last executing test programs:

4m55.12178145s ago: executing program 4 (id=178):
munmap(&(0x7f0000ff3000/0xb000)=nil, 0xb000)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
listen(r1, 0x0)
accept4(r1, 0x0, 0x0, 0x80800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket(0x28, 0x801, 0x0)
getsockopt$bt_BT_SECURITY(r3, 0x28, 0x6, 0x0, 0x20000000)
getpid()
socketpair(0x25, 0x6, 0x53410eff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffffa9}, 0x68)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
brk(0xfffffffffffff000)
mmap(&(0x7f00002ca000/0x4000)=nil, 0x4000, 0x2, 0x40010, 0xffffffffffffffff, 0x1fc000)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(0x0, r5)
migrate_pages(r4, 0x5, &(0x7f0000000040)=0x9, 0x0)

4m51.172109095s ago: executing program 4 (id=185):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='::,:/', 0x0)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}})
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82})
r5 = socket(0x1, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, r3, 0x0, '\x00', 0x0, r6, 0x2, 0x1}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x5452, &(0x7f0000000380)={'gre0\x00', 0x0})
openat$rtc(0xffffffffffffff9c, 0x0, 0x91aef8a0c7c113eb, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x18, 0x3d, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@nested={0x4, 0x37}]}, 0x18}}, 0xc000)

4m49.980764969s ago: executing program 4 (id=186):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
execve(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r3}})
setreuid(0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

4m48.788465129s ago: executing program 4 (id=188):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
execve(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r6}})
setreuid(0x0, 0x0)
io_uring_enter(r3, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

4m47.854959054s ago: executing program 4 (id=191):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000))
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000080)={{0x0, 0x6ad}, {0x7, 0x7}, 0xdf5b, 0x1})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000001840)={0x0, 0x0}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000c80)="6321a1780e3fe8d9098f1f28f3c1f1895857b6b4afebba414b5998fa7c73702eb715d85b6a7709a53bf91325a9fbf7387371", 0x32}], 0x1}}], 0x1, 0x4085)
read$FUSE(r5, &(0x7f0000003000)={0x2020}, 0x2020)
recvfrom$inet(r5, &(0x7f0000000180)=""/37, 0x25, 0x0, 0x0, 0xff04)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)

4m42.260562929s ago: executing program 4 (id=201):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

4m25.922989845s ago: executing program 32 (id=201):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

14.836528198s ago: executing program 1 (id=644):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x24)
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==")

13.159903056s ago: executing program 0 (id=649):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000f80))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}], 0x18}, 0x0)
write$binfmt_script(r4, &(0x7f0000000600), 0xfec8)
recvmmsg(r4, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})

13.140592357s ago: executing program 1 (id=650):
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xede, 0x0, 0x0, 0x4, 0x88000000000}, 0x0, &(0x7f0000000100)={0x8, 0x3, 0x0, 0x0, 0x2}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})
setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

11.038097723s ago: executing program 0 (id=651):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xede, 0x0, 0x0, 0x4, 0x88000000000}, 0x0, &(0x7f0000000100)={0x8, 0x3, 0x0, 0x0, 0x2}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})
setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

10.574011628s ago: executing program 2 (id=652):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
execve(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)

9.898953055s ago: executing program 3 (id=654):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000f80))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r3, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}], 0x18}, 0x0)
write$binfmt_script(r4, &(0x7f0000000600), 0xfec8)
recvmmsg(r4, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})

9.323046179s ago: executing program 2 (id=656):
r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1, 0x2, 0x7ff})
r1 = getpid()
prlimit64(r1, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000340), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0, 0x1)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=@known='system.posix_acl_default\x00')
syz_fuse_handle_req(r5, 0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000080)={0x50, 0x0, 0x1, {0x7, 0x29, 0x7, 0xa110000, 0xc9f, 0xfff, 0x1, 0x8, 0x0, 0x0, 0x10, 0x400}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8.986498376s ago: executing program 0 (id=657):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000004c0)='j\x95\'\x8aC\x16\xca\\', &(0x7f0000000c40)='\xe6usek\v\xf6u%\x9b\x00\x00\xad\xeb\x00\x00\x00\x00\x01\x80\x00\x00\xcf\x9b\x9f\b\xb6\xfe\xc8\xda~-\xf5S>\xb8\x86\xfc\x9cVR\x82\x9a\xbdp\xbd\x83w\xf9Z\xd2\xcb\xcdF\xd0#N7\x17\xfc\x1e\xf1\x97\xffxi\xe0KE}]\x8e\xca\xe3+\xc8\x98\x03\x91\x88(\bn\x7f\x0e\x85\xa5\xb4\n?_\xc9\xef\xe0Q\xdb\xb6\xa5\x81t\x06\xda\x95\x935\xf1\x18\xac\x00\xf0\xff\xff\xbd\xb5\xa1\x06\xfd\x01\x00\x00\x00\x0f\xf8\xe3\x8a\x1f\x9c\xf3\xc5\x1f\xf9\xbf[\xd13\xb3\xd3j\r6\x7f', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000180)='%*.\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='(!\xef(.(\\-]\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='^](*\r\\!\x00', &(0x7f0000000500)='{:\'@-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b80)='\xe0\"\xef\xb1\xea\xe6\x9c\xe6\xc8M\xdb\x86\xb3\x8b\xbe\xd5\xbdB\x92\xa0\x19-+a\x13qQ\xd5f39hSr\xafbB\xe2\xe8\xcd\x1bf\x18\x7f\xf27E#\"\xab\x99\xec\x88\x8d\xd8C\x0f\x95\xff\xfeG\xf9t\xb1 \xcc\xc5\xbb\x88\xb6\xd2\xf2Jwq\xf8oG<v\xb8\x18\x80\xe1Kf\xf8R\xdd\x06\xe8\xfbl\v\xb0\xdd\x05\x05\xd8\xdb\xfd`\xf9\xf8\x915\b\x8c\xad\xc8\x9d=\xfeN\x8b\x1eR\x1e\xf8\x9dn\x19H\xd2aE\xa0\x06\xb0Yv\xf9^\x8c\x8f\xc3\xa5\x985\x85U\x8cZ/\'\xbd\xe2\xdc\xe3\xb9\x8e$Z\xef\xa8\xe5(Mt\xd3\xd9\xf6X\x1a\x9b\t$N\xd0U\xe2z\xeb\x01\x80!0\xe8\xc3\xce\xf8\x03\xde\x92s\xf9', &(0x7f0000000ac0)='fuseblk\x00M\x13k\x92#\x05z)\xe0c\\35\xdf%\xa3\xac!zoO\xf8\xcex\xb3\f\xad@\x853o\x0f0\x1a\xc0\"\xf7\x11Z\x01\xc1\xd9\x9fbJ7\xd1\xad\xe1\xed\x87\xae\x11-s\xb4\xbd\x1e\x9a\xd7\xc1crt\x88%\x92\x8fL\x8d\xb3-\xb60O \xc5\xd1q\xcc\x97\xe0\xe8\xb0\n\v\xa9V\xfa\xeb\x1e|M\x98W\x81\xa2@{_\xba^\xa2\x82k\x10G\xfc\xd4\x99Pl\xfa\xe8\x7f\xc9 h\xd0\xfd\x04\x95\x8c\xb1\xe7', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
close(r0)

8.51252212s ago: executing program 1 (id=658):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
socket$key(0xf, 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)
sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff)

8.339121586s ago: executing program 3 (id=659):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00e789da34e04a1ffb124b2c2fb684c70b90bbb45efd97899a16f2df4fa2e8f06ac2c5352509e3c51d882eb3ec0dd3b1c96e980163890d2d0d1b8d3d62f6d77b0209e166e2ca4c35483d49316daf522556a16cab12d75a852bc680da7ea837480feb2060a1e20a59b7745235030000004ed0351cb5b416ba1c57217be5a338392f831617ee8c35bb61f0a9eeed3b1226b18c4b455ab222d7ae1b5258d5643d70000000000000000000ae468a387d9e63008000000000000063a454d1ab8760076a893752105f030c49caf2fdfe6bc9743a68593b576e2f2f6ab69e1b974ac90855ac250f8f73e16bc593730b88d7a3346b945e276875915040ce4901262cd8ce8191ee84e3ce5526a0a43b707cc711a3311f840cad641a013c6dd783aa895227b3d50a86e15a57e26666aaa296b7ddc4c8f421cf9d76d344bf6522f5d1138659d3de84ce13b085a2ed9d66c93767378423521cc4ea440e0ac3b953e1ca1675a716a97a5c3106aba648f119eeab4747b9b53000475e0a34514ccf397ea6f170e018122a98f135beac48d2ed195e20fdd226c7f5a20000ad1fcfbee59924e161280a8b78fe34b2fa3efa7c1d4268bf090000ecb4ece3234c232659fee3ff9e6d21e008a570bb490a65b84ea8b6d6507355cb1112fae6e3456bf8da53e1df20458e59456822dbb8dbd7ce0f928d5fbd6414fe8ab5277f3fd5ce6be044993f93e697a69484cc0e65ec742443c84e21a440998c8d69c12c2db7aee2872c6e0671d639e8f6bece219dcd0f69b9867dfc3187c882c035809c81832d7416f90c734be30c2faf0c22bfc8d95dfc7b9bac96b838c98ae5a75b9dc9e967ef5edf311bbebd7ca803cea8f5b9ec5b3edd6c44d633b71bde97a3c10a468432ff3d4e63ce3ecfa640d44b70b68744d26e72389e6c61767725d2c692443bc949c28b1a374e541bd352ca2f3bf64d883862dc24d8e27d86b6e38bc269f110c3d563f8e4ec9a98016b6b58157deeefa8fa022514bdc75f794094700cb8fa2b61310cbf9058bce5f2399055929e0fc732e0d5db926fe1b09a2993ff038d8099c229bda0801f8b81719d73b4abac97f704a0942051bae38b00b69d7fa69d738f99f73b19082ec0c99442d97ddbf68a4822aa2a2673478f81f14f67beee619b9d9882f7eabfb5000000000000000000003ff8795b5ec2de11479e781396117c84449647684239c9b9475b389a6a76d36c31f39539d928d2c58f188b4bf713d0915df4cc7de48a930935dbb01c9422d604467d209fd1421c7fc503cabde4bb193ff3654377c6e4fb72dcfc835f760bae7447068c2e43433e3d77c6805b559a04f3ebb741a9bbf57274b1da7800000000000000000000000000000000000000001c4f225672f3465b2638e921d80d58dca4ee4592d8cc0c06b2e390b7b1c713a46bc8ece9be25f055a59032576bc00a844c32b46040a607eaeb886ec0cb8e90c5a4075caa8a358ab81e78ad794a20f772b73466a43cd696401521793e54b1c4aa58d506b661f393e7233337473f36c2dbb15ae673afe82ebe45cc6f776162e43b74d9b9ca6f68d6bc8261600b27431e0f6f4f1e0947f69d2d812ebc9d2a8869b14a84dbdcdc5055b97a241e2f707740bb966b6c58408aceb9f6a943f614d2a6093c60c0dfb511b02f191ef6fa6e5a1a86687a44ec6098439a2ef55a4ba07e2b0f62ae86e1458f63f6b8b2d2b9990495f17b6d1052b19472a97d41204a8be48e380be2e6885c7de0807f2c154ad4f25b16027bc4aeb85dc798e7eef25631bfd79c8e0aff725dcd4b91c61bf8d72f74e4dbae"], 0x1, 0x11fa, &(0x7f0000003100)="$eJzs3M+LG2UYB/DH3a6tW/eHWqvtpS960cvQ3YMXBVlkC9KA0jZCKwhTd1ZDxiRkQiAiRk9e/TvEozdBvHnai3+Dt7147EEcMbE/dlkPpdKp4fO55CHv+yXPS0LgHeadw7e+/ay7X2X7+SiWnno7lgYR6U6KFEtx11fx+pu/LMf1m7eu7rRau9dSurJzY+uNlNL6pZ8+/OL7V34enf3gh/UfT8fB5keHv2//dnD+4MLhnzc+7VSpU6Vef5TydLvfH+W3yyLtdapultL7ZZFXRer0qmJ4ZHy/7A8Gk5T39tZWB8OiqlLem6RuMUmjfhoNJyn/JO/0UpZlaW01eBTt7+7UdR1R1yvxdNR1XT8Tq3E2no21WI+N2Izn4vl4Ic7Fi3E+XoqX48JsVtN9AwAAAAAAAAAAAAAAAAAAwGJ5pPP/lxpuHgAAAAAAAAAAAAAAAAAAABbE9Zu3ru60WrvXUjoTUX4zbo/b89f5+M5+dKKMIi7HRvwRs9P/c/P6yrut3ctpZjO+Lqf/5Kfj9vLR/NbscQIn5rfm+XQvvxLTcft0rD6Y346NOHdyfvt4fvb5Z+K1Vx/IZ7ERv34c/ShjL/7O3s9/uZXSO++1juUvzuYBAADAIsjSPSfu37Ps38bn+Ye4PnBsf30qLp5qdu1EVJPPu3lZFsPGi7sdzd+ZRsQT0tgCFytPRhv/bbF85IfUfD//06K5/yQen/tfetOdAAAAAAAAAAAA8DAex+2ETa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiLHTgWAAAAABDmb51GxwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfBQAA//8aBcwX")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x84042, 0x1fb)
write$P9_RUNLINKAT(r0, &(0x7f0000000000)={0xfffffffffffffecb, 0x4d, 0x1}, 0xffffffd7)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000001c0)={0xf030000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980909, 0x10000000, '\x00', @p_u32=0x0}})

8.257057097s ago: executing program 5 (id=660):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x24)
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==")

7.803236384s ago: executing program 0 (id=661):
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xede, 0x0, 0x0, 0x4, 0x88000000000}, 0x0, &(0x7f0000000100)={0x8, 0x3, 0x0, 0x0, 0x2}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x12)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})
setxattr$incfs_metadata(&(0x7f0000000480)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

7.531177726s ago: executing program 2 (id=662):
r0 = getpid()
setresgid(0xee00, 0x0, 0xee00)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x476, 0x800, 0x8, 0x50800, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x3, 0x6}, 0x50)
timerfd_gettime(0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x121)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r1}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0x1000d0ffc2, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f0000000140)=r0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

6.674528608s ago: executing program 5 (id=663):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

4.797141807s ago: executing program 5 (id=664):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x10000000)

4.667980402s ago: executing program 3 (id=665):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00e789da34e04a1ffb124b2c2fb684c70b90bbb45efd97899a16f2df4fa2e8f06ac2c5352509e3c51d882eb3ec0dd3b1c96e980163890d2d0d1b8d3d62f6d77b0209e166e2ca4c35483d49316daf522556a16cab12d75a852bc680da7ea837480feb2060a1e20a59b7745235030000004ed0351cb5b416ba1c57217be5a338392f831617ee8c35bb61f0a9eeed3b1226b18c4b455ab222d7ae1b5258d5643d70000000000000000000ae468a387d9e63008000000000000063a454d1ab8760076a893752105f030c49caf2fdfe6bc9743a68593b576e2f2f6ab69e1b974ac90855ac250f8f73e16bc593730b88d7a3346b945e276875915040ce4901262cd8ce8191ee84e3ce5526a0a43b707cc711a3311f840cad641a013c6dd783aa895227b3d50a86e15a57e26666aaa296b7ddc4c8f421cf9d76d344bf6522f5d1138659d3de84ce13b085a2ed9d66c93767378423521cc4ea440e0ac3b953e1ca1675a716a97a5c3106aba648f119eeab4747b9b53000475e0a34514ccf397ea6f170e018122a98f135beac48d2ed195e20fdd226c7f5a20000ad1fcfbee59924e161280a8b78fe34b2fa3efa7c1d4268bf090000ecb4ece3234c232659fee3ff9e6d21e008a570bb490a65b84ea8b6d6507355cb1112fae6e3456bf8da53e1df20458e59456822dbb8dbd7ce0f928d5fbd6414fe8ab5277f3fd5ce6be044993f93e697a69484cc0e65ec742443c84e21a440998c8d69c12c2db7aee2872c6e0671d639e8f6bece219dcd0f69b9867dfc3187c882c035809c81832d7416f90c734be30c2faf0c22bfc8d95dfc7b9bac96b838c98ae5a75b9dc9e967ef5edf311bbebd7ca803cea8f5b9ec5b3edd6c44d633b71bde97a3c10a468432ff3d4e63ce3ecfa640d44b70b68744d26e72389e6c61767725d2c692443bc949c28b1a374e541bd352ca2f3bf64d883862dc24d8e27d86b6e38bc269f110c3d563f8e4ec9a98016b6b58157deeefa8fa022514bdc75f794094700cb8fa2b61310cbf9058bce5f2399055929e0fc732e0d5db926fe1b09a2993ff038d8099c229bda0801f8b81719d73b4abac97f704a0942051bae38b00b69d7fa69d738f99f73b19082ec0c99442d97ddbf68a4822aa2a2673478f81f14f67beee619b9d9882f7eabfb5000000000000000000003ff8795b5ec2de11479e781396117c84449647684239c9b9475b389a6a76d36c31f39539d928d2c58f188b4bf713d0915df4cc7de48a930935dbb01c9422d604467d209fd1421c7fc503cabde4bb193ff3654377c6e4fb72dcfc835f760bae7447068c2e43433e3d77c6805b559a04f3ebb741a9bbf57274b1da7800000000000000000000000000000000000000001c4f225672f3465b2638e921d80d58dca4ee4592d8cc0c06b2e390b7b1c713a46bc8ece9be25f055a59032576bc00a844c32b46040a607eaeb886ec0cb8e90c5a4075caa8a358ab81e78ad794a20f772b73466a43cd696401521793e54b1c4aa58d506b661f393e7233337473f36c2dbb15ae673afe82ebe45cc6f776162e43b74d9b9ca6f68d6bc8261600b27431e0f6f4f1e0947f69d2d812ebc9d2a8869b14a84dbdcdc5055b97a241e2f707740bb966b6c58408aceb9f6a943f614d2a6093c60c0dfb511b02f191ef6fa6e5a1a86687a44ec6098439a2ef55a4ba07e2b0f62ae86e1458f63f6b8b2d2b9990495f17b6d1052b19472a97d41204a8be48e380be2e6885c7de0807f2c154ad4f25b16027bc4aeb85dc798e7eef25631bfd79c8e0aff725dcd4b91c61bf8d72f74e4dbae"], 0x1, 0x11fa, &(0x7f0000003100)="$eJzs3M+LG2UYB/DH3a6tW/eHWqvtpS960cvQ3YMXBVlkC9KA0jZCKwhTd1ZDxiRkQiAiRk9e/TvEozdBvHnai3+Dt7147EEcMbE/dlkPpdKp4fO55CHv+yXPS0LgHeadw7e+/ay7X2X7+SiWnno7lgYR6U6KFEtx11fx+pu/LMf1m7eu7rRau9dSurJzY+uNlNL6pZ8+/OL7V34enf3gh/UfT8fB5keHv2//dnD+4MLhnzc+7VSpU6Vef5TydLvfH+W3yyLtdapultL7ZZFXRer0qmJ4ZHy/7A8Gk5T39tZWB8OiqlLem6RuMUmjfhoNJyn/JO/0UpZlaW01eBTt7+7UdR1R1yvxdNR1XT8Tq3E2no21WI+N2Izn4vl4Ic7Fi3E+XoqX48JsVtN9AwAAAAAAAAAAAAAAAAAAwGJ5pPP/lxpuHgAAAAAAAAAAAAAAAAAAABbE9Zu3ru60WrvXUjoTUX4zbo/b89f5+M5+dKKMIi7HRvwRs9P/c/P6yrut3ctpZjO+Lqf/5Kfj9vLR/NbscQIn5rfm+XQvvxLTcft0rD6Y346NOHdyfvt4fvb5Z+K1Vx/IZ7ERv34c/ShjL/7O3s9/uZXSO++1juUvzuYBAADAIsjSPSfu37Ps38bn+Ye4PnBsf30qLp5qdu1EVJPPu3lZFsPGi7sdzd+ZRsQT0tgCFytPRhv/bbF85IfUfD//06K5/yQen/tfetOdAAAAAAAAAAAA8DAex+2ETa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiLHTgWAAAAABDmb51GxwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfBQAA//8aBcwX")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x84042, 0x1fb)
write$P9_RUNLINKAT(r0, &(0x7f0000000000)={0xfffffffffffffecb, 0x4d, 0x1}, 0xffffffd7)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000001c0)={0xf030000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980909, 0x10000000, '\x00', @p_u32=0x0}})
bind$inet(0xffffffffffffffff, 0x0, 0x0)

4.42349822s ago: executing program 5 (id=666):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
splice(r0, 0x0, r2, 0x0, 0xf, 0x8)
pipe2$9p(&(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
tee(r1, r4, 0x4e, 0x0)
write$binfmt_script(r4, &(0x7f0000000800)={'#! ', './file0'}, 0xb)
tee(r3, r2, 0x9, 0x8)

4.08025618s ago: executing program 0 (id=667):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x1, 0x2, 0x5, 0x2, 0x3, 0x1, {0x6, 0xff, 0x4, 0x8, 0xe, 0xd615, 0x9, 0x1, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x19}}}, 0xa0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x16d843, 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r2, 0x3b71, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x290}}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc})
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)
unshare(0x22020600)

3.380497099s ago: executing program 5 (id=668):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
tgkill(r2, r2, 0x21)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x1, 0x0, 0x0)
pipe2(&(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
splice(r4, 0x0, r7, 0x0, 0xf, 0x8)
pipe2$9p(&(0x7f0000000180)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
tee(r6, r9, 0x4e, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
tee(r8, r7, 0x9, 0x8)

3.282941191s ago: executing program 3 (id=669):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
tgkill(r2, r2, 0x21)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x1, 0x0, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
splice(r4, 0x0, r6, 0x0, 0xf, 0x8)

3.245685096s ago: executing program 1 (id=670):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
tgkill(r2, r2, 0x21)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x1, 0x0, 0x0)
pipe2(&(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
splice(r4, 0x0, r7, 0x0, 0xf, 0x8)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
tee(r6, r8, 0x4e, 0x0)

2.748749828s ago: executing program 2 (id=671):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x0)

2.356984996s ago: executing program 5 (id=672):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket(0x1e, 0x80004, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x6, 0x2, 0x40}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
dup3(r5, r4, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.563921272s ago: executing program 3 (id=673):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000440)={0x0, 0x7, 0x16d6, 0xa, 0x9, 0xffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
setitimer(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
r3 = inotify_init1(0x800)
fcntl$setsig(r3, 0xa, 0xe)
inotify_add_watch(r3, &(0x7f0000000180)='./control\x00', 0xa400080a)
rmdir(&(0x7f0000000100)='./control\x00')

1.54105855s ago: executing program 2 (id=674):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000004c0)='j\x95\'\x8aC\x16\xca\\', &(0x7f0000000c40)='\xe6usek\v\xf6u%\x9b\x00\x00\xad\xeb\x00\x00\x00\x00\x01\x80\x00\x00\xcf\x9b\x9f\b\xb6\xfe\xc8\xda~-\xf5S>\xb8\x86\xfc\x9cVR\x82\x9a\xbdp\xbd\x83w\xf9Z\xd2\xcb\xcdF\xd0#N7\x17\xfc\x1e\xf1\x97\xffxi\xe0KE}]\x8e\xca\xe3+\xc8\x98\x03\x91\x88(\bn\x7f\x0e\x85\xa5\xb4\n?_\xc9\xef\xe0Q\xdb\xb6\xa5\x81t\x06\xda\x95\x935\xf1\x18\xac\x00\xf0\xff\xff\xbd\xb5\xa1\x06\xfd\x01\x00\x00\x00\x0f\xf8\xe3\x8a\x1f\x9c\xf3\xc5\x1f\xf9\xbf[\xd13\xb3\xd3j\r6\x7f', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='{:\'@-\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='(!\xef(.(\\-]\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='^](*\r\\!\x00', &(0x7f0000000500)='{:\'@-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b80)='\xe0\"\xef\xb1\xea\xe6\x9c\xe6\xc8M\xdb\x86\xb3\x8b\xbe\xd5\xbdB\x92\xa0\x19-+a\x13qQ\xd5f39hSr\xafbB\xe2\xe8\xcd\x1bf\x18\x7f\xf27E#\"\xab\x99\xec\x88\x8d\xd8C\x0f\x95\xff\xfeG\xf9t\xb1 \xcc\xc5\xbb\x88\xb6\xd2\xf2Jwq\xf8oG<v\xb8\x18\x80\xe1Kf\xf8R\xdd\x06\xe8\xfbl\v\xb0\xdd\x05\x05\xd8\xdb\xfd`\xf9\xf8\x915\b\x8c\xad\xc8\x9d=\xfeN\x8b\x1eR\x1e\xf8\x9dn\x19H\xd2aE\xa0\x06\xb0Yv\xf9^\x8c\x8f\xc3\xa5\x985\x85U\x8cZ/\'\xbd\xe2\xdc\xe3\xb9\x8e$Z\xef\xa8\xe5(Mt\xd3\xd9\xf6X\x1a\x9b\t$N\xd0U\xe2z\xeb\x01\x80!0\xe8\xc3\xce\xf8\x03\xde\x92s\xf9', &(0x7f0000000ac0)='fuseblk\x00M\x13k\x92#\x05z)\xe0c\\35\xdf%\xa3\xac!zoO\xf8\xcex\xb3\f\xad@\x853o\x0f0\x1a\xc0\"\xf7\x11Z\x01\xc1\xd9\x9fbJ7\xd1\xad\xe1\xed\x87\xae\x11-s\xb4\xbd\x1e\x9a\xd7\xc1crt\x88%\x92\x8fL\x8d\xb3-\xb60O \xc5\xd1q\xcc\x97\xe0\xe8\xb0\n\v\xa9V\xfa\xeb\x1e|M\x98W\x81\xa2@{_\xba^\xa2\x82k\x10G\xfc\xd4\x99Pl\xfa\xe8\x7f\xc9 h\xd0\xfd\x04\x95\x8c\xb1\xe7', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
close(r0)

1.467420678s ago: executing program 1 (id=675):
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000004c0)='j\x95\'\x8aC\x16\xca\\', &(0x7f0000000c40)='\xe6usek\v\xf6u%\x9b\x00\x00\xad\xeb\x00\x00\x00\x00\x01\x80\x00\x00\xcf\x9b\x9f\b\xb6\xfe\xc8\xda~-\xf5S>\xb8\x86\xfc\x9cVR\x82\x9a\xbdp\xbd\x83w\xf9Z\xd2\xcb\xcdF\xd0#N7\x17\xfc\x1e\xf1\x97\xffxi\xe0KE}]\x8e\xca\xe3+\xc8\x98\x03\x91\x88(\bn\x7f\x0e\x85\xa5\xb4\n?_\xc9\xef\xe0Q\xdb\xb6\xa5\x81t\x06\xda\x95\x935\xf1\x18\xac\x00\xf0\xff\xff\xbd\xb5\xa1\x06\xfd\x01\x00\x00\x00\x0f\xf8\xe3\x8a\x1f\x9c\xf3\xc5\x1f\xf9\xbf[\xd13\xb3\xd3j\r6\x7f', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='(!\xef(.(\\-]\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000200)='^](*\r\\!\x00', &(0x7f0000000500)='{:\'@-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b80)='\xe0\"\xef\xb1\xea\xe6\x9c\xe6\xc8M\xdb\x86\xb3\x8b\xbe\xd5\xbdB\x92\xa0\x19-+a\x13qQ\xd5f39hSr\xafbB\xe2\xe8\xcd\x1bf\x18\x7f\xf27E#\"\xab\x99\xec\x88\x8d\xd8C\x0f\x95\xff\xfeG\xf9t\xb1 \xcc\xc5\xbb\x88\xb6\xd2\xf2Jwq\xf8oG<v\xb8\x18\x80\xe1Kf\xf8R\xdd\x06\xe8\xfbl\v\xb0\xdd\x05\x05\xd8\xdb\xfd`\xf9\xf8\x915\b\x8c\xad\xc8\x9d=\xfeN\x8b\x1eR\x1e\xf8\x9dn\x19H\xd2aE\xa0\x06\xb0Yv\xf9^\x8c\x8f\xc3\xa5\x985\x85U\x8cZ/\'\xbd\xe2\xdc\xe3\xb9\x8e$Z\xef\xa8\xe5(Mt\xd3\xd9\xf6X\x1a\x9b\t$N\xd0U\xe2z\xeb\x01\x80!0\xe8\xc3\xce\xf8\x03\xde\x92s\xf9', &(0x7f0000000ac0)='fuseblk\x00M\x13k\x92#\x05z)\xe0c\\35\xdf%\xa3\xac!zoO\xf8\xcex\xb3\f\xad@\x853o\x0f0\x1a\xc0\"\xf7\x11Z\x01\xc1\xd9\x9fbJ7\xd1\xad\xe1\xed\x87\xae\x11-s\xb4\xbd\x1e\x9a\xd7\xc1crt\x88%\x92\x8fL\x8d\xb3-\xb60O \xc5\xd1q\xcc\x97\xe0\xe8\xb0\n\v\xa9V\xfa\xeb\x1e|M\x98W\x81\xa2@{_\xba^\xa2\x82k\x10G\xfc\xd4\x99Pl\xfa\xe8\x7f\xc9 h\xd0\xfd\x04\x95\x8c\xb1\xe7', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000280)='\x1c@\\\x00', &(0x7f00000002c0)='\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000300)='(\xed\xef(.(\\-]\x00', &(0x7f0000000340)="0f", 0x1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000380)='}\x00', &(0x7f0000000880)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xecQ\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849@\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xf4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xf1C\xea!J\x19\xe1\xfe\x0f\x84\xdfY\x10\xed\x1c\xb2n\xc0ME\xaa\x9e\xd1f\x92q\xeb\xdb)\xcd1(>\x8e\x0f}\x03\xdd\xf8\x84\x9bz!\x80F\xc5ls< \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x1c\x9f\xbd\xcd\xea\xc3w\xa3\xf5\x1d.\x00\x00\x00\xa0\xf4\xe9\xe2\x83\xac\xde\x95cmvM\x12\xc1O\x1f#\xcd\x90\x1e\x03\x1e}\xe7w\xe7\"Oh`\xed\bM9\xaf\xa3BQ\xbf\xfd1\x1cG\xb5\xed\x86\xb9Q(\x19dZ\x8da\x008e*\x928\xcf\x0f\x0e\x05\x1dM?\x11$E\xc3\x12\x1e\xffI\x84t0D\xec\xf3T\xe2\xddJm\x87\xc9\xb1\xff\n\xa1\x13\xcbo\xc6\xda\x84\x02\xa3\x14\xf2q\x96\xa8Sa\xe4\x1f\x01\xa2]\xb2\xc9\xd5\xff\xfd\xf2\xb5\xf5\xef \xc7\x02\x927\xdb\xa5\a\x9eS\xb6\xe2\xbaL\x99n\xb4\xe3\xf7\x0eU\xc0', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='(\xed\xef(.(\\-]\x00', &(0x7f00000000c0)='f\xf0p\xce\x97\xbb\xd2dH\xdf\xbd\x18\x9baE\xef\x90\x90\x057g\x85\xf4\xf0\xba\xb0\xb1\x06\xa6q\xef\x03H\xda\"`\xd6', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='^](*\r\\!\x00', &(0x7f0000000100)='/*\x1d\x00', 0x0)
read(0xffffffffffffffff, 0x0, 0xfffffea1)
close(0xffffffffffffffff)

161.247955ms ago: executing program 2 (id=676):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x10000000)

159.678804ms ago: executing program 3 (id=677):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})

77.910717ms ago: executing program 0 (id=678):
setresgid(0xee00, 0x0, 0xee00)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@bloom_filter={0x1e, 0x476, 0x800, 0x8, 0x50800, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x3, 0x6}, 0x50)
timerfd_gettime(0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x121)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0x1000d0ffc2, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000140))
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

0s ago: executing program 1 (id=679):
r0 = getpid()
setresgid(0xee00, 0x0, 0xee00)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x121)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r1}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0x1000d0ffc2, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f0000000140)=r0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

kernel console output (not intermixed with test programs):

43293][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  199.686966][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  201.776305][   T30] audit: type=1804 audit(1762876522.465:7): pid=6649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.155" name="/newroot/33/file1" dev="fuse" ino=1 res=1 errno=0
[  201.854324][   T30] audit: type=1800 audit(1762876522.525:8): pid=6649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.155" name="/" dev="fuse" ino=1 res=0 errno=0
[  203.879263][ T6667] loop1: detected capacity change from 0 to 1764
[  204.018684][ T6672] ISOFS: unable to read i-node block
[  204.451713][   T10] usb 5-1: device descriptor read/64, error -110
[  204.738658][   T10] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[  205.249388][   T10] usb 5-1: device descriptor read/64, error -32
[  205.386221][   T10] usb usb5-port1: attempt power cycle
[  205.841402][ T6682] loop2: detected capacity change from 0 to 32768
[  205.864526][ T6682] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.163 (6682)
[  206.038923][   T10] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  206.077956][ T6682] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  206.088991][ T6682] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  206.169490][ T6688] sd 0:0:1:0: device reset
[  206.179183][ T6688] netlink: 152 bytes leftover after parsing attributes in process `syz.1.162'.
[  206.593566][   T10] usb 5-1: device descriptor read/8, error -32
[  207.004989][   T10] raw-gadget.0 gadget.4: failed to queue resume event
[  207.103610][   T10] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[  207.133790][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  207.141336][   T10] usb 5-1: device descriptor read/8, error -32
[  207.197018][ T6682] BTRFS info (device loop2): enabling ssd optimizations
[  207.204138][ T6682] BTRFS info (device loop2): turning on async discard
[  207.210981][ T6682] BTRFS info (device loop2): enabling free space tree
[  207.312475][   T10] raw-gadget.0 gadget.4: failed to queue suspend event
[  207.321577][   T10] usb usb5-port1: unable to enumerate USB device
[  209.010417][ T6627] raw-gadget.0 gadget.4: failed to queue disconnect event
[  209.339939][ T6718] loop3: detected capacity change from 0 to 164
[  209.403854][ T5997] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  210.487664][ T5997] usb 2-1: config 0 has an invalid interface number: 50 but max is 0
[  210.496435][ T5997] usb 2-1: config 0 has no interface number 0
[  210.508228][ T5997] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  210.517951][ T5997] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.526493][ T5997] usb 2-1: Product: syz
[  210.530685][ T5997] usb 2-1: Manufacturer: syz
[  210.535854][ T5997] usb 2-1: SerialNumber: syz
[  210.544776][ T5997] usb 2-1: config 0 descriptor??
[  210.554994][ T5997] yurex 2-1:0.50: Could not find endpoints
[  210.630717][ T5822] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  211.388826][ T5997] usb 2-1: USB disconnect, device number 3
[  212.228779][ T6734] loop3: detected capacity change from 0 to 4096
[  212.241351][ T6734] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  212.248706][ T6734] ntfs3(loop3): Failed to load $LogFile (-22).
[  212.404175][   T53] Bluetooth: hci0: command 0x0406 tx timeout
[  212.404524][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[  212.410416][   T53] Bluetooth: hci4: command 0x0406 tx timeout
[  212.416392][ T5834] Bluetooth: hci1: command 0x0406 tx timeout
[  213.081611][ T5892] IPVS: starting estimator thread 0...
[  213.223649][ T6740] IPVS: using max 27 ests per chain, 64800 per kthread
[  213.314585][ T6741] netlink: 20 bytes leftover after parsing attributes in process `syz.0.171'.
[  213.323698][ T6741] netlink: 8 bytes leftover after parsing attributes in process `syz.0.171'.
[  213.748768][ T5922] RDS/tcp: send to fe80::c on cp [0]returned -104, disconnecting and reconnecting
[  213.839659][ T6746] loop1: detected capacity change from 0 to 256
[  213.847395][ T6746] exfat: Deprecated parameter 'utf8'
[  213.852737][ T6746] exfat: Deprecated parameter 'namecase'
[  213.891929][ T6746] exfat: Deprecated parameter 'namecase'
[  214.083596][ T6746] exfat: Deprecated parameter 'utf8'
[  214.803563][ T6746] exFAT-fs (loop1): Invalid exboot-signature(sector = 6): 0x00000000
[  214.836757][ T6746] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0xaae40000
[  214.912102][ T6746] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x1919ab43)
[  214.924026][ T6746] exFAT-fs (loop1): invalid boot region
[  214.943619][ T6746] exFAT-fs (loop1): failed to recognize exfat type
[  216.964527][ T6766] loop4: detected capacity change from 0 to 512
[  217.909174][ T6766] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.922813][ T6766] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  219.283378][ T5825] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.116659][ T6776] loop1: detected capacity change from 0 to 1024
[  220.132584][ T6776] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  220.261644][ T6776] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.240931][ T6790] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 28
[  221.265291][ T6790] EXT4-fs (loop1): This should not happen!! Data will be lost
[  221.265291][ T6790] 
[  221.275492][ T6790] EXT4-fs (loop1): Total free blocks count 0
[  221.281663][ T6790] EXT4-fs (loop1): Free/Dirty block details
[  221.287836][ T6790] EXT4-fs (loop1): free_blocks=0
[  221.292949][ T6790] EXT4-fs (loop1): dirty_blocks=0
[  221.298376][ T6790] EXT4-fs (loop1): Block reservation details
[  221.304591][ T6790] EXT4-fs (loop1): i_reserved_data_blocks=0
[  221.877129][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.561153][ T6810] binder: 6804:6810 ioctl c018620c 200000000100 returned -1
[  224.270237][ T6811] veth0_to_team: entered promiscuous mode
[  224.276202][ T6811] veth0_to_team: entered allmulticast mode
[  224.449106][ T6796] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  224.456734][ T6796] IPv6: NLM_F_CREATE should be set when creating new route
[  226.731669][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.189'.
[  226.741612][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.189'.
[  229.008865][ T6846] serio: Serial port ttyS3
[  231.733841][ T6860] pim6reg: entered allmulticast mode
[  231.746881][ T6860] pim6reg: left allmulticast mode
[  231.766643][   T30] audit: type=1326 audit(1762876552.365:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e9b8f6c9 code=0x7ffc0000
[  231.797004][   T30] audit: type=1326 audit(1762876552.415:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6857 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e9b8f6c9 code=0x7ffc0000
[  234.418966][ T6876] loop1: detected capacity change from 0 to 22
[  234.426441][ T6876] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  234.437451][ T6876] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  234.840424][ T6883] loop3: detected capacity change from 0 to 512
[  234.870077][ T6883] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.203: inode has both inline data and extents flags
[  234.921015][ T6883] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.203: couldn't read orphan inode 15 (err -117)
[  235.030111][ T6883] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.141481][   T30] audit: type=1804 audit(1762876556.425:11): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.203" name="/newroot/49/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  236.424289][   T30] audit: type=1800 audit(1762876556.425:12): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.203" name="bus" dev="loop3" ino=18 res=0 errno=0
[  236.601600][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.623926][ T6893] loop0: detected capacity change from 0 to 128
[  237.168916][ T6900] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  237.176984][ T6900] FAT-fs (loop0): Filesystem has been set read-only
[  238.948375][ T6912] loop3: detected capacity change from 0 to 128
[  239.602083][ T6917] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  239.609933][ T6917] FAT-fs (loop3): Filesystem has been set read-only
[  240.042508][ T6918] loop1: detected capacity change from 0 to 22
[  240.055914][ T6918] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  240.649385][ T6918] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  240.815404][ T6913] delete_channel: no stack
[  241.282346][ T6922] delete_channel: no stack
[  241.305478][ T6922] loop3: detected capacity change from 0 to 22
[  241.314968][ T6922] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  241.342060][ T6922] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  243.817368][ T6934] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  243.824571][ T6934] overlayfs: failed to set xattr on upper
[  243.830295][ T6934] overlayfs: ...falling back to redirect_dir=nofollow.
[  243.837251][ T6934] overlayfs: ...falling back to metacopy=off.
[  243.843367][ T6934] overlayfs: ...falling back to index=off.
[  243.849386][ T6934] overlayfs: ...falling back to uuid=null.
[  244.589639][ T6941] loop3: detected capacity change from 0 to 128
[  244.621533][ T6939] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  244.629062][ T6939] overlayfs: failed to set xattr on upper
[  244.636369][ T6939] overlayfs: ...falling back to redirect_dir=nofollow.
[  244.643638][ T6939] overlayfs: ...falling back to metacopy=off.
[  244.649746][ T6939] overlayfs: ...falling back to index=off.
[  244.657413][ T6939] overlayfs: ...falling back to uuid=null.
[  245.106621][ T6946] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  245.114489][ T6946] FAT-fs (loop3): Filesystem has been set read-only
[  247.769565][ T6955] delete_channel: no stack
[  247.776940][ T6955] loop3: detected capacity change from 0 to 22
[  247.784264][ T6955] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  247.986369][ T6955] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  251.397338][ T6979] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  251.413606][ T6979] overlayfs: failed to set xattr on upper
[  251.840428][ T6979] overlayfs: ...falling back to redirect_dir=nofollow.
[  252.508158][ T6979] overlayfs: ...falling back to metacopy=off.
[  252.613510][   T53] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  252.628245][   T53] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  252.636812][   T53] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  252.651150][   T53] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  252.659006][ T6979] overlayfs: ...falling back to index=off.
[  252.669269][   T53] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  252.723719][ T6979] overlayfs: ...falling back to uuid=null.
[  252.729703][ T6979] overlayfs: failed to clone lowerpath
[  253.039437][ T6992] loop1: detected capacity change from 0 to 22
[  253.046878][ T6992] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  253.103948][ T6992] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  255.152072][   T53] Bluetooth: hci5: command tx timeout
[  257.196861][   T53] Bluetooth: hci5: command tx timeout
[  257.762974][ T7022] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  257.793764][ T7022] overlayfs: failed to set xattr on upper
[  257.799560][ T7022] overlayfs: ...falling back to redirect_dir=nofollow.
[  258.518036][ T7022] overlayfs: ...falling back to metacopy=off.
[  258.551011][ T7022] overlayfs: ...falling back to index=off.
[  258.655194][ T7022] overlayfs: ...falling back to uuid=null.
[  258.672139][ T7022] overlayfs: failed to clone lowerpath
[  258.971083][ T7029] 9p: Bad value for 'rfdno'
[  259.274555][   T53] Bluetooth: hci5: command tx timeout
[  259.836586][ T1157] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.957328][ T7037] loop3: detected capacity change from 0 to 128
[  260.972748][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  260.986792][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  261.246998][ T7041] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  261.254763][ T7041] FAT-fs (loop3): Filesystem has been set read-only
[  261.347915][ T1157] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.353803][   T53] Bluetooth: hci5: command tx timeout
[  261.406211][ T6982] chnl_net:caif_netlink_parms(): no params data found
[  261.579725][ T1157] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.865939][ T1157] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.994318][ T7053] loop1: detected capacity change from 0 to 22
[  262.063285][ T7053] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  262.150661][ T7053] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  263.335201][ T6982] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.342576][ T6982] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.374971][ T6982] bridge_slave_0: entered allmulticast mode
[  263.390607][ T6982] bridge_slave_0: entered promiscuous mode
[  264.403746][ T6982] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.410994][ T6982] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.376822][ T6982] bridge_slave_1: entered allmulticast mode
[  265.395863][ T6982] bridge_slave_1: entered promiscuous mode
[  265.806805][ T6982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  265.922612][ T7078] loop0: detected capacity change from 0 to 128
[  266.250291][ T7083] loop2: detected capacity change from 0 to 22
[  266.257816][ T7083] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  266.284043][ T7078] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  266.291779][ T7078] FAT-fs (loop0): Filesystem has been set read-only
[  266.438888][ T7083] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  266.865680][ T6982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.949761][ T7086] loop3: detected capacity change from 0 to 8
[  267.359223][ T1157] bridge_slave_1: left allmulticast mode
[  267.397887][ T1157] bridge_slave_1: left promiscuous mode
[  267.405716][ T1157] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.424789][ T7097] loop1: detected capacity change from 0 to 22
[  268.169883][ T7097] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  268.290869][ T1157] bridge_slave_0: left allmulticast mode
[  268.315347][ T1157] bridge_slave_0: left promiscuous mode
[  268.335855][ T7097] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  268.372994][ T1157] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.682815][ T7111] loop0: detected capacity change from 0 to 8192
[  270.784341][   T30] audit: type=1800 audit(1762876591.445:13): pid=7111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.260" name="file1" dev="loop0" ino=1048616 res=0 errno=0
[  272.494995][ T7125] loop0: detected capacity change from 0 to 8192
[  272.541494][   T30] audit: type=1800 audit(1762876593.235:14): pid=7125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.263" name="file1" dev="loop0" ino=1048617 res=0 errno=0
[  272.625210][ T7128] loop1: detected capacity change from 0 to 8192
[  272.716837][   T30] audit: type=1800 audit(1762876593.415:15): pid=7128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.265" name="file1" dev="loop1" ino=1048618 res=0 errno=0
[  272.762454][ T7133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.266'.
[  274.592020][ T1157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  274.608418][ T7143] loop0: detected capacity change from 0 to 16
[  274.618197][ T1157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  274.633938][ T1157] bond0 (unregistering): Released all slaves
[  274.663615][ T7143] erofs (device loop0): mounted with root inode @ nid 36.
[  274.712011][ T6982] team0: Port device team_slave_0 added
[  275.167980][ T6982] team0: Port device team_slave_1 added
[  275.596644][ T1157] tipc: Left network mode
[  275.994573][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_0
[  276.034029][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  276.709654][ T6982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  276.936921][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_1
[  276.967855][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.123931][ T6982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.032302][ T7177] libceph: resolve '.
[  280.032302][ T7177] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  280.032302][ T7177] ' (ret=-3): failed
[  280.348326][ T6982] hsr_slave_0: entered promiscuous mode
[  280.378024][ T6982] hsr_slave_1: entered promiscuous mode
[  280.403176][ T7185] loop2: detected capacity change from 0 to 8192
[  280.649285][ T6982] debugfs: 'hsr0' already exists in 'hsr'
[  280.662058][ T6982] Cannot create hsr debugfs directory
[  281.357926][ T7198] loop1: detected capacity change from 0 to 22
[  281.365363][ T7198] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  281.676510][ T7198] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  282.153370][   T30] audit: type=1800 audit(1762876602.845:16): pid=7185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.276" name="file1" dev="loop2" ino=1048619 res=0 errno=0
[  283.900631][ T7208] loop1: detected capacity change from 0 to 512
[  284.068477][ T7208] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  284.642742][   T30] audit: type=1800 audit(1762876605.335:17): pid=7208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.280" name="file1" dev="loop1" ino=15 res=0 errno=0
[  286.039874][ T7226] loop2: detected capacity change from 0 to 128
[  286.431292][ T7231] FAT-fs (loop2): error, corrupted directory (invalid entries)
[  286.439148][ T7231] FAT-fs (loop2): Filesystem has been set read-only
[  287.062289][ T5827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.181340][ T1157] hsr_slave_0: left promiscuous mode
[  287.293556][ T1157] hsr_slave_1: left promiscuous mode
[  287.310217][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  287.322938][ T7229] loop0: detected capacity change from 0 to 8192
[  287.344325][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_0
[  287.396735][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  287.428542][   T30] audit: type=1800 audit(1762876608.115:18): pid=7229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.286" name="file1" dev="loop0" ino=1048621 res=0 errno=0
[  287.474973][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_1
[  287.500261][ T7237] loop2: detected capacity change from 0 to 8192
[  287.819289][ T1157] veth1_macvtap: left promiscuous mode
[  287.839403][   T30] audit: type=1800 audit(1762876608.535:19): pid=7237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.287" name="file1" dev="loop2" ino=1048622 res=0 errno=0
[  287.943542][ T1157] veth0_macvtap: left promiscuous mode
[  287.949416][ T1157] veth1_vlan: left promiscuous mode
[  287.958385][ T1157] veth0_vlan: left promiscuous mode
[  291.734696][ T1157] team0 (unregistering): Port device team_slave_1 removed
[  291.856834][ T1157] team0 (unregistering): Port device team_slave_0 removed
[  292.028402][ T7274] loop1: detected capacity change from 0 to 128
[  292.232813][ T7276] libceph: resolve '.
[  292.232813][ T7276] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  292.232813][ T7276] ' (ret=-3): failed
[  292.584839][ T7278] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  292.592549][ T7278] FAT-fs (loop1): Filesystem has been set read-only
[  293.831603][ T7288] loop1: detected capacity change from 0 to 22
[  293.839110][ T7288] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  293.849204][ T7288] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  294.474374][   T30] audit: type=1326 audit(1762876615.165:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7283 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e9b8f6c9 code=0x7ffc0000
[  294.634492][   T30] audit: type=1326 audit(1762876615.165:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7283 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e9b8f6c9 code=0x7ffc0000
[  294.727097][ T7289] loop0: detected capacity change from 0 to 1024
[  294.852839][ T7291] loop2: detected capacity change from 0 to 8192
[  294.955788][   T30] audit: type=1800 audit(1762876615.655:22): pid=7291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.297" name="file1" dev="loop2" ino=1048624 res=0 errno=0
[  295.337594][ T7287] hfsplus: b-tree write err: -5, ino 3
[  295.975704][ T6982] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  296.039095][ T6982] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  296.077705][ T7305] loop3: detected capacity change from 0 to 128
[  296.398154][ T6982] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  296.499786][ T7309] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  296.507982][ T7309] FAT-fs (loop3): Filesystem has been set read-only
[  297.174513][ T6982] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  297.440341][ T7322] netlink: 24 bytes leftover after parsing attributes in process `syz.1.301'.
[  298.391337][   T30] audit: type=1800 audit(1762876619.085:23): pid=7323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.301" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  298.412164][ T7323] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  298.436411][ T7323] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  298.448184][ T7323] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  298.589187][ T6982] 8021q: adding VLAN 0 to HW filter on device bond0
[  298.712804][ T6982] 8021q: adding VLAN 0 to HW filter on device team0
[  298.755050][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.762304][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.464283][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.471512][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  299.701290][ T7342] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  299.733559][ T7342] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  299.865556][ T7344] loop1: detected capacity change from 0 to 22
[  299.914716][ T7344] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  299.973724][ T7344] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  300.355285][ T7348] loop3: detected capacity change from 0 to 8192
[  300.531690][   T30] audit: type=1800 audit(1762876621.225:24): pid=7348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.308" name="file1" dev="loop3" ino=1048626 res=0 errno=0
[  301.315168][ T6982] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.107939][ T7371] loop1: detected capacity change from 0 to 128
[  302.491193][ T7376] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  302.499014][ T7376] FAT-fs (loop1): Filesystem has been set read-only
[  303.384715][ T6982] veth0_vlan: entered promiscuous mode
[  303.401220][ T6982] veth1_vlan: entered promiscuous mode
[  303.621147][ T7385] loop0: detected capacity change from 0 to 8192
[  303.642830][ T6982] veth0_macvtap: entered promiscuous mode
[  303.655798][ T6982] veth1_macvtap: entered promiscuous mode
[  303.711782][   T30] audit: type=1800 audit(1762876624.395:25): pid=7385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.314" name="file1" dev="loop0" ino=1048628 res=0 errno=0
[  303.879542][ T6982] batman_adv: batadv0: Interface activated: batadv_slave_0
[  304.411679][ T6982] batman_adv: batadv0: Interface activated: batadv_slave_1
[  305.135577][ T5922] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  305.183902][ T5922] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  305.205945][ T5957] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  305.256009][ T5957] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  305.592911][ T7402] loop2: detected capacity change from 0 to 8192
[  305.650529][   T30] audit: type=1800 audit(1762876626.335:26): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.318" name="file1" dev="loop2" ino=1048629 res=0 errno=0
[  306.272845][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.285429][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.423682][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.475032][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.814874][ T7416] loop0: detected capacity change from 0 to 40427
[  306.842629][ T7416] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  306.851704][ T7416] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  306.874981][ T7416] F2FS-fs (loop0): invalid crc value
[  306.969034][ T7416] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  306.984110][ T7416] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  306.991349][ T7416] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  308.234338][   T30] audit: type=1800 audit(1762876628.015:27): pid=7423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.321" name="file1" dev="loop0" ino=10 res=0 errno=0
[  309.562928][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  309.573998][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  309.583201][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  309.591755][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  309.607550][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  309.828271][ T7433] loop1: detected capacity change from 0 to 8192
[  309.887559][   T30] audit: type=1800 audit(1762876630.585:28): pid=7433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.324" name="file1" dev="loop1" ino=1048635 res=0 errno=0
[  310.759147][ T7443] loop2: detected capacity change from 0 to 512
[  311.205884][ T5820] bio_check_eod: 24 callbacks suppressed
[  311.205907][ T5820] syz-executor: attempt to access beyond end of device
[  311.205907][ T5820] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  311.230453][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  311.230483][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  311.230505][ T5820] Call Trace:
[  311.230515][ T5820]  <TASK>
[  311.230525][ T5820]  dump_stack_lvl+0x189/0x250
[  311.230572][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.230606][ T5820]  ? __pfx_queue_work_on+0x10/0x10
[  311.230635][ T5820]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  311.230668][ T5820]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  311.230717][ T5820]  f2fs_handle_critical_error+0x37c/0x540
[  311.230763][ T5820]  f2fs_write_end_io+0x886/0xb60
[  311.230813][ T5820]  __submit_merged_bio+0x256/0x6a0
[  311.230845][ T5820]  ? up_write+0x1a8/0x430
[  311.230873][ T5820]  __submit_merged_write_cond+0x44c/0x530
[  311.230918][ T5820]  f2fs_sync_node_pages+0x1479/0x15e0
[  311.230979][ T5820]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  311.231052][ T5820]  ? f2fs_write_checkpoint+0xdad/0x2440
[  311.231085][ T5820]  ? up_write+0x1a8/0x430
[  311.231102][ T5820]  ? do_raw_spin_unlock+0x122/0x240
[  311.231131][ T5820]  f2fs_write_checkpoint+0xdde/0x2440
[  311.231157][ T5820]  ? __lock_acquire+0xab9/0xd20
[  311.231224][ T5820]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  311.231327][ T5820]  kill_f2fs_super+0x2cc/0x6d0
[  311.231371][ T5820]  ? __pfx_kill_f2fs_super+0x10/0x10
[  311.231421][ T5820]  ? shrinker_free+0x2ce/0x3e0
[  311.231455][ T5820]  deactivate_locked_super+0xbc/0x130
[  311.231484][ T5820]  cleanup_mnt+0x425/0x4c0
[  311.231509][ T5820]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.231548][ T5820]  task_work_run+0x1d4/0x260
[  311.231577][ T5820]  ? __pfx_task_work_run+0x10/0x10
[  311.231609][ T5820]  ? exit_to_user_mode_loop+0x55/0x4f0
[  311.231643][ T5820]  exit_to_user_mode_loop+0xff/0x4f0
[  311.231671][ T5820]  ? rcu_is_watching+0x15/0xb0
[  311.231711][ T5820]  do_syscall_64+0x2e9/0xfa0
[  311.231734][ T5820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.231756][ T5820]  ? clear_bhb_loop+0x60/0xb0
[  311.231785][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.231806][ T5820] RIP: 0033:0x7f06e9b909f7
[  311.231833][ T5820] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  311.231852][ T5820] RSP: 002b:00007ffdc0d8f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  311.231876][ T5820] RAX: 0000000000000000 RBX: 00007f06e9c11d7d RCX: 00007f06e9b909f7
[  311.231890][ T5820] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdc0d8f0f0
[  311.231904][ T5820] RBP: 00007ffdc0d8f0f0 R08: 0000000000000000 R09: 0000000000000000
[  311.231917][ T5820] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdc0d90180
[  311.231932][ T5820] R13: 00007f06e9c11d7d R14: 000000000004b4f1 R15: 00007ffdc0d901c0
[  311.231974][ T5820]  </TASK>
[  311.231984][ T5820] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  311.694530][   T53] Bluetooth: hci3: command tx timeout
[  311.703904][ T7443] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  312.063317][   T30] audit: type=1800 audit(1762876632.755:29): pid=7443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.325" name="file1" dev="loop2" ino=15 res=0 errno=0
[  312.810374][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.961961][ T7458] loop1: detected capacity change from 0 to 128
[  313.021940][ T7459] loop3: detected capacity change from 0 to 128
[  313.335048][ T7462] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  313.342792][ T7462] FAT-fs (loop1): Filesystem has been set read-only
[  313.832104][   T53] Bluetooth: hci3: command tx timeout
[  314.185333][ T5822] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.216098][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.282537][ T7466] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  314.290392][ T7466] FAT-fs (loop3): Filesystem has been set read-only
[  314.700110][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  314.761339][ T7467] loop1: detected capacity change from 0 to 8192
[  314.798813][ T7434] chnl_net:caif_netlink_parms(): no params data found
[  314.864452][   T30] audit: type=1800 audit(1762876635.555:30): pid=7467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.332" name="file1" dev="loop1" ino=1048638 res=0 errno=0
[  315.875760][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  315.899296][ T7475] loop2: detected capacity change from 0 to 8192
[  315.913727][   T53] Bluetooth: hci3: command tx timeout
[  316.032565][   T30] audit: type=1800 audit(1762876636.725:31): pid=7475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.331" name="file1" dev="loop2" ino=1048639 res=0 errno=0
[  316.541160][ T7485] loop3: detected capacity change from 0 to 8192
[  316.625417][   T30] audit: type=1800 audit(1762876637.325:32): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.334" name="file1" dev="loop3" ino=1048640 res=0 errno=0
[  316.650829][ T7494] loop0: detected capacity change from 0 to 22
[  317.993762][   T53] Bluetooth: hci3: command tx timeout
[  318.162984][ T7494] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  318.234789][ T7434] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.242045][ T7434] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.302973][ T7494] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  318.323727][ T7434] bridge_slave_0: entered allmulticast mode
[  318.386630][ T7434] bridge_slave_0: entered promiscuous mode
[  318.431003][ T7434] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.470093][ T7434] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.493674][ T7434] bridge_slave_1: entered allmulticast mode
[  318.520832][ T7434] bridge_slave_1: entered promiscuous mode
[  318.558165][   T12] bridge_slave_1: left allmulticast mode
[  318.567703][   T12] bridge_slave_1: left promiscuous mode
[  318.912684][ T7500] loop2: detected capacity change from 0 to 8192
[  318.947760][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.980462][   T30] audit: type=1800 audit(1762876639.675:33): pid=7500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.337" name="file1" dev="loop2" ino=1048641 res=0 errno=0
[  319.056356][   T12] bridge_slave_0: left allmulticast mode
[  319.092051][   T12] bridge_slave_0: left promiscuous mode
[  319.110915][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.021562][ T7514] delete_channel: no stack
[  321.029721][ T7514] loop1: detected capacity change from 0 to 22
[  321.037655][ T7514] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  321.075694][ T7514] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  321.523712][ T7526] loop0: detected capacity change from 0 to 512
[  321.566895][ T7526] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.857309][   T30] audit: type=1800 audit(1762876642.535:34): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.341" name="file1" dev="loop0" ino=15 res=0 errno=0
[  322.120293][ T7536] loop2: detected capacity change from 0 to 128
[  322.510881][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  322.524682][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  322.535452][   T12] bond0 (unregistering): Released all slaves
[  322.553499][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  322.559973][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  322.864456][ T7544] trusted_key: syz.1.347 sent an empty control message without MSG_MORE.
[  323.024731][ T7546] FAT-fs (loop2): error, corrupted directory (invalid entries)
[  323.033341][ T7546] FAT-fs (loop2): Filesystem has been set read-only
[  324.745761][ T5820] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.757085][ T7434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  324.790681][ T7434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  325.150373][ T7434] team0: Port device team_slave_0 added
[  325.199143][ T7559] loop1: detected capacity change from 0 to 8192
[  325.346060][   T30] audit: type=1800 audit(1762876646.045:35): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.350" name="file1" dev="loop1" ino=1048643 res=0 errno=0
[  325.399932][ T7434] team0: Port device team_slave_1 added
[  326.576358][ T7434] batman_adv: batadv0: Adding interface: batadv_slave_0
[  326.605552][ T7434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  326.718831][ T7434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  326.833538][   T12] hsr_slave_0: left promiscuous mode
[  326.877087][   T12] hsr_slave_1: left promiscuous mode
[  326.914091][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  326.929869][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  326.977555][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  327.016471][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  327.029898][ T7575] loop0: detected capacity change from 0 to 8192
[  327.145336][   T30] audit: type=1800 audit(1762876647.845:36): pid=7575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.352" name="file1" dev="loop0" ino=1048644 res=0 errno=0
[  327.200662][   T12] veth1_macvtap: left promiscuous mode
[  327.219015][   T12] veth0_macvtap: left promiscuous mode
[  327.233308][   T12] veth1_vlan: left promiscuous mode
[  327.247919][   T12] veth0_vlan: left promiscuous mode
[  330.776530][ T7598] loop3: detected capacity change from 0 to 8192
[  330.834001][ T7605] loop2: detected capacity change from 0 to 22
[  330.841292][ T7605] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  330.844149][   T30] audit: type=1800 audit(1762876651.535:37): pid=7598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.359" name="file1" dev="loop3" ino=1048645 res=0 errno=0
[  330.853101][ T7605] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  331.510756][ T7601] delete_channel: no stack
[  331.965982][   T12] team0 (unregistering): Port device team_slave_1 removed
[  332.065511][ T7615] delete_channel: no stack
[  332.087557][ T7615] loop2: detected capacity change from 0 to 22
[  332.101011][ T7615] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  332.448885][   T12] team0 (unregistering): Port device team_slave_0 removed
[  332.606739][ T7615] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  333.236332][ T7619] loop2: detected capacity change from 0 to 8192
[  333.296878][   T30] audit: type=1800 audit(1762876653.995:38): pid=7619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.365" name="file1" dev="loop2" ino=1048646 res=0 errno=0
[  334.452391][ T7434] batman_adv: batadv0: Adding interface: batadv_slave_1
[  335.053137][ T7434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  335.153514][ T7434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  335.722577][ T7632] loop1: detected capacity change from 0 to 8192
[  336.718869][ T7434] hsr_slave_0: entered promiscuous mode
[  336.733283][   T30] audit: type=1800 audit(1762876657.425:39): pid=7632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.369" name="file1" dev="loop1" ino=1048647 res=0 errno=0
[  336.748843][ T7434] hsr_slave_1: entered promiscuous mode
[  337.072741][ T7434] debugfs: 'hsr0' already exists in 'hsr'
[  337.120582][ T7434] Cannot create hsr debugfs directory
[  342.016053][ T7671] netlink: 'syz.3.378': attribute type 10 has an invalid length.
[  342.032265][ T7671] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.041970][ T7671] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.196202][ T7664] loop0: detected capacity change from 0 to 8192
[  343.264653][   T30] audit: type=1800 audit(1762876663.945:40): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.376" name="file1" dev="loop0" ino=1048648 res=0 errno=0
[  343.558739][ T7671] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.566132][ T7671] bridge0: port 2(bridge_slave_1) entered forwarding state
[  343.573783][ T7671] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.581047][ T7671] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.118740][ T7671] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  352.039499][ T7738] netlink: 68 bytes leftover after parsing attributes in process `syz.0.390'.
[  352.050466][ T7434] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  352.127714][ T7434] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  352.816829][ T7434] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  353.065152][ T7434] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  356.000613][ T7434] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.118471][ T7434] 8021q: adding VLAN 0 to HW filter on device team0
[  356.832260][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.839557][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  357.081046][ T7789] netlink: 'syz.3.400': attribute type 10 has an invalid length.
[  357.596007][ T7789] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.603705][ T7789] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.645556][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.652778][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.818027][ T7808] netlink: 'syz.2.404': attribute type 10 has an invalid length.
[  361.123024][ T7434] 8021q: adding VLAN 0 to HW filter on device batadv0
[  364.149145][ T7852] loop2: detected capacity change from 0 to 40427
[  364.307685][ T7852] F2FS-fs (loop2): invalid crc value
[  364.939242][ T7852] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  364.950349][ T7852] F2FS-fs (loop2): Start checkpoint disabled!
[  364.979111][ T7852] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  364.987722][ T7852] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  365.034953][   T30] audit: type=1800 audit(1762876685.735:41): pid=7852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.413" name="file1" dev="loop2" ino=10 res=0 errno=0
[  365.503303][ T7868] syz.2.413: attempt to access beyond end of device
[  365.503303][ T7868] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  365.519887][ T7868] syz.2.413: attempt to access beyond end of device
[  365.519887][ T7868] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  365.535641][ T7868] syz.2.413: attempt to access beyond end of device
[  365.535641][ T7868] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  365.552356][ T7868] syz.2.413: attempt to access beyond end of device
[  365.552356][ T7868] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  365.570341][ T7868] syz.2.413: attempt to access beyond end of device
[  365.570341][ T7868] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  365.589431][ T7868] syz.2.413: attempt to access beyond end of device
[  365.589431][ T7868] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  365.607350][ T7868] syz.2.413: attempt to access beyond end of device
[  365.607350][ T7868] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  365.623297][ T7868] syz.2.413: attempt to access beyond end of device
[  365.623297][ T7868] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  365.647302][ T7868] syz.2.413: attempt to access beyond end of device
[  365.647302][ T7868] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  365.665341][ T7868] syz.2.413: attempt to access beyond end of device
[  365.665341][ T7868] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  367.262939][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  367.262963][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  367.262973][   T13] Workqueue: writeback wb_workfn (flush-7:2)
[  367.263005][   T13] Call Trace:
[  367.263011][   T13]  <TASK>
[  367.263018][   T13]  dump_stack_lvl+0x189/0x250
[  367.263070][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  367.263095][   T13]  ? __pfx_queue_work_on+0x10/0x10
[  367.263116][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  367.263140][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  367.263172][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  367.263202][   T13]  f2fs_write_end_io+0x886/0xb60
[  367.263232][   T13]  __submit_merged_bio+0x256/0x6a0
[  367.263261][   T13]  __submit_merged_write_cond+0x255/0x530
[  367.263290][   T13]  f2fs_write_data_pages+0x261d/0x3000
[  367.263336][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  367.263374][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  367.263433][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  367.263474][   T13]  ? trace_f2fs_writepages+0x7f/0x200
[  367.263507][   T13]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  367.263540][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  367.263557][   T13]  do_writepages+0x32e/0x550
[  367.263584][   T13]  ? reacquire_held_locks+0x127/0x1d0
[  367.263607][   T13]  ? writeback_sb_inodes+0x3bc/0x1950
[  367.263633][   T13]  __writeback_single_inode+0x133/0x12f0
[  367.263660][   T13]  writeback_sb_inodes+0x984/0x1950
[  367.263702][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  367.263754][   T13]  ? rcu_is_watching+0x15/0xb0
[  367.263785][   T13]  wb_writeback+0x42b/0xb10
[  367.263811][   T13]  ? queue_io+0x361/0x590
[  367.263833][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  367.263860][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.263885][   T13]  wb_workfn+0x3f9/0xef0
[  367.263913][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  367.263933][   T13]  ? __lock_acquire+0xab9/0xd20
[  367.263961][   T13]  ? process_one_work+0x868/0x15e0
[  367.263985][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.264010][   T13]  ? process_one_work+0x868/0x15e0
[  367.264028][   T13]  process_one_work+0x93a/0x15e0
[  367.264047][   T13]  ? __lock_acquire+0xab9/0xd20
[  367.264083][   T13]  ? __pfx_process_one_work+0x10/0x10
[  367.264110][   T13]  ? assign_work+0x3a1/0x410
[  367.264133][   T13]  worker_thread+0x9b0/0xee0
[  367.264173][   T13]  kthread+0x711/0x8a0
[  367.264190][   T13]  ? __pfx_worker_thread+0x10/0x10
[  367.264210][   T13]  ? __pfx_kthread+0x10/0x10
[  367.264226][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.264248][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  367.264270][   T13]  ? __pfx_kthread+0x10/0x10
[  367.264285][   T13]  ret_from_fork+0x599/0xb30
[  367.264306][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  367.264339][   T13]  ? __switch_to_asm+0x39/0x70
[  367.264353][   T13]  ? __switch_to_asm+0x33/0x70
[  367.264368][   T13]  ? __pfx_kthread+0x10/0x10
[  367.264383][   T13]  ret_from_fork_asm+0x1a/0x30
[  367.264412][   T13]  </TASK>
[  367.827276][   T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  370.706418][ T7913] netlink: 68 bytes leftover after parsing attributes in process `syz.1.425'.
[  371.106967][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  371.117907][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  371.139469][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  371.171955][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  371.180802][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  371.584969][ T7925] netlink: 'syz.3.427': attribute type 10 has an invalid length.
[  373.273612][   T53] Bluetooth: hci5: command tx timeout
[  374.515732][ T7939] netlink: 'syz.3.428': attribute type 10 has an invalid length.
[  375.163091][ T7943] loop2: detected capacity change from 0 to 8192
[  375.353585][   T53] Bluetooth: hci5: command tx timeout
[  375.529482][   T30] audit: type=1800 audit(1762876696.225:42): pid=7943 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.430" name="file1" dev="loop2" ino=1048649 res=0 errno=0
[  377.171573][ T7917] chnl_net:caif_netlink_parms(): no params data found
[  377.457883][   T53] Bluetooth: hci5: command tx timeout
[  377.961752][ T6605] bridge_slave_1: left allmulticast mode
[  377.982232][ T6605] bridge_slave_1: left promiscuous mode
[  378.031630][ T6605] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.098243][ T6605] bridge_slave_0: left allmulticast mode
[  378.114711][ T6605] bridge_slave_0: left promiscuous mode
[  378.121357][ T6605] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.593739][   T53] Bluetooth: hci5: command tx timeout
[  380.771050][ T7998] netlink: 'syz.0.442': attribute type 10 has an invalid length.
[  382.126085][ T8005] loop3: detected capacity change from 0 to 8192
[  382.524934][ T8017] loop2: detected capacity change from 0 to 40427
[  382.540369][ T8017] F2FS-fs (loop2): invalid crc value
[  382.549075][   T30] audit: type=1800 audit(1762876703.245:43): pid=8005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.444" name="file1" dev="loop3" ino=1048650 res=0 errno=0
[  382.950358][ T8017] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  382.961194][ T8017] F2FS-fs (loop2): Start checkpoint disabled!
[  382.990369][ T8017] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  383.004946][ T8017] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  383.218782][   T30] audit: type=1800 audit(1762876703.915:44): pid=8017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.446" name="file1" dev="loop2" ino=10 res=0 errno=0
[  383.895313][ T8028] loop1: detected capacity change from 0 to 40427
[  383.911976][ T8029] bio_check_eod: 67 callbacks suppressed
[  383.911999][ T8029] syz.2.446: attempt to access beyond end of device
[  383.911999][ T8029] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  383.932248][ T8029] syz.2.446: attempt to access beyond end of device
[  383.932248][ T8029] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  383.946567][ T8029] syz.2.446: attempt to access beyond end of device
[  383.946567][ T8029] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  383.966011][ T8029] syz.2.446: attempt to access beyond end of device
[  383.966011][ T8029] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  383.983242][ T8029] syz.2.446: attempt to access beyond end of device
[  383.983242][ T8029] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  384.001297][ T8029] syz.2.446: attempt to access beyond end of device
[  384.001297][ T8029] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  384.020407][ T8029] syz.2.446: attempt to access beyond end of device
[  384.020407][ T8029] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  384.035028][ T8029] syz.2.446: attempt to access beyond end of device
[  384.035028][ T8029] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  384.051391][ T8029] syz.2.446: attempt to access beyond end of device
[  384.051391][ T8029] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  384.070357][ T8029] syz.2.446: attempt to access beyond end of device
[  384.070357][ T8029] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  384.414088][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  384.420450][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  384.471078][ T8028] F2FS-fs (loop1): invalid crc value
[  384.538942][ T8028] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  384.550313][ T8028] F2FS-fs (loop1): Start checkpoint disabled!
[  384.744557][ T8028] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  384.758135][ T8028] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  384.775942][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[  384.775965][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  384.775976][   T36] Workqueue: writeback wb_workfn (flush-7:2)
[  384.776001][   T36] Call Trace:
[  384.776007][   T36]  <TASK>
[  384.776013][   T36]  dump_stack_lvl+0x189/0x250
[  384.776042][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[  384.776066][   T36]  ? __pfx_queue_work_on+0x10/0x10
[  384.776087][   T36]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  384.776123][   T36]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  384.776166][   T36]  f2fs_handle_critical_error+0x37c/0x540
[  384.776217][   T36]  f2fs_write_end_io+0x886/0xb60
[  384.776259][   T36]  __submit_merged_bio+0x256/0x6a0
[  384.776300][   T36]  __submit_merged_write_cond+0x255/0x530
[  384.776342][   T36]  f2fs_write_data_pages+0x261d/0x3000
[  384.776402][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  384.776449][   T36]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  384.776514][   T36]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  384.776563][   T36]  ? trace_f2fs_writepages+0x7f/0x200
[  384.776599][   T36]  ? f2fs_write_node_pages+0x478/0x6e0
[  384.776637][   T36]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  384.776685][   T36]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  384.776709][   T36]  do_writepages+0x32e/0x550
[  384.776747][   T36]  ? reacquire_held_locks+0x127/0x1d0
[  384.776780][   T36]  ? writeback_sb_inodes+0x3bc/0x1950
[  384.776817][   T36]  __writeback_single_inode+0x133/0x12f0
[  384.776854][   T36]  writeback_sb_inodes+0x984/0x1950
[  384.776919][   T36]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  384.776988][   T36]  ? rcu_is_watching+0x15/0xb0
[  384.777031][   T36]  wb_writeback+0x42b/0xb10
[  384.777069][   T36]  ? queue_io+0x361/0x590
[  384.777101][   T36]  ? __pfx_wb_writeback+0x10/0x10
[  384.777138][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  384.777183][   T36]  wb_workfn+0x3f9/0xef0
[  384.777224][   T36]  ? __pfx_wb_workfn+0x10/0x10
[  384.777254][   T36]  ? __lock_acquire+0xab9/0xd20
[  384.777293][   T36]  ? process_one_work+0x868/0x15e0
[  384.777328][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  384.777363][   T36]  ? process_one_work+0x868/0x15e0
[  384.777389][   T36]  process_one_work+0x93a/0x15e0
[  384.777415][   T36]  ? __lock_acquire+0xab9/0xd20
[  384.777466][   T36]  ? __pfx_process_one_work+0x10/0x10
[  384.777502][   T36]  ? assign_work+0x3a1/0x410
[  384.777534][   T36]  worker_thread+0x9b0/0xee0
[  384.777592][   T36]  kthread+0x711/0x8a0
[  384.777617][   T36]  ? __pfx_worker_thread+0x10/0x10
[  384.777645][   T36]  ? __pfx_kthread+0x10/0x10
[  384.777668][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[  384.777697][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[  384.777728][   T36]  ? __pfx_kthread+0x10/0x10
[  384.777750][   T36]  ret_from_fork+0x599/0xb30
[  384.777780][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[  384.777818][   T36]  ? __switch_to_asm+0x39/0x70
[  384.777839][   T36]  ? __switch_to_asm+0x33/0x70
[  384.777859][   T36]  ? __pfx_kthread+0x10/0x10
[  384.777879][   T36]  ret_from_fork_asm+0x1a/0x30
[  384.777920][   T36]  </TASK>
[  384.781605][   T36] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  385.173528][   T30] audit: type=1800 audit(1762876705.815:45): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.448" name="file1" dev="loop1" ino=10 res=0 errno=0
[  386.248011][ T6605] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  386.263491][ T5986] CPU: 0 UID: 0 PID: 5986 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[  386.263519][ T5986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  386.263533][ T5986] Workqueue: writeback wb_workfn (flush-7:1)
[  386.263567][ T5986] Call Trace:
[  386.263577][ T5986]  <TASK>
[  386.263586][ T5986]  dump_stack_lvl+0x189/0x250
[  386.263628][ T5986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.263663][ T5986]  ? __pfx_queue_work_on+0x10/0x10
[  386.263692][ T5986]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  386.263725][ T5986]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  386.263774][ T5986]  f2fs_handle_critical_error+0x37c/0x540
[  386.263819][ T5986]  f2fs_write_end_io+0x886/0xb60
[  386.263868][ T5986]  __submit_merged_bio+0x256/0x6a0
[  386.263912][ T5986]  __submit_merged_write_cond+0x255/0x530
[  386.263957][ T5986]  f2fs_write_data_pages+0x261d/0x3000
[  386.264026][ T5986]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  386.264082][ T5986]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  386.264189][ T5986]  ? finish_task_switch+0x162/0x960
[  386.264230][ T5986]  ? finish_task_switch+0x23d/0x960
[  386.264254][ T5986]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.264291][ T5986]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  386.264315][ T5986]  do_writepages+0x32e/0x550
[  386.264367][ T5986]  ? reacquire_held_locks+0x127/0x1d0
[  386.264400][ T5986]  ? writeback_sb_inodes+0x3bc/0x1950
[  386.264441][ T5986]  __writeback_single_inode+0x133/0x12f0
[  386.264482][ T5986]  writeback_sb_inodes+0x984/0x1950
[  386.264547][ T5986]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  386.264632][ T5986]  ? rcu_is_watching+0x15/0xb0
[  386.264675][ T5986]  wb_writeback+0x42b/0xb10
[  386.264714][ T5986]  ? queue_io+0x361/0x590
[  386.264746][ T5986]  ? __pfx_wb_writeback+0x10/0x10
[  386.264786][ T5986]  ? _raw_spin_unlock_irq+0x23/0x50
[  386.264825][ T5986]  wb_workfn+0x3f9/0xef0
[  386.264870][ T5986]  ? __pfx_wb_workfn+0x10/0x10
[  386.264901][ T5986]  ? __lock_acquire+0xab9/0xd20
[  386.264943][ T5986]  ? process_one_work+0x868/0x15e0
[  386.264979][ T5986]  ? _raw_spin_unlock_irq+0x23/0x50
[  386.265014][ T5986]  ? process_one_work+0x868/0x15e0
[  386.265045][ T5986]  process_one_work+0x93a/0x15e0
[  386.265071][ T5986]  ? __lock_acquire+0xab9/0xd20
[  386.265125][ T5986]  ? __pfx_process_one_work+0x10/0x10
[  386.265165][ T5986]  ? assign_work+0x3a1/0x410
[  386.265200][ T5986]  worker_thread+0x9b0/0xee0
[  386.265266][ T5986]  kthread+0x711/0x8a0
[  386.265292][ T5986]  ? __pfx_worker_thread+0x10/0x10
[  386.265321][ T5986]  ? __pfx_kthread+0x10/0x10
[  386.265344][ T5986]  ? _raw_spin_unlock_irq+0x23/0x50
[  386.265375][ T5986]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.265406][ T5986]  ? __pfx_kthread+0x10/0x10
[  386.265428][ T5986]  ret_from_fork+0x599/0xb30
[  386.265459][ T5986]  ? __pfx_ret_from_fork+0x10/0x10
[  386.265502][ T5986]  ? __switch_to_asm+0x39/0x70
[  386.265523][ T5986]  ? __switch_to_asm+0x33/0x70
[  386.265543][ T5986]  ? __pfx_kthread+0x10/0x10
[  386.265566][ T5986]  ret_from_fork_asm+0x1a/0x30
[  386.265612][ T5986]  </TASK>
[  386.483683][ T5986] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  386.654650][ T6605] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  386.665789][ T6605] bond0 (unregistering): Released all slaves
[  386.742251][ T7998] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.749832][ T7998] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.228581][ T7998] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.236028][ T7998] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.244486][ T7998] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.251683][ T7998] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.304538][ T7998] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  387.374764][ T6605] hsr_slave_0: left promiscuous mode
[  387.386486][ T6605] hsr_slave_1: left promiscuous mode
[  387.524238][ T6605] batman_adv: batadv0: Removing interface: batadv_slave_0
[  387.564352][ T6605] batman_adv: batadv0: Removing interface: batadv_slave_1
[  390.639038][ T8053] netlink: 'syz.0.452': attribute type 10 has an invalid length.
[  391.027357][ T8046] loop1: detected capacity change from 0 to 8192
[  391.080065][   T30] audit: type=1800 audit(1762876711.775:46): pid=8046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.450" name="file1" dev="loop1" ino=1048651 res=0 errno=0
[  392.357486][ T8059] loop3: detected capacity change from 0 to 40427
[  392.439766][ T8059] F2FS-fs (loop3): invalid crc value
[  392.577765][ T8059] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  392.592304][ T8059] F2FS-fs (loop3): Start checkpoint disabled!
[  392.678536][ T8059] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  392.709769][ T8059] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  392.858725][   T30] audit: type=1800 audit(1762876713.555:47): pid=8059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.454" name="file1" dev="loop3" ino=10 res=0 errno=0
[  393.938839][ T8071] bio_check_eod: 295 callbacks suppressed
[  393.938862][ T8071] syz.3.454: attempt to access beyond end of device
[  393.938862][ T8071] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  393.958973][ T8071] syz.3.454: attempt to access beyond end of device
[  393.958973][ T8071] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  393.973259][ T8071] syz.3.454: attempt to access beyond end of device
[  393.973259][ T8071] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  394.007319][ T8071] syz.3.454: attempt to access beyond end of device
[  394.007319][ T8071] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  394.022151][ T8071] syz.3.454: attempt to access beyond end of device
[  394.022151][ T8071] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  394.036788][ T8071] syz.3.454: attempt to access beyond end of device
[  394.036788][ T8071] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  394.051138][ T8071] syz.3.454: attempt to access beyond end of device
[  394.051138][ T8071] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  394.067532][ T8071] syz.3.454: attempt to access beyond end of device
[  394.067532][ T8071] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  394.084058][ T8071] syz.3.454: attempt to access beyond end of device
[  394.084058][ T8071] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  394.099861][ T8071] syz.3.454: attempt to access beyond end of device
[  394.099861][ T8071] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  394.741868][ T8073] loop2: detected capacity change from 0 to 40427
[  394.863702][ T8073] F2FS-fs (loop2): invalid crc value
[  395.331097][ T8073] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  395.343793][ T8073] F2FS-fs (loop2): Start checkpoint disabled!
[  395.351894][ T8073] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  395.375016][ T8073] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  395.416674][ T8062] CPU: 0 UID: 0 PID: 8062 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) 
[  395.416705][ T8062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  395.416719][ T8062] Workqueue: writeback wb_workfn (flush-7:3)
[  395.416752][ T8062] Call Trace:
[  395.416761][ T8062]  <TASK>
[  395.416771][ T8062]  dump_stack_lvl+0x189/0x250
[  395.416811][ T8062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.416844][ T8062]  ? __pfx_queue_work_on+0x10/0x10
[  395.416873][ T8062]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  395.416906][ T8062]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  395.416951][ T8062]  f2fs_handle_critical_error+0x37c/0x540
[  395.416993][ T8062]  f2fs_write_end_io+0x886/0xb60
[  395.417037][ T8062]  __submit_merged_bio+0x256/0x6a0
[  395.417079][ T8062]  __submit_merged_write_cond+0x255/0x530
[  395.417121][ T8062]  f2fs_write_data_pages+0x261d/0x3000
[  395.417191][ T8062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  395.417230][ T8062]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  395.417295][ T8062]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  395.417343][ T8062]  ? trace_f2fs_writepages+0x7f/0x200
[  395.417379][ T8062]  ? f2fs_write_node_pages+0x478/0x6e0
[  395.417417][ T8062]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  395.417465][ T8062]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  395.417489][ T8062]  do_writepages+0x32e/0x550
[  395.417527][ T8062]  ? reacquire_held_locks+0x127/0x1d0
[  395.417558][ T8062]  ? writeback_sb_inodes+0x3bc/0x1950
[  395.417595][ T8062]  __writeback_single_inode+0x133/0x12f0
[  395.417634][ T8062]  writeback_sb_inodes+0x984/0x1950
[  395.417695][ T8062]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  395.417769][ T8062]  ? rcu_is_watching+0x15/0xb0
[  395.417812][ T8062]  wb_writeback+0x42b/0xb10
[  395.417850][ T8062]  ? queue_io+0x361/0x590
[  395.417882][ T8062]  ? __pfx_wb_writeback+0x10/0x10
[  395.417920][ T8062]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.417951][ T8062]  wb_workfn+0x3f9/0xef0
[  395.417987][ T8062]  ? __pfx_wb_workfn+0x10/0x10
[  395.418017][ T8062]  ? __lock_acquire+0xab9/0xd20
[  395.418057][ T8062]  ? process_one_work+0x868/0x15e0
[  395.418092][ T8062]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.418133][ T8062]  ? process_one_work+0x868/0x15e0
[  395.418160][ T8062]  process_one_work+0x93a/0x15e0
[  395.418186][ T8062]  ? __lock_acquire+0xab9/0xd20
[  395.418236][ T8062]  ? __pfx_process_one_work+0x10/0x10
[  395.418274][ T8062]  ? assign_work+0x3a1/0x410
[  395.418308][ T8062]  worker_thread+0x9b0/0xee0
[  395.418366][ T8062]  kthread+0x711/0x8a0
[  395.418390][ T8062]  ? __pfx_worker_thread+0x10/0x10
[  395.418419][ T8062]  ? __pfx_kthread+0x10/0x10
[  395.418442][ T8062]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.418472][ T8062]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.418503][ T8062]  ? __pfx_kthread+0x10/0x10
[  395.418525][ T8062]  ret_from_fork+0x599/0xb30
[  395.418555][ T8062]  ? __pfx_ret_from_fork+0x10/0x10
[  395.418594][ T8062]  ? __switch_to_asm+0x39/0x70
[  395.418615][ T8062]  ? __switch_to_asm+0x33/0x70
[  395.418635][ T8062]  ? __pfx_kthread+0x10/0x10
[  395.418657][ T8062]  ret_from_fork_asm+0x1a/0x30
[  395.418699][ T8062]  </TASK>
[  395.418708][ T8062] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  395.954280][ T6605] team0 (unregistering): Port device team_slave_1 removed
[  396.436951][ T6605] team0 (unregistering): Port device team_slave_0 removed
[  398.202496][ T8092] loop3: detected capacity change from 0 to 40427
[  398.853828][ T8092] F2FS-fs (loop3): invalid crc value
[  398.929948][ T8092] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  398.939756][ T8092] F2FS-fs (loop3): Start checkpoint disabled!
[  398.947506][ T8092] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  398.955483][ T8092] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  398.993724][   T30] audit: type=1800 audit(1762876719.685:48): pid=8092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.459" name="file1" dev="loop3" ino=10 res=0 errno=0
[  399.432733][ T8098] bio_check_eod: 176 callbacks suppressed
[  399.432780][ T8098] syz.3.459: attempt to access beyond end of device
[  399.432780][ T8098] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  399.455126][ T8098] syz.3.459: attempt to access beyond end of device
[  399.455126][ T8098] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  399.472783][ T8098] syz.3.459: attempt to access beyond end of device
[  399.472783][ T8098] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  399.490342][ T8098] syz.3.459: attempt to access beyond end of device
[  399.490342][ T8098] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  399.507907][ T8098] syz.3.459: attempt to access beyond end of device
[  399.507907][ T8098] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  399.527344][ T8098] syz.3.459: attempt to access beyond end of device
[  399.527344][ T8098] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  399.582869][ T8098] syz.3.459: attempt to access beyond end of device
[  399.582869][ T8098] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  399.600426][ T8098] syz.3.459: attempt to access beyond end of device
[  399.600426][ T8098] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  399.617986][ T8098] syz.3.459: attempt to access beyond end of device
[  399.617986][ T8098] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  399.637239][ T8098] syz.3.459: attempt to access beyond end of device
[  399.637239][ T8098] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  400.037780][ T5922] CPU: 0 UID: 0 PID: 5922 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  400.037802][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  400.037812][ T5922] Workqueue: writeback wb_workfn (flush-7:3)
[  400.037837][ T5922] Call Trace:
[  400.037843][ T5922]  <TASK>
[  400.037849][ T5922]  dump_stack_lvl+0x189/0x250
[  400.037879][ T5922]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.037903][ T5922]  ? __pfx_queue_work_on+0x10/0x10
[  400.037924][ T5922]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  400.037948][ T5922]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  400.037979][ T5922]  f2fs_handle_critical_error+0x37c/0x540
[  400.038009][ T5922]  f2fs_write_end_io+0x886/0xb60
[  400.038039][ T5922]  __submit_merged_bio+0x256/0x6a0
[  400.038068][ T5922]  __submit_merged_write_cond+0x255/0x530
[  400.038097][ T5922]  f2fs_write_data_pages+0x261d/0x3000
[  400.038138][ T5922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  400.038164][ T5922]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  400.038208][ T5922]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  400.038242][ T5922]  ? trace_f2fs_writepages+0x7f/0x200
[  400.038274][ T5922]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  400.038308][ T5922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  400.038325][ T5922]  do_writepages+0x32e/0x550
[  400.038351][ T5922]  ? reacquire_held_locks+0x127/0x1d0
[  400.038374][ T5922]  ? writeback_sb_inodes+0x3bc/0x1950
[  400.038401][ T5922]  __writeback_single_inode+0x133/0x12f0
[  400.038428][ T5922]  writeback_sb_inodes+0x984/0x1950
[  400.038470][ T5922]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  400.038521][ T5922]  ? rcu_is_watching+0x15/0xb0
[  400.038551][ T5922]  wb_writeback+0x42b/0xb10
[  400.038577][ T5922]  ? queue_io+0x361/0x590
[  400.038600][ T5922]  ? __pfx_wb_writeback+0x10/0x10
[  400.038646][ T5922]  ? _raw_spin_unlock_irq+0x23/0x50
[  400.038671][ T5922]  wb_workfn+0x3f9/0xef0
[  400.038697][ T5922]  ? __pfx_wb_workfn+0x10/0x10
[  400.038716][ T5922]  ? __lock_acquire+0xab9/0xd20
[  400.038743][ T5922]  ? process_one_work+0x868/0x15e0
[  400.038766][ T5922]  ? _raw_spin_unlock_irq+0x23/0x50
[  400.038790][ T5922]  ? process_one_work+0x868/0x15e0
[  400.038808][ T5922]  process_one_work+0x93a/0x15e0
[  400.038825][ T5922]  ? __lock_acquire+0xab9/0xd20
[  400.038860][ T5922]  ? __pfx_process_one_work+0x10/0x10
[  400.038886][ T5922]  ? assign_work+0x3a1/0x410
[  400.038909][ T5922]  worker_thread+0x9b0/0xee0
[  400.038947][ T5922]  kthread+0x711/0x8a0
[  400.038963][ T5922]  ? __pfx_worker_thread+0x10/0x10
[  400.038982][ T5922]  ? __pfx_kthread+0x10/0x10
[  400.038997][ T5922]  ? _raw_spin_unlock_irq+0x23/0x50
[  400.039018][ T5922]  ? lockdep_hardirqs_on+0x9c/0x150
[  400.039040][ T5922]  ? __pfx_kthread+0x10/0x10
[  400.039054][ T5922]  ret_from_fork+0x599/0xb30
[  400.039075][ T5922]  ? __pfx_ret_from_fork+0x10/0x10
[  400.039101][ T5922]  ? __switch_to_asm+0x39/0x70
[  400.039115][ T5922]  ? __switch_to_asm+0x33/0x70
[  400.039128][ T5922]  ? __pfx_kthread+0x10/0x10
[  400.039143][ T5922]  ret_from_fork_asm+0x1a/0x30
[  400.039170][ T5922]  </TASK>
[  400.039176][ T5922] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  400.341967][ T8053] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.349719][ T8053] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.585257][ T7917] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.623580][ T7917] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.649828][ T7917] bridge_slave_0: entered allmulticast mode
[  400.675688][ T7917] bridge_slave_0: entered promiscuous mode
[  400.720745][ T7917] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.743769][ T7917] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.825497][ T7917] bridge_slave_1: entered allmulticast mode
[  401.096818][ T7917] bridge_slave_1: entered promiscuous mode
[  401.500431][ T7917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  401.514059][ T7917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  401.555207][ T8106] loop1: detected capacity change from 0 to 8192
[  401.632135][   T30] audit: type=1800 audit(1762876722.325:49): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.467" name="file1" dev="loop1" ino=1048652 res=0 errno=0
[  402.934049][ T7917] team0: Port device team_slave_0 added
[  403.062114][ T7917] team0: Port device team_slave_1 added
[  403.346863][ T8123] loop1: detected capacity change from 0 to 40427
[  403.593701][ T8123] F2FS-fs (loop1): invalid crc value
[  403.676672][ T8123] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  403.696741][ T8123] F2FS-fs (loop1): Start checkpoint disabled!
[  403.708051][ T8123] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  403.723671][ T8123] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  404.033471][   T30] audit: type=1800 audit(1762876724.585:50): pid=8123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.469" name="file1" dev="loop1" ino=10 res=0 errno=0
[  404.126036][ T7917] batman_adv: batadv0: Adding interface: batadv_slave_0
[  405.058536][ T8135] netlink: 68 bytes leftover after parsing attributes in process `syz.0.471'.
[  405.083407][ T7917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  405.215863][   T57] bio_check_eod: 361 callbacks suppressed
[  405.215884][   T57] kworker/u8:4: attempt to access beyond end of device
[  405.215884][   T57] loop1: rw=2049, sector=46624, nr_sectors = 8 limit=40427
[  405.243417][ T7917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  405.282511][ T7917] batman_adv: batadv0: Adding interface: batadv_slave_1
[  405.335957][   T57] CPU: 0 UID: 0 PID: 57 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) 
[  405.335989][   T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  405.336005][   T57] Workqueue: writeback wb_workfn (flush-7:1)
[  405.336037][   T57] Call Trace:
[  405.336046][   T57]  <TASK>
[  405.336056][   T57]  dump_stack_lvl+0x189/0x250
[  405.336096][   T57]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.336131][   T57]  ? __pfx_queue_work_on+0x10/0x10
[  405.336171][   T57]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  405.336205][   T57]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  405.336258][   T57]  f2fs_handle_critical_error+0x37c/0x540
[  405.336299][   T57]  f2fs_write_end_io+0x886/0xb60
[  405.336342][   T57]  __submit_merged_bio+0x256/0x6a0
[  405.336383][   T57]  __submit_merged_write_cond+0x255/0x530
[  405.336424][   T57]  f2fs_write_data_pages+0x261d/0x3000
[  405.336482][   T57]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  405.336520][   T57]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  405.336583][   T57]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  405.336630][   T57]  ? trace_f2fs_writepages+0x7f/0x200
[  405.336664][   T57]  ? f2fs_write_node_pages+0x478/0x6e0
[  405.336701][   T57]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  405.336748][   T57]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  405.336772][   T57]  do_writepages+0x32e/0x550
[  405.336827][   T57]  ? reacquire_held_locks+0x127/0x1d0
[  405.336859][   T57]  ? writeback_sb_inodes+0x3bc/0x1950
[  405.336897][   T57]  __writeback_single_inode+0x133/0x12f0
[  405.336937][   T57]  writeback_sb_inodes+0x984/0x1950
[  405.336999][   T57]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  405.337076][   T57]  ? rcu_is_watching+0x15/0xb0
[  405.337121][   T57]  wb_writeback+0x42b/0xb10
[  405.337171][   T57]  ? queue_io+0x361/0x590
[  405.337203][   T57]  ? __pfx_wb_writeback+0x10/0x10
[  405.337249][   T57]  ? _raw_spin_unlock_irq+0x23/0x50
[  405.337284][   T57]  wb_workfn+0x3f9/0xef0
[  405.337323][   T57]  ? __pfx_wb_workfn+0x10/0x10
[  405.337352][   T57]  ? __lock_acquire+0xab9/0xd20
[  405.337390][   T57]  ? process_one_work+0x868/0x15e0
[  405.337424][   T57]  ? _raw_spin_unlock_irq+0x23/0x50
[  405.337458][   T57]  ? process_one_work+0x868/0x15e0
[  405.337483][   T57]  process_one_work+0x93a/0x15e0
[  405.337509][   T57]  ? __lock_acquire+0xab9/0xd20
[  405.337557][   T57]  ? __pfx_process_one_work+0x10/0x10
[  405.337593][   T57]  ? assign_work+0x3a1/0x410
[  405.337625][   T57]  worker_thread+0x9b0/0xee0
[  405.337681][   T57]  kthread+0x711/0x8a0
[  405.337705][   T57]  ? __pfx_worker_thread+0x10/0x10
[  405.337733][   T57]  ? __pfx_kthread+0x10/0x10
[  405.337756][   T57]  ? _raw_spin_unlock_irq+0x23/0x50
[  405.337786][   T57]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.337818][   T57]  ? __pfx_kthread+0x10/0x10
[  405.337839][   T57]  ret_from_fork+0x599/0xb30
[  405.337869][   T57]  ? __pfx_ret_from_fork+0x10/0x10
[  405.337908][   T57]  ? __switch_to_asm+0x39/0x70
[  405.337928][   T57]  ? __switch_to_asm+0x33/0x70
[  405.337948][   T57]  ? __pfx_kthread+0x10/0x10
[  405.337971][   T57]  ret_from_fork_asm+0x1a/0x30
[  405.338012][   T57]  </TASK>
[  405.338022][   T57] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  405.663885][ T7917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  405.750816][ T8148] loop2: detected capacity change from 0 to 40427
[  405.789444][ T8148] F2FS-fs (loop2): invalid crc value
[  405.793484][ T7917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  405.889557][ T8148] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  405.970879][ T8148] F2FS-fs (loop2): Start checkpoint disabled!
[  406.047705][ T8148] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  406.060855][ T8148] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  406.874275][   T30] audit: type=1800 audit(1762876727.575:51): pid=8148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.474" name="file1" dev="loop2" ino=10 res=0 errno=0
[  406.924979][ T7917] hsr_slave_0: entered promiscuous mode
[  406.948211][ T7917] hsr_slave_1: entered promiscuous mode
[  406.962969][ T7917] debugfs: 'hsr0' already exists in 'hsr'
[  406.975789][ T7917] Cannot create hsr debugfs directory
[  407.306582][ T8160] syz.2.474: attempt to access beyond end of device
[  407.306582][ T8160] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  407.324143][ T8160] syz.2.474: attempt to access beyond end of device
[  407.324143][ T8160] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  407.341720][ T8160] syz.2.474: attempt to access beyond end of device
[  407.341720][ T8160] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  407.358981][ T8160] syz.2.474: attempt to access beyond end of device
[  407.358981][ T8160] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  407.375716][ T8160] syz.2.474: attempt to access beyond end of device
[  407.375716][ T8160] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  407.429091][ T8160] syz.2.474: attempt to access beyond end of device
[  407.429091][ T8160] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  407.446630][ T8160] syz.2.474: attempt to access beyond end of device
[  407.446630][ T8160] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  407.464000][ T8160] syz.2.474: attempt to access beyond end of device
[  407.464000][ T8160] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  407.481409][ T8160] syz.2.474: attempt to access beyond end of device
[  407.481409][ T8160] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  408.811429][ T5986] CPU: 1 UID: 0 PID: 5986 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(full) 
[  408.811460][ T5986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  408.811474][ T5986] Workqueue: writeback wb_workfn (flush-7:2)
[  408.811509][ T5986] Call Trace:
[  408.811518][ T5986]  <TASK>
[  408.811528][ T5986]  dump_stack_lvl+0x189/0x250
[  408.811570][ T5986]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.811605][ T5986]  ? __pfx_queue_work_on+0x10/0x10
[  408.811635][ T5986]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  408.811668][ T5986]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  408.811717][ T5986]  f2fs_handle_critical_error+0x37c/0x540
[  408.811762][ T5986]  f2fs_write_end_io+0x886/0xb60
[  408.811810][ T5986]  __submit_merged_bio+0x256/0x6a0
[  408.811855][ T5986]  __submit_merged_write_cond+0x255/0x530
[  408.811906][ T5986]  f2fs_write_data_pages+0x261d/0x3000
[  408.811929][ T5986]  ? kasan_quarantine_put+0xdd/0x220
[  408.811993][ T5986]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  408.812073][ T5986]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  408.812102][ T5986]  ? arch_stack_walk+0x110/0x150
[  408.812142][ T5986]  ? ret_from_fork_asm+0x1a/0x30
[  408.812209][ T5986]  ? __lock_acquire+0xab9/0xd20
[  408.812245][ T5986]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  408.812272][ T5986]  do_writepages+0x32e/0x550
[  408.812312][ T5986]  ? reacquire_held_locks+0x127/0x1d0
[  408.812344][ T5986]  ? writeback_sb_inodes+0x3bc/0x1950
[  408.812385][ T5986]  __writeback_single_inode+0x133/0x12f0
[  408.812427][ T5986]  writeback_sb_inodes+0x984/0x1950
[  408.812497][ T5986]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  408.812581][ T5986]  ? rcu_is_watching+0x15/0xb0
[  408.812629][ T5986]  wb_writeback+0x42b/0xb10
[  408.812669][ T5986]  ? queue_io+0x361/0x590
[  408.812703][ T5986]  ? __pfx_wb_writeback+0x10/0x10
[  408.812745][ T5986]  ? _raw_spin_unlock_irq+0x23/0x50
[  408.812784][ T5986]  wb_workfn+0x3f9/0xef0
[  408.812831][ T5986]  ? __pfx_wb_workfn+0x10/0x10
[  408.812862][ T5986]  ? __lock_acquire+0xab9/0xd20
[  408.812915][ T5986]  ? process_one_work+0x868/0x15e0
[  408.812953][ T5986]  ? _raw_spin_unlock_irq+0x23/0x50
[  408.812991][ T5986]  ? process_one_work+0x868/0x15e0
[  408.813018][ T5986]  process_one_work+0x93a/0x15e0
[  408.813045][ T5986]  ? __lock_acquire+0xab9/0xd20
[  408.813102][ T5986]  ? __pfx_process_one_work+0x10/0x10
[  408.813143][ T5986]  ? assign_work+0x3a1/0x410
[  408.813184][ T5986]  worker_thread+0x9b0/0xee0
[  408.813246][ T5986]  kthread+0x711/0x8a0
[  408.813273][ T5986]  ? __pfx_worker_thread+0x10/0x10
[  408.813302][ T5986]  ? __pfx_kthread+0x10/0x10
[  408.813327][ T5986]  ? _raw_spin_unlock_irq+0x23/0x50
[  408.813359][ T5986]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.813389][ T5986]  ? __pfx_kthread+0x10/0x10
[  408.813411][ T5986]  ret_from_fork+0x599/0xb30
[  408.813442][ T5986]  ? __pfx_ret_from_fork+0x10/0x10
[  408.813481][ T5986]  ? __switch_to_asm+0x39/0x70
[  408.813502][ T5986]  ? __switch_to_asm+0x33/0x70
[  408.813522][ T5986]  ? __pfx_kthread+0x10/0x10
[  408.813545][ T5986]  ret_from_fork_asm+0x1a/0x30
[  408.813591][ T5986]  </TASK>
[  409.376565][ T5986] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  411.492504][ T8186] netlink: 'syz.1.473': attribute type 10 has an invalid length.
[  411.726311][ T8186] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.733999][ T8186] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.760877][ T8178] loop0: detected capacity change from 0 to 8192
[  412.858048][ T8186] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.865269][ T8186] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.872739][ T8186] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.879928][ T8186] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.937461][   T30] audit: type=1800 audit(1762876733.635:52): pid=8178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.479" name="file1" dev="loop0" ino=1048653 res=0 errno=0
[  413.026110][ T8186] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  415.224090][ T8206] loop2: detected capacity change from 0 to 40427
[  415.265871][ T8212] netlink: 'syz.3.486': attribute type 10 has an invalid length.
[  415.286376][ T8206] F2FS-fs (loop2): invalid crc value
[  415.523973][ T8213] loop1: detected capacity change from 0 to 40427
[  415.614225][ T8213] F2FS-fs (loop1): invalid crc value
[  415.615632][ T8206] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  415.633856][ T8206] F2FS-fs (loop2): Start checkpoint disabled!
[  415.716591][ T8206] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  415.727152][ T8206] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  415.770839][ T8213] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  415.787476][ T8213] F2FS-fs (loop1): Start checkpoint disabled!
[  415.823865][   T30] audit: type=1800 audit(1762876736.525:53): pid=8206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.484" name="file1" dev="loop2" ino=10 res=0 errno=0
[  415.845257][ T8213] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  415.954235][ T8213] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  416.081410][   T30] audit: type=1800 audit(1762876736.775:54): pid=8213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.487" name="file1" dev="loop1" ino=10 res=0 errno=0
[  416.130114][ T8222] bio_check_eod: 177 callbacks suppressed
[  416.130134][ T8222] syz.2.484: attempt to access beyond end of device
[  416.130134][ T8222] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  416.150526][ T8222] syz.2.484: attempt to access beyond end of device
[  416.150526][ T8222] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  416.165223][ T8222] syz.2.484: attempt to access beyond end of device
[  416.165223][ T8222] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  416.181763][ T8222] syz.2.484: attempt to access beyond end of device
[  416.181763][ T8222] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  416.196039][ T8222] syz.2.484: attempt to access beyond end of device
[  416.196039][ T8222] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  416.210443][ T8222] syz.2.484: attempt to access beyond end of device
[  416.210443][ T8222] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  416.226355][ T8222] syz.2.484: attempt to access beyond end of device
[  416.226355][ T8222] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  416.240561][ T8222] syz.2.484: attempt to access beyond end of device
[  416.240561][ T8222] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  416.254842][ T8222] syz.2.484: attempt to access beyond end of device
[  416.254842][ T8222] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  416.269098][ T8222] syz.2.484: attempt to access beyond end of device
[  416.269098][ T8222] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  416.480302][ T7917] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  417.421544][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  417.421573][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  417.421586][   T12] Workqueue: writeback wb_workfn (flush-7:2)
[  417.421619][   T12] Call Trace:
[  417.421628][   T12]  <TASK>
[  417.421637][   T12]  dump_stack_lvl+0x189/0x250
[  417.421676][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.421709][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  417.421747][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  417.421779][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  417.421822][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  417.421863][   T12]  f2fs_write_end_io+0x886/0xb60
[  417.421904][   T12]  __submit_merged_bio+0x256/0x6a0
[  417.421944][   T12]  __submit_merged_write_cond+0x255/0x530
[  417.421984][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  417.422042][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  417.422080][   T12]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  417.422142][   T12]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  417.422186][   T12]  ? trace_f2fs_writepages+0x7f/0x200
[  417.422216][   T12]  ? f2fs_write_node_pages+0x478/0x6e0
[  417.422249][   T12]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  417.422295][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  417.422319][   T12]  do_writepages+0x32e/0x550
[  417.422355][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  417.422386][   T12]  ? writeback_sb_inodes+0x3bc/0x1950
[  417.422422][   T12]  __writeback_single_inode+0x133/0x12f0
[  417.422460][   T12]  writeback_sb_inodes+0x984/0x1950
[  417.422519][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  417.422586][   T12]  ? rcu_is_watching+0x15/0xb0
[  417.422628][   T12]  wb_writeback+0x42b/0xb10
[  417.422664][   T12]  ? queue_io+0x361/0x590
[  417.422694][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  417.422737][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.422779][   T12]  wb_workfn+0x3f9/0xef0
[  417.422819][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  417.422846][   T12]  ? __lock_acquire+0xab9/0xd20
[  417.422884][   T12]  ? process_one_work+0x868/0x15e0
[  417.422918][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.422952][   T12]  ? process_one_work+0x868/0x15e0
[  417.422978][   T12]  process_one_work+0x93a/0x15e0
[  417.423003][   T12]  ? __lock_acquire+0xab9/0xd20
[  417.423071][   T12]  ? __pfx_process_one_work+0x10/0x10
[  417.423110][   T12]  ? assign_work+0x3a1/0x410
[  417.423144][   T12]  worker_thread+0x9b0/0xee0
[  417.423206][   T12]  kthread+0x711/0x8a0
[  417.423230][   T12]  ? __pfx_worker_thread+0x10/0x10
[  417.423258][   T12]  ? __pfx_kthread+0x10/0x10
[  417.423277][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.423305][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.423342][   T12]  ? __pfx_kthread+0x10/0x10
[  417.423362][   T12]  ret_from_fork+0x599/0xb30
[  417.423393][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  417.423430][   T12]  ? __switch_to_asm+0x39/0x70
[  417.423450][   T12]  ? __switch_to_asm+0x33/0x70
[  417.423470][   T12]  ? __pfx_kthread+0x10/0x10
[  417.423492][   T12]  ret_from_fork_asm+0x1a/0x30
[  417.423534][   T12]  </TASK>
[  417.443252][ T7917] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  417.513258][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  417.904385][ T5922] CPU: 0 UID: 0 PID: 5922 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  417.904418][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  417.904434][ T5922] Workqueue: writeback wb_workfn (flush-7:1)
[  417.904467][ T5922] Call Trace:
[  417.904476][ T5922]  <TASK>
[  417.904485][ T5922]  dump_stack_lvl+0x189/0x250
[  417.904526][ T5922]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.904561][ T5922]  ? __pfx_queue_work_on+0x10/0x10
[  417.904590][ T5922]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  417.904623][ T5922]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  417.904707][ T5922]  f2fs_handle_critical_error+0x37c/0x540
[  417.904751][ T5922]  f2fs_write_end_io+0x886/0xb60
[  417.904795][ T5922]  __submit_merged_bio+0x256/0x6a0
[  417.904837][ T5922]  __submit_merged_write_cond+0x255/0x530
[  417.904880][ T5922]  f2fs_write_data_pages+0x261d/0x3000
[  417.904940][ T5922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  417.904980][ T5922]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  417.905046][ T5922]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  417.905096][ T5922]  ? trace_f2fs_writepages+0x7f/0x200
[  417.905132][ T5922]  ? f2fs_write_node_pages+0x478/0x6e0
[  417.905171][ T5922]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  417.905221][ T5922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  417.905246][ T5922]  do_writepages+0x32e/0x550
[  417.905284][ T5922]  ? reacquire_held_locks+0x127/0x1d0
[  417.905316][ T5922]  ? writeback_sb_inodes+0x3bc/0x1950
[  417.905354][ T5922]  __writeback_single_inode+0x133/0x12f0
[  417.905394][ T5922]  writeback_sb_inodes+0x984/0x1950
[  417.905457][ T5922]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  417.905532][ T5922]  ? rcu_is_watching+0x15/0xb0
[  417.905577][ T5922]  wb_writeback+0x42b/0xb10
[  417.905614][ T5922]  ? queue_io+0x361/0x590
[  417.905653][ T5922]  ? __pfx_wb_writeback+0x10/0x10
[  417.905693][ T5922]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.905730][ T5922]  wb_workfn+0x3f9/0xef0
[  417.905770][ T5922]  ? __pfx_wb_workfn+0x10/0x10
[  417.905800][ T5922]  ? __lock_acquire+0xab9/0xd20
[  417.905841][ T5922]  ? process_one_work+0x868/0x15e0
[  417.905877][ T5922]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.905913][ T5922]  ? process_one_work+0x868/0x15e0
[  417.905940][ T5922]  process_one_work+0x93a/0x15e0
[  417.905968][ T5922]  ? __lock_acquire+0xab9/0xd20
[  417.906019][ T5922]  ? __pfx_process_one_work+0x10/0x10
[  417.906059][ T5922]  ? assign_work+0x3a1/0x410
[  417.906093][ T5922]  worker_thread+0x9b0/0xee0
[  417.906151][ T5922]  kthread+0x711/0x8a0
[  417.906177][ T5922]  ? __pfx_worker_thread+0x10/0x10
[  417.906206][ T5922]  ? __pfx_kthread+0x10/0x10
[  417.906242][ T5922]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.906271][ T5922]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.906303][ T5922]  ? __pfx_kthread+0x10/0x10
[  417.906324][ T5922]  ret_from_fork+0x599/0xb30
[  417.906354][ T5922]  ? __pfx_ret_from_fork+0x10/0x10
[  417.906392][ T5922]  ? __switch_to_asm+0x39/0x70
[  417.906413][ T5922]  ? __switch_to_asm+0x33/0x70
[  417.906433][ T5922]  ? __pfx_kthread+0x10/0x10
[  417.906454][ T5922]  ret_from_fork_asm+0x1a/0x30
[  417.906496][ T5922]  </TASK>
[  417.906505][ T5922] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  418.220155][ T7917] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  418.367772][ T7917] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  418.857390][ T7917] 8021q: adding VLAN 0 to HW filter on device bond0
[  418.957546][ T7917] 8021q: adding VLAN 0 to HW filter on device team0
[  419.031791][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.039157][ T5985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  419.132604][ T8062] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.139858][ T8062] bridge0: port 2(bridge_slave_1) entered forwarding state
[  419.276675][ T8245] loop0: detected capacity change from 0 to 8192
[  419.390096][ T8250] netlink: 'syz.2.489': attribute type 10 has an invalid length.
[  419.589012][   T30] audit: type=1800 audit(1762876740.285:55): pid=8245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.491" name="file1" dev="loop0" ino=1048654 res=0 errno=0
[  421.958730][ T8261] netlink: 'syz.1.492': attribute type 10 has an invalid length.
[  421.966861][ T8261] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.974432][ T8261] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.380819][ T8275] netlink: 'syz.0.495': attribute type 10 has an invalid length.
[  422.764351][ T8282] netlink: 'syz.1.496': attribute type 10 has an invalid length.
[  423.326378][ T7917] 8021q: adding VLAN 0 to HW filter on device batadv0
[  424.617062][ T8289] loop0: detected capacity change from 0 to 8192
[  424.761582][   T30] audit: type=1800 audit(1762876745.455:56): pid=8289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.498" name="file1" dev="loop0" ino=1048655 res=0 errno=0
[  425.673283][ T7917] veth0_vlan: entered promiscuous mode
[  425.704236][ T8304] netlink: 'syz.1.499': attribute type 10 has an invalid length.
[  425.750156][ T7917] veth1_vlan: entered promiscuous mode
[  425.946211][ T8308] loop0: detected capacity change from 0 to 22
[  425.953574][ T8308] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  425.998093][ T8308] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  426.007521][ T8307] delete_channel: no stack
[  426.662240][ T7917] veth0_macvtap: entered promiscuous mode
[  426.732668][ T7917] veth1_macvtap: entered promiscuous mode
[  427.036525][ T7917] batman_adv: batadv0: Interface activated: batadv_slave_0
[  427.425719][ T7917] batman_adv: batadv0: Interface activated: batadv_slave_1
[  427.895978][ T5986] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  427.908289][ T8329] netlink: 'syz.2.504': attribute type 10 has an invalid length.
[  427.952657][ T5986] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  427.999166][ T5986] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  428.076166][ T5986] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  428.262291][ T8328] loop0: detected capacity change from 0 to 8192
[  428.374450][   T30] audit: type=1800 audit(1762876749.075:57): pid=8328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.505" name="file1" dev="loop0" ino=1048656 res=0 errno=0
[  428.453180][ T8062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.520350][ T8062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.894120][ T5985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  428.902010][ T5985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  429.204302][ T8349] netlink: 68 bytes leftover after parsing attributes in process `syz.0.508'.
[  429.597190][ T8353] loop3: detected capacity change from 0 to 128
[  429.931738][ T8355] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  429.941150][ T8355] FAT-fs (loop3): Filesystem has been set read-only
[  432.268361][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  432.298860][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  432.308397][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  432.319952][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  432.348236][ T8362] loop3: detected capacity change from 0 to 8192
[  432.367277][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  432.487698][   T30] audit: type=1800 audit(1762876753.185:58): pid=8362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.511" name="file1" dev="loop3" ino=1048663 res=0 errno=0
[  432.551571][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.932455][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.158452][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.473658][ T5834] Bluetooth: hci3: command tx timeout
[  435.427378][ T8393] netlink: 'syz.2.519': attribute type 10 has an invalid length.
[  435.566343][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.999978][ T8363] chnl_net:caif_netlink_parms(): no params data found
[  436.554391][ T5834] Bluetooth: hci3: command tx timeout
[  436.653745][   T12] bridge_slave_1: left allmulticast mode
[  436.660911][   T12] bridge_slave_1: left promiscuous mode
[  436.690365][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.028315][   T12] bridge_slave_0: left allmulticast mode
[  437.045926][   T12] bridge_slave_0: left promiscuous mode
[  437.083611][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.636774][ T5834] Bluetooth: hci3: command tx timeout
[  438.752852][ T8419] loop2: detected capacity change from 0 to 128
[  438.905293][ T8417] loop3: detected capacity change from 0 to 8192
[  438.951733][   T30] audit: type=1800 audit(1762876759.645:59): pid=8417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.524" name="file1" dev="loop3" ino=1048664 res=0 errno=0
[  439.020872][ T8419] FAT-fs (loop2): error, corrupted directory (invalid entries)
[  439.028587][ T8419] FAT-fs (loop2): Filesystem has been set read-only
[  439.447254][ T8423] loop1: detected capacity change from 0 to 22
[  439.455726][ T8423] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  439.643616][ T8423] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  439.653032][ T8422] delete_channel: no stack
[  440.468780][ T8432] netlink: 68 bytes leftover after parsing attributes in process `syz.0.529'.
[  440.774117][ T5834] Bluetooth: hci3: command tx timeout
[  440.793950][ T8437] netlink: 68 bytes leftover after parsing attributes in process `syz.2.530'.
[  441.019273][ T8443] netlink: 'syz.0.531': attribute type 10 has an invalid length.
[  441.588356][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  441.827464][ T8447] loop3: detected capacity change from 0 to 40427
[  441.859817][ T8447] F2FS-fs (loop3): invalid crc value
[  441.903838][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  441.941040][   T12] bond0 (unregistering): Released all slaves
[  441.943217][ T8447] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  441.957668][ T8447] F2FS-fs (loop3): Start checkpoint disabled!
[  441.966301][ T8447] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  441.977696][ T8447] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  442.127530][   T30] audit: type=1800 audit(1762876762.815:60): pid=8447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.533" name="file1" dev="loop3" ino=10 res=0 errno=0
[  442.415344][ T8451] bio_check_eod: 362 callbacks suppressed
[  442.415361][ T8451] syz.3.533: attempt to access beyond end of device
[  442.415361][ T8451] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  442.437024][ T8451] syz.3.533: attempt to access beyond end of device
[  442.437024][ T8451] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  442.451419][ T8451] syz.3.533: attempt to access beyond end of device
[  442.451419][ T8451] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  442.465789][ T8451] syz.3.533: attempt to access beyond end of device
[  442.465789][ T8451] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  442.480311][ T8451] syz.3.533: attempt to access beyond end of device
[  442.480311][ T8451] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  442.494749][ T8451] syz.3.533: attempt to access beyond end of device
[  442.494749][ T8451] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  442.508983][ T8451] syz.3.533: attempt to access beyond end of device
[  442.508983][ T8451] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  442.523118][ T8451] syz.3.533: attempt to access beyond end of device
[  442.523118][ T8451] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  442.538668][ T8451] syz.3.533: attempt to access beyond end of device
[  442.538668][ T8451] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  442.552803][ T8451] syz.3.533: attempt to access beyond end of device
[  442.552803][ T8451] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  442.714312][ T8363] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.722821][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT(full) 
[  442.722851][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  442.722867][ T5985] Workqueue: writeback wb_workfn (flush-7:3)
[  442.722899][ T5985] Call Trace:
[  442.722908][ T5985]  <TASK>
[  442.722917][ T5985]  dump_stack_lvl+0x189/0x250
[  442.722958][ T5985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.722992][ T5985]  ? __pfx_queue_work_on+0x10/0x10
[  442.723020][ T5985]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  442.723141][ T5985]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  442.723188][ T5985]  f2fs_handle_critical_error+0x37c/0x540
[  442.723231][ T5985]  f2fs_write_end_io+0x886/0xb60
[  442.723275][ T5985]  __submit_merged_bio+0x256/0x6a0
[  442.723323][ T5985]  __submit_merged_write_cond+0x255/0x530
[  442.723363][ T5985]  f2fs_write_data_pages+0x261d/0x3000
[  442.723422][ T5985]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  442.723460][ T5985]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  442.723526][ T5985]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  442.723576][ T5985]  ? trace_f2fs_writepages+0x7f/0x200
[  442.723612][ T5985]  ? f2fs_write_node_pages+0x478/0x6e0
[  442.723651][ T5985]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  442.723698][ T5985]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  442.723730][ T5985]  do_writepages+0x32e/0x550
[  442.723786][ T5985]  ? reacquire_held_locks+0x127/0x1d0
[  442.723818][ T5985]  ? writeback_sb_inodes+0x3bc/0x1950
[  442.723856][ T5985]  __writeback_single_inode+0x133/0x12f0
[  442.723896][ T5985]  writeback_sb_inodes+0x984/0x1950
[  442.724003][ T5985]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  442.724079][ T5985]  ? rcu_is_watching+0x15/0xb0
[  442.724124][ T5985]  wb_writeback+0x42b/0xb10
[  442.724163][ T5985]  ? queue_io+0x361/0x590
[  442.724196][ T5985]  ? __pfx_wb_writeback+0x10/0x10
[  442.724233][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  442.724272][ T5985]  wb_workfn+0x3f9/0xef0
[  442.724311][ T5985]  ? __pfx_wb_workfn+0x10/0x10
[  442.724341][ T5985]  ? __lock_acquire+0xab9/0xd20
[  442.724381][ T5985]  ? process_one_work+0x868/0x15e0
[  442.724417][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  442.724453][ T5985]  ? process_one_work+0x868/0x15e0
[  442.724479][ T5985]  process_one_work+0x93a/0x15e0
[  442.724506][ T5985]  ? __lock_acquire+0xab9/0xd20
[  442.724555][ T5985]  ? __pfx_process_one_work+0x10/0x10
[  442.724594][ T5985]  ? assign_work+0x3a1/0x410
[  442.724628][ T5985]  worker_thread+0x9b0/0xee0
[  442.724689][ T5985]  kthread+0x711/0x8a0
[  442.724714][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  442.724743][ T5985]  ? __pfx_kthread+0x10/0x10
[  442.724766][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  442.724797][ T5985]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.724829][ T5985]  ? __pfx_kthread+0x10/0x10
[  442.724851][ T5985]  ret_from_fork+0x599/0xb30
[  442.724882][ T5985]  ? __pfx_ret_from_fork+0x10/0x10
[  442.724921][ T5985]  ? __switch_to_asm+0x39/0x70
[  442.724942][ T5985]  ? __switch_to_asm+0x33/0x70
[  442.724974][ T5985]  ? __pfx_kthread+0x10/0x10
[  442.724997][ T5985]  ret_from_fork_asm+0x1a/0x30
[  442.725039][ T5985]  </TASK>
[  442.730698][ T8363] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.793424][ T5985] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  442.846290][ T8363] bridge_slave_0: entered allmulticast mode
[  443.565779][ T8363] bridge_slave_0: entered promiscuous mode
[  443.795764][ T8363] bridge0: port 2(bridge_slave_1) entered blocking state
[  443.873570][ T8363] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.908097][ T8363] bridge_slave_1: entered allmulticast mode
[  443.954562][ T8363] bridge_slave_1: entered promiscuous mode
[  444.246264][ T8463] loop1: detected capacity change from 0 to 22
[  444.253231][ T8463] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  444.264585][ T8463] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  444.274811][ T8462] delete_channel: no stack
[  444.925796][ T8471] loop2: detected capacity change from 0 to 40427
[  445.117404][ T8471] F2FS-fs (loop2): invalid crc value
[  445.231410][ T8471] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  445.242731][ T8471] F2FS-fs (loop2): Start checkpoint disabled!
[  445.258630][ T8471] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  445.268869][ T8471] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  445.298811][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  445.306322][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  445.332076][ T8363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.343299][   T30] audit: type=1800 audit(1762876766.045:61): pid=8471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.540" name="file1" dev="loop2" ino=10 res=0 errno=0
[  446.503269][ T8489] netlink: 68 bytes leftover after parsing attributes in process `syz.1.542'.
[  446.777199][ T8491] netlink: 'syz.0.543': attribute type 10 has an invalid length.
[  446.810453][   T57] CPU: 1 UID: 0 PID: 57 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) 
[  446.810485][   T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  446.810499][   T57] Workqueue: writeback wb_workfn (flush-7:2)
[  446.810532][   T57] Call Trace:
[  446.810541][   T57]  <TASK>
[  446.810550][   T57]  dump_stack_lvl+0x189/0x250
[  446.810591][   T57]  ? __pfx_dump_stack_lvl+0x10/0x10
[  446.810624][   T57]  ? __pfx_queue_work_on+0x10/0x10
[  446.810652][   T57]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  446.810686][   T57]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  446.810730][   T57]  f2fs_handle_critical_error+0x37c/0x540
[  446.810772][   T57]  f2fs_write_end_io+0x886/0xb60
[  446.810822][   T57]  __submit_merged_bio+0x256/0x6a0
[  446.810861][   T57]  __submit_merged_write_cond+0x255/0x530
[  446.810900][   T57]  f2fs_write_data_pages+0x261d/0x3000
[  446.810960][   T57]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  446.810995][   T57]  ? finish_task_switch+0x162/0x960
[  446.811048][   T57]  ? trace_sched_exit_tp+0x36/0x110
[  446.811073][   T57]  ? __schedule+0x184c/0x4ed0
[  446.811137][   T57]  ? __pfx___schedule+0x10/0x10
[  446.811168][   T57]  ? finish_task_switch+0x162/0x960
[  446.811206][   T57]  ? finish_task_switch+0x23d/0x960
[  446.811232][   T57]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  446.811258][   T57]  do_writepages+0x32e/0x550
[  446.811293][   T57]  ? preempt_schedule+0xae/0xc0
[  446.811324][   T57]  ? __pfx_preempt_schedule+0x10/0x10
[  446.811354][   T57]  ? reacquire_held_locks+0x127/0x1d0
[  446.811386][   T57]  ? writeback_sb_inodes+0x3bc/0x1950
[  446.811424][   T57]  __writeback_single_inode+0x133/0x12f0
[  446.811463][   T57]  writeback_sb_inodes+0x984/0x1950
[  446.811526][   T57]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  446.811609][   T57]  ? rcu_is_watching+0x15/0xb0
[  446.811651][   T57]  wb_writeback+0x42b/0xb10
[  446.811688][   T57]  ? queue_io+0x361/0x590
[  446.811718][   T57]  ? __pfx_wb_writeback+0x10/0x10
[  446.811755][   T57]  ? _raw_spin_unlock_irq+0x23/0x50
[  446.811791][   T57]  wb_workfn+0x3f9/0xef0
[  446.811837][   T57]  ? __pfx_wb_workfn+0x10/0x10
[  446.811866][   T57]  ? __lock_acquire+0xab9/0xd20
[  446.811910][   T57]  ? process_one_work+0x868/0x15e0
[  446.811952][   T57]  ? process_one_work+0x868/0x15e0
[  446.811978][   T57]  process_one_work+0x93a/0x15e0
[  446.812005][   T57]  ? __lock_acquire+0xab9/0xd20
[  446.812051][   T57]  ? __pfx_process_one_work+0x10/0x10
[  446.812088][   T57]  ? assign_work+0x3a1/0x410
[  446.812122][   T57]  worker_thread+0x9b0/0xee0
[  446.812179][   T57]  kthread+0x711/0x8a0
[  446.812204][   T57]  ? __pfx_worker_thread+0x10/0x10
[  446.812232][   T57]  ? __pfx_kthread+0x10/0x10
[  446.812254][   T57]  ? _raw_spin_unlock_irq+0x23/0x50
[  446.812284][   T57]  ? lockdep_hardirqs_on+0x9c/0x150
[  446.812314][   T57]  ? __pfx_kthread+0x10/0x10
[  446.812336][   T57]  ret_from_fork+0x599/0xb30
[  446.812366][   T57]  ? __pfx_ret_from_fork+0x10/0x10
[  446.812404][   T57]  ? __switch_to_asm+0x39/0x70
[  446.812425][   T57]  ? __switch_to_asm+0x33/0x70
[  446.812445][   T57]  ? __pfx_kthread+0x10/0x10
[  446.812467][   T57]  ret_from_fork_asm+0x1a/0x30
[  446.812508][   T57]  </TASK>
[  446.812573][   T57] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  448.403690][ T8363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  448.792678][ T8363] team0: Port device team_slave_0 added
[  449.016965][   T12] hsr_slave_0: left promiscuous mode
[  449.233445][   T12] hsr_slave_1: left promiscuous mode
[  449.334500][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  449.347039][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  449.431362][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  449.461810][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  449.991870][   T12] veth1_macvtap: left promiscuous mode
[  450.023588][   T12] veth0_macvtap: left promiscuous mode
[  450.039943][   T12] veth1_vlan: left promiscuous mode
[  450.063870][   T12] veth0_vlan: left promiscuous mode
[  450.493679][ T8513] loop0: detected capacity change from 0 to 22
[  450.500615][ T8513] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  450.542297][ T8513] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  450.551659][ T8512] delete_channel: no stack
[  450.674629][ T8519] netlink: 'syz.3.550': attribute type 10 has an invalid length.
[  452.321230][ T8520] loop2: detected capacity change from 0 to 8192
[  452.403286][   T30] audit: type=1800 audit(1762876773.095:62): pid=8520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.545" name="file1" dev="loop2" ino=1048666 res=0 errno=0
[  452.427737][ T8532] netlink: 68 bytes leftover after parsing attributes in process `syz.0.554'.
[  456.548344][ T8560] loop1: detected capacity change from 0 to 8192
[  456.636869][   T30] audit: type=1800 audit(1762876777.315:63): pid=8560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.561" name="file1" dev="loop1" ino=1048667 res=0 errno=0
[  457.051767][   T12] team0 (unregistering): Port device team_slave_1 removed
[  457.280901][   T12] team0 (unregistering): Port device team_slave_0 removed
[  458.866437][ T8573] libceph: resolve '.
[  458.866437][ T8573] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  458.866437][ T8573] ' (ret=-3): failed
[  460.179068][ T8363] team0: Port device team_slave_1 added
[  460.604734][ T8363] batman_adv: batadv0: Adding interface: batadv_slave_0
[  460.642080][ T8363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  460.685271][ T8363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  460.802212][ T8363] batman_adv: batadv0: Adding interface: batadv_slave_1
[  460.810077][ T8363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  460.857097][ T8594] netlink: 'syz.1.568': attribute type 10 has an invalid length.
[  461.074029][ T8363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  463.237621][ T8363] hsr_slave_0: entered promiscuous mode
[  463.969138][ T8363] hsr_slave_1: entered promiscuous mode
[  464.118353][ T8363] debugfs: 'hsr0' already exists in 'hsr'
[  464.306595][ T8363] Cannot create hsr debugfs directory
[  464.508179][ T8609] loop1: detected capacity change from 0 to 8192
[  465.066452][   T30] audit: type=1800 audit(1762876785.765:64): pid=8609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.572" name="file1" dev="loop1" ino=1048668 res=0 errno=0
[  465.490621][ T8623] loop0: detected capacity change from 0 to 8192
[  465.598901][   T30] audit: type=1800 audit(1762876786.295:65): pid=8623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.575" name="file1" dev="loop0" ino=1048669 res=0 errno=0
[  472.177775][ T8363] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  472.668175][ T8363] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  472.846667][ T8363] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  473.200597][ T8363] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  473.708784][ T8363] 8021q: adding VLAN 0 to HW filter on device bond0
[  474.411908][ T8363] 8021q: adding VLAN 0 to HW filter on device team0
[  474.445423][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.452652][ T5985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.031185][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.038474][ T5985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  475.276797][ T8725] loop1: detected capacity change from 0 to 8192
[  475.356814][   T30] audit: type=1800 audit(1762876796.035:66): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.598" name="file1" dev="loop1" ino=1048670 res=0 errno=0
[  477.462376][ T8753] netlink: 'syz.2.603': attribute type 10 has an invalid length.
[  477.961677][ T8363] 8021q: adding VLAN 0 to HW filter on device batadv0
[  479.459713][ T8774] loop1: detected capacity change from 0 to 40427
[  479.561688][ T8780] netlink: 'syz.3.608': attribute type 10 has an invalid length.
[  479.761560][ T8774] F2FS-fs (loop1): invalid crc value
[  480.616180][ T8774] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  480.628796][ T8774] F2FS-fs (loop1): Start checkpoint disabled!
[  480.639013][ T8774] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  480.647871][ T8774] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  480.738891][ T8783] netlink: 'syz.0.609': attribute type 10 has an invalid length.
[  483.700731][ T8363] veth0_vlan: entered promiscuous mode
[  484.115535][ T8363] veth1_vlan: entered promiscuous mode
[  484.283246][ T8363] veth0_macvtap: entered promiscuous mode
[  484.335101][ T8363] veth1_macvtap: entered promiscuous mode
[  484.439203][ T8363] batman_adv: batadv0: Interface activated: batadv_slave_0
[  484.512943][ T8363] batman_adv: batadv0: Interface activated: batadv_slave_1
[  484.865273][ T5986] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  484.900748][ T5986] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  484.971164][ T5986] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  484.993461][ T5986] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  485.951371][ T8823] loop1: detected capacity change from 0 to 40427
[  485.980827][ T8823] F2FS-fs (loop1): invalid crc value
[  486.029057][ T8823] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  486.038624][ T8823] F2FS-fs (loop1): Start checkpoint disabled!
[  486.045947][ T8823] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  486.054351][ T8823] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  486.119478][ T8062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.305867][ T8062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.316098][   T30] audit: type=1800 audit(1762876807.015:67): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.613" name="file1" dev="loop1" ino=10 res=0 errno=0
[  487.652187][ T5985] bio_check_eod: 213 callbacks suppressed
[  487.652209][ T5985] kworker/u8:9: attempt to access beyond end of device
[  487.652209][ T5985] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  487.687578][ T6605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.721170][ T6605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.745073][ T5985] CPU: 0 UID: 0 PID: 5985 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT(full) 
[  487.745105][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  487.745120][ T5985] Workqueue: writeback wb_workfn (flush-7:1)
[  487.745155][ T5985] Call Trace:
[  487.745164][ T5985]  <TASK>
[  487.745186][ T5985]  dump_stack_lvl+0x189/0x250
[  487.745226][ T5985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  487.745260][ T5985]  ? __pfx_queue_work_on+0x10/0x10
[  487.745288][ T5985]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  487.745321][ T5985]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  487.745369][ T5985]  f2fs_handle_critical_error+0x37c/0x540
[  487.745421][ T5985]  f2fs_write_end_io+0x886/0xb60
[  487.745467][ T5985]  __submit_merged_bio+0x256/0x6a0
[  487.745509][ T5985]  __submit_merged_write_cond+0x255/0x530
[  487.745552][ T5985]  f2fs_write_data_pages+0x261d/0x3000
[  487.745616][ T5985]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  487.745657][ T5985]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  487.745726][ T5985]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  487.745761][ T5985]  ? lockdep_hardirqs_on+0x9c/0x150
[  487.745824][ T5985]  ? trace_f2fs_writepages+0x7f/0x200
[  487.745872][ T5985]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  487.745924][ T5985]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  487.745949][ T5985]  do_writepages+0x32e/0x550
[  487.745988][ T5985]  ? reacquire_held_locks+0x127/0x1d0
[  487.746020][ T5985]  ? writeback_sb_inodes+0x3bc/0x1950
[  487.746061][ T5985]  __writeback_single_inode+0x133/0x12f0
[  487.746104][ T5985]  writeback_sb_inodes+0x984/0x1950
[  487.746174][ T5985]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  487.746261][ T5985]  ? rcu_is_watching+0x15/0xb0
[  487.746309][ T5985]  wb_writeback+0x42b/0xb10
[  487.746349][ T5985]  ? queue_io+0x361/0x590
[  487.746382][ T5985]  ? __pfx_wb_writeback+0x10/0x10
[  487.746430][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  487.746468][ T5985]  wb_workfn+0x3f9/0xef0
[  487.746512][ T5985]  ? __pfx_wb_workfn+0x10/0x10
[  487.746543][ T5985]  ? __lock_acquire+0xab9/0xd20
[  487.746583][ T5985]  ? process_one_work+0x868/0x15e0
[  487.746619][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  487.746655][ T5985]  ? process_one_work+0x868/0x15e0
[  487.746682][ T5985]  process_one_work+0x93a/0x15e0
[  487.746708][ T5985]  ? __lock_acquire+0xab9/0xd20
[  487.746760][ T5985]  ? __pfx_process_one_work+0x10/0x10
[  487.746798][ T5985]  ? assign_work+0x3a1/0x410
[  487.746833][ T5985]  worker_thread+0x9b0/0xee0
[  487.746897][ T5985]  kthread+0x711/0x8a0
[  487.746923][ T5985]  ? __pfx_worker_thread+0x10/0x10
[  487.746952][ T5985]  ? __pfx_kthread+0x10/0x10
[  487.746977][ T5985]  ? _raw_spin_unlock_irq+0x23/0x50
[  487.747007][ T5985]  ? lockdep_hardirqs_on+0x9c/0x150
[  487.747038][ T5985]  ? __pfx_kthread+0x10/0x10
[  487.747061][ T5985]  ret_from_fork+0x599/0xb30
[  487.747092][ T5985]  ? __pfx_ret_from_fork+0x10/0x10
[  487.747135][ T5985]  ? __switch_to_asm+0x39/0x70
[  487.747156][ T5985]  ? __switch_to_asm+0x33/0x70
[  487.747176][ T5985]  ? __pfx_kthread+0x10/0x10
[  487.747199][ T5985]  ret_from_fork_asm+0x1a/0x30
[  487.747247][ T5985]  </TASK>
[  487.747257][ T5985] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  488.340624][ T8849] netlink: 'syz.0.622': attribute type 10 has an invalid length.
[  493.928947][ T8887] netlink: 'syz.1.620': attribute type 10 has an invalid length.
[  496.869464][ T8909] netlink: 'syz.0.636': attribute type 10 has an invalid length.
[  496.935549][ T8903] loop5: detected capacity change from 0 to 8192
[  497.181408][   T30] audit: type=1800 audit(1762876817.865:68): pid=8903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.634" name="file1" dev="loop5" ino=1048676 res=0 errno=0
[  500.475698][ T8948] loop1: detected capacity change from 0 to 22
[  500.486389][ T8948] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  500.497958][ T8948] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  500.940468][ T8939] delete_channel: no stack
[  501.304397][ T8950] netlink: 'syz.3.647': attribute type 10 has an invalid length.
[  506.774546][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  506.780969][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  506.999865][ T9003] loop5: detected capacity change from 0 to 22
[  507.011986][ T9003] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  507.032025][ T9003] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  507.535582][ T8995] delete_channel: no stack
[  507.630570][ T8999] netlink: 60 bytes leftover after parsing attributes in process `syz.1.658'.
[  508.666684][ T8992] loop3: detected capacity change from 0 to 8192
[  509.654705][ T9013] netlink: 'syz.2.662': attribute type 10 has an invalid length.
[  510.367979][ T9018] loop3: detected capacity change from 0 to 8192
[  510.489720][   T30] audit: type=1800 audit(1762876831.185:69): pid=9018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.665" name="file1" dev="loop3" ino=1048677 res=0 errno=0
[  511.750055][ T9024] loop0: detected capacity change from 0 to 40427
[  511.790583][ T9024] F2FS-fs (loop0): invalid crc value
[  512.702595][ T9024] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  512.783645][ T9024] F2FS-fs (loop0): Start checkpoint disabled!
[  512.840604][ T9024] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  512.863675][ T9024] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  513.122414][   T30] audit: type=1800 audit(1762876833.655:70): pid=9024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.667" name="file1" dev="loop0" ino=10 res=0 errno=0
[  514.352847][ T9060] ------------[ cut here ]------------
[  514.353090][ T1157] kworker/u8:6: attempt to access beyond end of device
[  514.353090][ T1157] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  514.358476][ T9060] WARNING: ./include/linux/ns_common.h:288 at nsproxy_ns_active_get+0x88f/0xcb0, CPU#0: syz.2.676/9060
[  514.379315][ T1157] CPU: 1 UID: 0 PID: 1157 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  514.379347][ T1157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  514.379364][ T1157] Workqueue: writeback wb_workfn (flush-7:0)
[  514.379403][ T1157] Call Trace:
[  514.379413][ T1157]  <TASK>
[  514.379424][ T1157]  dump_stack_lvl+0x189/0x250
[  514.379470][ T1157]  ? __pfx_dump_stack_lvl+0x10/0x10
[  514.379508][ T1157]  ? __pfx_queue_work_on+0x10/0x10
[  514.379540][ T1157]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  514.379586][ T1157]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  514.379638][ T1157]  f2fs_handle_critical_error+0x37c/0x540
[  514.379701][ T1157]  f2fs_write_end_io+0x886/0xb60
[  514.379753][ T1157]  __submit_merged_bio+0x256/0x6a0
[  514.379801][ T1157]  __submit_merged_write_cond+0x255/0x530
[  514.379851][ T1157]  f2fs_write_data_pages+0x261d/0x3000
[  514.379934][ T1157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  514.379985][ T1157]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  514.380068][ T1157]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  514.380107][ T1157]  ? register_lock_class+0x51/0x320
[  514.380160][ T1157]  ? trace_f2fs_writepages+0x7f/0x200
[  514.380214][ T1157]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  514.380271][ T1157]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  514.380299][ T1157]  do_writepages+0x32e/0x550
[  514.380342][ T1157]  ? reacquire_held_locks+0x127/0x1d0
[  514.380378][ T1157]  ? writeback_sb_inodes+0x3bc/0x1950
[  514.380421][ T1157]  __writeback_single_inode+0x133/0x12f0
[  514.380467][ T1157]  writeback_sb_inodes+0x984/0x1950
[  514.380550][ T1157]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  514.380681][ T1157]  ? rcu_is_watching+0x15/0xb0
[  514.380738][ T1157]  wb_writeback+0x42b/0xb10
[  514.380787][ T1157]  ? queue_io+0x361/0x590
[  514.380824][ T1157]  ? __pfx_wb_writeback+0x10/0x10
[  514.380870][ T1157]  ? _raw_spin_unlock_irq+0x23/0x50
[  514.380921][ T1157]  wb_workfn+0x3f9/0xef0
[  514.380980][ T1157]  ? __pfx_wb_workfn+0x10/0x10
[  514.381015][ T1157]  ? __lock_acquire+0xab9/0xd20
[  514.381067][ T1157]  ? process_one_work+0x868/0x15e0
[  514.381109][ T1157]  ? _raw_spin_unlock_irq+0x23/0x50
[  514.381149][ T1157]  ? process_one_work+0x868/0x15e0
[  514.381178][ T1157]  process_one_work+0x93a/0x15e0
[  514.381207][ T1157]  ? __lock_acquire+0xab9/0xd20
[  514.381270][ T1157]  ? __pfx_process_one_work+0x10/0x10
[  514.381320][ T1157]  ? assign_work+0x3a1/0x410
[  514.381361][ T1157]  worker_thread+0x9b0/0xee0
[  514.381439][ T1157]  kthread+0x711/0x8a0
[  514.381468][ T1157]  ? __pfx_worker_thread+0x10/0x10
[  514.381499][ T1157]  ? __pfx_kthread+0x10/0x10
[  514.381526][ T1157]  ? _raw_spin_unlock_irq+0x23/0x50
[  514.381560][ T1157]  ? lockdep_hardirqs_on+0x9c/0x150
[  514.381603][ T1157]  ? __pfx_kthread+0x10/0x10
[  514.381628][ T1157]  ret_from_fork+0x599/0xb30
[  514.381664][ T1157]  ? __pfx_ret_from_fork+0x10/0x10
[  514.381710][ T1157]  ? __switch_to_asm+0x39/0x70
[  514.381733][ T1157]  ? __switch_to_asm+0x33/0x70
[  514.381755][ T1157]  ? __pfx_kthread+0x10/0x10
[  514.381781][ T1157]  ret_from_fork_asm+0x1a/0x30
[  514.381832][ T1157]  </TASK>
[  514.383206][ T1157] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  514.384046][ T9060] Modules linked in:
[  514.452201][ T9061] ------------[ cut here ]------------
[  514.456287][ T9060] 
[  514.456306][ T9060] CPU: 0 UID: 0 PID: 9060 Comm: syz.2.676 Not tainted syzkaller #0 PREEMPT(full) 
[  514.456340][ T9060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  514.456355][ T9060] RIP: 0010:nsproxy_ns_active_get+0x88f/0xcb0
[  514.456397][ T9060] Code: 00 e8 a5 ea 76 ff eb 0c e8 9e ea 76 ff eb 05 e8 97 ea 76 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 ea 76 ff 90 <0f> 0b 90 e9 ee f7 ff ff e8 74 ea 76 ff 90 0f 0b 90 e9 12 f8 ff ff
[  514.456420][ T9060] RSP: 0018:ffffc90002ef7d40 EFLAGS: 00010283
[  514.456442][ T9060] RAX: ffffffff824a34fe RBX: ffff88801c6da3a8 RCX: 0000000000080000
[  514.456460][ T9060] RDX: ffffc9000bd4b000 RSI: 000000000000027e RDI: 000000000000027f
[  514.456476][ T9060] RBP: ffffc90002ef7e01 R08: ffff88807ceeb0bb R09: 1ffff1100f9dd617
[  514.456494][ T9060] R10: dffffc0000000000 R11: ffffed100f9dd618 R12: dffffc0000000000
[  514.456512][ T9060] R13: dffffc0000000000 R14: ffff88807ceeb0b8 R15: ffff88807ceeb000
[  514.456531][ T9060] FS:  00007f2121b7f6c0(0000) GS:ffff888125ecc000(0000) knlGS:0000000000000000
[  514.456551][ T9060] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  514.461688][ T9061] WARNING: ./include/linux/ns_common.h:288 at nsproxy_ns_active_get+0x8c7/0xcb0, CPU#1: syz.2.676/9061
[  514.467605][ T9060] CR2: 00002000000b5030 CR3: 000000002971e000 CR4: 00000000003526f0
[  514.467632][ T9060] Call Trace:
[  514.467641][ T9060]  <TASK>
[  514.467656][ T9060]  switch_task_namespaces+0x3e/0x110
[  514.467692][ T9060]  __se_sys_setns+0x784/0x17d0
[  514.473151][ T9061] Modules linked in:
[  514.479132][ T9060]  ? __se_sys_setns+0x565/0x17d0
[  514.479180][ T9060]  ? __pfx___se_sys_setns+0x10/0x10
[  514.479217][ T9060]  ? do_syscall_64+0xbe/0xfa0
[  514.479244][ T9060]  do_syscall_64+0xfa/0xfa0
[  514.479268][ T9060]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.479293][ T9060]  ? clear_bhb_loop+0x60/0xb0
[  514.479332][ T9060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.479355][ T9060] RIP: 0033:0x7f2120d8f6c9
[  514.485657][ T9061] CPU: 1 UID: 0 PID: 9061 Comm: syz.2.676 Not tainted syzkaller #0 PREEMPT(full) 
[  514.491192][ T9060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.496436][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  514.501795][ T9060] RSP: 002b:00007f2121b7f038 EFLAGS: 00000246
[  514.507631][ T9061] RIP: 0010:nsproxy_ns_active_get+0x8c7/0xcb0
[  514.507677][ T9061] Code: 0f 0b 90 e9 12 f8 ff ff e8 66 ea 76 ff 90 0f 0b 90 e9 dc f8 ff ff e8 58 ea 76 ff 90 0f 0b 90 e9 03 f9 ff ff e8 4a ea 76 ff 90 <0f> 0b 90 e9 cd f9 ff ff e8 3c ea 76 ff 90 0f 0b 90 e9 f4 f9 ff ff
[  514.513762][ T9060]  ORIG_RAX: 0000000000000134
[  514.519160][ T9061] RSP: 0018:ffffc900041e79e0 EFLAGS: 00010287
[  514.519189][ T9061] RAX: ffffffff824a3536 RBX: ffff888061566c30 RCX: 0000000000080000
[  514.519208][ T9061] RDX: ffffc9000d150000 RSI: 000000000004c07c RDI: 000000000004c07d
[  514.525235][ T9060] RAX: ffffffffffffffda RBX: 00007f2120fe5fa0 RCX: 00007f2120d8f6c9
[  514.530620][ T9061] RBP: 00000000f0000401 R08: ffff888032e76a23 R09: 1ffff110065ced44
[  514.536333][ T9060] RDX: 0000000000000000 RSI: 0000000024020000 RDI: 0000000000000003
[  514.536352][ T9060] RBP: 00007f2120e11f91 R08: 0000000000000000 R09: 0000000000000000
[  514.541556][ T9061] R10: dffffc0000000000 R11: ffffed10065ced45 R12: dffffc0000000000
[  514.547260][ T9060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  514.547277][ T9060] R13: 00007f2120fe6038 R14: 00007f2120fe5fa0 R15: 00007ffc5060fb98
[  514.547322][ T9060]  </TASK>
[  514.552167][ T9061] R13: 1ffff110040e630e R14: ffff888032e76a20 R15: ffff888032e76000
[  514.556743][ T9060] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  514.556760][ T9060] CPU: 0 UID: 0 PID: 9060 Comm: syz.2.676 Not tainted syzkaller #0 PREEMPT(full) 
[  514.556787][ T9060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  514.556805][ T9060] Call Trace:
[  514.556815][ T9060]  <TASK>
[  514.556826][ T9060]  dump_stack_lvl+0x99/0x250
[  514.556873][ T9060]  ? __asan_memcpy+0x40/0x70
[  514.556916][ T9060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  514.556957][ T9060]  ? __pfx__printk+0x10/0x10
[  514.557002][ T9060]  vpanic+0x237/0x6d0
[  514.557025][ T9060]  ? __pfx_vpanic+0x10/0x10
[  514.557046][ T9060]  ? is_bpf_text_address+0x292/0x2b0
[  514.557075][ T9060]  ? is_bpf_text_address+0x26/0x2b0
[  514.557116][ T9060]  panic+0xb9/0xc0
[  514.557137][ T9060]  ? __pfx_panic+0x10/0x10
[  514.557180][ T9060]  __warn+0x318/0x4d0
[  514.557200][ T9060]  ? nsproxy_ns_active_get+0x88f/0xcb0
[  514.557245][ T9060]  ? nsproxy_ns_active_get+0x88f/0xcb0
[  514.557284][ T9060]  report_bug+0x2be/0x4f0
[  514.557330][ T9060]  ? nsproxy_ns_active_get+0x88f/0xcb0
[  514.557369][ T9060]  ? nsproxy_ns_active_get+0x88f/0xcb0
[  514.557407][ T9060]  ? nsproxy_ns_active_get+0x891/0xcb0
[  514.557445][ T9060]  handle_bug+0x84/0x160
[  514.557475][ T9060]  exc_invalid_op+0x1a/0x50
[  514.557504][ T9060]  asm_exc_invalid_op+0x1a/0x20
[  514.557528][ T9060] RIP: 0010:nsproxy_ns_active_get+0x88f/0xcb0
[  514.557568][ T9060] Code: 00 e8 a5 ea 76 ff eb 0c e8 9e ea 76 ff eb 05 e8 97 ea 76 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 ea 76 ff 90 <0f> 0b 90 e9 ee f7 ff ff e8 74 ea 76 ff 90 0f 0b 90 e9 12 f8 ff ff
[  514.557591][ T9060] RSP: 0018:ffffc90002ef7d40 EFLAGS: 00010283
[  514.557614][ T9060] RAX: ffffffff824a34fe RBX: ffff88801c6da3a8 RCX: 0000000000080000
[  514.557634][ T9060] RDX: ffffc9000bd4b000 RSI: 000000000000027e RDI: 000000000000027f
[  514.557651][ T9060] RBP: ffffc90002ef7e01 R08: ffff88807ceeb0bb R09: 1ffff1100f9dd617
[  514.557671][ T9060] R10: dffffc0000000000 R11: ffffed100f9dd618 R12: dffffc0000000000
[  514.557691][ T9060] R13: dffffc0000000000 R14: ffff88807ceeb0b8 R15: ffff88807ceeb000
[  514.557722][ T9060]  ? nsproxy_ns_active_get+0x88e/0xcb0
[  514.557774][ T9060]  switch_task_namespaces+0x3e/0x110
[  514.557811][ T9060]  __se_sys_setns+0x784/0x17d0
[  514.557846][ T9060]  ? __se_sys_setns+0x565/0x17d0
[  514.557889][ T9060]  ? __pfx___se_sys_setns+0x10/0x10
[  514.557930][ T9060]  ? do_syscall_64+0xbe/0xfa0
[  514.557959][ T9060]  do_syscall_64+0xfa/0xfa0
[  514.557984][ T9060]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.558010][ T9060]  ? clear_bhb_loop+0x60/0xb0
[  514.558042][ T9060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.558065][ T9060] RIP: 0033:0x7f2120d8f6c9
[  514.558089][ T9060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.558111][ T9060] RSP: 002b:00007f2121b7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[  514.558137][ T9060] RAX: ffffffffffffffda RBX: 00007f2120fe5fa0 RCX: 00007f2120d8f6c9
[  514.558157][ T9060] RDX: 0000000000000000 RSI: 0000000024020000 RDI: 0000000000000003
[  514.558174][ T9060] RBP: 00007f2120e11f91 R08: 0000000000000000 R09: 0000000000000000
[  514.558189][ T9060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  514.558206][ T9060] R13: 00007f2120fe6038 R14: 00007f2120fe5fa0 R15: 00007ffc5060fb98
[  514.558246][ T9060]  </TASK>
[  514.561261][ T9060] Kernel Offset: disabled