1vLjcRCt+kmg25e4mHPFSsZP5JLNUf8/eH4TBw1d6ZPROf3rpv35712d9Os2/I/sbDTNm2Wp9uq6GF+tbBy6PpalmJl7qtVhcrWbfvyt3r9u6/eu3slVuvmLli5hPr37Fh8sLJjZPvvHBddVST2d+FhzoQkipXtxjqyZs6HNciDvX83kIlZ+JTQ0JCYrkldg2vbvl/cmn+v7v1/D9+6sRP/nx9hmbH/8fjYf7s8fnD/Fti4HCnx//Hmx3Nr58YsDIJHIiBAw7zAwAA8MoQJ/lxb2bcK/3TNd95ulW50vz/QGe//1+k9f/rS9df2myZ/zWxxGSz9f/TZf7r6/8faLb+f7rMf339/8Ot1v+vLM36/1fVA8km+aX1/wEAgFeCM7f+f9vl/dMLBJQytF3eP71AQClD22X8O71AwCmv///4f/7Vz0MLpfn/9Z3N/y3cDwAAAGePz/3Zp/5fq3hp/n+4s/n/mV//LzQ7/39ls8B0s4UBrf8HAADAMtVs/b/xa4c+0qpcaf5/tLP5fzztorshd6z1xdFsTbuQrmn33Gj9JwMAAACwPHSHiYm+DvM2rIy66aW3+Ui+FGirdNGTf3Li1M7/P9bZ/L/hdxlffmDVzT1r3nf/i7etXfX0kbcdemb++D8AAACwdDrdLwEAAAAAAAAAAAAAALz8nvyPgxtbxUu//w+ba483+/1/vO5f/H3Bqxtyx1rbr/+X37/svbfsry1ZeN9oCG8uBnYe3HlOyK/Nv7oYuPvDa15TTRxMS9z5xMVPVRMfSQPvWXvuC9XERUlgS1wk8bVpIF5V8YUVSSAur/jvaSBuj6NpoD8PfHFFNo6udFv9dCTbVl3ptnp0JISxQqC+rW4fydroSgd4QxKoD/CTaSAO8M/zQHfaq1uGs17FwEgseuNw1isAAM5a8VtgX9gxOzczGb/Cx9vzextvo4Yly64pV9vVYfOP5UuTffDWzSOdpHvS76Lz1xrvC5XqENaXvq4Ws3TVRrk4tbTZdK9uMuR2q711NymXOtVN1998RIPZiCa27Zrb3td24BvbZ9nQ2zbL+tJkp5ilu7ZJO6ilg750MKIOt00HXY73u8PERE+S6w9icDw0aPeK6PT3+sV1/pq9Cop5PnHi0K9b1Vea/493Nv+vFMf1Qn4xgAPxynp/N2aZfwAAAFhaX9z0m6/Ffx+49t6HW+Utzf9Xdjb/j3uw8kPB2d6OY/H6/4fGQqhdWn88C3wrNvfRsRDeWEtNxxLZBfUvjSUms8C34g6TNbHElunGqgZi4GgxMBDCT0bzwLGkxPEYyPdSHAn5rpy/Hw3h7bXU5sYSu2OJ8STw/hhYmQQmYmAyCayIgakk8OyKPDCdBP4tBsJs47a6dUW+rQAAAE5FPs/qa7wb0nne0d52GbraZRhql6G7XYZKywx94WizUcT7344Z+rrKWyE+1Jc2O5jUUsoQL4bftONtt2798P8PG3OmBUtNx/MP6ucbdDVmuONdvZXQQmn+P9nZ/H+o8TZr/Xic/89f/y8L/CB27yvx1PGVMfDjdzcG8h0Dx+Nk97p6VdN5iXzSfl0sMRUDK5PA7hiYqgeys/G3bM4Dh1/TWCKfadcbP1RvfDYvUQgAAADAGRd3EMTdNHH+f+PeLwy3Klea/091Nv+P7Q0XG/t8rPXEihBu75rvTT2wdiQLxP0YI/2xuyMhnFPYwVEvMTOUlehPGg7fH8x+od6fVBW+N5j9+CDev+yhe+7+UjVxw2AIqwp7X+ptPF7J2hhMAxf0Z4GhNLCrNwvEPT/1wHe7swCctvpewfiCyk91qRtfuFyT198r5Zqg6fBK+0AXyLfQb66WSmmHa75Pte7UnraW+29ZNKW3xzHvtuX4bhv3bit+kcq/oZycD1VC9/aZHVuvmtsXHyn+krVkiZ7n4q9UO0kvwuvwwEvvbXuVtAOTycfH5MLlFn4ddsXqvvzAqpt71rzv/tvWrnr6yNsOPdNxN5qIPxS+57P/OvKjwuZdapWQv+aW3efJtM+TZfHfQPLuXulpCyFsfvar17WKl+b/053N/3uT25rfxI25dyyEtxQ27n1x8//xWPY5WAhkn5KvKgeyQ+7/Ndr0kxMAAAAWW313R31/wWx+m50Qns6Ty/mnQzg5dgr54/6KqQXzd9rvob/+8KpW8dL8f0vr+f9A0s1FOv4fXuf4PzRy/H9Bne2KbjyedSZ3RQ+kDxw4rV3RpepYEo7/L+jsP/CTcPw/OP6/YP8c/3f8vy3H/xd0tj9tpW9Ju33pCiE8/Ud3PdoqXpr/7+5s/n+2rv8XzvD6f+miffX1/7Y0W/9vd7P1/w5Y/w8AAFhSTRaaS+d5pdX7ShnS1ftKGdouENh2icHW6/+1WGfvFbP+X2mjtlv/76nzH/9taKE0/z/Q2fw/vhyGi62f/ev/5Y1vblLV9TGw28KAAAAAnI2a7ZsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg5XXHP/z39lbxe393yaNPXD718YObLn/2s5ec+2AIs7XHu7Jw19C1X5/6xc0X33Lwjg033nbi0rdW8nJ9+e3/b8gda31xNITDhUdGYuK50eqd+cBl771lf281cd9oCG8uBnYe3HlONfHN0RBWFwN3f3jNa6qJg2mJO5+4+Klq4iNp4D1rz32hmrgoD3Sl3f3HFVl3u9LufmlFCGOFQL27H1/RWFW9jT/NA91pG/80krURAyOx6NdGsjZiYC6WmB0IYV1vCD1pVfdWsqp60qr+pZJV1ZNW9blKCBeFEHrTqp7oz6rqTUf+YH9WVQyc96Yjz19QTRzuD2FdMfDwh256ezXxySRQb/wv+kN4Q/h5vDvf+Lf7ssb70sZv6Avh9SGE/rS7v+rNSvSnJZ7sDeFVhUC98Y/1hrA/8IoQP3waPtH27r9659a5uZk9S5joz9saDDtm52Ymtu2a215J+tRMVyF98pqXPvbHnv/MturtB2/dPNJJujcv11fr8oa+hrsbz/bex34NFSuZfz5K9cf8/WE4DFy1d2bPxKe37tu3Z332t9PsG7K/PXk021brl8u2Wl2sZN2+K3ev27v/6rWzV269YuaKmU+sf8eGyQsnN06+88J11VFNZn8XY6g3nfmhnt9bqORMfABISEgst0R3w6fb5Mv0QT6c32376Vb6oj/f0b5QqX1Al6YVxSxdtVEuxqA3vZThZk75e0rbEa3va5tlwwJZrmnMsrE0mZivZTDLUvteV5ocFhvrrm3SeL87TEz0NNsO4413i5v3Z6exeR/JN12naQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9lBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1mH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXAgAA///h2yKL")
r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
fallocate(r0, 0x0, 0x0, 0x1001f0)
shutdown(0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
copy_file_range(r0, 0x0, r0, &(0x7f00000000c0)=0x1101f0, 0x1001f0, 0x0)

5.493858147s ago: executing program 6 (id=1916):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc0385869, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r4, 0x2284, &(0x7f0000000080))

4.620658256s ago: executing program 5 (id=1917):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x121000, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x280, 0x1000, 0x3e000000, 0x2, 0x0, {0x0, 0x9}, {0x350, 0x20002, 0xfffffffd}, {0xf4ef}, {0x4000005, 0x0, 0x1}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, 0x3, 0x4})
ioctl$BLKTRACESTART(0xffffffffffffffff, 0x401070cd, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x3, 0x34, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000b5e67420ac0592027388010203010902220001000000440904770001039a02000905000000000000000705e37e", @ANYRESHEX], 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0)
socket$inet(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair(0x2b, 0x2, 0x4, 0x0)
ioctl$FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000240)={0x40, 0x30, 0x10, 0xf0, 0x6, 0x1a9b, 0xf, 0x2, {0x0, 0x3}, {0x8001, 0x93e}, {0xfffffffe, 0x200}, {0x0, 0x1, 0x1}, 0x2, 0x40, 0x7, 0x4, 0x1, 0x10001000, 0x10, 0x200, 0x9, 0x7, 0xeb3a, 0x101, 0x1, 0x0, 0x0, 0xb})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x24, &(0x7f0000000080)=""/58, &(0x7f00000000c0)=0x3a)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000002680), r4)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002800)={&(0x7f00000026c0)={0x3c, r5, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x40, 0x127502)

3.943830568s ago: executing program 6 (id=1918):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$alg(0x26, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000480)='net/fib_triestat\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
socket(0x2000000000000021, 0x2, 0x10000000000002)
socket$kcm(0x21, 0x2, 0x2)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40242)
epoll_create(0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0701, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x4048885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

2.658247395s ago: executing program 6 (id=1919):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
file_setattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x28, 0x2, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x12}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x3, 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000809}, 0x4000010)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2.433193169s ago: executing program 6 (id=1920):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002800)=ANY=[@ANYBLOB], 0xe0}}, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000400)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
flock(r5, 0x0)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
openat$sequencer2(0xffffff9c, 0x0, 0x40, 0x0)

1.306480655s ago: executing program 6 (id=1921):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
fcntl$notify(r4, 0x402, 0x3f)
shutdown(r0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
connect$bt_rfcomm(r0, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa)

0s ago: executing program 6 (id=1922):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x183c81)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f0000000080)={[{@max_batch_time={'max_batch_time', 0x3d, 0x3ff}}]}, 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_enter(0xffffffffffffffff, 0x219, 0x1150, 0x16, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
fsopen(0x0, 0x0)
capset(0x0, 0x0)
openat$ttynull(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
unshare(0x26020480)
open(&(0x7f0000000280)='./file1\x00', 0x40, 0xd0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x83, 0x7fff0000}]})
chown(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', 0x0})
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file2\x00', 0xc, &(0x7f0000000000)=ANY=[], 0x9, 0x1ce, &(0x7f0000000800)="$eJzslc+q00AUxr+Z1KQVn8CNCy94XZgmqYqbC3XjyoXgn+JCsNi0VFMrbRa2IOITuHfnwscQ6taHkCqIguhGXY/MnyRjaYTW1iw8P+jJN5npmTNn4AsIgvhv+fD+51L8OPpUB3ACB/DM+89OsYZb69/Vvz15c/VK5/mdV2+9pd/4PZu38f41AIvLDlIzFkIIe/7APG+A5/omOM4a3QGDb/RdcNwyOgbDbaPvW3os1/t+f5jE/r1x0pMikCGUIZKhtVrf12cMPas+Zs1PZ/MH3SSJJ3sU6zu3+JLXVweOrPrs+/Khqw2s/oXgCI1ugeG60ZfgZb3RLbHOf7JW5Hf+eH4Xf3nsjwCKN/19dtaVW231d4D9k7vfs3CgRHajldezc4HazhIKD6j6OCXidVvfX17qUz3eLE+7ZMrdMI/pfO6f4iXDGcuftJW8UB+LZjp61JzO5ueGo+4gHsQPo6h1MTgfBBeipjIiHddboMrfUP50vMjfKFvrMhePu2k6CXXMx5GO6xyXK//jODyNY3Is3dRdyfsdQLYpMz+unlIdOqXFEwRBVMgpMOXJypczYb4m+YQQ0bWK6yQIgiAIgiAIgiAIYnt+BQAA//9We18t")
r1 = open(&(0x7f0000000340)='./file1\x00', 0x4000, 0x0)
preadv(r1, &(0x7f0000000680)=[{&(0x7f0000000540)=""/177, 0xb1}], 0x1, 0x9, 0x7)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190)

kernel console output (not intermixed with test programs):

to 40427
[  794.604900][T11984] F2FS-fs (loop5): invalid crc value
[  794.694447][T11984] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  794.745037][T11984] F2FS-fs (loop5): Start checkpoint disabled!
[  794.898350][T11984] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  794.919405][T11984] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  795.112503][   T38] audit: type=1800 audit(1776508521.021:118): pid=11984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1395" name="file1" dev="loop5" ino=10 res=0 errno=0
[  795.691954][T11988] bio_check_eod: 176 callbacks suppressed
[  795.691996][T11988] syz.5.1395: attempt to access beyond end of device
[  795.691996][T11988] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  795.695003][T11988] syz.5.1395: attempt to access beyond end of device
[  795.695003][T11988] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  795.695610][T11988] syz.5.1395: attempt to access beyond end of device
[  795.695610][T11988] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  795.696138][T11988] syz.5.1395: attempt to access beyond end of device
[  795.696138][T11988] loop5: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  795.696633][T11988] syz.5.1395: attempt to access beyond end of device
[  795.696633][T11988] loop5: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  795.697354][T11988] syz.5.1395: attempt to access beyond end of device
[  795.697354][T11988] loop5: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  795.697840][T11988] syz.5.1395: attempt to access beyond end of device
[  795.697840][T11988] loop5: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  795.698420][T11988] syz.5.1395: attempt to access beyond end of device
[  795.698420][T11988] loop5: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  795.698968][T11988] syz.5.1395: attempt to access beyond end of device
[  795.698968][T11988] loop5: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  795.699484][T11988] syz.5.1395: attempt to access beyond end of device
[  795.699484][T11988] loop5: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  796.408564][  T179] CPU: 1 UID: 0 PID: 179 Comm: kworker/u8:7 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  796.408597][  T179] Tainted: [L]=SOFTLOCKUP
[  796.408604][  T179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  796.408616][  T179] Workqueue: writeback wb_workfn (flush-7:5)
[  796.408654][  T179] Call Trace:
[  796.408661][  T179]  <TASK>
[  796.408670][  T179]  dump_stack_lvl+0xe8/0x150
[  796.408694][  T179]  f2fs_stop_checkpoint+0x383/0x540
[  796.408721][  T179]  f2fs_write_end_io+0x1274/0x1740
[  796.408768][  T179]  __submit_merged_bio+0x256/0x6a0
[  796.408796][  T179]  __submit_merged_write_cond+0x3c9/0x4e0
[  796.408827][  T179]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  796.408872][  T179]  f2fs_write_data_pages+0x287e/0x34f0
[  796.408931][  T179]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  796.408969][  T179]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  796.409034][  T179]  ? __lock_acquire+0x6b5/0x2cf0
[  796.409073][  T179]  ? __lock_acquire+0x6b5/0x2cf0
[  796.409114][  T179]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  796.409138][  T179]  do_writepages+0x32e/0x550
[  796.409169][  T179]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  796.409195][  T179]  ? reacquire_held_locks+0x104/0x190
[  796.409219][  T179]  ? rt_spin_lock+0x1e0/0x400
[  796.409253][  T179]  __writeback_single_inode+0x133/0x10e0
[  796.409277][  T179]  ? rt_spin_unlock+0x160/0x200
[  796.409303][  T179]  writeback_sb_inodes+0x97f/0x1980
[  796.409339][  T179]  ? lockdep_hardirqs_on+0x7a/0x110
[  796.409366][  T179]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  796.409422][  T179]  ? rcu_is_watching+0x15/0xb0
[  796.409453][  T179]  wb_writeback+0x445/0xb00
[  796.409478][  T179]  ? queue_io+0x1d1/0x440
[  796.409507][  T179]  ? __pfx_wb_writeback+0x10/0x10
[  796.409547][  T179]  wb_workfn+0x3fd/0xf20
[  796.409572][  T179]  ? __lock_acquire+0x6b5/0x2cf0
[  796.409595][  T179]  ? look_up_lock_class+0x57/0x110
[  796.409629][  T179]  ? __pfx_wb_workfn+0x10/0x10
[  796.409656][  T179]  ? do_raw_spin_lock+0x12b/0x2f0
[  796.409668][  T179]  ? lock_acquire+0x106/0x350
[  796.409683][  T179]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  796.409696][  T179]  ? process_one_work+0x8b7/0x1710
[  796.409708][  T179]  ? process_one_work+0x8b7/0x1710
[  796.409724][  T179]  ? process_one_work+0x8b7/0x1710
[  796.409737][  T179]  process_one_work+0x9a3/0x1710
[  796.409760][  T179]  ? __pfx_process_one_work+0x10/0x10
[  796.409769][  T179]  ? do_raw_spin_lock+0x12b/0x2f0
[  796.409789][  T179]  worker_thread+0xba8/0x11e0
[  796.409806][  T179]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  796.409819][  T179]  ? __kthread_parkme+0x7a/0x1f0
[  796.409832][  T179]  ? __kthread_parkme+0x19c/0x1f0
[  796.409847][  T179]  kthread+0x388/0x470
[  796.409861][  T179]  ? __pfx_worker_thread+0x10/0x10
[  796.409871][  T179]  ? __pfx_kthread+0x10/0x10
[  796.409885][  T179]  ret_from_fork+0x514/0xb70
[  796.409898][  T179]  ? __pfx_ret_from_fork+0x10/0x10
[  796.409912][  T179]  ? __switch_to+0xc79/0x1410
[  796.409930][  T179]  ? __pfx_kthread+0x10/0x10
[  796.409944][  T179]  ret_from_fork_asm+0x1a/0x30
[  796.409966][  T179]  </TASK>
[  796.414528][  T179] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  797.340553][T11993] kvm: kvm [11992]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80000000
[  797.342251][T11993] kvm: kvm [11992]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  797.344602][T11993] kvm: kvm [11992]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xe0
[  797.618232][   T57] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.327336][   T57] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.569223][T12031] loop3: detected capacity change from 0 to 64
[  802.650364][ T5143] Bluetooth: hci4: unexpected event for opcode 0x040e
[  808.816230][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  808.893935][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  814.993119][T12070] loop3: detected capacity change from 0 to 2048
[  815.052765][T12072] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1415'.
[  815.078169][T12072] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1415'.
[  815.208316][T12070] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  815.352908][T12077] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  815.705287][T12070] overlayfs: failed to verify upper root origin
[  817.025347][T12090] loop5: detected capacity change from 0 to 32768
[  817.060624][T12090] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1418 (12090)
[  817.220876][T12090] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  817.220913][T12090] BTRFS info (device loop5): using crc32c checksum algorithm
[  817.423064][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  818.067087][T12090] BTRFS info (device loop5): setting nodatasum
[  818.067112][T12090] BTRFS info (device loop5): setting nodatacow
[  818.067130][T12090] BTRFS info (device loop5): turning on async discard
[  818.067145][T12090] BTRFS info (device loop5): enabling free space tree
[  818.067159][T12090] BTRFS info (device loop5): enabling auto defrag
[  818.067175][T12090] BTRFS info (device loop5): max_inline set to 0
[  818.895442][T12090] BTRFS info (device loop5 state M): max_inline set to 0
[  819.505358][ T7876] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  822.000204][T11898] chnl_net:caif_netlink_parms(): no params data found
[  823.135501][T12139] hub 9-0:1.0: USB hub found
[  823.294076][T12139] hub 9-0:1.0: 1 port detected
[  830.450722][T12172] loop3: detected capacity change from 0 to 256
[  830.451467][T12172] msdos: Unknown parameter 'dots¬dots'
[  830.508216][ T5488] 8021q: adding VLAN 0 to HW filter on device eth19
[  831.170448][T12184] loop3: detected capacity change from 0 to 512
[  832.150225][T12184] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  832.150376][T12184] ext4 filesystem being mounted at /342/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  835.360476][   T57] geneve1: left allmulticast mode
[  835.360495][   T57] geneve1: left promiscuous mode
[  835.360666][   T57] bridge0: port 3(geneve1) entered disabled state
[  835.365167][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  835.607220][T10951] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  835.673435][   T57] bridge_slave_1: left allmulticast mode
[  835.673479][   T57] bridge_slave_1: left promiscuous mode
[  835.674054][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  835.732410][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  835.744189][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  835.822854][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  835.872913][T10951] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  835.872959][T10951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.872980][T10951] usb 6-1: Product: syz
[  835.872994][T10951] usb 6-1: Manufacturer: syz
[  835.873008][T10951] usb 6-1: SerialNumber: syz
[  835.877613][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  835.879730][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  836.062032][   T57] bridge_slave_0: left allmulticast mode
[  836.062062][   T57] bridge_slave_0: left promiscuous mode
[  836.062361][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  836.319745][T10951] usb 6-1: config 0 descriptor??
[  836.379859][   T57] dvmrp8: left allmulticast mode
[  836.496222][ T5876] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  836.544178][T10951] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  836.656068][ T5876] usb 4-1: Using ep0 maxpacket: 32
[  836.658966][ T5876] usb 4-1: unable to get BOS descriptor or descriptor too short
[  836.676116][ T5876] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  836.676142][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  836.698551][ T5876] usb 4-1: New USB device found, idVendor=17cc, idProduct=1021, bcdDevice= 0.40
[  836.698580][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.698598][ T5876] usb 4-1: Product: syz
[  836.698611][ T5876] usb 4-1: Manufacturer: syz
[  836.698638][ T5876] usb 4-1: SerialNumber: syz
[  836.849208][T12211] loop6: detected capacity change from 0 to 40427
[  836.856736][T12211] F2FS-fs: heap/no_heap options were deprecated
[  836.857007][T12211] f2fs: Unexpected value for 'usrquota'
[  837.064221][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.064780][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.065336][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.070938][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.074443][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.140196][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.140804][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.141466][ T5876] usb 4-1: unable to issue vendor read request (ret = -71)
[  837.698766][T12215] netlink: 260 bytes leftover after parsing attributes in process `syz.6.1433'.
[  837.707308][T12215] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1433'.
[  838.381878][ T5143] Bluetooth: hci0: command tx timeout
[  838.608448][   T60] Bluetooth: hci4: unexpected cc 0x0c12 length: 1 < 3
[  838.608481][   T60] Bluetooth: hci4: unexpected event for opcode 0x0c12
[  838.723181][T10951] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  838.781679][T10951] usb 6-1: USB disconnect, device number 14
[  838.986099][   T32] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  839.286949][T12231] loop5: detected capacity change from 0 to 512
[  839.760562][   T32] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  839.760651][   T32] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[  839.979576][   T32] usb 7-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  839.979607][   T32] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  839.979627][   T32] usb 7-1: Product: syz
[  839.979641][   T32] usb 7-1: Manufacturer: syz
[  839.979655][   T32] usb 7-1: SerialNumber: syz
[  840.012153][ T5876] usb 4-1: USB disconnect, device number 15
[  840.176562][T12231] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  840.176721][T12231] ext4 filesystem being mounted at /218/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  840.905421][   T60] Bluetooth: hci0: command tx timeout
[  840.932069][   T32] usb 7-1: config 0 descriptor??
[  841.827302][ T7876] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  841.941444][T12241] loop3: detected capacity change from 0 to 16
[  842.081543][T12241] erofs (device loop3): EXPERIMENTAL 48-bit layout support in use. Use at your own risk!
[  842.081559][T12241] erofs (device loop3): EXPERIMENTAL metadata compression support in use. Use at your own risk!
[  842.082923][T12241] erofs (device loop3): bogus i_mode (0) @ nid 1970324836974592
[  842.201267][   T32] streamzap 7-1:0.0: streamzap_probe: endpoint doesn't match input device 0201
[  842.255012][   T32] usb 7-1: USB disconnect, device number 9
[  842.352659][ T5143] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  842.395788][ T5143] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  842.418876][ T5143] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  842.479687][ T5143] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  842.481051][ T5143] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  842.682918][T12247] cgroup: Name too long
[  842.966222][ T5143] Bluetooth: hci0: command tx timeout
[  842.994973][T12249] loop5: detected capacity change from 0 to 512
[  843.273833][ T8580] udevd[8580]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  845.073184][   T60] Bluetooth: hci0: command tx timeout
[  845.296195][   T60] Bluetooth: hci5: command tx timeout
[  845.326907][   T57] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  846.717710][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  846.796736][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  846.838351][   T57] bond0 (unregistering): Released all slaves
[  846.864641][   T57] bond1 (unregistering): Released all slaves
[  846.916909][T11915] chnl_net:caif_netlink_parms(): no params data found
[  847.640970][   T60] Bluetooth: hci5: command tx timeout
[  848.571162][T12282] loop3: detected capacity change from 0 to 1024
[  848.576754][T12282] hfsplus: Unknown parameter ''
[  849.551111][T12289] loop3: detected capacity change from 0 to 128
[  849.552292][T12289] EXT4-fs: inline encryption not supported
[  849.553139][T12289] EXT4-fs (loop3): Test dummy encryption mode enabled
[  849.591519][T12289] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  849.751204][   T60] Bluetooth: hci5: command tx timeout
[  849.807404][T12289] ext4 filesystem being mounted at /350/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  851.013681][T12299] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  851.700895][T12301] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  852.064459][   T60] Bluetooth: hci5: command tx timeout
[  852.256755][ T5835] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  852.409571][T12308] loop5: detected capacity change from 0 to 256
[  852.435175][T12309] IPVS: set_ctl: invalid protocol: 255 100.1.1.2:20000
[  852.534289][   T60] Bluetooth: hci4: unexpected subevent 0x01 length: 11 < 18
[  852.720550][T12314] loop3: detected capacity change from 0 to 1024
[  853.351557][   T60] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  853.351793][   T60] Bluetooth: hci2: Injecting HCI hardware error event
[  853.373666][   T60] Bluetooth: hci2: hardware error 0x00
[  856.406299][   T60] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  858.919566][T12358] trusted_key: encrypted_key: insufficient parameters specified
[  859.987977][T12365] loop3: detected capacity change from 0 to 256
[  860.218155][T12347] dummy0: entered promiscuous mode
[  860.233730][T12365] FAT-fs (loop3): Directory bread(block 64) failed
[  860.233762][T12365] FAT-fs (loop3): Directory bread(block 65) failed
[  860.233984][T12365] FAT-fs (loop3): Directory bread(block 66) failed
[  860.234010][T12365] FAT-fs (loop3): Directory bread(block 67) failed
[  860.234100][T12365] FAT-fs (loop3): Directory bread(block 68) failed
[  860.234113][T12365] FAT-fs (loop3): Directory bread(block 69) failed
[  860.234175][T12365] FAT-fs (loop3): Directory bread(block 70) failed
[  860.234187][T12365] FAT-fs (loop3): Directory bread(block 71) failed
[  860.234247][T12365] FAT-fs (loop3): Directory bread(block 72) failed
[  860.234258][T12365] FAT-fs (loop3): Directory bread(block 73) failed
[  860.309063][T12347] macsec1: entered allmulticast mode
[  860.309086][T12347] dummy0: entered allmulticast mode
[  860.386470][T12347] dummy0: left allmulticast mode
[  860.386650][T12347] dummy0: left promiscuous mode
[  860.689230][ T5488] 8021q: adding VLAN 0 to HW filter on device eth20
[  860.952911][T12372] loop6: detected capacity change from 0 to 1024
[  861.036394][T10951] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  861.187825][T10951] usb 4-1: config 0 has an invalid interface number: 104 but max is 1
[  861.187853][T10951] usb 4-1: config 0 has an invalid interface number: 104 but max is 1
[  861.187873][T10951] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  861.187895][T10951] usb 4-1: config 0 has no interface number 0
[  861.187940][T10951] usb 4-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  861.187963][T10951] usb 4-1: config 0 interface 104 has no altsetting 1
[  861.190259][T10951] usb 4-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00
[  861.190289][T10951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  861.190309][T10951] usb 4-1: Product: syz
[  861.190324][T10951] usb 4-1: Manufacturer: syz
[  861.190338][T10951] usb 4-1: SerialNumber: syz
[  861.196272][T10951] usb 4-1: config 0 descriptor??
[  861.273016][T10951] asix 4-1:0.104: probe with driver asix failed with error -22
[  861.426327][T10951] usb 4-1: USB disconnect, device number 16
[  861.458570][T12380] loop6: detected capacity change from 0 to 8
[  867.173132][T12417] loop6: detected capacity change from 0 to 128
[  867.177272][T12417] vfat: Bad value for 'gid'
[  867.177289][T12417] vfat: Bad value for 'gid'
[  868.142710][   T32] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  868.176879][   T57] hsr_slave_0: left promiscuous mode
[  868.228774][   T57] hsr_slave_1: left promiscuous mode
[  868.238444][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  868.238471][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  868.264288][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  868.264314][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  868.287239][   T32] usb 7-1: Using ep0 maxpacket: 8
[  868.289818][   T32] usb 7-1: config 1 has an invalid interface number: 187 but max is 0
[  868.289846][   T32] usb 7-1: config 1 has no interface number 0
[  868.289884][   T32] usb 7-1: config 1 interface 187 has no altsetting 0
[  868.292586][   T32] usb 7-1: New USB device found, idVendor=05ac, idProduct=0272, bcdDevice=eb.4b
[  868.292614][   T32] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.292634][   T32] usb 7-1: Product: syz
[  868.292647][   T32] usb 7-1: Manufacturer: syz
[  868.292662][   T32] usb 7-1: SerialNumber: syz
[  868.585704][T12457] loop5: detected capacity change from 0 to 128
[  868.887706][   T32] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.187/input/input14
[  868.914015][ T5178] bcm5974 7-1:1.187: could not read from device
[  869.000255][   T32] usb 7-1: USB disconnect, device number 10
[  869.008184][   T57] veth1_macvtap: left promiscuous mode
[  869.008282][   T57] veth0_macvtap: left promiscuous mode
[  869.008674][   T57] veth1_vlan: left promiscuous mode
[  869.008754][   T57] veth0_vlan: left promiscuous mode
[  869.219304][T12466] netlink: 'syz.5.1500': attribute type 3 has an invalid length.
[  869.219368][T12466] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1500'.
[  869.259189][T12468] loop3: detected capacity change from 0 to 256
[  869.457597][T12468] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000e8a4, chksum : 0x7bc75166, utbl_chksum : 0xe619d30d)
[  869.618052][T12468] exFAT-fs (loop3): error, in sector 160, dentry 11 should be unused, but 0xc1
[  869.618082][T12468] exFAT-fs (loop3): Filesystem has been set read-only
[  869.887946][T12478] fuse: Bad value for 'fd'
[  870.179886][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  870.179984][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  871.253868][T12477] loop5: detected capacity change from 0 to 4096
[  871.418020][T12477] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  872.321401][T12499] loop3: detected capacity change from 0 to 512
[  872.323708][T12499] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  872.323745][T12499] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  872.417963][T12499] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=84ec018, mo2=0002]
[  872.430560][T12499] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4222: comm syz.3.1509: Allocating blocks 41-42 which overlap fs metadata
[  872.430585][T12499] loop3: lost filesystem error report for type 5 error -117
[  872.442404][    C0] EXT4-fs (loop3): error count since last fsck: 1
[  872.442426][    C0] EXT4-fs (loop3): initial error at time 1776508598: ext4_mb_mark_diskspace_used:4222
[  872.442447][    C0] EXT4-fs (loop3): last error at time 1776508598: ext4_mb_mark_diskspace_used:4222
[  872.450465][T12499] Quota error (device loop3): write_blk: dquota write failed
[  872.450483][T12499] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5
[  872.451147][T12499] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4222: comm syz.3.1509: Allocating blocks 41-42 which overlap fs metadata
[  872.451166][T12499] loop3: lost filesystem error report for type 5 error -117
[  872.459255][T12499] Quota error (device loop3): write_blk: dquota write failed
[  872.459519][T12499] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  872.459554][T12499] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.1509: Failed to acquire dquot type 1
[  872.459568][T12499] loop3: lost filesystem error report for type 5 error -117
[  872.466035][T12499] EXT4-fs error (device loop3): mb_free_blocks:2049: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  872.469600][T12499] EXT4-fs error (device loop3): ext4_do_update_inode:5690: inode #12: comm syz.3.1509: corrupted inode contents
[  872.469620][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.474539][T12499] EXT4-fs error (device loop3): ext4_dirty_inode:6587: inode #12: comm syz.3.1509: mark_inode_dirty error
[  872.474572][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.532150][T12499] EXT4-fs error (device loop3): ext4_do_update_inode:5690: inode #12: comm syz.3.1509: corrupted inode contents
[  872.532174][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.543152][T12499] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #12: comm syz.3.1509: mark_inode_dirty error
[  872.543180][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.544455][T12499] EXT4-fs error (device loop3): ext4_do_update_inode:5690: inode #12: comm syz.3.1509: corrupted inode contents
[  872.544477][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.565567][T12499] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[  872.565594][T12499] loop3: lost filesystem error report for type 5 error -117
[  872.569695][T12499] EXT4-fs error (device loop3): ext4_do_update_inode:5690: inode #12: comm syz.3.1509: corrupted inode contents
[  872.569719][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.570703][T12499] EXT4-fs error (device loop3): ext4_truncate:4690: inode #12: comm syz.3.1509: mark_inode_dirty error
[  872.570731][T12499] loop3: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  872.571655][T12499] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem
[  872.571679][T12499] loop3: lost filesystem error report for type 5 error -117
[  872.573141][T12499] EXT4-fs (loop3): 1 truncate cleaned up
[  872.574689][T12499] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  872.813109][T12505] Quota error (device loop3): write_blk: dquota write failed
[  872.813229][T12505] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  872.813288][T12505] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.1509: Failed to acquire dquot type 1
[  873.671664][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  873.806710][T12508] loop5: detected capacity change from 0 to 256
[  873.909703][   T57] team0 (unregistering): Port device team_slave_1 removed
[  873.946555][T12508] FAT-fs (loop5): Directory bread(block 64) failed
[  873.946587][T12508] FAT-fs (loop5): Directory bread(block 65) failed
[  873.946679][T12508] FAT-fs (loop5): Directory bread(block 66) failed
[  873.946700][T12508] FAT-fs (loop5): Directory bread(block 67) failed
[  873.946788][T12508] FAT-fs (loop5): Directory bread(block 68) failed
[  873.946809][T12508] FAT-fs (loop5): Directory bread(block 69) failed
[  873.946913][T12508] FAT-fs (loop5): Directory bread(block 70) failed
[  873.946935][T12508] FAT-fs (loop5): Directory bread(block 71) failed
[  873.947027][T12508] FAT-fs (loop5): Directory bread(block 72) failed
[  873.947048][T12508] FAT-fs (loop5): Directory bread(block 73) failed
[  874.098117][   T57] team0 (unregistering): Port device team_slave_0 removed
[  874.245508][T12513] loop5: detected capacity change from 0 to 2048
[  874.404184][T12515] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  874.422364][T12516] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1513'.
[  874.711864][T12520] loop3: detected capacity change from 0 to 64
[  875.249148][T12515] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  875.249184][T12515] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  875.261202][T12206] chnl_net:caif_netlink_parms(): no params data found
[  875.474634][T12515] Remounting filesystem read-only
[  875.494208][ T7876] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  875.874616][T12240] chnl_net:caif_netlink_parms(): no params data found
[  876.872587][T12557] loop3: detected capacity change from 0 to 1024
[  876.984123][T12206] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.984389][T12206] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.984699][T12206] bridge_slave_0: entered allmulticast mode
[  877.027828][T12206] bridge_slave_0: entered promiscuous mode
[  877.066413][T12206] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.066719][T12206] bridge0: port 2(bridge_slave_1) entered disabled state
[  877.067044][T12206] bridge_slave_1: entered allmulticast mode
[  877.073853][T12206] bridge_slave_1: entered promiscuous mode
[  877.382500][T12569] netlink: 348 bytes leftover after parsing attributes in process `syz.5.1525'.
[  877.775564][T12240] bridge0: port 1(bridge_slave_0) entered blocking state
[  877.775993][T12240] bridge0: port 1(bridge_slave_0) entered disabled state
[  877.776307][T12240] bridge_slave_0: entered allmulticast mode
[  877.779606][T12240] bridge_slave_0: entered promiscuous mode
[  877.788823][T12240] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.791686][T12240] bridge0: port 2(bridge_slave_1) entered disabled state
[  877.792024][T12240] bridge_slave_1: entered allmulticast mode
[  877.800387][T12240] bridge_slave_1: entered promiscuous mode
[  877.994766][T12206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  878.285480][T12206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  878.314159][T12240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  878.446645][T12240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  878.603741][T12587] loop5: detected capacity change from 0 to 128
[  878.642420][T12587] FAT-fs (loop5): Directory bread(block 162) failed
[  878.642450][T12587] FAT-fs (loop5): Directory bread(block 163) failed
[  878.642471][T12587] FAT-fs (loop5): Directory bread(block 164) failed
[  878.642492][T12587] FAT-fs (loop5): Directory bread(block 165) failed
[  878.642513][T12587] FAT-fs (loop5): Directory bread(block 166) failed
[  878.642535][T12587] FAT-fs (loop5): Directory bread(block 167) failed
[  878.642558][T12587] FAT-fs (loop5): Directory bread(block 168) failed
[  878.642579][T12587] FAT-fs (loop5): Directory bread(block 169) failed
[  878.642690][T12587] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  878.675515][T12587] FAT-fs (loop5): Directory bread(block 162) failed
[  878.675549][T12587] FAT-fs (loop5): Directory bread(block 163) failed
[  879.000159][T12206] team0: Port device team_slave_0 added
[  879.019154][T12587] bio_check_eod: 176 callbacks suppressed
[  879.019173][T12587] syz.5.1531: attempt to access beyond end of device
[  879.019173][T12587] loop5: rw=3, sector=226, nr_sectors = 6 limit=128
[  879.019268][T12587] syz.5.1531: attempt to access beyond end of device
[  879.019268][T12587] loop5: rw=2051, sector=232, nr_sectors = 2 limit=128
[  880.108266][T12206] team0: Port device team_slave_1 added
[  880.290940][T12240] team0: Port device team_slave_0 added
[  880.543771][T12240] team0: Port device team_slave_1 added
[  881.914240][   T38] audit: type=1326 audit(1776508607.931:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12624 comm="syz.3.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1879e5c819 code=0x7ffc0000
[  881.920017][   T38] audit: type=1326 audit(1776508607.931:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12624 comm="syz.3.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1879e5c819 code=0x7ffc0000
[  881.923584][   T38] audit: type=1326 audit(1776508607.941:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12624 comm="syz.3.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f1879e5c819 code=0x7ffc0000
[  881.926413][   T38] audit: type=1326 audit(1776508607.941:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12624 comm="syz.3.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1879e5c819 code=0x7ffc0000
[  882.047268][T12631] tipc: Can't bind to reserved service type 0
[  882.062936][T12206] batman_adv: batadv0: Adding interface: batadv_slave_0
[  882.062951][T12206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  882.062977][T12206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  882.164173][   T57] IPVS: stop unused estimator thread 0...
[  882.194055][T12206] batman_adv: batadv0: Adding interface: batadv_slave_1
[  882.194066][T12206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  882.194082][T12206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  882.197931][T12240] batman_adv: batadv0: Adding interface: batadv_slave_0
[  882.197947][T12240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  882.197969][T12240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  882.333885][T12240] batman_adv: batadv0: Adding interface: batadv_slave_1
[  882.333901][T12240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  882.333924][T12240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  882.364174][T12636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1540'.
[  882.386667][T12636] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  882.686903][T12206] hsr_slave_0: entered promiscuous mode
[  882.703639][T12206] hsr_slave_1: entered promiscuous mode
[  882.745656][T12206] debugfs: 'hsr0' already exists in 'hsr'
[  882.745684][T12206] Cannot create hsr debugfs directory
[  882.898833][T12240] hsr_slave_0: entered promiscuous mode
[  882.904276][T12240] hsr_slave_1: entered promiscuous mode
[  882.938023][T12240] debugfs: 'hsr0' already exists in 'hsr'
[  882.938051][T12240] Cannot create hsr debugfs directory
[  883.859950][T12646] loop3: detected capacity change from 0 to 32768
[  883.877761][T12646] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1544 (12646)
[  884.039321][T12673] loop6: detected capacity change from 0 to 64
[  884.305425][T12646] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  884.305459][T12646] BTRFS info (device loop3): using crc32c checksum algorithm
[  884.379493][T12673] syz.6.1549: attempt to access beyond end of device
[  884.379493][T12673] loop6: rw=0, sector=1024, nr_sectors = 2 limit=64
[  884.379531][T12673] Buffer I/O error on dev loop6, logical block 512, async page read
[  884.379868][T12673] syz.6.1549: attempt to access beyond end of device
[  884.379868][T12673] loop6: rw=0, sector=113152, nr_sectors = 2 limit=64
[  884.379893][T12673] Buffer I/O error on dev loop6, logical block 56576, async page read
[  885.052817][T12699] loop5: detected capacity change from 0 to 1024
[  885.214389][T12646] BTRFS info (device loop3): enabling ssd optimizations
[  885.214409][T12646] BTRFS info (device loop3): turning on flush-on-commit
[  885.214418][T12646] BTRFS info (device loop3): enabling free space tree
[  885.214427][T12646] BTRFS info (device loop3): enabling auto defrag
[  885.214438][T12646] BTRFS info (device loop3): use lzo compression, level 1
[  885.214462][T12646] BTRFS info (device loop3): max_inline set to 4096
[  885.220650][T12699] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  885.735074][ T5835] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  886.381851][ T5883] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  886.550582][ T5883] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  886.550631][ T5883] usb 6-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[  886.550653][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.617796][ T5883] usb 6-1: config 0 descriptor??
[  886.618892][T12716] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  887.173366][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173405][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173427][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173451][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173476][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173500][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173524][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173548][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173570][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.173594][ T5883] asus 0003:0B05:17E0.0005: unknown main item tag 0x0
[  887.328973][ T5883] asus 0003:0B05:17E0.0005: hidraw0: USB HID v7f.fd Device [HID 0b05:17e0] on usb-dummy_hcd.5-1/input0
[  887.365548][T12736] loop6: detected capacity change from 0 to 256
[  887.388674][ T5883] usb 6-1: USB disconnect, device number 15
[  887.537289][T12737] fido_id[12737]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  887.564014][T12736] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  887.564747][T12736] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  887.564787][T12736] FAT-fs (loop6): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  887.713176][   T38] audit: type=1800 audit(1776508613.731:123): pid=12736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1559" name="file1" dev="loop6" ino=1048661 res=0 errno=0
[  888.217791][T12747] loop6: detected capacity change from 0 to 1764
[  888.474352][T12749] loop3: detected capacity change from 0 to 128
[  888.479241][T12749] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  888.479309][T12749] hpfs: filesystem error: improperly stopped
[  888.479325][T12749] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  888.479339][T12749] hpfs: You really don't want any checks? You are crazy...
[  888.479756][T12749] hpfs: hpfs_map_sector(): read error
[  888.479766][T12749] hpfs: code page support is disabled
[  888.480090][T12749] hpfs: hpfs_map_4sectors(): unaligned read
[  888.480175][T12749] hpfs: hpfs_map_4sectors(): unaligned read
[  888.480184][T12749] hpfs: filesystem error: unable to find root dir
[  888.487625][T12749] hpfs: hpfs_map_4sectors(): unaligned read
[  888.913207][T12753] loop3: detected capacity change from 0 to 4096
[  889.684867][T12768] loop5: detected capacity change from 0 to 4096
[  889.699418][T12768] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  889.761595][T12770] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  890.114836][T12768] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  890.294072][T12768] ntfs3(loop5): ino=1b, mi_enum_attr
[  890.294100][T12768] ntfs3(loop5): ino=1b, mi_enum_attr
[  890.627565][T12779] loop3: detected capacity change from 0 to 4096
[  890.852372][T12782] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  892.382924][T12797] loop6: detected capacity change from 0 to 4096
[  892.668356][T12807] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  892.951255][T12814] loop5: detected capacity change from 0 to 64
[  893.931927][T12823] loop3: detected capacity change from 0 to 4096
[  894.031372][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031372][ T1056] loop5: rw=1, sector=65, nr_sectors = 1 limit=64
[  894.031405][ T1056] Buffer I/O error on dev loop5, logical block 65, lost async page write
[  894.031481][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031481][ T1056] loop5: rw=1, sector=66, nr_sectors = 1 limit=64
[  894.031500][ T1056] Buffer I/O error on dev loop5, logical block 66, lost async page write
[  894.031571][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031571][ T1056] loop5: rw=1, sector=67, nr_sectors = 1 limit=64
[  894.031591][ T1056] Buffer I/O error on dev loop5, logical block 67, lost async page write
[  894.031661][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031661][ T1056] loop5: rw=1, sector=68, nr_sectors = 1 limit=64
[  894.031680][ T1056] Buffer I/O error on dev loop5, logical block 68, lost async page write
[  894.031748][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031748][ T1056] loop5: rw=1, sector=72, nr_sectors = 1 limit=64
[  894.031764][ T1056] Buffer I/O error on dev loop5, logical block 72, lost async page write
[  894.031804][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031804][ T1056] loop5: rw=1, sector=73, nr_sectors = 1 limit=64
[  894.031817][ T1056] Buffer I/O error on dev loop5, logical block 73, lost async page write
[  894.031895][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031895][ T1056] loop5: rw=1, sector=76, nr_sectors = 1 limit=64
[  894.031906][ T1056] Buffer I/O error on dev loop5, logical block 76, lost async page write
[  894.031946][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.031946][ T1056] loop5: rw=1, sector=77, nr_sectors = 1 limit=64
[  894.031956][ T1056] Buffer I/O error on dev loop5, logical block 77, lost async page write
[  894.032986][ T1056] kworker/u8:8: attempt to access beyond end of device
[  894.032986][ T1056] loop5: rw=1, sector=78, nr_sectors = 1112 limit=64
[  894.073096][T12827] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  894.279745][T12823] NILFS (loop3): unable to set label with more than 80 bytes
[  894.380240][   T67] bridge_slave_1: left allmulticast mode
[  894.380269][   T67] bridge_slave_1: left promiscuous mode
[  894.380548][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.534519][   T67] bridge_slave_0: left allmulticast mode
[  894.534550][   T67] bridge_slave_0: left promiscuous mode
[  894.534832][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  895.085120][   T67] bridge_slave_1: left allmulticast mode
[  895.085139][   T67] bridge_slave_1: left promiscuous mode
[  895.085309][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  895.863542][   T67] bridge_slave_0: left allmulticast mode
[  895.863571][   T67] bridge_slave_0: left promiscuous mode
[  895.863819][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.016295][T12578] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  896.171116][T12578] usb 6-1: Using ep0 maxpacket: 16
[  896.173351][T12578] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  896.173380][T12578] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  896.173416][T12578] usb 6-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  896.173439][T12578] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  896.208792][T12578] usb 6-1: config 0 descriptor??
[  896.568723][   T67] bond0 (unregistering): Released all slaves
[  896.704673][T12578] bigben 0003:146B:0902.0006: unexpected rdesc, please submit for review
[  896.705378][T12578] hid_parser_main: 470 callbacks suppressed
[  896.705396][T12578] bigben 0003:146B:0902.0006: unknown main item tag 0x0
[  896.705426][T12578] bigben 0003:146B:0902.0006: unknown main item tag 0x0
[  896.705452][T12578] bigben 0003:146B:0902.0006: unknown main item tag 0x0
[  896.705478][T12578] bigben 0003:146B:0902.0006: unknown main item tag 0x0
[  896.705504][T12578] bigben 0003:146B:0902.0006: unknown main item tag 0x0
[  896.879058][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  896.972258][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  896.976202][T12578] bigben 0003:146B:0902.0006: hidraw0: USB HID v0.00 Device [HID 146b:0902] on usb-dummy_hcd.5-1/input0
[  896.976235][T12578] bigben 0003:146B:0902.0006: missing HID_OUTPUT_REPORT 0
[  896.976252][T12578] bigben 0003:146B:0902.0006: no output report found
[  896.989278][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  897.047237][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  897.065101][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  897.269508][T12578] usb 6-1: USB disconnect, device number 16
[  897.564898][T12858] loop6: detected capacity change from 0 to 32768
[  897.580017][   T67] bond0 (unregistering): Released all slaves
[  897.819605][T12858] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  898.526859][T12858] XFS (loop6): Ending clean mount
[  898.786158][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  898.788336][ T8170] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  899.076879][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  899.223861][   T67] bond0 (unregistering): Released all slaves
[  899.286419][T11526] Bluetooth: hci1: command tx timeout
[  899.315096][ T5143] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  899.416460][ T5143] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  899.421263][ T5143] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  899.460364][ T5143] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  899.463418][ T5143] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  900.413273][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  900.768264][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  900.825174][T12888] loop6: detected capacity change from 0 to 40427
[  900.836226][T12888] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  900.836252][T12888] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  900.994223][T12888] F2FS-fs (loop6): invalid crc_offset: 33558524
[  901.002809][   T67] bond0 (unregistering): Released all slaves
[  901.091661][T12888] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  901.384259][ T5143] Bluetooth: hci1: command tx timeout
[  901.493662][T12888] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  901.493695][T12888] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  901.606205][ T5143] Bluetooth: hci6: command tx timeout
[  903.450269][ T5143] Bluetooth: hci1: command tx timeout
[  903.728592][ T5143] Bluetooth: hci6: command tx timeout
[  904.044849][T12924] loop5: detected capacity change from 0 to 8
[  904.057925][T12923] loop3: detected capacity change from 0 to 256
[  904.119631][T12923] FAT-fs (loop3): Directory bread(block 64) failed
[  904.119664][T12923] FAT-fs (loop3): Directory bread(block 65) failed
[  904.119744][T12923] FAT-fs (loop3): Directory bread(block 66) failed
[  904.119763][T12923] FAT-fs (loop3): Directory bread(block 67) failed
[  904.119843][T12923] FAT-fs (loop3): Directory bread(block 68) failed
[  904.119862][T12923] FAT-fs (loop3): Directory bread(block 69) failed
[  904.119949][T12923] FAT-fs (loop3): Directory bread(block 70) failed
[  904.119968][T12923] FAT-fs (loop3): Directory bread(block 71) failed
[  904.120041][T12923] FAT-fs (loop3): Directory bread(block 72) failed
[  904.120061][T12923] FAT-fs (loop3): Directory bread(block 73) failed
[  905.165240][T12932] loop6: detected capacity change from 0 to 256
[  905.511217][T12932] FAT-fs (loop6): Directory bread(block 64) failed
[  905.511248][T12932] FAT-fs (loop6): Directory bread(block 65) failed
[  905.511338][T12932] FAT-fs (loop6): Directory bread(block 66) failed
[  905.511359][T12932] FAT-fs (loop6): Directory bread(block 67) failed
[  905.511452][T12932] FAT-fs (loop6): Directory bread(block 68) failed
[  905.511473][T12932] FAT-fs (loop6): Directory bread(block 69) failed
[  905.539870][ T5143] Bluetooth: hci1: command tx timeout
[  905.677542][T12932] FAT-fs (loop6): Directory bread(block 70) failed
[  905.677791][T12932] FAT-fs (loop6): Directory bread(block 71) failed
[  905.679248][T12932] FAT-fs (loop6): Directory bread(block 72) failed
[  905.679371][T12932] FAT-fs (loop6): Directory bread(block 73) failed
[  906.303829][ T5143] Bluetooth: hci6: command tx timeout
[  906.377406][   T67] hsr_slave_0: left promiscuous mode
[  906.449556][   T67] hsr_slave_1: left promiscuous mode
[  906.450996][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  906.490905][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  907.037358][T12948] hub 9-0:1.0: USB hub found
[  907.048761][T12948] hub 9-0:1.0: 1 port detected
[  907.592406][   T67] hsr_slave_0: left promiscuous mode
[  907.639428][   T67] hsr_slave_1: left promiscuous mode
[  907.640470][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  907.645582][T12956] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1617'.
[  907.688553][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  908.336065][ T5143] Bluetooth: hci6: command tx timeout
[  909.396945][   T67] team0 (unregistering): Port device team_slave_1 removed
[  909.436610][   T67] team0 (unregistering): Port device team_slave_0 removed
[  909.886724][   T67] team0 (unregistering): Port device team_slave_1 removed
[  909.936529][   T67] team0 (unregistering): Port device team_slave_0 removed
[  910.166234][T12963] tipc: Started in network mode
[  910.166250][T12963] tipc: Node identity , cluster identity 4711
[  913.190481][T12991] hub 9-0:1.0: USB hub found
[  913.196652][T12991] hub 9-0:1.0: 1 port detected
[  914.841255][   T10] kernel read not supported for file /dsp (pid: 10 comm: kworker/0:1)
[  915.014999][T13009] loop6: detected capacity change from 0 to 136
[  915.154335][T12862] chnl_net:caif_netlink_parms(): no params data found
[  915.229643][T12985] loop3: detected capacity change from 0 to 40427
[  915.259721][T12985] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  915.259745][T12985] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  915.288967][T12985] F2FS-fs (loop3): invalid crc value
[  916.080697][T12985] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  916.608517][T13005] loop5: detected capacity change from 0 to 32768
[  916.689848][T13005] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1631 (13005)
[  916.732831][T13005] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  916.732866][T13005] BTRFS info (device loop5): using sha256 checksum algorithm
[  917.199572][T13005] BTRFS info (device loop5): enabling ssd optimizations
[  917.199600][T13005] BTRFS info (device loop5): turning on async discard
[  917.199616][T13005] BTRFS info (device loop5): enabling free space tree
[  917.768778][T12882] chnl_net:caif_netlink_parms(): no params data found
[  918.019123][ T7876] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  918.369609][T12862] bridge0: port 1(bridge_slave_0) entered blocking state
[  918.369873][T12862] bridge0: port 1(bridge_slave_0) entered disabled state
[  918.370059][T12862] bridge_slave_0: entered allmulticast mode
[  918.372027][T12862] bridge_slave_0: entered promiscuous mode
[  918.436923][T12862] bridge0: port 2(bridge_slave_1) entered blocking state
[  918.437203][T12862] bridge0: port 2(bridge_slave_1) entered disabled state
[  918.437503][T12862] bridge_slave_1: entered allmulticast mode
[  918.444253][T12862] bridge_slave_1: entered promiscuous mode
[  918.829758][T13052] loop3: detected capacity change from 0 to 2048
[  918.857797][T13052] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  918.970785][T12862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  919.302248][T12862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  919.373800][T13063] loop6: detected capacity change from 0 to 2048
[  919.514296][T12882] bridge0: port 1(bridge_slave_0) entered blocking state
[  919.514572][T12882] bridge0: port 1(bridge_slave_0) entered disabled state
[  919.514894][T12882] bridge_slave_0: entered allmulticast mode
[  919.589286][T12882] bridge_slave_0: entered promiscuous mode
[  919.727368][T13063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  919.915683][T12882] bridge0: port 2(bridge_slave_1) entered blocking state
[  919.916306][T12882] bridge0: port 2(bridge_slave_1) entered disabled state
[  919.916634][T12882] bridge_slave_1: entered allmulticast mode
[  919.920317][T12882] bridge_slave_1: entered promiscuous mode
[  920.360260][T12862] team0: Port device team_slave_0 added
[  920.411069][T12862] team0: Port device team_slave_1 added
[  920.458380][T12882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  920.631091][T12882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  920.895205][ T5488] 8021q: adding VLAN 0 to HW filter on device eth1
[  920.917928][T12862] batman_adv: batadv0: Adding interface: batadv_slave_0
[  920.917944][T12862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  920.917970][T12862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  921.007506][T12862] batman_adv: batadv0: Adding interface: batadv_slave_1
[  921.007522][T12862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  921.007547][T12862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  921.013247][T12882] team0: Port device team_slave_0 added
[  921.121387][T12882] team0: Port device team_slave_1 added
[  921.379056][T12882] batman_adv: batadv0: Adding interface: batadv_slave_0
[  921.379073][T12882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  921.379097][T12882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  921.455065][T12882] batman_adv: batadv0: Adding interface: batadv_slave_1
[  921.455082][T12882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  921.455108][T12882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  921.513429][T12862] hsr_slave_0: entered promiscuous mode
[  921.529962][T12862] hsr_slave_1: entered promiscuous mode
[  921.532145][T12862] debugfs: 'hsr0' already exists in 'hsr'
[  921.532170][T12862] Cannot create hsr debugfs directory
[  922.674850][T13105] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  923.078253][T12882] hsr_slave_0: entered promiscuous mode
[  923.083549][T12882] hsr_slave_1: entered promiscuous mode
[  923.085330][T12882] debugfs: 'hsr0' already exists in 'hsr'
[  923.085355][T12882] Cannot create hsr debugfs directory
[  923.201406][T13115] loop6: detected capacity change from 0 to 512
[  923.386673][T13115] EXT4-fs (loop6): 1 truncate cleaned up
[  923.388623][T13115] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  923.837016][   T67] bridge_slave_1: left allmulticast mode
[  923.837044][   T67] bridge_slave_1: left promiscuous mode
[  923.837298][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  923.862691][ T8170] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  924.027486][   T67] bridge_slave_0: left allmulticast mode
[  924.027515][   T67] bridge_slave_0: left promiscuous mode
[  924.080576][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  924.215970][ T8592] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  924.410543][   T67] bridge_slave_1: left allmulticast mode
[  924.410580][   T67] bridge_slave_1: left promiscuous mode
[  924.410858][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  924.480330][ T8592] usb 6-1: Using ep0 maxpacket: 32
[  924.512345][ T8592] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  924.512376][ T8592] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  924.520474][ T8592] usb 6-1: config 0 descriptor??
[  925.408613][ T8592] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  925.454993][T13149] loop3: detected capacity change from 0 to 256
[  925.474680][   T67] bridge_slave_0: left allmulticast mode
[  925.474710][   T67] bridge_slave_0: left promiscuous mode
[  925.474998][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  925.502503][ T8592] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  925.503590][ T8592] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  925.503638][ T8592] usb 6-1: media controller created
[  925.547911][ T8592] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  925.583829][T13149] FAT-fs (loop3): Directory bread(block 64) failed
[  925.583860][T13149] FAT-fs (loop3): Directory bread(block 65) failed
[  925.583927][T13149] FAT-fs (loop3): Directory bread(block 66) failed
[  925.583940][T13149] FAT-fs (loop3): Directory bread(block 67) failed
[  925.584028][T13149] FAT-fs (loop3): Directory bread(block 68) failed
[  925.584049][T13149] FAT-fs (loop3): Directory bread(block 69) failed
[  925.584110][T13149] FAT-fs (loop3): Directory bread(block 70) failed
[  925.584124][T13149] FAT-fs (loop3): Directory bread(block 71) failed
[  925.584215][T13149] FAT-fs (loop3): Directory bread(block 72) failed
[  925.584234][T13149] FAT-fs (loop3): Directory bread(block 73) failed
[  925.615986][ T8592] az6027: usb out operation failed. (-71)
[  925.696239][ T8592] az6027: usb out operation failed. (-71)
[  925.696259][ T8592] stb0899_attach: Driver disabled by Kconfig
[  925.696267][ T8592] az6027: no front-end attached
[  925.696267][ T8592] 
[  925.696674][ T8592] az6027: usb out operation failed. (-71)
[  925.696688][ T8592] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  925.740612][ T8592] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input15
[  925.801990][ T8592] dvb-usb: schedule remote query interval to 400 msecs.
[  925.802014][ T8592] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  925.820792][ T8592] usb 6-1: USB disconnect, device number 17
[  926.328870][ T8592] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  926.610337][ T5835] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  926.610360][ T5835] FAT-fs (loop3): Filesystem has been set read-only
[  926.714451][T13153] syz.3.1663: attempt to access beyond end of device
[  926.714451][T13153] loop3: rw=2049, sector=1224, nr_sectors = 4 limit=256
[  926.750163][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  926.862390][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  926.939696][   T67] bond0 (unregistering): Released all slaves
[  927.266884][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  927.346656][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  927.431218][   T67] bond0 (unregistering): Released all slaves
[  927.591163][ T5488] 8021q: adding VLAN 0 to HW filter on device eth2
[  927.605502][T13155] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  928.775294][   T67] hsr_slave_0: left promiscuous mode
[  928.816054][   T67] hsr_slave_1: left promiscuous mode
[  928.817259][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  928.913705][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  929.174550][   T67] hsr_slave_0: left promiscuous mode
[  929.205995][   T67] hsr_slave_1: left promiscuous mode
[  929.207250][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  929.241104][T13167] loop6: detected capacity change from 0 to 40427
[  929.429693][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  929.501501][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  929.505260][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  929.505728][T13167] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  929.505748][T13167] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  929.525123][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  929.582578][T13167] F2FS-fs (loop6): invalid crc value
[  929.615655][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  929.629799][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  929.999252][T13167] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  930.191030][T13167] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  930.191060][T13167] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  930.453372][ T8170] syz-executor: attempt to access beyond end of device
[  930.453372][ T8170] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  930.497546][ T8170] CPU: 1 UID: 0 PID: 8170 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  930.497580][ T8170] Tainted: [L]=SOFTLOCKUP
[  930.497586][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  930.497597][ T8170] Call Trace:
[  930.497604][ T8170]  <TASK>
[  930.497613][ T8170]  dump_stack_lvl+0xe8/0x150
[  930.497640][ T8170]  f2fs_stop_checkpoint+0x383/0x540
[  930.497666][ T8170]  f2fs_write_end_io+0x1274/0x1740
[  930.497713][ T8170]  __submit_merged_bio+0x256/0x6a0
[  930.497741][ T8170]  __submit_merged_write_cond+0x3c9/0x4e0
[  930.497771][ T8170]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  930.497825][ T8170]  f2fs_write_data_pages+0x287e/0x34f0
[  930.497848][ T8170]  ? __lock_acquire+0x6b5/0x2cf0
[  930.497906][ T8170]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  930.497950][ T8170]  ? __lock_acquire+0x6b5/0x2cf0
[  930.497965][ T8170]  ? __lock_acquire+0x6b5/0x2cf0
[  930.497988][ T8170]  ? do_raw_spin_lock+0x12b/0x2f0
[  930.498006][ T8170]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  930.498019][ T8170]  ? lockdep_hardirqs_on+0x7a/0x110
[  930.498030][ T8170]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  930.498045][ T8170]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  930.498059][ T8170]  do_writepages+0x32e/0x550
[  930.498075][ T8170]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  930.498091][ T8170]  ? rt_spin_unlock+0x14f/0x200
[  930.498111][ T8170]  filemap_fdatawrite+0x1ec/0x2f0
[  930.498128][ T8170]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  930.498141][ T8170]  ? __lock_acquire+0x6b5/0x2cf0
[  930.498172][ T8170]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  930.498191][ T8170]  ? rt_spin_unlock+0x160/0x200
[  930.498207][ T8170]  f2fs_sync_dirty_inodes+0x30e/0x830
[  930.498229][ T8170]  f2fs_write_checkpoint+0x9df/0x26a0
[  930.498242][ T8170]  ? __lock_acquire+0x6b5/0x2cf0
[  930.498271][ T8170]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  930.498311][ T8170]  kill_f2fs_super+0x314/0x730
[  930.498328][ T8170]  ? __pfx_kill_f2fs_super+0x10/0x10
[  930.498348][ T8170]  ? lockdep_hardirqs_on+0x7a/0x110
[  930.498365][ T8170]  deactivate_locked_super+0xbc/0x130
[  930.498381][ T8170]  cleanup_mnt+0x437/0x4d0
[  930.498396][ T8170]  ? _raw_spin_unlock_irq+0x23/0x50
[  930.498409][ T8170]  task_work_run+0x1d9/0x270
[  930.498426][ T8170]  ? __pfx_task_work_run+0x10/0x10
[  930.498444][ T8170]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.498456][ T8170]  exit_to_user_mode_loop+0xed/0x480
[  930.498469][ T8170]  ? rcu_is_watching+0x15/0xb0
[  930.498484][ T8170]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.498496][ T8170]  do_syscall_64+0x33e/0xf80
[  930.498507][ T8170]  ? trace_irq_disable+0x3b/0x140
[  930.498520][ T8170]  ? clear_bhb_loop+0x40/0x90
[  930.498533][ T8170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  930.498544][ T8170] RIP: 0033:0x7f8b74d0da57
[  930.498557][ T8170] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  930.498567][ T8170] RSP: 002b:00007ffd10f1b708 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  930.498579][ T8170] RAX: 0000000000000000 RBX: 00007f8b74da2048 RCX: 00007f8b74d0da57
[  930.498586][ T8170] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10f1b7c0
[  930.498593][ T8170] RBP: 00007ffd10f1b7c0 R08: 00007ffd10f1c7c0 R09: 00000000ffffffff
[  930.498600][ T8170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd10f1c850
[  930.498606][ T8170] R13: 00007f8b74da2048 R14: 00000000000e318f R15: 00007ffd10f1c890
[  930.498623][ T8170]  </TASK>
[  930.498628][ T8170] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  930.713725][   T67] team0 (unregistering): Port device team_slave_1 removed
[  930.766687][   T67] team0 (unregistering): Port device team_slave_0 removed
[  931.183260][T13196] loop6: detected capacity change from 0 to 128
[  931.527245][   T67] team0 (unregistering): Port device team_slave_1 removed
[  931.569531][T13196] FAT-fs (loop6): error, invalid access to FAT (entry 0x0fff0000)
[  931.569558][T13196] FAT-fs (loop6): Filesystem has been set read-only
[  931.620242][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  931.620323][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  931.622894][   T67] team0 (unregistering): Port device team_slave_0 removed
[  931.926695][ T5143] Bluetooth: hci0: command tx timeout
[  932.024666][T13203] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  932.130268][T13206] loop6: detected capacity change from 0 to 512
[  932.132321][T13206] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  932.141362][T13206] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  932.199585][    C0] EXT4-fs (loop6): initial error at time 1776508658: ext4_mb_generate_buddy:1317
[  932.199616][    C0] EXT4-fs (loop6): last error at time 1776508658: ext4_mb_generate_buddy:1317
[  932.310018][T13206] EXT4-fs (loop6): 1 truncate cleaned up
[  932.312929][T13206] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  932.620641][ T8170] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  933.545944][T12578] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  933.646871][T13230] loop6: detected capacity change from 0 to 512
[  933.736275][T12578] usb 6-1: Using ep0 maxpacket: 16
[  933.738289][T12578] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  933.738312][T12578] usb 6-1: config 0 has no interface number 0
[  933.740331][T12578] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  933.740357][T12578] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.740375][T12578] usb 6-1: Product: syz
[  933.740387][T12578] usb 6-1: Manufacturer: syz
[  933.740401][T12578] usb 6-1: SerialNumber: syz
[  933.832212][T12578] usb 6-1: config 0 descriptor??
[  933.852763][T12578] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  934.015568][ T5143] Bluetooth: hci0: command tx timeout
[  934.701097][T12578] gspca_spca1528: reg_w err -71
[  934.765481][T12578] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[  934.778734][T12578] usb 6-1: USB disconnect, device number 18
[  935.232284][ T5488] 8021q: adding VLAN 0 to HW filter on device eth3
[  935.800785][T13181] chnl_net:caif_netlink_parms(): no params data found
[  936.099193][ T5143] Bluetooth: hci0: command tx timeout
[  936.226153][T12578] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  936.505998][T12578] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  936.506050][T12578] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  936.506072][T12578] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.546379][T12578] usb 6-1: config 0 descriptor??
[  936.561054][T12578] pwc: Askey VC010 type 2 USB webcam detected.
[  936.777399][T12862] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  936.829816][T12862] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  936.974492][T12578] pwc: recv_control_msg error -32 req 02 val 2b00
[  937.030312][T12578] pwc: recv_control_msg error -32 req 02 val 2700
[  937.160674][T12862] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  937.253915][T12578] pwc: recv_control_msg error -71 req 04 val 1000
[  937.254320][T12578] pwc: recv_control_msg error -71 req 04 val 1300
[  937.254793][T12578] pwc: recv_control_msg error -71 req 04 val 1400
[  937.259194][T12578] pwc: recv_control_msg error -71 req 02 val 2000
[  937.259777][T12578] pwc: recv_control_msg error -71 req 02 val 2100
[  937.260215][T12578] pwc: recv_control_msg error -71 req 04 val 1500
[  937.260676][T12578] pwc: recv_control_msg error -71 req 02 val 2500
[  937.261110][T12578] pwc: recv_control_msg error -71 req 02 val 2400
[  937.261543][T12578] pwc: recv_control_msg error -71 req 02 val 2600
[  937.261975][T12578] pwc: recv_control_msg error -71 req 02 val 2900
[  937.262467][T12578] pwc: recv_control_msg error -71 req 02 val 2800
[  937.263196][T12578] pwc: recv_control_msg error -71 req 04 val 1100
[  937.263626][T12578] pwc: recv_control_msg error -71 req 04 val 1200
[  937.382018][T12862] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  937.410941][ T5488] 8021q: adding VLAN 0 to HW filter on device eth4
[  937.595767][T12578] pwc: Registered as video103.
[  937.622984][T12578] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input16
[  937.793965][T12578] usb 6-1: USB disconnect, device number 19
[  937.931223][T12862] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  938.044754][T12862] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  938.181935][ T5143] Bluetooth: hci0: command tx timeout
[  938.232838][T12862] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  938.274845][T12862] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  938.396952][T13181] bridge0: port 1(bridge_slave_0) entered blocking state
[  938.397227][T13181] bridge0: port 1(bridge_slave_0) entered disabled state
[  938.397570][T13181] bridge_slave_0: entered allmulticast mode
[  938.401478][T13181] bridge_slave_0: entered promiscuous mode
[  938.563876][T13181] bridge0: port 2(bridge_slave_1) entered blocking state
[  938.564328][T13181] bridge0: port 2(bridge_slave_1) entered disabled state
[  938.564569][T13181] bridge_slave_1: entered allmulticast mode
[  938.588398][T13181] bridge_slave_1: entered promiscuous mode
[  938.725343][T13181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  938.749552][T13181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  938.749646][T12882] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  938.790569][T12882] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  938.827138][T12882] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  938.856691][T12578] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  938.996337][T12882] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  939.014303][ T5876] kernel read not supported for file /vcs (pid: 5876 comm: kworker/0:4)
[  939.015951][T12578] usb 6-1: Using ep0 maxpacket: 16
[  939.029907][T12578] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  939.029940][T12578] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  939.067768][T12578] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  939.067793][T12578] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.067808][T12578] usb 6-1: Product: syz
[  939.067820][T12578] usb 6-1: Manufacturer: syz
[  939.067832][T12578] usb 6-1: SerialNumber: syz
[  939.127833][T12578] usb 6-1: config 0 descriptor??
[  939.134519][T12578] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  939.134559][T12578] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  939.249169][T12882] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  939.301517][T13293] loop6: detected capacity change from 0 to 1024
[  939.313562][T12882] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  939.314912][T13293] EXT4-fs: Ignoring removed bh option
[  939.324387][T13181] team0: Port device team_slave_0 added
[  939.425709][T13293] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  939.590242][T13293] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  939.693693][T13293] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  939.693728][T13293] EXT4-fs (loop6): This should not happen!! Data will be lost
[  939.693728][T13293] 
[  939.693742][T13293] EXT4-fs (loop6): Total free blocks count 0
[  939.693755][T13293] EXT4-fs (loop6): Free/Dirty block details
[  939.693822][T13293] EXT4-fs (loop6): free_blocks=20480
[  939.693870][T13293] EXT4-fs (loop6): dirty_blocks=80
[  939.693883][T13293] EXT4-fs (loop6): Block reservation details
[  939.693895][T13293] EXT4-fs (loop6): i_reserved_data_blocks=5
[  939.782834][T12578] em28xx 6-1:0.0: unknown em28xx chip ID (86)
[  939.988473][ T1056] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  940.015181][T12578] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  940.015579][T12578] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  940.015595][T12578] em28xx 6-1:0.0: No AC97 audio processor
[  940.116887][ T8170] EXT4-fs warning (device loop6): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  940.132329][T12578] usb 6-1: USB disconnect, device number 20
[  940.212282][   T67] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  940.233057][T12578] em28xx 6-1:0.0: Disconnecting em28xx
[  940.571872][T13299] loop6: detected capacity change from 0 to 256
[  940.594739][T13299] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x33d5ef74, utbl_chksum : 0xe619d30d)
[  940.731378][T13302] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  940.774669][T12578] em28xx 6-1:0.0: Freeing device
[  941.166506][T12882] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  941.221548][T12882] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  941.257471][T13181] team0: Port device team_slave_1 added
[  941.346809][T12578] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  941.481194][T13181] batman_adv: batadv0: Adding interface: batadv_slave_0
[  941.481209][T13181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  941.481229][T13181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  941.529919][T12578] usb 6-1: Using ep0 maxpacket: 32
[  941.548081][T12578] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  941.548108][T12578] usb 6-1: config 0 has no interface number 0
[  941.548153][T12578] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  941.548178][T12578] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  941.548215][T12578] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  941.548238][T12578] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.551359][T13181] batman_adv: batadv0: Adding interface: batadv_slave_1
[  941.551373][T13181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  941.551394][T13181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  941.554323][T12578] usb 6-1: config 0 descriptor??
[  942.226646][T12578] uclogic 0003:28BD:0094.0007: pen parameters not found
[  942.226675][T12578] uclogic 0003:28BD:0094.0007: interface is invalid, ignoring
[  942.260374][T12578] usb 6-1: USB disconnect, device number 21
[  942.532843][   T67] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  943.350938][   T67] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  943.545552][T13181] hsr_slave_0: entered promiscuous mode
[  943.548430][T13181] hsr_slave_1: entered promiscuous mode
[  943.551206][T13181] debugfs: 'hsr0' already exists in 'hsr'
[  943.551237][T13181] Cannot create hsr debugfs directory
[  943.776057][T10951] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  943.927944][T10951] usb 7-1: config index 0 descriptor too short (expected 39, got 27)
[  943.928000][T10951] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  943.928015][T10951] usb 7-1: config 0 interface 0 has no altsetting 0
[  943.930138][T10951] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  943.930164][T10951] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  943.930175][T10951] usb 7-1: Product: syz
[  943.930182][T10951] usb 7-1: Manufacturer: syz
[  943.930190][T10951] usb 7-1: SerialNumber: syz
[  943.934590][T10951] usb 7-1: config 0 descriptor??
[  944.000730][T10951] hub 7-1:0.0: bad descriptor, ignoring hub
[  944.000767][T10951] hub 7-1:0.0: probe with driver hub failed with error -5
[  944.005187][T10951] usb 7-1: selecting invalid altsetting 0
[  944.191577][   T67] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  944.555046][T10951] usb 7-1: USB disconnect, device number 11
[  945.254418][T12862] 8021q: adding VLAN 0 to HW filter on device bond0
[  945.513294][ T5901] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  945.656014][   T10] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  945.747922][ T5901] usb 7-1: config 1 has an invalid descriptor of length 74, skipping remainder of the config
[  945.747947][ T5901] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  945.747998][ T5901] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 105, changing to 4
[  945.748022][ T5901] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 15929, setting to 1023
[  945.750160][ T5901] usb 7-1: New USB device found, idVendor=1235, idProduct=8204, bcdDevice= 0.40
[  945.750190][ T5901] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  945.750207][ T5901] usb 7-1: Product: syz
[  945.750220][ T5901] usb 7-1: Manufacturer: syz
[  945.750233][ T5901] usb 7-1: SerialNumber: syz
[  945.851179][   T10] usb 6-1: Using ep0 maxpacket: 16
[  945.870057][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  945.870091][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  945.870129][   T10] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  945.870151][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.966529][   T10] usb 6-1: config 0 descriptor??
[  946.214120][ T5901] usb 7-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[  946.275980][ T5901] usb 7-1: incorrect wMaxPacketSize 0x3ff for BADD profile
[  946.473123][ T5901] snd-usb-audio 7-1:1.0: probe with driver snd-usb-audio failed with error -22
[  946.535333][ T5901] usb 7-1: USB disconnect, device number 12
[  946.567559][ T8580] udevd[8580]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  946.622959][   T10] usb 6-1: language id specifier not provided by device, defaulting to English
[  946.827262][   T10] letsketch 0003:6161:4D15.0008: Device info: 
[  947.041339][   T10] letsketch 0003:6161:4D15.0008: Device info: ï“¿
[  947.303354][   T10] usb 6-1: Max retries (5) exceeded reading string descriptor 202
[  947.303432][   T10] letsketch 0003:6161:4D15.0008: probe with driver letsketch failed with error -71
[  947.370706][   T10] usb 6-1: USB disconnect, device number 22
[  947.811459][T12862] 8021q: adding VLAN 0 to HW filter on device team0
[  948.189575][T12882] 8021q: adding VLAN 0 to HW filter on device bond0
[  948.190265][T13370] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1717'.
[  948.191980][ T1056] bridge0: port 1(bridge_slave_0) entered blocking state
[  948.192115][ T1056] bridge0: port 1(bridge_slave_0) entered forwarding state
[  948.648886][T13372] loop5: detected capacity change from 0 to 32768
[  948.689033][T13372] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  948.740302][T13372] XFS (loop5): Ending clean mount
[  949.178003][ T1056] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.178261][ T1056] bridge0: port 2(bridge_slave_1) entered forwarding state
[  949.732358][ T7876] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  950.575060][   T67] geneve1: left allmulticast mode
[  950.575080][   T67] geneve1: left promiscuous mode
[  950.575309][   T67] bridge0: port 3(geneve1) entered disabled state
[  950.717465][   T67] bridge_slave_1: left allmulticast mode
[  950.717493][   T67] bridge_slave_1: left promiscuous mode
[  950.717810][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  950.836849][   T67] bridge_slave_0: left allmulticast mode
[  950.836870][   T67] bridge_slave_0: left promiscuous mode
[  950.837038][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.320344][T13401] netlink: 'syz.5.1724': attribute type 3 has an invalid length.
[  952.456498][   T67] bond1 (unregistering): (slave ip6erspan0): Releasing active interface
[  952.826529][   T67] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  952.946694][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  953.037134][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  953.059522][   T67] bond0 (unregistering): Released all slaves
[  953.067070][   T67] bond1 (unregistering): Released all slaves
[  953.432322][T12882] 8021q: adding VLAN 0 to HW filter on device team0
[  953.700830][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  953.701000][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  954.113256][ T1196] bridge0: port 2(bridge_slave_1) entered blocking state
[  954.113423][ T1196] bridge0: port 2(bridge_slave_1) entered forwarding state
[  956.497235][   T67] IPVS: stopping backup sync thread 7510 ...
[  957.245574][   T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  957.324539][   T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  957.339015][   T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  957.389971][   T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  957.475483][   T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  958.657548][T13435] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1734'.
[  958.921083][T13181] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  958.952677][T13181] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  959.059260][T13181] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  959.112538][T13181] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  959.161001][T13181] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  959.353399][T13181] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  959.509593][T13181] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  959.566022][ T5901] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  959.569446][T13181] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  959.696191][T12578] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  959.715948][ T5901] usb 6-1: Using ep0 maxpacket: 8
[  959.717780][ T5901] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  959.717836][ T5901] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  959.717859][ T5901] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  959.717884][ T5901] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  959.717908][ T5901] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  959.717949][ T5901] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  959.717970][ T5901] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.851146][T11526] Bluetooth: hci4: command tx timeout
[  959.892606][T12578] usb 7-1: Using ep0 maxpacket: 16
[  959.900941][T12578] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  959.900973][T12578] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  959.901010][T12578] usb 7-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  959.901033][T12578] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.920839][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  959.980407][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  959.984915][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  960.000940][T12578] usb 7-1: config 0 descriptor??
[  960.059776][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  960.254214][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  960.682947][T12578] hid-multitouch 0003:1FD2:6007.0009: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.6-1/input0
[  960.727374][T12578] usb 7-1: USB disconnect, device number 13
[  960.959713][T13444] fido_id[13444]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  961.912891][   T67] hsr_slave_0: left promiscuous mode
[  961.926471][   T60] Bluetooth: hci4: command tx timeout
[  962.066042][   T67] hsr_slave_1: left promiscuous mode
[  962.068630][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  962.068654][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  962.750678][   T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  962.750705][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  962.792739][T10951] usb 6-1: USB disconnect, device number 23
[  962.966012][   T60] Bluetooth: hci1: command tx timeout
[  963.038021][T13470] loop5: detected capacity change from 0 to 128
[  963.105118][T13470] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  963.105152][T13470] hpfs: filesystem error: improperly stopped
[  963.105166][T13470] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  963.105181][T13470] hpfs: You really don't want any checks? You are crazy...
[  963.105193][T13470] hpfs: Code page index out of array
[  963.105201][T13470] hpfs: code page support is disabled
[  963.105319][T13470] hpfs: hpfs_map_4sectors(): unaligned read
[  963.105403][T13470] hpfs: hpfs_map_4sectors(): unaligned read
[  963.105413][T13470] hpfs: filesystem error: unable to find root dir
[  963.402091][   T67] veth1_macvtap: left promiscuous mode
[  963.402197][   T67] veth0_macvtap: left promiscuous mode
[  963.402483][   T67] veth1_vlan: left promiscuous mode
[  963.402685][   T67] veth0_vlan: left promiscuous mode
[  964.006396][   T60] Bluetooth: hci4: command tx timeout
[  964.775943][T12578] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  964.945994][T12578] usb 6-1: Using ep0 maxpacket: 32
[  964.948087][T12578] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  964.948135][T12578] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  964.948150][T12578] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  964.948165][T12578] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  964.950494][T12578] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  964.950555][T12578] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.950570][T12578] usb 6-1: Product: syz
[  964.950579][T12578] usb 6-1: Manufacturer: syz
[  964.950588][T12578] usb 6-1: SerialNumber: syz
[  965.057400][   T60] Bluetooth: hci1: command tx timeout
[  965.128176][    C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  965.243331][T12578] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/input/input17
[  965.263009][   T67] team0 (unregistering): Port device team_slave_1 removed
[  965.346012][T12578] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  965.346033][T12578]  (id 0x00)
[  965.476101][T12578] rc_core: IR keymap rc-imon-pad not found
[  965.476122][T12578] Registered IR keymap rc-empty
[  965.476215][T12578] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  965.476226][T12578] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  965.516420][   T67] team0 (unregistering): Port device team_slave_0 removed
[  965.603554][T12578] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0
[  965.634642][T12578] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0/input18
[  965.681846][T12578] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:24> initialized
[  965.772308][T10951] usb 6-1: USB disconnect, device number 24
[  966.086019][   T60] Bluetooth: hci4: command tx timeout
[  967.260782][   T60] Bluetooth: hci1: command tx timeout
[  967.372590][T13534] loop6: detected capacity change from 0 to 1024
[  967.970845][T13425] chnl_net:caif_netlink_parms(): no params data found
[  968.953160][T13442] chnl_net:caif_netlink_parms(): no params data found
[  968.971804][   T67] IPVS: stop unused estimator thread 0...
[  969.132727][T13425] bridge0: port 1(bridge_slave_0) entered blocking state
[  969.133078][T13425] bridge0: port 1(bridge_slave_0) entered disabled state
[  969.133413][T13425] bridge_slave_0: entered allmulticast mode
[  969.144291][T13425] bridge_slave_0: entered promiscuous mode
[  969.287196][   T60] Bluetooth: hci1: command tx timeout
[  969.287655][T13425] bridge0: port 2(bridge_slave_1) entered blocking state
[  969.287944][T13425] bridge0: port 2(bridge_slave_1) entered disabled state
[  969.288247][T13425] bridge_slave_1: entered allmulticast mode
[  969.310403][T13425] bridge_slave_1: entered promiscuous mode
[  969.672749][T13425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  969.704694][T13425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  969.933836][ T5488] 8021q: adding VLAN 0 to HW filter on device eth8
[  970.095743][T13181] 8021q: adding VLAN 0 to HW filter on device bond0
[  970.908487][T13574] loop6: detected capacity change from 0 to 131072
[  970.916931][T13574] F2FS-fs (loop6): Wrong CP boundary, start(512) end(1536) blocks(0)
[  970.916959][T13574] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  970.918044][T13574] F2FS-fs (loop6): invalid crc value
[  971.022791][T13574] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  971.087983][T13574] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  971.088016][T13574] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  972.694794][T13442] bridge0: port 1(bridge_slave_0) entered blocking state
[  972.695332][T13442] bridge0: port 1(bridge_slave_0) entered disabled state
[  972.695646][T13442] bridge_slave_0: entered allmulticast mode
[  972.736601][T13442] bridge_slave_0: entered promiscuous mode
[  972.770456][T13425] team0: Port device team_slave_0 added
[  972.853717][T13442] bridge0: port 2(bridge_slave_1) entered blocking state
[  972.854007][T13442] bridge0: port 2(bridge_slave_1) entered disabled state
[  972.854288][T13442] bridge_slave_1: entered allmulticast mode
[  972.881287][T13442] bridge_slave_1: entered promiscuous mode
[  973.002503][T13425] team0: Port device team_slave_1 added
[  973.345560][T13442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  973.381054][T13425] batman_adv: batadv0: Adding interface: batadv_slave_0
[  973.381070][T13425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  973.381094][T13425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  973.448289][T13442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  973.462283][T13425] batman_adv: batadv0: Adding interface: batadv_slave_1
[  973.462299][T13425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  973.462326][T13425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  973.578979][T10951] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  973.741899][T10951] usb 6-1: Using ep0 maxpacket: 32
[  973.759779][T10951] usb 6-1: config 139 has an invalid interface number: 49 but max is 0
[  973.759807][T10951] usb 6-1: config 139 has no interface number 0
[  973.759837][T10951] usb 6-1: config 139 interface 49 has no altsetting 0
[  973.763747][T10951] usb 6-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=72.75
[  973.763775][T10951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.763793][T10951] usb 6-1: Product: syz
[  973.763807][T10951] usb 6-1: Manufacturer: syz
[  973.763821][T10951] usb 6-1: SerialNumber: syz
[  974.237004][T10951] radio-usb-si4713 6-1:139.49: Si4713 development board discovered: (10C4:8244)
[  974.633641][T10951] radio-usb-si4713 6-1:139.49: probe with driver radio-usb-si4713 failed with error -71
[  974.634950][T10951] usbhid 6-1:139.49: couldn't find an input interrupt endpoint
[  974.659971][T10951] usb 6-1: USB disconnect, device number 25
[  974.828203][T13619] loop6: detected capacity change from 0 to 4096
[  975.295240][T13181] 8021q: adding VLAN 0 to HW filter on device team0
[  975.419043][T13442] team0: Port device team_slave_0 added
[  975.441595][T13633] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1761'.
[  975.500440][T13635] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1761'.
[  975.614692][   T12] ntfs3(loop6): ino=5, mi_enum_attr
[  975.952159][T13442] team0: Port device team_slave_1 added
[  976.013912][T13633] team1: entered promiscuous mode
[  976.013932][T13633] team1: entered allmulticast mode
[  976.051960][T13633] 8021q: adding VLAN 0 to HW filter on device team1
[  976.095299][T13635] team2: entered promiscuous mode
[  976.095316][T13635] team2: entered allmulticast mode
[  976.108480][T13635] 8021q: adding VLAN 0 to HW filter on device team2
[  976.301665][T13646] loop6: detected capacity change from 0 to 4096
[  976.340673][ T1056] bridge0: port 1(bridge_slave_0) entered blocking state
[  976.340914][ T1056] bridge0: port 1(bridge_slave_0) entered forwarding state
[  976.404537][T13425] hsr_slave_0: entered promiscuous mode
[  976.413640][T13425] hsr_slave_1: entered promiscuous mode
[  976.415331][T13425] debugfs: 'hsr0' already exists in 'hsr'
[  976.415358][T13425] Cannot create hsr debugfs directory
[  976.566996][T13646] ntfs3(loop6): failed to convert "0080" to cp775
[  976.776315][T13651] ntfs3(loop6): failed to convert "0080" to cp775
[  976.827366][T13651] ntfs3(loop6): failed to convert name for inode 1e.
[  976.876666][T13651] ntfs3(loop6): ino=1f, mi_enum_attr
[  976.876793][T13651] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  977.202982][T13442] batman_adv: batadv0: Adding interface: batadv_slave_0
[  977.202998][T13442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  977.203024][T13442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  977.277650][ T7609] bridge0: port 2(bridge_slave_1) entered blocking state
[  977.277771][ T7609] bridge0: port 2(bridge_slave_1) entered forwarding state
[  977.294359][T13442] batman_adv: batadv0: Adding interface: batadv_slave_1
[  977.294376][T13442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  977.294399][T13442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  977.696025][T13442] hsr_slave_0: entered promiscuous mode
[  977.698113][T13442] hsr_slave_1: entered promiscuous mode
[  977.700292][T13442] debugfs: 'hsr0' already exists in 'hsr'
[  977.700316][T13442] Cannot create hsr debugfs directory
[  977.803234][T13653] loop6: detected capacity change from 0 to 32768
[  978.633906][T13658] kvm: emulating exchange as write
[  981.054055][T13682] loop5: detected capacity change from 0 to 32768
[  981.062675][T13682] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1771 (13682)
[  981.091019][T13682] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  981.091052][T13682] BTRFS info (device loop5): using sha256 checksum algorithm
[  981.283861][T13682] BTRFS info (device loop5): rebuilding free space tree
[  981.499536][T13682] BTRFS info (device loop5): enabling ssd optimizations
[  981.499564][T13682] BTRFS info (device loop5): using spread ssd allocation scheme
[  981.499581][T13682] BTRFS info (device loop5): enabling free space tree
[  981.499597][T13682] BTRFS info (device loop5): force clearing of disk cache
[  981.499613][T13682] BTRFS info (device loop5): enabling auto defrag
[  981.499630][T13682] BTRFS info (device loop5): max_inline set to 0
[  981.993298][ T5488] 8021q: adding VLAN 0 to HW filter on device eth7
[  983.740476][T13712] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check.
[  983.884938][ T7876] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  983.985172][   T57] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared)
[  985.393756][T13181] 8021q: adding VLAN 0 to HW filter on device batadv0
[  985.583237][T12578] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  985.596970][T13723] loop6: detected capacity change from 0 to 128
[  985.805907][T12578] usb 6-1: Using ep0 maxpacket: 16
[  985.807860][T12578] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  985.807883][T12578] usb 6-1: config 0 has no interface number 0
[  985.836859][T12578] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  985.836888][T12578] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.836907][T12578] usb 6-1: Product: syz
[  985.836920][T12578] usb 6-1: Manufacturer: syz
[  985.836934][T12578] usb 6-1: SerialNumber: syz
[  985.861055][T12578] usb 6-1: config 0 descriptor??
[  985.889106][T12578] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  986.252170][   T67] bridge_slave_1: left allmulticast mode
[  986.252197][   T67] bridge_slave_1: left promiscuous mode
[  986.252462][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  986.388986][   T67] bridge_slave_0: left allmulticast mode
[  986.389016][   T67] bridge_slave_0: left promiscuous mode
[  986.389298][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  986.612118][   T67] bridge_slave_1: left allmulticast mode
[  986.612142][   T67] bridge_slave_1: left promiscuous mode
[  986.612519][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.087313][   T67] bridge_slave_0: left allmulticast mode
[  987.087334][   T67] bridge_slave_0: left promiscuous mode
[  987.089203][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.638562][T12578] gspca_spca1528: reg_w err -71
[  987.638654][T12578] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[  987.719658][T12578] usb 6-1: USB disconnect, device number 26
[  987.909718][T13735] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1782'.
[  988.480507][T13743] fuse: fd is not a fuse device
[  988.556740][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  988.636487][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  988.678002][   T67] bond0 (unregistering): Released all slaves
[  989.267082][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  989.355608][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  989.399090][   T67] bond0 (unregistering): Released all slaves
[  989.534132][ T5143] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  989.719403][ T5143] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  989.721793][ T5143] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  989.771112][ T5143] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  989.788183][ T5143] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  992.171181][   T60] Bluetooth: hci5: command tx timeout
[  992.182075][T13777] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1795'.
[  992.328264][T13777] 8021q: adding VLAN 0 to HW filter on device bond2
[  992.388041][T13779] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  992.775959][   T67] hsr_slave_0: left promiscuous mode
[  992.815936][   T67] hsr_slave_1: left promiscuous mode
[  992.816634][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  992.866898][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  993.052452][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  993.052550][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  993.069284][   T67] hsr_slave_0: left promiscuous mode
[  993.106403][   T67] hsr_slave_1: left promiscuous mode
[  993.129512][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[  993.166989][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[  994.176773][   T67] team0 (unregistering): Port device team_slave_1 removed
[  994.226469][   T67] team0 (unregistering): Port device team_slave_0 removed
[  994.245912][   T60] Bluetooth: hci5: command tx timeout
[  994.786509][   T67] team0 (unregistering): Port device team_slave_1 removed
[  994.836579][   T67] team0 (unregistering): Port device team_slave_0 removed
[  995.173423][T13802] syzkaller0: entered promiscuous mode
[  995.173448][T13802] syzkaller0: entered allmulticast mode
[  997.043411][   T60] Bluetooth: hci5: command tx timeout
[  999.047932][   T60] Bluetooth: hci5: command tx timeout
[  999.334265][ T5901] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  999.378824][T13757] chnl_net:caif_netlink_parms(): no params data found
[  999.536001][ T5901] usb 6-1: Using ep0 maxpacket: 8
[  999.551979][ T5901] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  999.552003][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  999.552013][ T5901] usb 6-1: Product: syz
[  999.552021][ T5901] usb 6-1: Manufacturer: syz
[  999.552028][ T5901] usb 6-1: SerialNumber: syz
[  999.642512][ T5901] usb 6-1: config 0 descriptor??
[  999.923902][ T5901] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1000.375944][T13835] netlink: 'syz.6.1808': attribute type 2 has an invalid length.
[ 1001.800053][T13757] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.800332][T13757] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.800660][T13757] bridge_slave_0: entered allmulticast mode
[ 1001.804374][T13757] bridge_slave_0: entered promiscuous mode
[ 1001.816907][T13757] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.817274][T13757] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.817603][T13757] bridge_slave_1: entered allmulticast mode
[ 1001.832927][T13757] bridge_slave_1: entered promiscuous mode
[ 1002.186746][ T5901] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1002.290350][ T5901] usb 6-1: USB disconnect, device number 27
[ 1002.565685][T13757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1002.891833][T13757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1002.923372][T13852] loop5: detected capacity change from 0 to 512
[ 1003.347663][T13425] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1003.433408][T13852] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1003.433541][T13852] ext4 filesystem being mounted at /368/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1003.464334][T13425] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1003.472915][T13757] team0: Port device team_slave_0 added
[ 1003.472992][T13425] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1003.526432][T13425] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1003.568100][T13757] team0: Port device team_slave_1 added
[ 1003.575553][T13425] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1003.694559][T13425] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1003.798407][ T7876] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1003.911122][T13425] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1004.474383][T13425] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1005.418638][T13757] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1005.418657][T13757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1005.418682][T13757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1006.334672][T13757] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1006.334689][T13757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1006.334715][T13757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1007.678531][T13895] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1826'.
[ 1007.699951][T13897] fuse: fd is not a fuse device
[ 1009.601969][T13898] macvlan2: entered promiscuous mode
[ 1009.601998][T13898] macvlan2: entered allmulticast mode
[ 1009.604581][T13898] bond2: entered promiscuous mode
[ 1009.610034][T13898] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1009.895047][T13898] bond2: left promiscuous mode
[ 1010.486331][T13757] hsr_slave_0: entered promiscuous mode
[ 1010.487926][T13757] hsr_slave_1: entered promiscuous mode
[ 1010.489016][T13757] debugfs: 'hsr0' already exists in 'hsr'
[ 1010.489037][T13757] Cannot create hsr debugfs directory
[ 1010.538193][T13442] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1010.698371][T13442] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1010.705139][T13442] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1010.757587][T13442] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1011.222972][T13912] loop5: detected capacity change from 0 to 32768
[ 1011.329555][T13912] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1011.473067][T13912] XFS (loop5): Ending clean mount
[ 1011.706864][T13912] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1011.707553][T13442] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1011.788227][T13442] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1012.176449][T13442] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1012.222053][T13442] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1020.068649][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1020.163873][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1020.178173][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1020.184838][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1020.187241][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1020.955672][ T5143] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1021.079189][ T5143] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1021.093493][ T5143] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1021.098844][ T5143] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1021.116791][ T5143] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1022.553091][ T5143] Bluetooth: hci0: command tx timeout
[ 1024.646158][   T60] Bluetooth: hci0: command tx timeout
[ 1025.986248][   T67] bridge_slave_1: left allmulticast mode
[ 1025.986277][   T67] bridge_slave_1: left promiscuous mode
[ 1025.986545][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1026.079994][   T67] bridge_slave_0: left allmulticast mode
[ 1026.080020][   T67] bridge_slave_0: left promiscuous mode
[ 1026.080276][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1026.486192][   T60] Bluetooth: hci4: command tx timeout
[ 1026.725887][   T60] Bluetooth: hci0: command tx timeout
[ 1028.839828][ T5143] Bluetooth: hci0: command tx timeout
[ 1028.871503][   T60] Bluetooth: hci4: command tx timeout
[ 1030.576769][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1030.636472][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1030.677904][   T67] bond0 (unregistering): Released all slaves
[ 1031.022223][   T60] Bluetooth: hci4: command tx timeout
[ 1033.096767][   T60] Bluetooth: hci4: command tx timeout
[ 1033.477681][   T67] hsr_slave_0: left promiscuous mode
[ 1033.526155][   T67] hsr_slave_1: left promiscuous mode
[ 1033.527332][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1033.566916][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1034.868624][T14075] loop5: detected capacity change from 0 to 512
[ 1034.968795][T14075] EXT4-fs (loop5): 1 truncate cleaned up
[ 1034.989638][T14075] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1037.117796][ T7876] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1039.497084][   T67] team0 (unregistering): Port device team_slave_1 removed
[ 1039.876648][   T67] team0 (unregistering): Port device team_slave_0 removed
[ 1048.312478][T14130] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1883'.
[ 1048.312513][T14130] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1883'.
[ 1048.947087][T14134] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1884'.
[ 1048.947158][T14134] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1884'.
[ 1049.371255][T14134] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1884'.
[ 1049.371318][T14134] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1884'.
[ 1050.433837][T13979] chnl_net:caif_netlink_parms(): no params data found
[ 1050.485390][T13989] chnl_net:caif_netlink_parms(): no params data found
[ 1050.552612][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1050.578269][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1050.599139][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1050.789835][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1050.890666][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1052.598520][T14148] loop5: detected capacity change from 0 to 32768
[ 1052.599941][T14148] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1886 (14148)
[ 1053.089008][T14148] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1053.089046][T14148] BTRFS info (device loop5): using sha256 checksum algorithm
[ 1053.288883][ T5143] Bluetooth: hci1: command tx timeout
[ 1053.293819][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1053.302162][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1053.315991][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1053.316244][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1053.316434][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1053.316733][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1053.316890][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1053.317162][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1053.317434][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1053.317607][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1053.367910][T14148] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1053.458447][T14148] BTRFS error (device loop5): open_ctree failed: -12
[ 1053.872760][T13989] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1053.873119][T13989] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1053.873424][T13989] bridge_slave_0: entered allmulticast mode
[ 1053.881677][T13989] bridge_slave_0: entered promiscuous mode
[ 1054.559480][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.559597][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.075398][T13979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1055.075693][T13979] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1055.090907][T13979] bridge_slave_0: entered allmulticast mode
[ 1055.113652][T13979] bridge_slave_0: entered promiscuous mode
[ 1055.188756][T13989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1055.189045][T13989] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1055.189540][T13989] bridge_slave_1: entered allmulticast mode
[ 1055.199688][T13989] bridge_slave_1: entered promiscuous mode
[ 1055.338699][T13979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1055.338986][T13979] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1055.339313][T13979] bridge_slave_1: entered allmulticast mode
[ 1055.342735][T13979] bridge_slave_1: entered promiscuous mode
[ 1055.375797][ T5143] Bluetooth: hci1: command tx timeout
[ 1057.455833][ T5143] Bluetooth: hci1: command tx timeout
[ 1057.833048][T13989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1057.908363][T13979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1057.937015][T13989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1057.978436][T13979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1060.071065][ T5143] Bluetooth: hci1: command tx timeout
[ 1060.506637][T13989] team0: Port device team_slave_0 added
[ 1061.281825][T13979] team0: Port device team_slave_0 added
[ 1061.362904][T13989] team0: Port device team_slave_1 added
[ 1061.381724][T13979] team0: Port device team_slave_1 added
[ 1065.425022][T13989] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1065.425039][T13989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1065.425064][T13989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1065.435267][T13979] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1065.435283][T13979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1065.435307][T13979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1065.454376][T13979] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1065.454393][T13979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1065.454419][T13979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1065.653967][T13989] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1065.653984][T13989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1065.654010][T13989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1066.073440][T13979] hsr_slave_0: entered promiscuous mode
[ 1066.091744][T13979] hsr_slave_1: entered promiscuous mode
[ 1066.112683][T13979] debugfs: 'hsr0' already exists in 'hsr'
[ 1066.174777][T13979] Cannot create hsr debugfs directory
[ 1067.288551][T13989] hsr_slave_0: entered promiscuous mode
[ 1067.307268][T13989] hsr_slave_1: entered promiscuous mode
[ 1067.313371][T13989] debugfs: 'hsr0' already exists in 'hsr'
[ 1067.313407][T13989] Cannot create hsr debugfs directory
[ 1068.536918][T14151] chnl_net:caif_netlink_parms(): no params data found
[ 1073.801818][T14275] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1913'.
[ 1074.672563][T14278] : entered promiscuous mode
[ 1075.235970][T14282] loop5: detected capacity change from 0 to 32768
[ 1075.237129][T14282] btrfs: Deprecated parameter 'usebackuproot'
[ 1075.237150][T14282] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 1075.246761][T14282] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1914 (14282)
[ 1076.173604][T14282] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1076.173639][T14282] BTRFS info (device loop5): using crc32c checksum algorithm
[ 1076.173669][T14282] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 1076.522403][T14151] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1076.522688][T14151] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1076.523004][T14151] bridge_slave_0: entered allmulticast mode
[ 1076.575927][T14151] bridge_slave_0: entered promiscuous mode
[ 1076.594126][   T44] BTRFS warning (device loop5): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb0e5ffa5 level 0
[ 1076.594268][T14282] BTRFS warning (device loop5): couldn't read tree root
[ 1076.594289][T14282] BTRFS warning (device loop5): try to load backup roots slot 1
[ 1076.596302][ T8572] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x32d10ca2 level 0
[ 1076.596416][T14282] BTRFS warning (device loop5): couldn't read tree root
[ 1076.596437][T14282] BTRFS warning (device loop5): try to load backup roots slot 2
[ 1076.596821][ T1171] BTRFS warning (device loop5): checksum verify failed on logical 5255168 mirror 1 wanted 0x9df47653 found 0x6344b7f5 level 1
[ 1076.596922][T14282] BTRFS warning (device loop5): couldn't read tree root
[ 1076.596940][T14282] BTRFS warning (device loop5): try to load backup roots slot 3
[ 1076.644664][T14282] BTRFS info (device loop5): rebuilding free space tree
[ 1076.967498][T14282] BTRFS info (device loop5): disabling free space tree
[ 1076.967587][T14282] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1076.967612][T14282] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1076.988020][T14282] BTRFS info (device loop5): checking UUID tree
[ 1076.988626][T14282] BTRFS info (device loop5): enabling ssd optimizations
[ 1076.988646][T14282] BTRFS info (device loop5): turning off barriers
[ 1076.988662][T14282] BTRFS info (device loop5): turning on sync discard
[ 1076.988677][T14282] BTRFS info (device loop5): enabling disk space caching
[ 1076.988693][T14282] BTRFS info (device loop5): force clearing of disk cache
[ 1076.988708][T14282] BTRFS info (device loop5): enabling auto defrag
[ 1076.988723][T14282] BTRFS info (device loop5): trying to use backup root at mount time
[ 1076.988740][T14282] BTRFS info (device loop5): max_inline set to 0
[ 1079.097813][T14151] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1079.098126][T14151] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1079.098457][T14151] bridge_slave_1: entered allmulticast mode
[ 1079.114806][T14151] bridge_slave_1: entered promiscuous mode
[ 1079.168045][ T7876] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1079.555051][   T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1079.608961][   T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1079.656609][   T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1079.852287][T14151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1079.873458][T14151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1079.890550][T11526] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1079.935964][   T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1080.677705][T14151] team0: Port device team_slave_0 added
[ 1080.769389][T14151] team0: Port device team_slave_1 added
[ 1080.905930][   T10] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1081.470926][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1081.904585][   T10] usb 6-1: config 0 has an invalid interface number: 119 but max is 0
[ 1081.904663][   T10] usb 6-1: config 0 has no interface number 0
[ 1081.905009][   T10] usb 6-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1081.905056][   T10] usb 6-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1081.905185][   T10] usb 6-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 30768, setting to 1024
[ 1081.905238][   T10] usb 6-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1081.905286][   T10] usb 6-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1082.012885][   T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[ 1082.012923][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1082.012943][   T10] usb 6-1: Product: syz
[ 1082.012957][   T10] usb 6-1: Manufacturer: syz
[ 1082.012971][   T10] usb 6-1: SerialNumber: syz
[ 1082.029761][   T10] usb 6-1: config 0 descriptor??
[ 1082.031170][T14321] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1082.064924][   T10] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.119/input/input19
[ 1082.106756][T11526] Bluetooth: hci5: command tx timeout
[ 1082.238471][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1082.280154][ T5178] usb 6-1: BOGUS urb xfer, pipe 1 != type 3
[ 1082.370646][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1082.618920][    C0] bcm5974 6-1:0.119: trackpad urb failed: -1
[ 1082.642661][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1083.502823][    C1] bcm5974 6-1:0.119: trackpad urb failed: -1
[ 1083.518049][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1083.524743][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1084.005077][T10951] ==================================================================
[ 1084.005088][T10951] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60
[ 1084.005109][T10951] Read of size 1 at addr ffff8880318ca330 by task kworker/1:8/10951
[ 1084.005119][T10951] 
[ 1084.005129][T10951] CPU: 1 UID: 0 PID: 10951 Comm: kworker/1:8 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1084.005146][T10951] Tainted: [L]=SOFTLOCKUP
[ 1084.005150][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1084.005158][T10951] Workqueue: events l2cap_chan_timeout
[ 1084.005174][T10951] Call Trace:
[ 1084.005179][T10951]  <TASK>
[ 1084.005184][T10951]  dump_stack_lvl+0xe8/0x150
[ 1084.005197][T10951]  print_address_description+0x55/0x1e0
[ 1084.005208][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.005218][T10951]  print_report+0x58/0x70
[ 1084.005227][T10951]  kasan_report+0x117/0x150
[ 1084.005244][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.005256][T10951]  ? rt_mutex_slowunlock+0xb8/0x300
[ 1084.005270][T10951]  __kasan_check_byte+0x2a/0x40
[ 1084.005284][T10951]  lock_acquire+0x84/0x350
[ 1084.005299][T10951]  ? rcu_is_watching+0x15/0xb0
[ 1084.005314][T10951]  _raw_spin_lock_irqsave+0x40/0x60
[ 1084.005325][T10951]  ? rt_mutex_slowunlock+0xb8/0x300
[ 1084.005339][T10951]  rt_mutex_slowunlock+0xb8/0x300
[ 1084.005353][T10951]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1084.005370][T10951]  ? process_one_work+0x8b7/0x1710
[ 1084.005380][T10951]  process_one_work+0x9a3/0x1710
[ 1084.005394][T10951]  ? __pfx_process_one_work+0x10/0x10
[ 1084.005403][T10951]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1084.005417][T10951]  worker_thread+0xba8/0x11e0
[ 1084.005429][T10951]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1084.005441][T10951]  ? __kthread_parkme+0x7a/0x1f0
[ 1084.005452][T10951]  ? __kthread_parkme+0x19c/0x1f0
[ 1084.005464][T10951]  kthread+0x388/0x470
[ 1084.005477][T10951]  ? __pfx_worker_thread+0x10/0x10
[ 1084.005487][T10951]  ? __pfx_kthread+0x10/0x10
[ 1084.005499][T10951]  ret_from_fork+0x514/0xb70
[ 1084.005511][T10951]  ? __pfx_ret_from_fork+0x10/0x10
[ 1084.005521][T10951]  ? __switch_to+0xc79/0x1410
[ 1084.005536][T10951]  ? __pfx_kthread+0x10/0x10
[ 1084.005549][T10951]  ret_from_fork_asm+0x1a/0x30
[ 1084.005565][T10951]  </TASK>
[ 1084.005568][T10951] 
[ 1084.005571][T10951] Allocated by task 60:
[ 1084.005576][T10951]  kasan_save_track+0x3e/0x80
[ 1084.005588][T10951]  __kasan_kmalloc+0x93/0xb0
[ 1084.005600][T10951]  __kmalloc_cache_noprof+0x3a6/0x690
[ 1084.005614][T10951]  l2cap_conn_add+0xaa/0x970
[ 1084.005627][T10951]  l2cap_connect_cfm+0x142/0x1560
[ 1084.005635][T10951]  hci_remote_features_evt+0x5b9/0x950
[ 1084.005647][T10951]  hci_event_packet+0x6ab/0xef0
[ 1084.005657][T10951]  hci_rx_work+0x3ee/0x1040
[ 1084.005667][T10951]  process_one_work+0x9a3/0x1710
[ 1084.005675][T10951]  worker_thread+0xba8/0x11e0
[ 1084.005684][T10951]  kthread+0x388/0x470
[ 1084.005695][T10951]  ret_from_fork+0x514/0xb70
[ 1084.005710][T10951]  ret_from_fork_asm+0x1a/0x30
[ 1084.005725][T10951] 
[ 1084.005729][T10951] Freed by task 13989:
[ 1084.005737][T10951]  kasan_save_track+0x3e/0x80
[ 1084.005754][T10951]  kasan_save_free_info+0x46/0x50
[ 1084.005770][T10951]  __kasan_slab_free+0x5c/0x80
[ 1084.005788][T10951]  kfree+0x1c5/0x6c0
[ 1084.005806][T10951]  hci_conn_hash_flush+0x10d/0x260
[ 1084.005819][T10951]  hci_dev_close_sync+0x821/0x10e0
[ 1084.005842][T10951]  hci_unregister_dev+0x21a/0x5a0
[ 1084.005861][T10951]  vhci_release+0x155/0x1b0
[ 1084.005888][T10951]  __fput+0x461/0xa70
[ 1084.005906][T10951]  task_work_run+0x1d9/0x270
[ 1084.005928][T10951]  do_exit+0x70f/0x22c0
[ 1084.005947][T10951]  do_group_exit+0x21b/0x2d0
[ 1084.005967][T10951]  get_signal+0x1284/0x1330
[ 1084.005981][T10951]  arch_do_signal_or_restart+0xbc/0x830
[ 1084.006003][T10951]  exit_to_user_mode_loop+0x86/0x480
[ 1084.006015][T10951]  do_syscall_64+0x33e/0xf80
[ 1084.006025][T10951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.006035][T10951] 
[ 1084.006037][T10951] Last potentially related work creation:
[ 1084.006041][T10951]  kasan_save_stack+0x3e/0x60
[ 1084.006052][T10951]  kasan_record_aux_stack+0xbd/0xd0
[ 1084.006062][T10951]  insert_work+0x3d/0x330
[ 1084.006069][T10951]  __queue_work+0xcfd/0x1010
[ 1084.006080][T10951]  call_timer_fn+0x192/0x5e0
[ 1084.006093][T10951]  __run_timer_base+0x764/0x9f0
[ 1084.006103][T10951]  run_timer_softirq+0xb7/0x170
[ 1084.006115][T10951]  handle_softirqs+0x1de/0x6d0
[ 1084.006123][T10951]  run_ktimerd+0x69/0x100
[ 1084.006133][T10951]  smpboot_thread_fn+0x541/0xa50
[ 1084.006144][T10951]  kthread+0x388/0x470
[ 1084.006155][T10951]  ret_from_fork+0x514/0xb70
[ 1084.006164][T10951]  ret_from_fork_asm+0x1a/0x30
[ 1084.006175][T10951] 
[ 1084.006177][T10951] Second to last potentially related work creation:
[ 1084.006181][T10951]  kasan_save_stack+0x3e/0x60
[ 1084.006192][T10951]  kasan_record_aux_stack+0xbd/0xd0
[ 1084.006202][T10951]  insert_work+0x3d/0x330
[ 1084.006209][T10951]  __queue_work+0xbdb/0x1010
[ 1084.006218][T10951]  queue_work_on+0x106/0x1d0
[ 1084.006227][T10951]  l2cap_connect_cfm+0x10f5/0x1560
[ 1084.006236][T10951]  hci_remote_features_evt+0x5b9/0x950
[ 1084.006247][T10951]  hci_event_packet+0x6ab/0xef0
[ 1084.006257][T10951]  hci_rx_work+0x3ee/0x1040
[ 1084.006267][T10951]  process_one_work+0x9a3/0x1710
[ 1084.006276][T10951]  worker_thread+0xba8/0x11e0
[ 1084.006285][T10951]  kthread+0x388/0x470
[ 1084.006295][T10951]  ret_from_fork+0x514/0xb70
[ 1084.006304][T10951]  ret_from_fork_asm+0x1a/0x30
[ 1084.006315][T10951] 
[ 1084.006317][T10951] The buggy address belongs to the object at ffff8880318ca000
[ 1084.006317][T10951]  which belongs to the cache kmalloc-1k of size 1024
[ 1084.006326][T10951] The buggy address is located 816 bytes inside of
[ 1084.006326][T10951]  freed 1024-byte region [ffff8880318ca000, ffff8880318ca400)
[ 1084.006336][T10951] 
[ 1084.006339][T10951] The buggy address belongs to the physical page:
[ 1084.006356][T10951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880318cf800 pfn:0x318c8
[ 1084.006367][T10951] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1084.006376][T10951] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1084.006389][T10951] page_type: f5(slab)
[ 1084.006398][T10951] raw: 0080000000000240 ffff88813fe0fdc0 ffffea00007db010 ffffea0001ad2610
[ 1084.006407][T10951] raw: ffff8880318cf800 000000080010000e 00000000f5000000 0000000000000000
[ 1084.006416][T10951] head: 0080000000000240 ffff88813fe0fdc0 ffffea00007db010 ffffea0001ad2610
[ 1084.006424][T10951] head: ffff8880318cf800 000000080010000e 00000000f5000000 0000000000000000
[ 1084.006432][T10951] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 1084.006440][T10951] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 1084.006445][T10951] page dumped because: kasan: bad access detected
[ 1084.006453][T10951] page_owner tracks the page as allocated
[ 1084.006457][T10951] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17176054733, free_ts 0
[ 1084.006475][T10951]  post_alloc_hook+0x231/0x280
[ 1084.006488][T10951]  get_page_from_freelist+0x27d6/0x2850
[ 1084.006497][T10951]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1084.006505][T10951]  allocate_slab+0x77/0x660
[ 1084.006515][T10951]  refill_objects+0x33c/0x3d0
[ 1084.006524][T10951]  __pcs_replace_empty_main+0x373/0x720
[ 1084.006534][T10951]  __kmalloc_cache_noprof+0x44e/0x690
[ 1084.006547][T10951]  comedi_alloc_board_minor+0x57/0x530
[ 1084.006560][T10951]  comedi_init+0x109/0x1c0
[ 1084.006660][T10951]  do_one_initcall+0x250/0x870
[ 1084.006671][T10951]  do_initcall_level+0x104/0x190
[ 1084.006705][T10951]  do_initcalls+0x59/0xa0
[ 1084.006715][T10951]  kernel_init_freeable+0x2a6/0x3e0
[ 1084.006726][T10951]  kernel_init+0x1d/0x1d0
[ 1084.006738][T10951]  ret_from_fork+0x514/0xb70
[ 1084.006747][T10951]  ret_from_fork_asm+0x1a/0x30
[ 1084.006758][T10951] page_owner free stack trace missing
[ 1084.006762][T10951] 
[ 1084.006764][T10951] Memory state around the buggy address:
[ 1084.006769][T10951]  ffff8880318ca200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1084.006776][T10951]  ffff8880318ca280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1084.006783][T10951] >ffff8880318ca300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1084.006787][T10951]                                      ^
[ 1084.006793][T10951]  ffff8880318ca380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1084.006799][T10951]  ffff8880318ca400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1084.006804][T10951] ==================================================================
[ 1084.006816][T10951] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1084.006826][T10951] CPU: 1 UID: 0 PID: 10951 Comm: kworker/1:8 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1084.006841][T10951] Tainted: [L]=SOFTLOCKUP
[ 1084.006845][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1084.006851][T10951] Workqueue: events l2cap_chan_timeout
[ 1084.006864][T10951] Call Trace:
[ 1084.006868][T10951]  <TASK>
[ 1084.006873][T10951]  vpanic+0x56c/0xa60
[ 1084.006898][T10951]  ? __pfx_vpanic+0x10/0x10
[ 1084.006911][T10951]  panic+0xc5/0xd0
[ 1084.006922][T10951]  ? __pfx_panic+0x10/0x10
[ 1084.006933][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.006944][T10951]  ? rcu_is_watching+0x15/0xb0
[ 1084.006959][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.006969][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.006980][T10951]  check_panic_on_warn+0x89/0xb0
[ 1084.006994][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.007004][T10951]  end_report+0x73/0x170
[ 1084.007018][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.007028][T10951]  kasan_report+0x128/0x150
[ 1084.007042][T10951]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1084.007054][T10951]  ? rt_mutex_slowunlock+0xb8/0x300
[ 1084.007068][T10951]  __kasan_check_byte+0x2a/0x40
[ 1084.007082][T10951]  lock_acquire+0x84/0x350
[ 1084.007097][T10951]  ? rcu_is_watching+0x15/0xb0
[ 1084.007111][T10951]  _raw_spin_lock_irqsave+0x40/0x60
[ 1084.007122][T10951]  ? rt_mutex_slowunlock+0xb8/0x300
[ 1084.007135][T10951]  rt_mutex_slowunlock+0xb8/0x300
[ 1084.007150][T10951]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1084.007166][T10951]  ? process_one_work+0x8b7/0x1710
[ 1084.007176][T10951]  process_one_work+0x9a3/0x1710
[ 1084.007190][T10951]  ? __pfx_process_one_work+0x10/0x10
[ 1084.007199][T10951]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1084.007213][T10951]  worker_thread+0xba8/0x11e0
[ 1084.007226][T10951]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1084.007237][T10951]  ? __kthread_parkme+0x7a/0x1f0
[ 1084.007248][T10951]  ? __kthread_parkme+0x19c/0x1f0
[ 1084.007260][T10951]  kthread+0x388/0x470
[ 1084.007272][T10951]  ? __pfx_worker_thread+0x10/0x10
[ 1084.007282][T10951]  ? __pfx_kthread+0x10/0x10
[ 1084.007295][T10951]  ret_from_fork+0x514/0xb70
[ 1084.007306][T10951]  ? __pfx_ret_from_fork+0x10/0x10
[ 1084.007316][T10951]  ? __switch_to+0xc79/0x1410
[ 1084.007331][T10951]  ? __pfx_kthread+0x10/0x10
[ 1084.007343][T10951]  ret_from_fork_asm+0x1a/0x30
[ 1084.007359][T10951]  </TASK>
[ 1084.007964][T10951] Kernel Offset: disabled