last executing test programs:

42.01866752s ago: executing program 0 (id=508):
r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="31010000dccd5e08cb06030000e8160000010902240001000064000904340102d469e70009058acf9b"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000480)={0x24, &(0x7f00000001c0)={0x0, 0x36, 0x70, {0x70, 0x30, "7a3a6c18f22aa51e9b459427978fdf19edf690317a4fdcd0d299a830f2b3d62ed09ad8f401487c0314feecd06e44db091829b467dff2cff751a9eca98d45bce27f98618e1f456c8378890274041e4c1a859ddd65798eb502acb6fe1a254befa57bcc96a71c68142cf16107234a29"}}, &(0x7f0000000380)={0x0, 0x3, 0x59, @string={0x59, 0x3, "46850a8413fe8af5fec70c60d9e125a8dd126c7768d59ff42cb7680a47806eee85442cec5df3e7415ac927630ad3da898d28efcc0d1bfb98005e46c16e902bf51d75a8cff9ffdfe59f55462dbd0001bf3a3a146f5eb730"}}, &(0x7f0000000140)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x4, "f534a4b1"}, @main=@item_4={0x3, 0x0, 0x8, "8d33e5c4"}, @main=@item_012={0x0, 0x0, 0x9}]}}, &(0x7f0000000240)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8001, 0x1, 0x1, {0x22, 0x6bc}}}}, &(0x7f0000001a40)={0x2c, &(0x7f00000017c0)={0x20, 0x16, 0xcb, "0c393386f6859b97ae72ee52f344271d0055c4ee4425c7f1aed58d903fe015aa57d0188cfe7e4d5e4543ab849c41ee8491b4731eda5ad664877b6f3dccda968aec463f31757cc6f47128a56fee645dbe8f3dfc6395ee570acbf4ea5d0db2cc92c6eb7c997e2889afca41ac178d3aac8beffd4571b7153b65f614fb12ace4c9a7c4b60ba6ac1ccf3e73f56ddb6b04f0ccdf748c64ab7daa074e914ab21df7577e43f758062fd53eacdab8e57d9aac94902e0e23d79bc46f4d09471133ec316df32bf89957fa36db915a1264"}, &(0x7f00000004c0)={0x0, 0xa, 0x1}, &(0x7f00000018c0)={0x0, 0x8, 0x1}, &(0x7f0000001900)={0x20, 0x1, 0xd2, "82bc7900772baabc26c363d83638e044b5832039520ce7623d707d6339e0b77ea726eb10e50dafc83b6ecbcabf134008ab42f08e670dffa884385065a8e6a1b4df278b4c31f68fd5237ff3910f29076b5cc148ffcbb2f45aa9958c637020333ed7b4cfb37f112b15d30b63bb8fc7c70dd6ed22c372732c51c07a9d8e6ff19a90c3ea0315fbed9da82af2f4c768a7e79bc783053da48068f4bb16727329d22ccd55ab045ea9f066f8156f261ff42d34ed66a5ff56720f64a735a4073a3b14abf76ef7dddf080e18fafa2a4210f638bc513d00"}, &(0x7f0000001a00)={0x20, 0x3, 0x1, 0x4}})
syz_emit_vhci(0x0, 0xf8)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="05"], 0x8)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x4})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000740)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYBLOB="ddd8e4073ff81714a7690248eb66330c41c0836e94f8ea8c157918ca49b8fa0c8cff5b9c050923e2a9bea414f420bc5c3181879ef9c2109c45c33c503523a3fc5a2fb6e42e9641dd9f5f8d0bba3c65ddba027dc906708d59a32d2e44088103f6d48d924a5e6da2a90fd04735b21cb860d3d730ecd9b74778ad751c7c80e70c83f7fada4892a28b704027cba2c2979199a332c5ef01aad8625997866fbf72b0be5653dce2cc46e96c7d2fb824ca68492cfa64bb60574c99b6ed542080f0d6d30c2bb1b3cdf3df4c0c85bb78653c03a4354217e6cba553c127f6b5531a57c52c8a6019ad8cd911f8c79a57d8bd547600e454c90758e106631135ffbe7d688ac9af5e5116b807b7753bd379b62fe78b55b670b1cd1418d26844756929c93a1c7e746733f79c22217a08ef441cf510ea766662b619e3ed73f625359be998ab0c86c514585dbf84d6893eeaabe106047ad07fde5c67df77303e118e4f25f50e3237a1a3b1e0483d704495f03ab92812d727c6c1bfb945209489eb343aae2f9fc84436bb066870eff65582b24787b2e5645ed113662fa1c8f73665a092c43d4cf827c783e0f970a175e1ea74cc66bb3cb34489a87345bbb799abde31776c388e3705c8d21ed61490006743ad6dc9762f9bb322d55fb54bcb233e4076bfa9e2d9995e789925e3569e78f9d2136726bc25aa0d07ba28006e7ca99bfbdb04430e2565e19c1c62a8946b53f1087a602e648cff052669253bd57a8f1610d4a0c66eec948920648857c9d2b2169338dc05e7a54a250b50a9f42149f48bf3959bd712a42192d064064f2bbafe53ed27f6b915fea7641d8a6e05a31d322699a4ca87839091b5ad57c264a7d88f44e67a9098115c423e7962271f744028fc590f090502e10ce4b4c51d5bbf4e437632aad94fa2505b2576b843a56133ff929a46ee98bcd58961b901ca4b5e380ad5d5c52e9e7f79b1d6e2c900a9ffe12fcf8418a2116f3d3fa919163bbea3295a43bbaf79ad1f544798d8a0020aafccd87815b8c9ea4a5e3b1faa1db0a748ee56937e6842616b796b3202ab5f14e50176da526a9ad7e52ed569635a960acdb46516182b93290e776f91dc01d7c200e1050ade5d9ae11f3a600c31d71cf22eb4c79c9ccb4c05027290c9cc384a53fc1c94da0c498cf65dadd2d58625fd35ce3342bb264a6d592c88a506e7996b5e31321e0f89ece574229fc857c26ea1260d5a936dfa125bf96f0ee547265f25d77c7940d4ba4fa459d22ddab6a6ac59c34296ba31eb9e2bfe16ed5773466bdf0149324468accd9371fbafd62039ce16022938bc3e7c4628f49c37a6093f1668aac38e771b6325ea24acb1b1527a93a948e77025c4c0bfd1cb244664056bd8d080de38b24577f55da84de8997e53df0873faa5215a2a5d407cd0afbc0d33104c52703f25bc34112d80ad64a132b6e2a4d0b65be2614f1fd0551399735e12d6a052c1665f44479098ccb8457c3863fad7eb53004848b74b261110bbee82e2908d68be52f208135c752fdf9cd10862f11ba1f2741567ed736f481c07bada8fae256bb277ce3e972a8e7c7f92694222494200ca85232689e91b4a0122a5eec1e8aa76a19d71a3429ad9cae6049805abaeb6eeaa2f8fd40c96558cff1d53e5074fa07b0d3622adc687753da3378027d74cbb0bbb4785328fa387a870a213f4aba8d4b9205b5e55e247ceab842eed5461027a0f8252d35d96f3bdfc80eef02ab5a1b31e88106c7fd4c9c5d4ac302b19cb883390ce21aee5ef504400f8a90d0f3696846aa6f938bca119f5fd525a10760efe5baa8a7a15fb8162b0adf95e3b83fcb78ca4b1e52a6679f131409252438c754d95447b1ca91af4c03eb72100de55d8660487b82b795d018136716f4cdb989f9238d55615e5717056bee0a94acfd3b4c20501a3694f68d1874a5577f1711d3526b8f21f188de6692b549cf3ee234543fa0c42e1d08f028324cb3a85612ed6c6dddbd92b69390e6f8e9fdb3c76cd643df602b30a3e099c1d988cb239d1f2d90b05856fae50f248f834e0a2c6493e67c143abec3dd9560f1e7518a94838fad6634dcfe214b3c858683d403dba697513b386d9f789c2268dad3a4c90295aa596d60e65f5b44341581dffc8dbc203a47185ab897dc2138a5bb383c23fafcfca47dd4c99ada26237b502c90d9234f963508c77a81e38019678206c875c5eabb1b517a6ff7314d7aaeb264bbd5586f758ae6446cd737c2e61211051698b9fba7e3134e1dafe2dda86a4bb41fd06202b590ea9ece5a9157cd219839ed66b444b7d85b65892bc5c85ca9e88a2dd5eeeea5083f4d5787a597f5dd57701f70de27026873f1be560432918474eaa35dbf673e310675346992b1e714d6be4be7e780d7f30555998f42820a5f7108ce0a8baf4ac8188307137e67c8e897387b05f34308b61b0034376726100e0f93ac019cbee27bbbe0dc4717f86570af341072742526f21c16a7483271896332302c74cae7d40ade67789732cd6f107e0923d6c13432b7cbd40b645c448451afe3a2b32e2c3c476f0b206b90801b819fcd07492c0224dc45207872a710c5e2c6bde68074b4fd56657cac5888381567eb4eb1f6a85b211243698d69b952b13517155526135adc9b4c8b94c80f8659627bdb03f506030a1680d04976f232a77537c334bd0ca7fce793d42fd44a287ec4390b9e26fb13176c6d08919f496039a5196b5b9180dc0c5ffee44a29e8cbc871ac8841ca428d10b83a3a0299daf108fe2a329c567c847e133f25a5a3b5d7889767e5be1579a2b11e1a8402391507463f8b4c723a34e5776cf5bbd46244602638404c475457afac5ed999ae6efdab995c699921d449d0fb6ac18c41e7fc230b4b4cbb0b4001ea0574bb26be737c31f1fe93bc03404b551aaecbf692df41e1a57649017e4746adc9927c3bf941b6cd05a20573d0e2efc3535014a2cfe10ed97990b67b86f9262f1e6ac75bdc079ccc4da737e7cc6e26e2a2396cfc01598ae2086c7d433940130fff5a7006166eee32f1a99f1cb427449c4802edfb623d070baa297c00390aa7b7c35e5203cb6111b4c72128e4e0e696709dfda0c9efd9522f824aba2ff4158d28bf2fae0c843d0781260425cc68b3cd082dfb46f88493f19812a128079940ab345cd988c8417b7c1281611195bb9d042ebaf06b620ba7d10ad49dafaabd4061375dfb6ea411d894e5f49b12f3aa06bb85e0a2c41df34110d4c0600ab571095521c3f0b06b0b9469f6827c441ac596ff4ca22df7c23a3cdb452a89271eb20693441b25bf003df9f561ffb509e5030b06292985835873113a2c3db4d625f6450816b57f76cbeb0252884cabd0e2f051d10a29ecc24ff30ec50bdcbba06bbe9d92599a6e1d78505d9e1f33a8502006677c4f575e559071b6ef09b49176a655d02969788d33566e094dccfe60e76290bdcf950e38db0e5c5399372ca27feaeb8931b782e1673e23992c0364a9500f46076069c3fbbb32d493c350e3a1ef39b17ec6d72eaedb906f76d6990d5a646cb495f8a82bf0adb89c8b93fae6ca7cafbcb6a01b8b1808fcf145180abfee08fb3c4e1c7d974cefa8ddfa945d57912364bdfc83cc4e2aecd6a7ce3229d2ea92971bfd9dd3350326660ec17bf28dfa6202304f39a06abca20a0b4f442174b5d59958f6fc1aa100d19362725a1b9a300151395abaa277f31f21c760ccc388a75e080a30160371770bb8a3e7356dd38966dc22f23bd67ee51380b36f40c70a7077b3bbf9f2bd086664a047a24f43957cb9ce675d1545e1c39a5ee23883f4bbca15479945938cb98d3003476ce2c75db4ec7e5bb6dcddffc594a705f91fe6de648a4c49026be3e0efdd7887be8b347fd1ec995f69176fb43401d1a1c2d6b50a82be9351060b0eea0c9a3ddd668270c2895aad675c5dcbf68e047919ae405b2c1faf5d8643274e193be1e8d653649a456a1dfd00c976cb9d355973e5d57bca618d6d9c187b04a1c79523617aa95654cafae23be7b721fabccdcb67d18ad3fd539f802d9f346df4a0c61eadb1dc5a18cf146092e9ba2e4a060fb4e36bf7685eb6bd33ab57f4e0ab554c111272e8458d33836cdf016f51ea0421d2074d1dddb7ea27942c73124eddf476a74dcd9ea47b40218f39ba4f4e0de2b76692aa4d044ef8af61bcd97d763ecb652c0d702c54c1b991f00b8ca15c590c30492b15a9f52f632e97dcc02cc0f6cac20587b5db04eca27ec048d9eb5bf6520e682dd625ddbedcdff1f2f0cba86ebe19d4838890cc8b56712914738a6f739c2d62f8471b3380e1b9ebfb5b26f15c04c18c50dcb2e56d0d9bfa9ae6c7faaa2f806a05820266d933a569640471333ac758782e07a9266f6c40b71f0adf422340933592e8413263af3f67a6d1e05f5deb6a7657f37585cab7d03f3cd44f5fe90ca9c31ff2c9d70a06c80f9cd10627c586f5b882edf054cfefda21e1a7dbb12ec64222c8d0a5021877d62a78ccaf3296fd2a97e0d8b9006ba24c29c46bacc2b99aa670b29d01b0192115cad820a659ff1ec44ac914f458ae8ef9f09b17942ffe21ea96f37e3cffdd690799fa3ba2a4cdc007e8ed024b07c8b8da0abadf0bf33fdbde42c8f706920f6d1a228c42cc98546cb6beafd02579633b96ae694006119a325878b6bc1c9588556bc8c25a17172900cc20aa5529d28135de3837a22804f12199788259fc99b3c197d8439d42abeb99fcf8f1c40d36d6bb204ec8cd1bd0f77ec92a29e0ee6e30e22ae4182515ee3c3fead103097ab204ed09eccef32fac45dbffe3800633c0a1da673db5700b8d7924ee82996367542c7414b5106657d1c50ae069ae5859bab64d4d663a6cac8d88c3e9b39d6236f9dd135a12122ffe99ff54b882697bbca6640b3279c908d9a1637fb944228ee72a8f3d81b8a4925ef0600ed3a7b6c07d430f5bb2a54890083f854a430d09dbb3ba2360d5d6ab599d9ca8ffa21f260aeff2e1f04cf67ddd2dd9f7b6832c10579b71d220ec53ecdb80da7b1bc34958ecd46472029d4377e6c644ecff6e55e8e300de4f1a45674563b660135949f736445a5945bfcdaaf864732ecfb337113e5d5ed93c3291e0b22ef948fde9f22adf2791cc03a6bd134f84758a9f01434cb2babd69b4b21b3f67a284997a5992d3182e3cfba3bed8f547f5e48ba1175840b032eb90de3dd4f2148d7aa5bcf98ef4149bca3097c1dd78b981a992991d731e71478eb92707046c7119bedfde2bf97cabdea49aa91c7af0e3f27f4c8569cb1085def1776e344a6f4e0858c2ae0d42c946ec65f121473d2e99aaba148755b75695a7153d32e97da44d245136f5c76d0bedbeedcc21f98b4ea34a9c3489c38792e7ef0b5ba53e1a11622aafd7749e3735c92217b4a2f7ebc47493358ff93f669c6e5d4572e36c03386b0c06c476d79651c415d2ee4746a44fa2f80874301b323709815c13021fca888a0457b30aae05f00834ef6e4656651e238ec75da5b4a8a1faf4910507aa55166355a60fcce78a0a08cf4035cf207add997eb9bd9a467a4d3841f0ce3171f700a77ffae5ad4a9fdaaaacdcaf627616189f5729564fb9f280b811c2a0ebc8109645d55291016247acff5fb5cfab41eb2c9186f7eb0fb8fcfc861690a987a30949f413aec518754d5b26b9af9351c5620fef5995c1e79c9fec3cae409265460c4d94e18c8f1f67bf65aeef61db8a805fb800e9b1d9faef7b0a6e14b8cadf8c0bad7ea1d48b894255f10e94956f66d7a7d31a3bcc03572de259c4b04c96f234a09056d383958ecce71d5", @ANYRESOCT=0x0, @ANYRES64=0x0, @ANYRES64], 0x1, 0x207, &(0x7f0000000500)="$eJzs3b9uUmEUAPBDS/ljHLqZmJhc46BToz5BjamJkcSkhkG3JnYqEyzA0j6Gr+B7+QCmE4v5DF5uQUoRiRe0/n5LTznfufc73HBh4ZAi9+Xep2g0KrFzGIcxqsR+7EThIgCA22SUUnxNud+vrpaxJQCgZCu8/3/b8JYAgJK9e//hzYtW6+g4yxoRlxf9dr+d/83zr163jp5mP+xPqy77/fbuVf5ZNv/ZYZzfizuT/PO8PrtK1yKiXYsnj/L8OPfybSv7ub4eH0vuHQAAAAAAAAAAAAAAAAAAAAAAtuVBZIWF830ODubzzUk+/29mPtDc/J5q3C/GA0/HA6XzTTQFAAAAAAAAAAAAAAAAAAAA/5jeYHh20umcdqdBPSJmH6kuWHNzUJkceKXF2w92Yr3y5qTNNU5amTxF5TbYXHxxVwmi+rdcnXWD7E8dsF5c5uupZlSWlKc0Dha/CoqxGDeW1yJi+cYeH6/b1yil1Pn8sNsbRFq6eHqPqG/sbgQAAAAAAAAAAAAAAAAAAP+3mW99X9PY3caOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDzeoNh8Sv/w7OTTue02xusHJxHxN345eLiXHvR2F6jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3GrfAwAA//8nTRyq")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r2 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r5, &(0x7f0000000280)=""/100, 0x64)
getdents64(r4, &(0x7f00000000c0)=""/85, 0x55)
getdents(r4, 0xfffffffffffffffd, 0x58)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x38, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file0/file3\x00', 0x0)

38.202911316s ago: executing program 0 (id=520):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001000030428bd70000000000000000000", @ANYRES32=r2, @ANYBLOB="28000000000000000a000200bbbbbbbbbbbb00002c88fd998710f2f9ed8b2e8334fa0690a0fe00e4a4f600"/52], 0x2c}}, 0x80)

37.603709031s ago: executing program 0 (id=526):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x20001)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000e00)={0x5e9d, 0xd172, 0x241d0505, 0x3, 0x0, 0x7})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0})

35.127986681s ago: executing program 0 (id=533):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
chdir(&(0x7f0000000340)='./file0\x00')
syz_mount_image$erofs(&(0x7f00000002c0), &(0x7f0000000280)='./file1\x00', 0x200010, &(0x7f0000000740)=ANY=[], 0x1, 0x17d, &(0x7f0000000580)="$eJzsmD9P6lAYxp/TciH35iY6u2giCTBY2qJGBgdmB038FzeJVIIWMdBB2PwUzn4CZ+JC4sfQQZ1ccHNyqGl7gAP+HdTE+PyG9zzv6dvTc94mT5OCEPJrub15uD5LJS90AP+RRELO3+mDGk2pb489Zi4ry+cn5v1Vu7OUH11PAPD9jz8/BqBT0OHJ3PeH707KcQ1aX69DQ0bqTQgYUm9Dw4bUDgS2pN5TdC2oN4zdiusYOzW3FAgzCFYQ7CDkRvfXPRYoKfsTyvVGs7VfdF2n/oXivf51CxoWlf2p76vXG1PpnwUNltQ5CKxKvYBErzdRS5TzT8QG6+vffH4KCoqfJgb+5J8KpBR/iin+kfWqh9lGszVTqRbLTtk5sO3cvDlrmnN2NjSiKL7hf39Df/qnrP/nldq4iOOo6Hl1K4r93I7iS44bD/1PQ3o6yoWcUwm/B+NiKhjSuswJIYQQQgghhBBCCCHk05mECP+CDpF/NmWvhNVPAQAA//94vnZt")
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0xc0049364, 0x0)

34.187592252s ago: executing program 0 (id=536):
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x0, @my=0x0}, 0x10, 0x800)
getsockopt(r0, 0x2, 0x401, &(0x7f0000000280)=""/143, &(0x7f0000000340)=0x8f)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r2 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="120000000000000084"], 0x18}}], 0x2, 0x844)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r3 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x2185)
close(r3)

33.90359916s ago: executing program 0 (id=539):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000740)=@newlink={0x48, 0x10, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2102, 0x8}, [@IFLA_IFNAME={0x14, 0x3, 'virt_wifi0\x00'}, @IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x10}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$UI_DEV_DESTROY(r1, 0x5502)

31.596084672s ago: executing program 32 (id=539):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000740)=@newlink={0x48, 0x10, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2102, 0x8}, [@IFLA_IFNAME={0x14, 0x3, 'virt_wifi0\x00'}, @IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x10}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{0x100}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$UI_DEV_DESTROY(r1, 0x5502)

7.764563802s ago: executing program 2 (id=615):
socket$xdp(0x2c, 0x3, 0x0)
iopl(0x3)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='nilfs2_transaction_transition\x00', r0, 0x0, 0xc0b}, 0x18)
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file2\x00', 0x90, &(0x7f0000003280)=ANY=[], 0x4, 0xd9c, &(0x7f0000001dc0)="$eJzs3ctvXNX9APBzx544L35xiPnFTdPYJaW4j9gkWKW7GildoEqoEn8BSgMNNfQRugAFKWHRbSMh/oAiuu6izyyQIlap2LTqP4BYdZMiJNpGlcCV7XPG429memcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux9ri4OF2l9Patty7emxn/9+qUmVaO2bXH8Ty2lFJqtuZLaTIsb2liPf3sk2uX2tPPc1qlC6lKVWt6evZua94jKaXraTbdTpPpuY9P3nzpg2eW3ztx48TFN+bu7EzrAQBgtNz73rs//fPj3712/D+/ObOUJlrTy/b5Uh4/mrf7l6r18Zy0/gdUbWnVNl4cCPnG89AI+cY65GsvpxnyjXcp/0BYbrNLvoma8sfapnVqNwyzjf/xVWN+03ijMT+//p981YdjB6r5V64sv3B1QBUFtt2nM3kXn8FgGLlh5dig10AA6+Jxw/tcj3sWHkxraeO9lX/36Ubn+WEb7PbnX/nDVf67N6xx2D779dNU2lW+R0fzeDyOMB7m6/f7X5YXj0c0e6xnt+MIw3J8oVs9x3a5HlvVrf7xc7FffSmn5XU4E+Lt35/4ng7Lewx0ds/+f4NhZIeVQa+AgD0rnje3kpV4PK8vxidq4gdr4odq4odr4kdq4jDKfvvqL9PNauN/fvxP3+/+sLKf7aGc/l+f9Yn7I/stP573268HLT+eTwx72ty/Tn/689t/ief/fx7O/z+bf0sn8wqi7C+M+9Vb5/6HC4MbXfI9HKrzUIf8a8+nNuerpjaWk9rWM/fVY3rzfMe65Tu9Od9kyHc4b4scDPWN2yeHw3xl+6OsV8vrNR7a2wztOBDqUd6Z4zk9GNpzvFu7wo7sAyFfMw8nQrumQrseCfP9f2hXNb25XXH/eanPyTA9Hicp+cLbdt/vUnwv4nUZj+b0zZy+k9P3c/pRh3JHUfk8djv/v3w+p1OzeuHK8uUn8nj5nN4Za06sTj+/y/UGHlyv1/9Mp83X/xxtTW822tcLxzamV+3rhckw/UKX6U/m8fJ79sOxQ2vT5y/9ePkH2914GHFXX3v9R88vL1/+mSeeeOJJ68mg10zATlt49eWfLFx97fVzV15+/sXLL15+5fwT3/7Wk089tbiwtlW/0L5tD+wvGz/6g64JAAAAAAAAAAAA0LPqUOfJOa27v225nrxcnx6vj2c4lPetfBrKfQzK9Z/d7utSrt88vgt1ZPvtxuVEg24j0Nk/3P/XYBjZYWXFXfyBvWHQ/f+V+x6W9Oi5vx1fHUq2u09vXl/G+xfCg9jr/c8pf3/1/9fq/6rn9V/oMWtya+X+7t6hv7YVm071Wn5sf7kP7FR/5f8+l19a81jqrfyVX4Xy441Ke/SHUP7hHsu/r/2nt1b+H3P55WWbO9tr+es1rhqb6xH3G5f7AMb9xsWfQvvLvf36bv8WO2q7lcuHUTYs/Uz2a1j6/+ymLLesB/PquXWcrtx/O/Z30G/9y32/y+/AI2H5Vc3vm/4/h1td/5/l87eg/0/Ydz50/M9gGNlhZWVloF2fjGq/K3vFoF//QW9DDrr8Qb/+dWL/n/H/Uuz/M8Zj/58xHvv/jPHYv1aMx/4/4+sZ+/+M8ZNhubF/0Oma+Bdq4qdq4l+siZ+uiV/59f+Oz9bMf6YmPlMTf7gm/mhN/GxN/Cs18cdq4o/XxOdq4vvdl3M6qu2HURb7jfT9h9FRjv90+/5P1cSB4RX7dY7f76/WxIHhVc7z8P2GEVR1vmNH3N9e9uO+mdN3cvp+Tj/asQqyG76W06/n9Bs5/WZOz+V0PqcLOdU35HD7xd9PnblZbZzndyzEez2fNF4PEO8Tc77H+sTjc/2ez3qyx3J2qvwtXg4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQaa4+Li9NVSm/feuviP6e+8/3VKTOtHLNrj+N5bCml1EwpVXl8PCzv+sR6+tkn1y51Sqt0Ye2xjKdn77bmPbI6f5pNt9Nkeu7jkzdf+uCZ5fdO3Dhx8Y25OzvTegAAABgN/w0AAP//Wabmsg==")
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
unshare(0x24060400)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = fanotify_init(0x200, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x4)
syz_mount_image$btrfs(&(0x7f0000000300), &(0x7f0000000000)='./bus\x00', 0x810, &(0x7f0000000280)={[{@discard}, {@compress_algo={'compress', 0x3d, 'zlib'}}, {@nobarrier}, {@usebackuproot}, {@skip_balance}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x78, 0x6d, 0x67, 0x6b, 0x32, 0xb61148b71cab6665]}}]}, 0x3, 0x510e, &(0x7f00000196c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlVRGht7TRYv2LFNiVGIjE1EIwSlDVLyoQijKKr5ALUCEUkB4SLFESqPiKoogEChNURBpJQkIk2Q4mr23jN759ydhx9rvPT3k7xzZv7ncc+Zh+fce+dcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4/+HQV67622bxh397wdPPXTxx2d51F798zQVnPh7C5OzjHVm4o//6Wyd+fuf5d+29b81t9xy58P29ebk8HgaqfzrzO9fFWo8sDeHejhC608DKwSzQk98fjPW9YzCEM8JcoFZiqj8rkTYcvt8Xwv4wF6hV9b2+EAYLgYueeOjBG6uJW/pCWBZCqKRtPFvJ2uhLA+f0ZoH+NLCtOwv86mimFvhuZxaAExbfDLUX/cHJ+gwj85dr8PrrOWkb9sZKu9cVEyON8/1s3QJvVEFv+sDkCT1tpepYEKW3xyHvtkXwbiuN882etuIXqfwbytG5UCV0bp7asvHKmV3xkc4wNtbVqKYFep6fevVLm44lvWheh3EDRk7K6/Cmx5bd2bXiE4/es3LZiwc+sO+lE93MHxWGtJheaJWQv+YWzfMYTfg8WQRvv9K3pFFfukIIWz7/e59sFi/N/0eaz//jyznedtbljrW+PpTNzeMjgzHxylA2NwcAAIBFYzHsNd029sBHCsWHK0l9pfn/aHvH/+Mh/3wyn/X2UAgTs4l9wyGcNft4FrgjNnfJcAjvnk1N1gfWJYFDIbx9NrGiVlVSYkksMZoEfjKUByaSwOEYmEwC34qBm5PAdTFwMAlsioFDSeD8GAjT9f34/aG8H20H+mJgQzaIB+NZCL8Yiq0lY/VMrSoAAICTJJ8d9tTfLZzrcKIZ4vTyYF+rDPEM7IYZKkkN6Qy2Nq1qWEN3qxo6W9VQ6/ee5t0v1dzRqubSaRgd9Rlu/eXffCo0UZr/jzef/1fm2ZCO0vH/ENbP/o25O/PITC2+YbIuAwAAAHACBv73+W82i5fm/xPtnf8f94l0FTKHR+JuiK3DIYzXB7Jq/7AcyI56D+QBAAAAWAxqx+Nrx8Kn89vsFO10Pl3OP3mM+eOB/4l58/ceun9Ds+0tzf8n2zv/v7/+NtuIw3ErvjYcwpJC4AdxK6uBWaMx8OOP1gfy/h+OA3BDrCo/MaFW1Q2xxIYYGE8C+xuV+GGtxFn1gfzJqjW+r9aP6bxEIQAAAACnXNwdEI/Lx/P/3/ObNVc1K1ea/284tvP/Z+fBpdP7ZwZCWNUdQlf6w4BH+rOFAWNgsCNPPNCf1dWVVnVtfwjnVTuWVvV8vv5/d7rG4BN9WVUxcNZ7Drx6TjXxzb4QVhUDT37m9g9WE7uSQK3xv+wL4V3V3qaNf2dJ1nhP2vjXl4TwzkKgVtUlS0KoNtabVvVQJb+OQVrVP1dCeEshUKvqQ5UQdgcAFqn4X+nm4oM7d1+9dePMzNSOBUzEffh9Ycv0zNTYpm0zmysNtmlzss11yxhdW+5Tu1e+eSZfoujTd68fbCdd+53geLGtfD9+6cTB/H78LtQz2881PXV316Zdft97y02EwjepRl3uXOAu9xcrmXsSS/XH/L1hICy5cufUjrEvbty1a8fq7G+72ddkf+NhpmysVqdj1T/ftrXx8mi4WlbieMdqebGSVbsu375q5+6rV05fvvHSqUunrlj9oTXj546vHf/wuauqvRrP/rbo6vL5qk66evT2Nvt1Ert6dnehklPxqSEhIbHYEtsGljf9P7k0/9/efP4fP3XiJ3++PkOj4/8j8TB/9vjcYf4NMbC/3eP/I42O5tdODBhNAntiYI/D/AAAALw5xEl+3JsZ90r/dMV3XmxWrjT/39Pe7/9P0vr/taXrL2y0zP+KWGK80fr/6TL/tfX/9zRa/z9d5r+2/v/+N2D9/ytrgWRIfmH9fwAA4M3g1K3/33J5//QCAaUMLZf3Ty8QUMrQchn/di8QcMzr/z/7n3/136GJ0vz/5vbm/xbuBwAAgNPHl//sqt9pFi/N//e3N/8/9ev/hUbn/482Ckw2WhjQ+n8AAAAsUo3W/xu5vv9zzcqV5v8H25v/x9MuOutyx1pfH8rWtAvpmnavDNV+MgAAAACLQ2cYG+tpM2/dyqjrjr/Np/KlQJuli57/kyPHdv7/ofbm/3W/y7jpsWV3dq34xKOv37Ny2YsHPrDvpbnj/wAAAMDCaXe/BAAAAAAAAAAAAAAA8MZ7/j/2rm0WL/3+P6yffbzR7//jdf/i7wveWpc71tp6/b/8/kUfv2v37JKFjwyF8N5iYOverWeE/Nr8y4uBBz+74m3VxN60xP3Pnf9CNfG5NPCxlWe+Vk2clwQ2xEUS354G4lUVX1uaBOLyiv+eBuJ4HEwDvXngq0uzfnSkY/XTwWysOtKxenowhOFCoDZW9w5mbXSkHbwlCdQ6+IU0EDv453mgM92quwayrYqBwVj0toFsqwAAOG3Fb4E9Ycv0zNR4/Aofb8/urr+N6pYsu7ZcbUebzT+TL0326bvXD7aT7kq/i85da7wnVKpdWF36ulrM0jHby5NTS4uhe2uDLrda7a2zQbnUsQ5db+Me9WU9Gtu0bWZzT8uOr22dZU13yyyrS5OdYpbO2SFto5Y2tqWNHrU5Nm1scrzfGcbGupJcfxCDI6FOq1dEu7/XL67z1+hVUMxzxZF9v2pWX2n+P9Le/L9S7Ndr+cUA9sQr6/3dsGX+AQAAYGF9dd2vvxH/fer6h59slrc0/x9tb/4f92Dlh4KzvR2H4vX/9w2HMHtp/ZEscEds7pLhEN49m5qMJbIL6l8YS4xngTviDpMVscSGyfqqlsTAwSTwk6E8cCgJHI6BfC/FgZDvyvn7oRA+OJtaX19ieywxkgQ+GQOjSWAsBsaTwNIYmEgCLy/NA5NJ4N9iIEzXj9XdS/OxAgAAOBb5PKun/m5I53kHu1tl6GiVob9Vhs5WGSpNM/SEg416Ee9/O2bo6SiPQnyoJ222L6mllCFeDL/hhrcc3drh/x/W50wLlpqO5x/UzjfoqM9w30e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qdy8r8VTx0dj4McfrQ/kOwYOx8nuDbWqJvMS+aT9hlhiIgZGk8D2GJhIAhvW54H9b6sP5DPtWuP7ao1P5yUKAQAAADjl4g6CuJsmzv9v2/mVgWblSvP/ifbm/7G9gWJj18VajywN4d6Oua2pBVYOZoG4H2Mw/jz+HYMhnFHYwVErMdWflehNGg7f78t+od6bVvW9vuzHB/H+RU889OCN1cQtfSEsK+x9qbXxbCVroy8NnNObBfrTwLbuLBD3/NQC3+3MAnDCansF4wsqP9WlZmT+cg1ef2+Wa4Km3SvtA50n33y/uVoopR2u+T7VmmN72pruv+WkKb09Dnm3LcZ324h3W/GLVP4N5ehcqBI6N09t2XjlzK74SPGXrCUL9DwXf6XaTvokvA73HP/WtlZJN2A8+fgYn7/c/K/DjljdTY8tu7NrxScevWflshcPfGDfS21vRgPxh8IPXfOvgz8qDO9Cq4T8NbfoPk8mfZ4siv8Gknf3qKcthLD+5a/f0Cxemv9Ptjf/705uZ/06DubO4RDeVxjcR+Lw//Fw9jlYCGSfkm8pB7JD7v811PCTEwAAAE622u6O2v6C6fw2OyE8nSeX80+GcHT4GPLH/RUT8+Zvd7v7//qzy5rFS/P/Dc3n/0uSzXT83/F/Fojj//M63XdFL0kf2HNCu6JL1bEgHP+f1+n+bnP8f16O/zv+Px/H/1tw/H9ep/vTVvqWtN2XrhDCi3/0wNPN4qX5//b25v/W/5t/0b7a+n8bGq3/t73R+n97rP8HAAAsqAYLzaXzvNLqfaUM6ep9pQwtFwhsucRg8/X/mqyz96ZZ/680qK3W/3vh7Gd/E5oozf/3tDf/jy+HgWLri2X9v9H1Daq6OQa2WxgQAACA01GjfRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8se77h//Z3Cz+8G8vePq5iycu27vu4pevueDMx0OYnn28Iwt39F9/68TP7zz/rr33rbntniMXvr+Sl+vJb3+3Lnes9fWhEPYXHhmMiVeGqnfmAhd9/K7d3dXEI0MhvLcY2Lp36xnVxLeGQlheDDz42RVvqyb2piXuf+78F6qJz6WBj60887Vq4rw80JFu7j8uzTa3I93cG5eGMFwI1Db3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4bwQQnda1XO9WVXdac8f782qioGz3nPg1XOqif29IawqBp78zO0frCa+kARqjf9Fbwjvqr5k0sa/3ZM13pM2fktPCO8MIfSmJX7ZnZXoTUs83x3CWwqBWuOf7w5hd+BNIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kmxTIx2F9NFrj7/vz7z6pU3V20/fvX6wnXR3Xq5ndpPX9NTdXXu6b33crv5iJXPPR6n+mL83DIQlV+6c2jH2xY27du1Ynf1tN/ua7G9XHs3GavViGavlxUpW7bp8+6qdu69eOX35xkunLp26YvWH1oyfO752/MPnrqr2ajz7ezK6evup7+rZ3YVKTsUHgISExGJLdNZ9uo2f7h/kpS/6cxvaEyqzH9ClaUUxS8dsL09Gp9cdZ4+P53tKyx6tLk0cSlnWzJPl2vosa0uTibla+rIss9/rSpPDYmOds0Ma73eGsbGuRuMwUn+3OLw/O4HhfSofunbTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP+xAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswLEAAAAAgDB/6zB6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//56HJTY=")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0185879, &(0x7f0000000080)={@desc={0x5000a1, 0x0, @desc4}})
r5 = dup(r2)
fanotify_mark(r3, 0x1, 0x48001059, r5, 0x0)
r6 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0})
io_uring_enter(r6, 0x7a98, 0x0, 0x0, 0x0, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/vmallocinfo\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000000340)=[{&(0x7f00000013c0)=""/4096, 0x1006}, {&(0x7f0000000bc0)=""/154}, {&(0x7f0000000140)=""/28}], 0x10000000000000ca, 0x5, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000b80), 0x45, 0x7bd, &(0x7f00000003c0)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31Jlso1KWHUmgg0J56aGJkxSSWrWDJITaGJpRCL4W29NZeck5/3Xrtj0Mv7f9REtLGCU3pobiMftiKLTmWY8tJ8/nAxO/NvNF733mjNy+esRTAU2s0/ScTcSQi3k0ihuvrk4joraayEZO1cvdXV/LpksTa2is/JdUy91ZX8tG0T+pQPfP3iPj6rYhjma31lpeWZ6eKxcJCPT9Wmbs0Vl5aPn5hbmqmMFOYPzk+MXHi1P9OnXyk8AabMz9/v3z41nsv/vvTyV/f/Ntn73yTxGQcrm9rjmOvjMZo/Zj0pofwAS/sdWUHpn8nhZrOgOw+toVOpR3TU++VIzEcPdv1z2A3WwYA7Jc3ImKtnZ62WwCAJ1pSu/4/d9DtAAC6pfF7gHurK/nGcrC/keiu289HxMBAPVe7v1lLZ+v37Aaq90GH7iUP3BlJImJkD+ofjYiPvnj943SJfboPCdDK1WsRcW5kdOv4n2x5ZqFT/2m9eqY5M7ppo/EPuufLdP7z/1bzv8z6/CdazH/6W7x3d+Ph7//MzT2opq10/vds07Nt95virxvpqef+VJ3z9SbnLxQL6dj254g4Gr39aX58mzqO3v3tbrttzfO/O+9fvJHWn/7cKJG5md30iNX0VGXqUWJudvtaxD+yreJPx//+av8nbea/Z+rpvvW1Ay3reOmZtz9sV38a/53k4o005tbx76+16xH/atn/yXqZZNvnE8eqp8NY46Ro4fPJGGpX/2h2o//TJa2/8X+Bbkj7f2j7+EeS5uc1yzt+6fWnxb67PvxVu0LN53/r+Fuf/33Jq9V049y7MlWpLIxH9CUvb11/YmPfRr5RPo3/6D9bv/8b41+L8/+19PXP7fBAZG/9+Mnu499fafzTHfV/x4kYuD/b067+nfX/xAP77GT822kDd3vcAAAAAAAAAAAAAAAAAAAAAAAAAKATmYg4HEkmt57OZHK52nd4/zWGMsVSuXLsfGlxfjqq35U9Er2ZxkddDjd9Hup4/fPwG/kTm/L/jYi/RMQH/YPVfC5fKk4fdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUHeozff/p37o31S45yBaCADsiwEXdgB42iTZ7EE3AQDotoGOSg/uWzsAgO7p7PoPAPwRuP4DwNPnIdf/zX8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ06c/p0uqz9srqST/PTl5cWZ0uXj08XyrO5ucV8Ll9auJSbKZVmioVcvjTX9oWu1n4US6VLEzG/eGWsUihXxspLy2fnSovzlbMX5qZmCmcLvV2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2rry0PDtVLBYWdpfojUfaXWL221o/PC7tkegsEVdr/fe4tGfvEtG3MUoMHszgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAE+D0AAP//Et4cUQ==")
r10 = socket$key(0xf, 0x3, 0x2)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00'})
ioctl(r10, 0x8b2a, &(0x7f0000000040))
r11 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0xb5)
pwrite64(r11, &(0x7f0000000180)='2', 0x1, 0x7fff)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x240, 0x0)

4.144733722s ago: executing program 2 (id=628):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x8000000000000003, {}, 0xfe}, 0x18)
r2 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080))
sendmmsg(r0, &(0x7f0000004300)=[{{0x0, 0x1f4, &(0x7f0000003480)=[{&(0x7f00000001c0)="9d5c058989cc", 0x6}], 0x1}}], 0x1, 0x20040855)

4.01445433s ago: executing program 1 (id=630):
r0 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r0, &(0x7f0000000040)={0x11, 0x4}, 0x14)
syz_emit_ethernet(0x54, &(0x7f0000000140)=ANY=[@ANYRES64], 0x0)

3.656602994s ago: executing program 4 (id=632):
r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r6=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000180)=0x10, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10)
bind$xdp(r1, &(0x7f0000000200)={0x2c, 0x20, r3, 0xffffffff, r4}, 0x10)

3.608383018s ago: executing program 5 (id=633):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x18)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

3.543363616s ago: executing program 1 (id=634):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000000)={'syzkaller0\x00', @random="112700000002"}) (fail_nth: 4)

3.31561148s ago: executing program 3 (id=635):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='nodots,allow_utime=000000000034,usefree,check=strict,dots,\x00'/70], 0x1, 0x1e9, &(0x7f00000002c0)="$eJzs2k1rVFcYB/Bz05SkCXkppS3Jpoe2i3ZzabIsXSSUBEoHFM0IKkhuyESHGWfC3FnMiItZu/IjuBaX7gTJF8h3cOEuCNFVVl7R0bwRFyrJCPn9NvOHPwPn4cDhWdydf+7frm3k6UbWDkNJEoYWQi/sJWE6DIUPeuHP3/9+ee/y1Wv/L5ZKS5diXF5cmZuPMU7+8vT63Ue/brXHrzyefDIStqdv7OzOP9/+aXtm5/XKrWoeq3lsNNsxi2vNZjtbq1fiejWvpTFerFeyvBKrjbzSOtJv1Jubm92YNdYnxjZblTyPWaMba5VubDdju9WN2c2s2ohpmsaJscCXKD/cK4qwW3y7Goqi+O5BGN8KE8/CVEi+j8kPC8mPq8nPvWRmtyimBn1UToX7P98OPeqjIbzodcqdcv+33y//V1r6K74zffCvV51O+Zv9fq7fx6P9SBh738+f2I+GP37r92+7fy+UjvWzYf30xwcAOHfSuO/E/S5NP9b306H98Nj+Nhxmh89sDD5T3r1Ty+r1SksQBGE/DPpl4iwcXPqgTwIAAAAAAAAAAMCnOIvPCQc9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HV7EwAA///n0Xgk")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f00000007c0))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = dup(r0)
removexattr(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000500)=@random={'btrfs.', 'syztnl1\x00'})
ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008104"])
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'ip_vti0\x00', &(0x7f0000000100)={'syztnl1\x00', <r2=>0x0, 0x7800, 0x10, 0xf, 0xf, {{0x18, 0x4, 0x0, 0x13, 0x60, 0x68, 0x0, 0x2, 0x29, 0x0, @remote, @loopback, {[@noop, @timestamp={0x44, 0x8, 0x5d, 0x0, 0x5, [0x7f]}, @timestamp_prespec={0x44, 0x3c, 0xaa, 0x3, 0x6, [{@multicast1, 0x92f}, {@private=0xa010100, 0x8ed219c}, {@multicast2, 0x3}, {@private=0xa010102, 0x2}, {@dev={0xac, 0x14, 0x14, 0x23}, 0x8}, {@rand_addr=0x64010101, 0x8}, {@rand_addr=0x64010100, 0x4}]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000200)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x44, r2})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4004, 0xffffffffffffffff, 0x2})
setsockopt(r3, 0x84, 0x81, 0x0, 0x0)
lremovexattr(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)=@random={'system.', '\x00'})
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus\x00')

3.278730799s ago: executing program 2 (id=636):
time(0x0)
time(&(0x7f0000000100))
time(&(0x7f0000000180))
time(&(0x7f00000001c0))
time(&(0x7f0000000200))
time(&(0x7f0000000280))
time(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000010)
time(0x0)
time(&(0x7f0000000500))
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0)
unshare(0x66000080)
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00'})
gettid()
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}}, 0x0)

3.20255708s ago: executing program 5 (id=637):
getsockopt$bt_hci(0xffffffffffffffff, 0x11e, 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x20000000000005)
dup(0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x1, 0x9, 0x0, 0x4002004c4, 0x4000000001000, 0x0, 0x1000000000000, 0x10000, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.643216988s ago: executing program 3 (id=638):
syz_80211_inject_frame(0x0, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x44}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="4000000003080104000000000000000000000000050003000600000024000480080004400000000008000a400000000008000940"], 0x40}}, 0x0)

2.428551142s ago: executing program 4 (id=639):
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x1, 0x24, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf8}}, 0x82}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) (fail_nth: 4)

2.321086829s ago: executing program 1 (id=640):
writev(0xffffffffffffffff, &(0x7f0000001c80)=[{0x0}, {0x0}], 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x4000000000000200, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'erspan0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmmsg(r0, &(0x7f0000005d80)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f00000003c0)="a38e64", 0x3}], 0x1}}], 0x1, 0x4000010)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc0a85352, &(0x7f00000002c0)={{0xe, 0x2}, 'port1\x00', 0x80, 0x0, 0x1, 0x8000, 0x40, 0x1, 0x40000000, 0x0, 0x1, 0xff})
sendto$inet6(r0, &(0x7f0000000280)="050350038f0b48030102", 0xa, 0x800, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x80044940, &(0x7f0000000780)={0x0, ""/256, 0x0, <r6=>0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r7=>0x0})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000500)=ANY=[@ANYRES16=r7, @ANYRES8, @ANYBLOB="12a4095a2aac12f0bfcb206d982e44066381388d27f14002d8d7431d3947f6399c7ff9f5193fc0398653e5a67bbb319f02bf4ac6f6ccd5acbfe1350cc3a6d2d48cf6c089ddf67171ffb3b15988e7b394c5daf3e12ca05e4dbdad7edd45f10cbc296a53a530d4c2d2794fe84327e508172cdd72eeff5af4d6db9379bef20dde8e64b91d31a84ce8a7598bb78cc85108874811fc650f0520a500"/163, @ANYRES32=r6, @ANYBLOB="7b8ae4d950a510a981c78f2246d4825535c37655327112a414ee394162b6e558c36104bc2a1b47a800a92237a6148a222bcace4f74ebf7b4d63ad663b601d02146f21caf496271e9376e3f721e48caaa194f00e137096facebc4e2574ed5d094491b637c93517ded181fdf49e2daceefb5c72f3fef866fdc5d613cb9820b35f281ae9b5064199b03e8e689b35f17c7e23647ccaa01c87d80ab00757848", @ANYRES64=r6, @ANYRES16, @ANYRESHEX, @ANYRES8, @ANYRES16=r4], 0x0, 0x0, &(0x7f0000000000))
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f0000000a40)={r6, 0x0, "c7ff58a61b855584044c3fe655cd3b088a93fefd071221597a069716eab178c14abf6c60560a534d402992061c7123a06796004eb28474f0794245eb360c5116b1f3c0ecb4573b425ac98ff32cf32ef410da0250c4a39cd3b6cb104fec9d0ea8ea25cb544c19a3d5b3f2e643f64fdb6b1c6f5a70c2c757464e4c330c0c7fa86be4567e3dd72c5ce7d2d07a677ef5b9ea6f1bb36cbbc34f76b4734310e3b1fc8f7a3a92e634af88ceeb3e7674f13ddb6d303ffe64aadc5599df7e9a2a1fe1c773d72a0e03c3da3d6993b996e81425d994c3807a1d3c14ea2864a77e6bc25447056ad4e7b7d5adf0349544319cc75c69fd139b798dd38907525957e90f9059d106", "e662395a3a66f30bc61ade6c711339ac48fb4b19de5f71d3dc466eed0773dbd53d96ed49128a9f582d3ca3135f2f7aa4c2b6fcaaf6ae4d2b5f5202320c4e66dee0d047b17d9e317b289ce2a065be6ef5da6707da042e12f9dec6677b292c82c42527696420b94f481e2e1d72c26c42fb69100658cbe5eece4bb8b195559e16c3e775bf9e0d1efee729097f8a1e78e89831551f3ebce46882d2c614816775b1db3e88211c9cf33f1159eccbe05b3123b8473ea615e430d59b0f4bfb99b2baaa7bab0e2ef429d0b6260e6cefc45a9cc36399357d9f9391fcea5076354c596b06912164affe457b5fa2ff5575d7fc802efe4d8f60ab8cb5119554f6fb0c317dbb8aca6dbd351adaf417f00ea44f09e15db20c649b5cd5c3eabee9bc5a1d0a05b77946642e309d7a53bc1e1ef718429d96db67a9dfd5885bb71e0e46893ab51dca54515abe9bf92d3d02ddea426f894f45da5438a8d92c4e99a63de6dcf9686416141160bd8cdf506ef94fac017006bd2b80cc3749c3de26506632cfa6debc81d8a35174635398f577f4ebbddc51fcec9f64756ceaaf184f63ea1e355a963c1139d44d8890619986735caec5f509924277019fe224f4d268048ffdf6fa74ca81fc770561e27bc8d71718925f2767b522151a3d736675427604c3328e155aa9b11a013ac6926472640b6369453020bb751e734de5b326b3b8bf7086b151045136131433fd172e96ca2b858792d1693c707c1f34a6c3561499741f37d2d6172634ef6075e7a105f08f5ad2d30e96efe08a7fd5b55a4e579445f8bf7f7365fd8316844db01499136bcd8d53e66baf874e50965727da6111f550164d9237bb482933072c3c8e93e24020595fc01b534d0da1105e105c799ceb50244a3fbe9a08e3e2926817ba815b4d7d7f7ea3d6e3060d36269b5a4d1f5a01e620d647eeefe8a063cb7f34bd1d684e49cb8b8601d6bf54aa07133c55639590ab80522216411e3514079c29094645ae22b022bd1a68bce00d7c66870bb9ad60b7a662d043f47d06cce5fd90fd127393415d2dcdb21833d3914a4b565a054f48dbe6de2a7dc797956d505cfb6e01501af2c9185c5292ad3574ee5b53d912fc5e6b663bd1822b8423e7eb282e639bed27cbbf838c269731b3ea978996f2863596ed7aab49085bf05ae71ca13a655893d2f4e8f715f44a617eb115d2dd11c026c97c62e149e177e0040adb60c5e40f7cebe968075b3686c52986e51490d8ea69a62ade421c1b395d52c51b56c33e8c17163f0c436936d7dca679befa12f6900ab6059c8ec42c119923d78a77f518e918873fe8fec0895e7937e63e1fb8dd974ab6e7f0087262fb3e246abf1874f9e142e6fea4cffe238648db6195d3d473cc246cff89e3f264f8253eb9b0cedbeb5e52a2d8ac911fac94f169a5315b697bad2bc3f72b7c63284855450c6697d4e7bb9ed5bc3794a41f8759d90d6ff03f2063d4b81e81c60f57c75c2f31ebf3bc3655dbd47584f89af9eae1a63802299c94d8dd632b8ff211a18040e2ceebd24f2857f999a250e3f179281765795a6986ee8c0b4c91646fa967f89c9891c649cff43f56f1f502e9731b4ab45181290f07893b241560099fd9324eadf919e65bfb32dddbf901fdb151b20a19e8d29ad1b01296215d0eff8bb7cf335af32ac76f0fab0afbd7435882f973b360eab92fb251572adf699e8c7b357cd187ac3f127bad4bc0d76a1046b024c5b008e035c9d075ed95cd920b49e48e992c692a6ec9ac8e56ce1aa2eb7d2cbad66a065b65550b1cfa456039c3aff3800f9435543525651886e3fb758e83b27d3ae89dff4c20a2ec377c4c49550f59abe63ebd6ee0aa98f9856611f769413fe17813a76aab9873fe76e4b6927ad8543c8f76f0ad8c369227ae086c1ec1595ca52ad553d22c19422c5577a0d47f817b61b811be84b6d656d8883ea6fd15aac1c13b152d1086ed1922e1f19ec25730d46c9fa06e9b3da95872a37663efd5e495c57063019890a37c4d826774c873ac46baaca265010573d53709a56815450614800230b10c08fda480cfd2d3783a25a2647154b86ac51af49761d415c9d1a5e8b1bb42fa0e9253a35398b56602495263cc5d2303cdfc8c8c0f0205ab0c9f4fb21a6675d2e3e968dba21e61851f3e794258cb6f8edee6dc4b230512cd9f21c1707cde89cc1b9255dd43afd09ae36597f61578790c07bf65949bce79634aee250e7d312e191e03b47e0bc5a9d210804d33a3d99d52611b79735e5dc9878e3f0cf801d180e095dee89f0dd4dacc644a3dbd85ed7f1a6039c4ee29e8f34d5c0c14259be811eacbf3a615773b5df7c57fdcba188898445ffc7aa94f77bcc5144650cbcd578047a79d6745ed4b81da8f7ec8f53745b145cf8463f2a5a47b011719569ec0e3c408de5c6ffac3c315f2fa7ab4af7b789ec943d251cd99c025c3c87a2498beae25a63994d4227dd385ea76d2707f1aff693b14f4ed4fd53174ae67fffba415d6770cd568ce3d9ea52462ba0c2a06814ec068fdab587787ac1938c977c072b60b2b59470d992ea34de57c6c2c9cf7ec4d66350b2e0e032903873bab2a16bcbbc5815942d18fdb82309b0c6e94d2b4a7aa9b5988e7af42d5dadf4bbe8eac07090ee0f9b8b726956ea4be024a3d328c089606d415bb440026f1cf4f5ae7fcbbf76d8a7f6781dbb025a5343da26b65bf0bd9a580cb758ca09ade4c546106bebd322c3002f0f86f7920332d4f3fec9b8c5a43472ed3dd308ef4f5b8a09be9db6d1f0c998472e9c68f471d444f809894b756d1a248beb4b34783026a1207a53b76eb91a6ae4f30eb74af8a5ee81bf94e90375e1dc1e3e2ec47c6f43675bf5a6836ef7d0101ccb7713ad13da53c211446b651b73b7811483d0546440e3aa8c020aa09b200cc71fb4fd94659809173ee1a25e40ac3961f620130907763ae4e11154eb22f4874c85ed1619cde698985fd8de219dfc84e56ce5e9ede88dca8abbd46ed1a1c7d7f42f0c35261365ffe8a37d005d3799cbedf9402499b80725e230caeaf6a916222676a9887b0f78cb3b5f2dd1234707a923ecd15777f9f097f2bc879e3f039f3c38380f4976644b15dd5ae3a6297d07f921d6a6cced6e9babc8e4be59d5ddb24dd0dbb7d3e62cec11cead9a6605a9e27f9bd36d7f0783b6aa15b95be309f68bc6d3c65c92a82e0f92f92e45f54fe83d505abcada3bec6b4f722f6cc51be7b8a5c45f4a28d99347cec6f388509f7ca1c3d1862faa17df4c3ebd5578b2069915bf1ad5804301c95b3608b45d709c23a77b449ec3c8e9996c1d490c9787d8d30ab0fd2af4857f031562da80bf902f4e1c6a5c69b5ada793108dd18880a2a2b991eb9eb7240bfd4402ea96b4d6c4c83bdb857a2a9a684aff7a6f29764baa8711ffd3e4cb79c3a59780fdde8ac0039afcd1c76d50756ec28b383237ddcbae99d7b5cabc64cea898a71bac7713fe7c208e8c937bab33c3c97245906fec82b6447077c937494400da7294eb05fac1d7ed3364b03a9852bca32f321d1c04e7959ecee51d8f7a98e7fd95ad780d0cc154c90945e888e3c8066309cf355b3551a192802f86c6fe1a43fb6e1abb8f5ecaf91f5f2fe679a28fd81ccf4be76aafcef56fac152536bb4cbff235249cbf56ea2f09d83c5d7ece88c7c603346e3eadf0d35b2dc956cb748a377773f75439425a28be37f1cb94df173c4b733a8a2235e9f580ad4f1d3614dbf07fe4394caee6cf36f35af50afce6f42a5242523c9357d581cd7b3ca7f7767973aea4800ce21891708e92d595f346cda9531dfb2f4bf09f0eb6c945458fcc21d70aa0f5c1b8356aaec879a004218bc26c872084c457355aeb963d0b0bd56b6e862400d2441aa6bd878abd0c36a9cb4b8d9b5be4f30f12a870427e968617a531d96d9abbe5d30fe2f9ca0f48785c5c9010669d9f2ca4d586a54403fc096c09d8606ca7ba2d0b0a6fb33963ffc1a4306ae81ae429d649da436756fb830df3351fce3aeb9168d144552f500ed40fe36c933c382d9fc5f854141acf7194a99ae497b34aa6fd6301220d44d2df03cf01954fc524e3c36984a507761077ddb62ade08f0cf9242017eaa858871227121a466bef2d0cc23f6a22698d6d0081a0fdf7d2af5f4ad795af1f0c772a475f78046ba3e620d1ac2c9197a9f6a449842d2bfe7cc4cad697fd5b00a81cf5cd234a2af447ac86a1a2ec64a38d70d685a643ebb4596bfb1890b1a782dfa222771c3863570d3b9859f6ffbbb655144998991f001228ff1251c58c37dd016436d134503d68d13f365a5ccf2c29fbd7cd180da05dc2a0529b78249163fa251a733d19678b49fcca2d3b23729198dc0b424b02c360ae830445bafd02fd00bb2319bbbabbda645f2c2fd6c09ad6cb9daf4fd352c638a7c5390d2e5a5add2baa8de24145a1d8d63eafbbc19dc589952c49fc50166cacd1cd94a343e9e52c84f9e27d63f5d5758bab625c01a7aacb04d9ff5358747a7dcf126b027f469e24c8d56a1ae0c6699dd6744f0f9281cb708e2c323a06ecbc2f5d1f2b6d6046ffb0c73a25ea13564d7b2d62318c0e8f4a10a99ff017dacf06bb68a35f9ada367dcac196fca675e646125b070e80103c69e714eafc89e6319bafcaee4825d05ac52134dd6dfd66e1e8437cfcce20e204ca3b31ddfcc0cb259d4d0f8651d945a6785272d4e86f57284fb909e978d493c46a04c9a8ee8e43fdc6ce42326f1a2a5f652d0d7154a7130e7d6025676cc9f40a2df41787bf5af3141c263d71f5f5cb952dcbc4fb3a40346ae88c01b8cba2e72114a825960ede2201dc62665c356a37647e7620905fd02c4c30afa3705f32f5e14e82d0cb7f523594d518c7888f11051824bf1067def0309972a13702e5eddc7ba613760a8251343b6007d751a8f97f68c1dda16269603a43dcd5844961699996ef4a114eab3d57fec8fb5bac7f2ab02e9724b90217123eece94d2747d05c6d19a0a0345f040d2816d44de4fa564967a5eb88e39c1533d95e460753a11f19d20cfc5ccb3b71a781940de6b041c7a4b8ef6fcae34ed3c9f415408194ac0cf38c221b1beff3ab6e05ab14041275e48175457bfce47bdb559a8c511dcb8dcab9112a0b2b8211baed30221e9f991479be9f7041fb057bbe808f535175076ca840529ac157b7acc8424dd4c8ab2c544443d778851ecd30094be7999d266f3079709dba0617523bd29ae2ffbcef32b7c61a2ff8de5f3df3d52b0ce17f3977e3b865e19feef05cbfa7b25306c21a66701014383748d1ce03fcc3a6e6044636870d7a9734e266f9eb5eb98696e0be9318fca5437ec3643403cc0f233d644496cdf870d25af9abfeb8557f96b95ab85f825a5fa2fb4e6975ae79e4d391a4bab23409e8db232679a525c61c20958d93167f0e8f5"})
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)=ANY=[@ANYBLOB="48010000040a0500000000000000000002000008680004801400030076657468315f6d616376746170000000080001400000000014000300766972745f77696669300000000000000800014000000000080002404129e15b1400030076657468315f6d616376746170000000080001400000000408000240623f7f890900030073797a300000000008000540000000005c00048014000300776c616e300000000000000000000000080002405258b37f14000300776730000000000000000000000000001400030076657468315f746f5f62617461647600140003006970766c616e3000000000000000000008000540fffffffb0900010073797a30"], 0x148}}, 0x2c77edc509eea7a8)

2.17340051s ago: executing program 5 (id=641):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001080)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000001180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x2}, 0x94)
memfd_secret(0x0)
syz_read_part_table(0x5e4, &(0x7f0000000000)="$eJzs3D2LXFUYB/D/uXfeFiLrBxBcSCMKRrETF2Oha7og2gnaWqxILMRCdgcVwZcPYCtaGIUQawUFCWKsrERYYiFib2GacGTuy0xAsZlFCfx+xZznnHue57mXe9sz4c5Wd5Nakuvd7KO2GybNw33wW/L2NFm+8EQy7xOmQ2JJ8tzlJ5+6sHexzNdrq9Xj4ep802U2jJPsDdGXk3xw+eCdLj5OyVGGMNPPZ5ms9tY+78O/3/TNkrbbw/9s8nXtX8QsP+aLJIelXb38ebLMJ8ndWXT7ziVpa63daz5OdpJ2/VVs4cr+teXjQ7yT4Uub9rOjd0t9aLg2Ta21Njk6O2a2yT2Pnbv0T0W7/GX3eONSrXV6ZsxtNhcOb80mw+yR7345ynKxrp7abEqe7CSvnDzzYHcnpa8x3f7xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Zfe9ev83zTg53/2Wdfz0p2k2W49z7zreW5xS/yv713bffOtSk9f3X/rp5Td+Pfg9fyRp2xycSebrfS/2w9X3umEyrLZb9z+81cw++/jbnfXCULok35/9+WYdO5wM42uP3pa832zdHwAAAAAAAAAAAAAAAAAAAFau5sLexSbPfnWj5PlsjvvXLJJSxukiqbXWP2tnPPz/w3gOP9dvpKySUsvt1c8nu3cldf7+A93fCvSJtdZJ16L8J4/Iv/grAAD//x/vY/E=")
fanotify_init(0x40, 0x0)
pread64(r0, 0x0, 0x0, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10)
fremovexattr(0xffffffffffffffff, &(0x7f0000000600)=@random={'system.', '\x00'})

1.981504622s ago: executing program 4 (id=642):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, 0x0, &(0x7f0000000040))

1.882420521s ago: executing program 1 (id=643):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

1.731657824s ago: executing program 4 (id=644):
unshare(0x24020400)
r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r0, &(0x7f00000003c0)={0x0, 0xc, 0x1, @thr={0x0, 0x0}})
add_key$user(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = syz_usb_connect(0x2, 0x2e4, &(0x7f0000000640)=ANY=[@ANYBLOB="120100006a692d20240430cfd5f9010203010902d202010000b00009048000094780600009050903000403d4060725010100020009050700200005017f0725010203020009050108200001ff0da0248b346c43ee3fe224daa489f6485ca326e39fee4993c1f465f2b85fe68da2f2df2ee51af5fa7ad0c978acde650625f9e556faf9f814db80128229ad8dc3c79fe1dccfc28305173d4e288e3438021751047a7b975c4a3fabda18561c01685d8bdcf230cad6f637e1e93c5b843c6b5180084a1acc3e9fd377c77ebfb2950943470c4e7677c1bc56b6c839c1ff3bb90060013e1179eb3be0dab5f1413174000000000102097f0009050f1040000590030725018248020009050100000209e0c109050c040004047f0709050202000207950809050b0cff03060e050725018180fefedd01fcf941361b353f022f6ee32701cc5e39c8d9354ba74468c489f4ee1d4efb71aca2b7c3998d534ced9d66184146ab46d147cdf431680cc8dada36372676a2dfe02f2cee3e89cfcbf950f172e7b66fd5a55c0ef3db0ee157baf961cac2aafee03b42004ac3de62381626496b6b78fd6e3c6314f72071a5640e58c29427f7bbeff424002674d5752ffdc1217d2e19ec91b7f12c7892d81cb4705881c0e47b514452d0a5198437ca42799e5cb52e98b244b49b26622e03cef0b9db4c0b66e3d25d0b320de4e33c20043dbacd33b8961cccd7e105a76fbc68a5b08e437a09050600200081070107250100049642c8115e63bdc0c1e117f704018534852075295b9372cbf0875022c0ff21d33499f766518dad0a144f757f8316c4949ef92a8206ca0eb31f753ab226941979f8e7eef46291763970364ad74643ba0c4729b0ef30d5e0150e53dc4cf3d1a53541a4779c3f11afbfa7273849a6b55ebffc5d26b2cc080a55609881af7ac6423624225d2984440859e88a8683466b849feb2600d664ce75f8bf1ccc6f04648979558f73dc0ecc53b0387b7f167d65b1ac56f48cd20845549c5ba01b6cbff32981277b5991c94e3279fddb"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)

1.669624484s ago: executing program 1 (id=645):
r0 = eventfd(0x0)
read$eventfd(r0, &(0x7f0000000240), 0xfdef)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000001100)="02965d1f5ec3de3d", 0x8}], 0x1)

1.603045368s ago: executing program 5 (id=646):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x4788, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000190001002dbd7000000000001c140000fe01000800000000"], 0x1c}}, 0x0)

1.537150584s ago: executing program 3 (id=647):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x18)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1.271805903s ago: executing program 2 (id=648):
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000080)='0\x00', 0x2)

1.199538993s ago: executing program 1 (id=649):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000d9bb000085000000b500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000080)='./file2\x00', 0x4080, &(0x7f0000000300)=ANY=[@ANYBLOB='nobarrier,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6465636f6d706f73652c666f7263652c666f7263652c756d61736b3d30303030303030303030303030303030303030303031302c6e6c733d64656661756c742c00d4023937168c6a03faba6a3338c76bbb2cc123a1966858d8147d2c8f6696a3afb73a4233a7d6d17cbf793d9f3d5dc088fadadfdb7688c6a99fb22e09bb9b1fbe01fd94fae1e35f93fdbc2d26ac49430c71a16ad073e2416238a4b5f8c9877c553b2690fd7148fad9a9579680000d1a5caad58758c05f80c742dfc96510890d6ab62c3d6bc97ea00353e76f0f436500c88ef1b3ec52d6d1b6189c2c09e76160176ee4c21e9bcebdcac3565569f673575a04183f4095c2743d1547baa170a07fb5b39c0af610bbf13953ecb5e354858f41aa5b7bf2fbde", @ANYRESDEC, @ANYRESDEC], 0x44, 0x6f7, &(0x7f0000000480)="$eJzs3U1sHGcZAOB31uu1N5XcbZu0BSHFakQEDSS2l5IgIREqhHyoUCQuvS6J01heu5HtIidCxAUKRzihHDgUIXPoCfWABOKAKGckJK4o90jcIw4smtmZ9f7Y693GP0n6PNJ4vpn5ft55O/Pt7myjDeAza/HtmNyOJBYvvLWVbj/YqTcf7NRXi3JETEVEKaLcXkWyFpF8EnE12kt8Lt2Zd5fsN84bD//0m/P3P6q3t8r5ktUvDWu3qzVkhO18idmImMjXYyrv19/1eHOgv3tjdZ104k4Tdq5IHJy01oDtcZqPcN8CT7p7EROTe+yvRZyKiOn8fUDks0PpmMM7dGPNcgAAAPBkmjiowvOP4lFsxczxhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPhqT9m4FJvpSK8mwkxe//V/J9qUrlhOMd7isHHP/g5jEFAgAAAAAAAABH4uP8i/uzj+JRbMVMsb+VZN/5v5ZtnM7+PhfvxUYsxXpcjK1oxGZsxnrMR0zOdHVY2Wpsbq7PD7b8daQtW63WvbzlQkTUBlouHMNJAwAAAAAAAMCz6yexGDMnHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRLIibaq2w5XZRrUSpHxHREVNJ62xF/KcpPuuqQY389xjgAAADghBQfjWeS/7ULrST7zP9y9rl/Ot6LtdiM5diMZizFjexZQPtTf+mf2/Xmg536aroMdvzt/4wVR9ZjREzE+/uMPJfVONNpsRjfje/HhZiNa7Eey/HDaMRmLMVsVNOTiEYkUau2n17Uijj3jvdqz9a1/tjO9m2/mkVSjZuxnMV2Ma5Xov3YJDuHdMxXu0b7YyWib8T30+wk38qNmKMbXf+9fpU/l8m1nh+xj6NRy858spORuTT3eTZeGJ77Ma+T/pHmo9R5BnV6d5R0s3+kIuc/GCfnp/J1muuf9+b8sI35KK0/EwtRyq++iJd7c377i/df7G385X/97dqt0trKrZsbF47wlB7H7EEVJotCfybqXZl4ZfjVl2eimWZie/RMTPbvmB615dGq5NnIpqIRZ8vvZKVGvNZ1Cb4bN2IpLsdczMeVmItvxELUO1dYupzpyWu5vtqbk+xeKw3Ob8OexJ77UlelXxxQ+XileXmhK6/dM10tO5bvufrLmOu6+l4cfvWN/SqQjv/5vJyO8dPOK86ToCcT+dxcRPfS8Ez8tpX+3Wiurazfatwecbzz+Tq9bT/onZt/N3rU/a/uhyG9XtIZt5xtZTmpFtdLeuylTrS9+ark37i025UGjp3pHKvFTCzH9/a9Uyv5e7jBntrHXuk+9u/dmbOSv78pjvW8y4l3o5m9C+lz4FQNwDE79fqpSvVh9R/VD6s/q96qvjX95tSVqS9UYvLv5T9P/KH0+9I3k9fjw/hxzJx0pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CzYuHN3pdFsLq13CjHdv+dxC5V9xxpeiNKBdXaeG63DqEUMHyvJC5XDPfensVCNvj3FLyw9bs8fR8SQOpXHDj4Z+xobu5Dm4VA6LH44LdvTmhijeblotXedcmxMx0ojKe9xx03t3gVRW2k0/9vqaV6NrlsGeMZd2ly9fWnjzt2vLq823ll6Z2lt4crlK5frX5//2qWby82lufbfk44SOAobd+5OnHQMAAAAAAAAAAAAwHjy//t/81P/Y4byAXUq6xt7j3z2uE8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeEotvh2T25HE/NzFuXT7wU69mS5FebdmOSJKEZH8KCL5JOJqtJeodXWX7DfOGw+jdP7+R/XdvspF/dKwdqPZzpeYjYiJfH2wqT26Gezveld/258qvKRzhmnCzhWJg5P2/wAAAP//vnbzsA==")
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, &(0x7f00000000c0)={[{@jqfmt_vfsold}, {@data_err_abort}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@debug}]}, 0xfe, 0x46d, &(0x7f0000000f00)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQKNbQmQohWD3g0JN6N/4XxpBejXjTxqndDQgwXUC9rZmemLMtu2aXbLnQ/n2S6zzPzdJ/nOzPP7jPz7G4APWsk+5NE/C8ifo+IoTx7a4GR/OHGtYtTf1+7OJVEpfLWX0m13PVrF6fKouX/bcszlUqR39Sg3kvvRkzOzc2cK/Jji2c+GFs4f+GF2TOTp2ZOzZydOHbs8KG9g0cnjnQkziyu67s/nt+z6/g7l9+YOnH5vZ+S/sjjjro4OmUk37sNPd3pyrpse026umOX7fvlZrrRmUA39UVEdrgGqv1/KPpiy/K2oXjts642DlhTlUqlssKr8lIF2MCS6HYLgO4o3+iz699yWaehxz3h6sv5BVAW941iybf0R5on9g3UXd920khEnFj656tsiTW6DwEAUOu7bPzzfKPxXxoP54nB7M//izmU4Yh4ICJ2RMSDEbEzIh6KqJZ9JCIebbP++hmS28c/6ZW7Dq4F2fjvpWJu69bxX1oWGe4rctur8Q8kJ2fnZg4W++RADGw6OZvMjK9Qx/ev/vZFs221479syeovx4JFO670192gm55cnFxNzLWufhqxu79R/EmU0zhJROyKiN13Wcfss/1Nt905/hU0f9qWVb6OeCY//ktRF38paTo/Of7i0YkjY5tjbubgWHlW3O7nXy+92az+VcXfAdnx39rw/F+OfzjZHLFw/sLp6nztQvt1XPrj86bXNG2e/8e3F+f/YPJ2dcVgseGjycXFc+MRg8nrt6+fuPlsZb4sn8V/YH/j/r8jbu6JxyJiT0TsjYjHs4vCou1PRMSTEbF/hfh/fOWp99uPf33mSrP4p+90/KP2+Lef6Dv9w7d3jn9zRDQ7/oerqQPFmlZe/1pt4Gr2HQAAANwv0upn4JN0dDmdpqOj+Wf4d8bWdG5+YfG5k/Mfnp3OPys/HANpeadrqOZ+6Hhxb7jMT9TlDxX3jb/s21LNj07Nz013O3jocdua9P/Mn33dbh2w5jowjwbcp/R/6F36P/SmRP+Hnqb/Q+9q1P8/aVp69Js1bQywrrz/Q+9qof8v5Q/NRwXA/cn7P/Qu/R96UtPvxqer+sr/uif+LX7P8F5pz8ZPRHpPNGPjJ/pb/jGLNhKVobz/Z2s2NSzT7VcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzvgvAAD//w3J5b0=")
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/17], 0x50)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

1.192376467s ago: executing program 3 (id=650):
r0 = semget$private(0x0, 0x2, 0x10)
statx(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x400, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000240)={{0x0, r1, 0x0, 0x0, 0x0, 0x50cdcf482a0193b0, 0x2}, 0xe583, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8})
semget$private(0x0, 0x7, 0x0)

590.319597ms ago: executing program 5 (id=651):
getsockopt$bt_hci(0xffffffffffffffff, 0x11e, 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x20000000000005)
dup(0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x1, 0x9, 0x0, 0x4002004c4, 0x4000000001000, 0x0, 0x1000000000000, 0x10000, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

590.12836ms ago: executing program 2 (id=652):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x55f2, 0x0, 0x0, 0x1000}, 0x10)
write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000100", 0x41d)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='veno\x00', 0x5)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
listen(r3, 0x1)
r4 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r4, @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRES32=r0])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r5=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x4, r5}, 0x14)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r6, &(0x7f000000f8c0)={0x0, 0x0, &(0x7f000000f880)={&(0x7f0000002b00)=@newtaction={0x1c, 0x16, 0xe67c0fb78d4e40bf, 0x0, 0x0, {0xa}, [{0x4}, {0x4}]}, 0x1c}}, 0x800)
syz_emit_ethernet(0x14, &(0x7f0000000140)=ANY=[], 0x0)

589.44677ms ago: executing program 4 (id=653):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) (async)
sched_setscheduler(0x0, 0x2, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) (async)
fsmount(0xffffffffffffffff, 0x1, 0x84)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0) (async, rerun: 64)
ioperm(0x2, 0x7, 0x13) (async, rerun: 64)
mount$9p_rdma(0x0, 0x0, 0x0, 0x3b8c039, &(0x7f0000000440)=ANY=[]) (async)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000000e40)="74836a608a879c0f4933e2980e3c27227b44c5f674d374f685a7252ac48df7cbdb6cb4b24ef98291b83a501c8237790fe9dd1ab86749497a19e5823d8a30793254456ddc653c653fa808d834a5eb7d4d59ffb92952f1066a00bce07815b7b6d48a1722932d00dbdee09c36353b3109cdf5e573402fe43eed02728bedac7695eecc6592553d856ef5c81f3ac1aae42258794c093e644c10232030162346daaed7eb5035eeedc50977abe7153d2a693ed4a3808361052bbbd83cdd05d314de0d22a343bc438fb7d6cf3e96986d06662f1005a21a1a92a75cc0b9e59032f9cdeccd2d0ce9961ac063991b8adade53529e42a66e71cfe2898c62fea7a35048348ed3c1558f7dccf1d57ec1e04dce785f2b7d53a725bee3285c34c39c4bcfc7e78de0e2056ee113473335dff60475785116916d1f140a093a98912ab97185763da02e09aff786dabac1ecb508f44c729831afccd8127a432236ca799e232e24d6a432401121373560729431c07d280d5ddca29f8b090ba9fb342c0472dd41254696804d890335594dc908892b5b4141817d074e3d18f60fcc88a09d01167ebc34abe1fa88ad479b255fed991086555f6715611b75281c919e08295d7dce5a94354de0d3f9ab6a0ca20a76060b23caf7c18bf50d5cc1035f292394bf1be8640588918f692827dfdc1e4095c2b468a80b722b69e350e66c88c222bf1c357b3867d162e5e1d90777223b7dac6b9bd8fca2ee2019dbe35f7eb9f4562dd0d761adf16f1c2659aea0fe284602a4c188fae98d28f6bbe8c9928ecaa3ab282e4eb4480f8d26b1e38df368d808dc037350d13fd898638c1ffb13005709a6340fa4dec43307c7a53236399d02e03280fe5b37326b4bf920770607950aa957f73b56eb42b50428b80f533d57042b8cec67548f60789e557f5e68426b7ea3c7e2ed0c68e571bbb4d14dbb1a7e32750c30a97535bc6a398204e0b4b20038a2905fa97a899c0c153b9f783e08561d6d7ce9c593b20a8c9d0342c64639db4e4a900de891f9cf418caf585a9fb1fe88cd1febb3fadc934827e10adc73668c2bec4161c6d9d8af83b94916ba183fd4319139cea73173a5a2a5a50665643a0ca3de14b989706eecdbb010c45c9826ef368fc494c468446813208021c973c933a58507bc8a51baf3b77af624c8d15fad4e2d3cc7b2092c089baed0cd1f545cd6f1646bdaab17a11a74666c24e2af78dff22c8767155c7257235e851a4d57f51cc65e14f51c4a2afe1af92cdc25e5e71bdd3dde36ed40cb6393cc9696d7235e47929dbdb6a5d9d9059e19cd5e2e55ee1c25408f7deae259db7da26b81aa60365da1694085cfcda459930e6cc31501ece761aa36c12027a297f9e8b7da2b8149b251519a805ba3d5d850221e50ccc97b93281753193943d23b50be93fe957395c0ca116ebcedca7998c7f408dc938aba02b18ad9da724c2e3716981a658ce235d1723aba974c768c07dbef8678ff11cf46afae541ac5ac3a65ae67a51d201d9c8619592484afadcd4af0a4b0ea4af052a551e61bca70f2fac665e2e4d974ae3ee76f71ed58fc2e4194d9fd94b1a627cc7e116f11d67683144308947f4707422d31d4485a573e760963c74085dec9ed551d63c802d57e1633b82711b514a5b873b2be89660d84a188dbf1b97d7a23cb8b364f6ea031077718b19d01a6ed5942564525cb749e21c9a68ce245489db7e4fd383ed3e93ee006ff10a58c2fe3c91d97f790b8a271180c69589c21a0c72e68d84eddde3e01d5eb034e77a5a27cb80e34fa36f0fa4125a22944f60590e1b9b0f1c836d64217322286e3d24af8e991458af3a542ea8354fbe83a4d513893a39539523eef23802bff8019a5de324cbf39ec1e913fbb3cacbf7c7cf15ebfffbdd11c24543845d87e8b401671d2ae8d5db07d7e929248e1a348a17d80aff99ef1b3836f79a93f958a70d4e33a7f04fa15e1336f5c26289b46e470eff41958dce02e3163c199dd1ec083df1c8447624e529320fba36b848d27390aeb331d357de60465c2e0fb501916b1aa238ac1869dce80a17d9bba484c48a8928c170925889cd2224872ad328afb9321c9eb676096f5ad01c39652c906880b04190ad16855c9b03875356fef8fb2e470fc2432b878ea8daf6beb9b94e4dbaef0a1674403d1d2a72b593ac56de5237e7da7e662863b41f00e9332775c11e4d67c19f23e0d0eea7d2cec9ddb030baaf793e223052c6315ed478aa4d8707f2400d7d03bc32fff163acc1536e459f4807efacd3a855c55725392e635c3f432a2f724080a7aae411718b32f096c6dba2ed280b8169b1486812685f6aa34418b0b1777afd3c0f8030be528e31db140ee48814a1f56993678f97cb54abde61d8dcc8ecdcfc13531ac3fa53972e2be36f47f22ff6fce17f6a92c24ecd533ce544d47584683211e732dc49bffb3ecac90becf5dec9a2197512dcaca04f791cc04710105f7e80a704629834bca658c9928471cbcc32b2abfe50e0d3d63f7fe9b7c74313abf62b6a2addb4476c3ffd98ccc9c5bf3608da20d315d1428ed5025af648eafc90b5fec2fff3e1f3e284c661bb53c17e3e722a62122d62b8274bda4404d1b17144f2f04c3cc5bccee3b2568e2da456a284e4f76de40e70d4a34020530257e96a9c2f1d2ca661605641bc9bd78da275529dbf65203633f86a20b5971f3efc1b5160dcd0a4f2eb81bba79c3e6ceb46c8b8b301d8e050cb73df803b922d9edecadc4fd3c7d1598f44a16a0098202be9c180ca53fa26fc28f5dbd23cb052a9fda3d219f7f1fc8b5e85db094657f7263dfbe1b3c80022518890ff80b5bd91547d7a3404ce0b37974315cfc2dc6906eebc5f5e0227c2f6cbf98bda4466dd11026508026a8f7485f3ccb1273ff43f24fb49325db5e4a243d3f7c5ce6f35eb922d81544ed807897c896ce2f36705ffd58396022d093f6c74cc5f5eb2102bf9f2f213e471cfdf1f30f76ec8764f7a92d94cf00ff88107462bc3cb6e87c5926c0fdc6b5f45bcab6937ab0128f39a46fc8721548fd1451a9535905a70613f74d401989bffed243cd3560114ebcb38ea93474fe9ab948f930d236b244a562451d9c564dd86d635c6ce0bd0522f10a0d399e7bcd6e6ba89138c2da6b0b47dcfdd6cc773561943d15afb950b1d9a710ec2c3772e4ceacbddab61a344e360ee2a63e99c0fe6ef635cb0f40fa29246e37db290c1a038f59ee5fa379eaf26ead1146eaacaefbb753c3b0e3b16118ff3df617292c0705a6727f96770e3f0869effe493311469dfceb6c5f7f68976a04175b99df0b4ae0a8723188a210e9f66098332e022b02ca3a651ab99d660d764940b6868e59c7773efb0b4827b0d91d8429ea5bf545aa08013abfeac6160f97802cab7b32b38d9922a954e96cc4c5d7c43a7c89ca1e2d00c51208733dd8539724e62f5f5e69f556a1a3e5f4e9ee57363dd0317132e9829015ae0878fdf49e917f32e088ad00779cb801bcb2d34b21a5126d260c126ac3fa64182e9a640228f1707063a5bb4ea79f8b8b703367b31d8f387cb2695d1f27349ae5ba8ae40649ec6af188a68c0c4e2c8af927535a154db2661c71f0fd02fa07b154572addb912df3c844e1bc9ed6b4b14c4f802525374f075bc61c11c53cce143c812ffb53fc32766198464c8a574255b1727ec61a5812079fc23b773f4532284e9bf113c1b841b525dc6f9be7017c7bf1b8896e90925a633ee8724579f7f18f765a4029186eda52ff8292e4d44fa3d2edc99090e03568bf466200a35548ca3de102acd80355a9407fbabdb8722588d2396a5ff3b899e488346e9eeff8e8b349dbea0d6e8f86543bea1c8db9ec7b882909ebf7cdab930547afb8b0748abc72c9013cb72464dfb33354b1295d584800cf87869d7edbd07d0f88468b1e6d5d8679d5dce3d68c7c46b4cec0a5b9ed21ec1ede3deeb5c1bb98d92cd36a643e35a279aed569334181a70a37029ab8e79d0697359e58fecb7241e26188125e84123cde051d9a8bca2044e9786a88ef88e379a8e00a2c91ae98efa3649c0c2fe88a4e31c91e3372d5ccea58eb1d74cc48ef8e37b7248628b270df2c864a4b1a66d6ccf1b83cb6c484a2224e42905b0505fa5268a77fb1b10d08f57952e415c3f94e2f6299a3b1972a66e5aa34f000016803534160f99ccdd6a2cbb2c3b29ad078aec93f33d4f436549ffe88939cc7747c605c930a906c787c115ea6da9fcbd2148cfbabd4f88", 0xbba}], 0x1}}], 0x1, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x10006, &(0x7f0000000b40)={[{@journal_checksum}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@max_batch_time={'max_batch_time', 0x3d, 0x8}}]}, 0x0, 0x4c0, &(0x7f0000000540)="$eJzs3d9rXFUeAPDvnWSStJ1u0t3C/njZbtvdLpTOZLKk0IVlW/ZhF9aC2D+gxmQaQyaZkJnUJBRM/wUVLfggIvjki6DvRcRXfRH1QXzxSRAtFRF8GJk7kzZNMklImkzNfD5wuPfcO5nvORnu+c6cSe4JoGudioiViOiLiGcjYrB1PGmVuNwsjcfdv3drvFGSqNevfZek5xv1WPMzDcdazzkQEc/8N+K5ZGPc6tLy9Fi5XJpv1Qu1mblCdWn5wtTM2GRpsjQ7Mjx6abR4sVgsPra+vvRj7venP7j8rzeeeuvjt99bXEzW9HdtP3ZrZZNjza5nI7fmWG9E/H+vwZ4QPa3+9HW6IexKJiJ+GxGn0+t/MHrSVxMAOMzq9cGoD66tAwCHXePzfy6STL41F5CLTCafb87hnYyjmXKlWjt/o7IwOxHpHNZQZDM3psql4dbc2VBkk0a9mO4/rI+sq/8jIk5ExCv9R9J6frxSnujkGx8A6GLH1uX/H/qb+R8AOOQGOt0AAODAyf8A0H3kfwDoPvI/AHQf+R8Auo/8DwDdR/4HgK7y9NWrjVJfvf/1xM2lhenKzQsTpep0fmZhPD9emZ/LT1Yqk+k9e2a2e75ypTJ3MWYXFgu1UrVWqC4tX5+pLMzWrqf39b5eyh5IrwCArZz4890vkohY+eeRtMSatRzkajjcMp1uANAxPZ1uANAxVvuC7uUzPrDJEr1rZNv/idCd3cc09wCdde6P5v+hW8nB0L3M/0P3Mv8P3ateT6z5DwBdZjdz/Jf34X0I0Dlbf/+/xS1C9vD9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPza5dKSZPKttcBzkcnk8xHHI2IossmNqXJpOCJ+ExGf92f7G/VipxsNAOxR5puktf7XucGzufVn+5Kf+tNtRLzw+rXXFsdqtfli4/j3D47X7rSOj3Si/QDAdlbz9GoeX3X/3q3x1XKQ7fn2SnNx0Y3xe6M33Q5ENiKO3k9a9abG+5WexxB/5XZE/GGz+EnkIo4MtVY+XR+/Efv4/sePh/Ezj8TPpOea28bv4nePoS3Qbe5eaS5ovvH6y8SpdLv59T+QjlB71378yzwY/3rajH+ndtrHjwb/1zb+7Yg/9W4+/qzGT9rEP7vD+F9Xvny53bn6mxHnNs0/ySOxCrWZuUJ1afnC1MzYZGmyNDsyPHpptHixWCwW0jnqwupM9Ub/fvWzF7fq/9E28Qe26f9fd9j/rz75z4d/2SL+389s/vqf3CJ+Iyf+bYfx3znz/vPtzjXiT7Tp/3av//kdxr/76bs/7/ChAMABqC4tT4+Vy6V5O3b2c6fvyWiGnZ3udHpkAvbbw4u+0y0BAAAAAAAAAAAAAADaOYh/J+p0HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi8fgkAAP//ZCDc4A==") (async, rerun: 64)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0xa, 0x7, 0x209, 0x40}, 0x48) (rerun: 64)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000180), 0x3ff, r1}, 0x38)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 64)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000700)=""/200, 0xc8, 0x0, 0x0) (rerun: 64)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x100000000000000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x18, 0x25c, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002064070000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}) (rerun: 32)
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) (async)
dup2(r0, r4)

589.311351ms ago: executing program 3 (id=654):
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000240)='./file2\x00', 0x104800, &(0x7f0000000600)=ANY=[], 0x2, 0x1504, &(0x7f0000003680)="$eJzs3Au0ztXWMPA511p/bZKeJPc11/zzpI1FkuSSkEiSJElyS0iSJAmJTW5JSJLck9xDcoud3O+33JPkSJIkJCRZ39DpfN7zdt63c75zvtf3nT1/Y6yx19z/Z85nrT33eP6XMfb+tuPgqvWrVa7LzPBPwT9/SQOAFADoBwBXA0AEAKWyl8oOOAwya0z7595E/Gs9OPVyr0BcTtL/jE36n7FJ/zM26X/GJv3P2KT//17wL7fhfyfpf8Ym/RciI9syLc81MjLu+J97/g/y/P//OXL+/zdyqNjoL9cVu67TP5Ai/c/YpP8Zm/Q/Y5P+Z2zS/4xN+v9vLgKo9N8clv5nbNJ/ITKyy/38WcblHZf7908IIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghRMZwNlxiAOAv88u9LiGEEEIIIYQQQvzrhCsu9wqEEEIIIYQQQgjxfx+CAg0GIsgEV0AKZIYscCVkhasgG1wNCbgGssO1kAOug5yQC3JDHsgL+SA/WCBwwBBDASgISbgeCsENkAqFoQgUBQ/FoDjcCCXgJigJN0MpuAVKw61QBspCOSgPt0EFuB0qQiWoDHdAFbgTqkI1uAuqw91QA+6BmnAv1IL7oDbcD3XgAagLD0I9eAjqw8PQAB6BhtAIGkMTaPp/lP8CdIUXoRt0hzToAT3hJegFvaEP9IV+8DL0h1dgALwKA2EQDIbXYAi8DkPhDRgGb8JweAtGwEgYBaNhDIyFcfA2jId3YAK8CxNhEkyGKTAVpsF0eA9mwEyYBe/DbPgA5sBcmAfzYQF8CAthEaTDR7AYPoYlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi3wCWyFbbAddsBO2AW74VPYA5/BXvgc9sEX/2D+mf+U3wkBARUqNGgwE2bCFEzBLJgFs2JWzIbZMIEJzI7ZMQfmwJyYE3NjbsyLeTE/5kdCQkbGAlgAk5jEQlgIUzEVi2AR9OixOBbHEngTlsSSWApLYWksjWWwLJbF8lgeK2AFrIgVsTJWxipYBatiVbwL78K7sQbWwJpYE2thLayNtbEO1sG6WBfrYT2sj/WxATbAhtgQG2NjbIpNsRk2w+bYHFtiS2yFrbA1tsY22AbbYltsh+2wPbbHDtgBO2JH7ISdsTO+gC/gi/gidscqqgf2xJ7YC3thH+yLffFl7I+v4Cv4Kg7EQTgYX8PX8HUciqdxGL6Jw3E4VlAjcRSORlZjcRyOw/E4HifgBJyIk3ASTsGpOA2n43ScgTNxJr6Ps/ED/ADn4lycjwtwAS7ERZiO6bgYz+ASXIrLcDmuwJW4AlfjGlyN63A9rsONuBE342b8BD/BbbgNd+AO3IW78FP8FD/Dz3Ag7sN9uB/34wE8gAfxIB7CQ3gYD+MRPIJH8Sgew2N4HE/gSTyBp/AUnsYzeBbP4jk8h+fxubxf19tVeO1AUBcZZVQmlUmlqBSVRWVRWVVWlU1lUwmVUNlVdpVD5VA5VU6VW+VWeVVelV/lV6RIsYpVAVVAJVVSFVKFVKpKVUVUEeWVV8VVcVVClVAlVUlVSt2iSqtbVRlVVrXw5VV5VUG19BVVJVVZVVZV1J2qqqqmqqnqqrqqoWqomqqmqqVqqdrqflVH9cA++KC62Jn6ahA2UIOxoWqkGqsm6nV8VDVTQ7G5aqFaqsfVmzgMW6tmvo16SrVVo7CdekaNxmdVBzUWO6rnVSfVWXVRL6iuqrnvlum3j0A1BXup3qqP6qtm4J3qYseqqlfVQDVIDVavqfn4uhqq3lDD1JtquHpLjVAj1Sg1Wo1RY9U49bYar95RE9S7aqKapCarKWqqmqamq/fUDDVTzVLvq9nqAzVHzVXz1Hy1QH2oFqpFKl19pBarj9UStVQtU8vVCrVSrVKr1Rq1Vq1T69UGtVFtUpvVFvWJ2qq2qe1qh9qpdqnd6lO1R32m9qrP1T71hdqv/qQOqC/VQfWVOqS+VofVN+qI+lYdVd+pY+p7dVydUCfVD+qU+lGdVmfUWfWTOqd+VufVL+qCCgo0aqW1NjrSmfQVOkVn1ln0lTqrvkpn01frhL5GZ9fX6hz6Op1T59K5dR6dV+fT+bXVpJ1mHesCuqBO6ut1IX2DTtWFdRFdVHtdTBfXN+oS+iZdUt+sS+lbdGl9qy6jy+pyury+TVfQt+uKupKurO/QVfSduqqupu/S1fXduoa+R9fU9+pa+j5dW9+v6+gHdF39oK6nH9L19cO6gX5EN9SNdGPdRDfVj+pm+jHdXLfQLfXjupV+QrfWT+o2+indVj+t2+lndHv9rO6gn9Md9fO6k+6su+hf9AUddDfdXafpHrqnfkn30r11H91X99Mv6/76FT1Av6oH6kF6sH5ND9Gv66H6DT1Mv6mH67f0CD1Sj9Kj9Rg9Vo/Tb+vx+h09Qb+rJ+pJerKeoqfqabrPb5Vm/R357/yN/AG/vvtmvUV/orfqbXq73qF36l16t96t9+g9eq/eq/fpfXq/3q8P6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6hf9I/6FP6R31an9Fn9E/6nD6nz//2MwCDRhltjIlMJnOFSTGZTRZzpclqrjLZzNUmYa4x2c21Joe5zuQ0uUxuk8fkNflMfmMNGWfYxKaAKWiS5npTyNxgUk1hU8QUNd4UM8XNjf90/h+tr6lpapqZZqa5aW5ampamlWllWpvWpo1pY9qatqadaWfam/amg+lgOpqOppPpZLqYLqar6Wq6mW4mzaSZnuYl08v0Nn1MX9PPvGz6m/5mgBlgBpqBZrAZbIaYIWaoGWqGmWFmuBluRpgRZpQZZcaYMWacGWfGm/FmgplgJpqJZrKZbKaaqWa6mW5mmBlmlpllZpvZZo6ZY+aZeWaBWWAWmoUm3aSbxWaxWWKWmqVmuVluVpqVZrVZbdaatWa9WW82mo1midlitpitZqvZbrabnWan2W12mz1mj9lr9pp9Zp/Zb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6Om5PmpDllTpnT5rQ5a86ac+acOW/OmwvmwsXLvkhFKjKRiTJFmaKUKCXKEmWJskZZo2xRtigRJaLsUfYoR3RdlDPKFeWO8kR5o3xRGtiIIhdxFEcFooJRMro+KhTdEKVGhaMiUdHIR8Wi4tGNUYnopqhkdHNUKrolKh3dGpWJykblovLRbVGF6PaoYlQpqhzdEVWJ7oyqRtWiu6Lq0d1RjeieqGZ0b1Qrui+qHd0f1YkeiOpGD0b1ooei+tHDUYPokahh1ChqHDWJmv5L64dwOtdjvpvtbtNsD9vTvmR72d62j+1r+9mXbX/7ih1gX7UD7SA72L5mh9jX7VD7hh1m37TD7Vt2hB1pR9nRdowda8fZt+14+46dYN+1E+0kO9lOsVPtNDvdvmdn2Jl2ln3fzrYf2Dl2rp1n59sF9kO70C6y6fYju9h+bJfYpXaZXW5X2JV2lV1t19i1dp1dbzfYjXaT3Wy32E/sVrvNbrc77E67y+62n9o99jO7135u99kv7H77J3vAfmkP2q/sIfu1PWy/sUfst/ao/c4es9/b4/aEPWl/sKfsj/a0PWPP2p/sOfuzPW9/sRdsuHhxf/H0ToYMZaJMlEIplIWyUFbKStkoGyUoQdkpO+WgHJSTclJuyk15KS/lp/x0ERNTASpASUpSISpEqZRKRagIefJUnIpTCSpBJakklaJMVJpKUxkqQ+WoHN1Gt9HtdDtVokp0B91Bd9KdVI2qUXWqTjWoBtWkmlSLalFtqk11qA7VpbpUj+pRfapPDagBNaSG1JgaU1NqSs2oGTWn5tSSWlIrakWtqTW1oTbUltpSO2pH7ak9daAO1JE6UifqRF2oC3WlrtSNulEapVFP6km9qBf1oT7Uj/pRf+pPA2gADaSBNJgG0xAaQkNpKF28jBhOb9EIGkmjaDSNobE0jsbReBpPE2gCTaSJNJkm01SaStNpOs2gGTSLZtFsmk1zaA7No3m0gBbQQlpI6ZROi2kxLaEltIyW0QpaQatoFa2hNbSO1tEG2kCbaBNtoS20lbbSdtpOO2kn7abdtIf20F7aS/toH+2n/XSADtBBOkiH6BAdpsN0hI7QUTpKx+gYHafjdJJO0ik6RafpNJ2ls3SOfqbz9AtdoEApTkEWd6XL6q5y2dzVLsVldhfjCAAuxrldHpfX5XP5nXU5Xa6/isk5l+oKuyKuqPOumCvubvxdXMaVdeVceXebq+BudxV/F1d3d7sa7h5X093rqrm7/iqu5e5ztd3Dro57xNV1jVw918TVdw+7Bu4R19A1co1dE9fKPeFauyddG/eUa+ue/l280C1ya9xat86td3vcZ+6s+8kdcd+6c+5n1811d/3cy66/e8UNcK+6gW7Q7+Lh7i03wo10o9xoN8aN/V082U1xU900N92952a4mb+LF7gP3WyX7ua4uW6em/9rfHFN6e4jt9h97Ja4pW6ZW+5WuJVulVv9v9e63G10m9xmt9t96ra6bW672+F2ul2/xhf3sdd97va5L9xh94074L50B91Rd8h9/Wt8cX9H3XfumPveHXcn3En3gzvlfnSn3Zlf939x7z+4X9wFFxwwsmLNhiPOxFdwCmfmLHwlZ+WrOBtfzQm+hrPztZyDr+OcnItzcx7Oy/k4P1smdswccwEuyEm+ngvxDZzKhbkIF2XPxbg438gl+CYuyTdzKb6FS/OtXIbLcjkuz7dxBb6dK3Ilrsx3cJUQuCpX47u4Ot/NNfgersn3ci2+j2vz/VyHH+C6/CDX44e4Pj/MDfgRbsiNuDE34ab8KDfjx7g5t+CW/Di34ie4NT/JbfgpbstPczt+htvzs9yBn+OO/Dx34s7chV/grvwid+PunMY9uCe/xL24N/fhvtyPX+b+/AoP4Fd5IA/iwfwaD+HXeSi/wcP4TR7Ob/EIHsmjeDSP4bE8jt/m8fwOT+B3eSJP4sk8hafyNJ7O7/EMnsmz+H2ezR/wHJ7L83g+L+APeSEv4nT+iBfzx7yEl/IyXs4reCWv4tW8htfyOl7PG3gjb+LNvIU/4a28jbfzDt7Ju3g3f8p7+DPey5/zPv6C9/Of+AB/yQf5Kz7EX/Nh/oaP8Ld8lL/jY/w9H+cTfJJ/4FP8I5/mM3yWf+Jz/DOf51/4AgeGGGMV69jEUZwpviJOiTPHWeIr46zxVXG2+Oo4EV8TZ4+vjXPE18U541xx7jhPnDfOF+ePbUyxizmO4wJxwTgZXx8Xim+IU+PCcZG4aOzjYnHx+Ma4RHxTXDK+OS4V3xKXjm+Ny8Rl44fvLR/fFleIb48rxpXiyvEdcZX4zrhqXC2+K64e3x3XiO+Ja8b3xiXj++La8f1xnfiBuG78YFwvfiiuHz8cN4gfiRvGjeLGcZO4afxo3Cx+LG4et4hbxo/HreIn4tbxk3Gb+Km4bfz0Hx5Pi3vEPeOX4pfiEO7R85LzkwuSHyYXJhcl05MfJRcnP04uSS5NLksuT65IrkyuSq5OrkmuTa5Lrk9uSG5MbkpuToZQ7Qrw6JXX3vjIZ/JX+BSf2WfxV/qs/iqfzV/tE/4an91f63P463xOn8vn9nl8Xp/P5/fWk3eefewL+II+6a/3hfwNPtUX9kV8Ue99MV/cN/FNfVPfzD/mm/sWvqV/3D/un/BP+Cf9k/4p39Y/7dv5Z3x7/6zv4J/zz/nnfSff2XfxL/iu/kXfzXf3aT7N9/Q9fS/fy/fxfXw/38/39/39AD/AD/QD/WA/2A/xQ/xQP9QP88P8cD/cj/Aj/Cg/yo/xY/w4P86P9+P9BD/BT/QT/WQ/2U/1U/10P93P8DP8LD/Lz06d7ef4OX6en+cX+AV+oV/o0326X+wX+yV+iV/ml/kVfoVf5Vf5NX6NX+fX+Q1+g9/kN/ktfovf6rf67X673+l3+t1+t9/j9/i9fq/f5/f5/X6/P+AP+IP+K3/If+0P+2/8Ef+tP+q/88f89/64P+FP+h/8Kf+jP+3P+LP+J3/O/+zP+1/8BR/8uMTbifGJdxITEu8mJiYmJSYnpiSmJqYlpifeS8xIzEzMSryfmJ34IDEnMTcxLzE/sSDxYWJhYlEiPfFRYnHi48SSxNLEssTyxIrEykQI+bbGoUAoGJLh+lAo3BBSQ+FQJBQNPhQLxcONoUS4KZQMN4dS4ZZQOtwayoSyoVx4JDQMjULj0CQ0DY+GZuGx0Dy0CC3D46FVeCK0Dk+GNuGp0DY8HdqFZ0L78GzoEJ4LHcPzoVPoHLqEF0LX8GLoFrqHtNAj9AwvhV6hd+gT+oZ+4eXQP7wSBoRXw8AwKAwOr4Uh4fUwNLwRhoU3w/DwVhgRRoZRYXQYE8aGceHtMD68EyaEd8PEMClMDlPC1DAtTA/vhRlhZpgV3g+zwwdhTpgb5oX5YUH4MCwMi0J6+CgsDh+HJWFpWBaWhxVhZVgVVoc1YW1YF9aHDWFj2BQ2hy3hk7A1bAvbw46wM+wKu8OnYU/4LOwNn4d94YuwP/wpHAhfhoPhq3AofB0Oh2/CkfBtOBq+C8fC9+F4OBFOhh/CqfBjOB3OhLPhp3Au/BzOh1/CBfmbNSGEEEKIv4v+g+M9/sb3MgGA+m3eEwCu2pbn0H+uuSHnn+e9Vd5WCQB4qnvHB/8yqlRJS0v77bVLNEQF5wJA4q/r/yVeCi3hCWgDLaDE31xfb9X5HP9B/eQtAFn+Q04KXIov1b/pv6j/6OPDF5aOz2b/b+rPBUgteCknM1yKL9Uv+V/Uz9XsD9af+ctxAM3/Q05WuBRfql8cHoOnoc1fvVIIIYQQQgghhPiz3qpc+z+6f754f57XXMq5Ai7Ff3R/LoQQQgghhBBCiMvv2c5dnny0TZsW7f++Cf72XOAfy5KJTGTy/9nkcn8yCSGEEEIIIf7VLl30X+6VCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQGdf/xL8Tu9x7FEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIS63/xUAAP//KoI32g==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r1, 0x11, 0x68, &(0x7f0000000040)=0x2, 0x4)
syz_usb_connect(0x3, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x250, 0xf3, 0xde, 0x2e, 0x8, 0x6e1, 0x709, 0x204, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x81, 0xa0, 0xe, [{{0x9, 0x4, 0xce, 0x8, 0x0, 0xe, 0x18, 0xa6, 0x66}}]}}]}}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x2, [{0xa6, &(0x7f0000000280)=@string={0xa6, 0x3, "486fdc2f348274646c5333c59058e4393baf8819afdb1f0cef2070391177b765a7987ccf92e25c15c6e25c06ce1febad4f91d3e24d1232f5ee15c2d1ce654ee1ed055b988fb39b04d7f97853ce82cdb39db359c73759522432104c13e842e58c549a84d39e9f54d2eefb4b63c67c67a421ac28cd93fbbc1593bd314f23a999259c2385794baa845406905036c2bf13a9946747a65ea94e3c7916e7c40befa99b40dae400"}}, {0x68, &(0x7f0000000140)=@string={0x68, 0x3, "eacf22aabb7d02c3e1843d22e5f56a469e830e1b3485d50de1a40df8ab677c5472d4b77d50cdf3cb25c28a5ad27807e86c4d4945a83172364da595670e848744c8c7e7a5c9d02e6cb001fb6c1ace5b42f69c189cc7df37b8af6f7f810968925f77832bdbd3a6"}}]}) (async)
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) (async)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0xa, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000580081044e81f782db44b904021d080009000200e8fe55a1180015000600142603600e120900210000000401a80016000a00014006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) (async)
preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000ac0fce405d0500904431000000010902120001000080040904"], 0x0)

326.774973ms ago: executing program 2 (id=655):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

235.445666ms ago: executing program 5 (id=656):
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\v\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC], 0x20)
r0 = creat(&(0x7f0000000080)='./file0\x00', 0xc7)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x4, 0xff, 0xe1, 0x2, 0x4, 0x9, 0xff}, 0x1c)
close(r0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="746e6f3d8cd67c8d056a77fe6770cfa4c7f768abab8c45d0145d608aad5f869fdb88bd1d8807e384a44f13dff5b24cbe4b81c1a4ced3b5086fcdf68da861b21e86642b22c798d07a65e460511574642f73a1fa013af4871219097f6876ec3ebfc9167cb942d8541a1a60f858d315129cf6fad54bc35ac456a6530b134cbc0bfd4ac1db054eb7bd5e4febebb3262e1f361d5e85b6863d9f31cfc642ae8337dbed9a9494f6a134", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',\x00'])
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newlink={0x2c, 0x10, 0x801, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x4}]}, 0x2c}}, 0x4050)

192.337052ms ago: executing program 4 (id=657):
syz_80211_inject_frame(0x0, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x44}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="4000000003080104000000000000000000000000050003000600000024000480080004400000000008000a400000000008000940"], 0x40}}, 0x0)

0s ago: executing program 3 (id=658):
time(0x0)
time(&(0x7f0000000100))
time(&(0x7f0000000180))
time(&(0x7f00000001c0))
time(&(0x7f0000000200))
time(&(0x7f0000000280))
time(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000010)
time(0x0)
time(&(0x7f0000000500))
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0)
unshare(0x66000080)
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00'})
gettid()
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}}, 0x0)

kernel console output (not intermixed with test programs):

netlink: 8 bytes leftover after parsing attributes in process `syz.3.337'.
[  364.174550][ T7174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  364.777621][ T7192] overlayfs: failed to clone upperpath
[  365.049231][ T7198] loop3: detected capacity change from 0 to 16
[  365.129779][ T7198] erofs (device loop3): mounted with root inode @ nid 36.
[  365.169400][   T30] audit: type=1800 audit(1751554324.490:6): pid=7198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.344" name="file1" dev="loop3" ino=86 res=0 errno=0
[  365.262017][    C1] Unknown status report in ack skb
[  365.470170][ T7207] loop2: detected capacity change from 0 to 512
[  365.481888][ T7207] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  365.503385][ T7207] EXT4-fs (loop2): 1 truncate cleaned up
[  365.512920][ T7207] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.572106][ T7210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.581809][ T7210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.622540][ T7212] loop3: detected capacity change from 0 to 128
[  365.631287][ T7212] vfat: Unknown parameter '��������'
[  365.676859][ T7212] loop3: detected capacity change from 0 to 1024
[  365.722252][ T7214] vivid-002: disconnect
[  365.752268][ T7212] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.769243][ T7212] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  365.799215][ T5882] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  365.849031][   T30] audit: type=1804 audit(1751554325.170:7): pid=7212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.347" name="/newroot/64/file1/file1" dev="loop3" ino=15 res=1 errno=0
[  365.908150][   T30] audit: type=1804 audit(1751554325.210:8): pid=7212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.347" name="/newroot/64/file1/file1" dev="loop3" ino=15 res=1 errno=0
[  365.974781][ T5882] usb 3-1: Using ep0 maxpacket: 32
[  366.049075][ T5860] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  366.057620][ T5882] usb 3-1: unable to get BOS descriptor or descriptor too short
[  366.130285][ T5882] usb 3-1: config 253 has an invalid interface number: 202 but max is 0
[  366.139402][ T5882] usb 3-1: config 253 has an invalid descriptor of length 223, skipping remainder of the config
[  366.150297][ T5882] usb 3-1: config 253 has no interface number 0
[  366.156817][ T5882] usb 3-1: config 253 interface 202 altsetting 0 endpoint 0x5 has invalid maxpacket 10784, setting to 64
[  366.170867][ T5882] usb 3-1: config 253 interface 202 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  366.203432][ T7218] loop0: detected capacity change from 0 to 2048
[  366.231775][ T5804] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.257958][ T7218] nilfs2: Unknown parameter '��'
[  366.289809][ T5860] usb 2-1: unable to get BOS descriptor or descriptor too short
[  366.314999][ T5860] usb 2-1: not running at top speed; connect to a high speed hub
[  366.339715][ T5882] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  366.349293][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.357590][ T5882] usb 3-1: Product: syz
[  366.362182][ T5882] usb 3-1: Manufacturer: syz
[  366.367001][ T5882] usb 3-1: SerialNumber: syz
[  366.395292][ T5860] usb 2-1: config 129 has an invalid interface number: 28 but max is 0
[  366.404246][ T5860] usb 2-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config
[  366.415308][ T5860] usb 2-1: config 129 has no interface number 0
[  366.421978][ T5860] usb 2-1: config 129 interface 28 altsetting 28 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  366.434399][ T5860] usb 2-1: config 129 interface 28 altsetting 28 endpoint 0x8D has invalid maxpacket 12102, setting to 64
[  366.446546][ T5860] usb 2-1: config 129 interface 28 altsetting 28 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  366.460452][ T5860] usb 2-1: config 129 interface 28 has no altsetting 0
[  366.697400][ T5860] usb 2-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57
[  366.707110][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.715485][ T5860] usb 2-1: Product: syz
[  366.719951][ T5860] usb 2-1: Manufacturer: syz
[  366.724778][ T5860] usb 2-1: SerialNumber: syz
[  366.860483][ T7214] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  367.104535][ T7213] vivid-002: reconnect
[  367.125629][ T5860] etas_es58x 2-1:129.28: Starting syz syz (Serial Number syz)
[  367.189880][ T5860] etas_es58x 2-1:129.28: could not retrieve the product info string
[  367.353324][ T5860] usb 2-1: USB disconnect, device number 20
[  367.362245][ T5860] etas_es58x 2-1:129.28: Disconnecting syz syz
[  367.579522][ T1912] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  367.799252][ T1912] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  367.811517][ T1912] usb 1-1: config 0 has no interface number 0
[  367.884159][ T1912] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  367.893961][ T1912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.916748][ T1912] usb 1-1: Product: syz
[  367.930553][ T1912] usb 1-1: Manufacturer: syz
[  367.935407][ T1912] usb 1-1: SerialNumber: syz
[  368.018165][ T1912] usb 1-1: config 0 descriptor??
[  368.146834][ T7228] 9pnet_fd: Insufficient options for proto=fd
[  368.388680][ T7232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.354'.
[  368.450792][ T7231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  368.744321][ T7222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  368.754170][ T7222] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  368.804104][ T1912] usb 1-1: Firmware version (0.0) predates our first public release.
[  368.813068][ T1912] usb 1-1: Please update to version 0.2 or newer
[  368.970804][ T1912] usb 1-1: USB disconnect, device number 12
[  369.337032][ T5882] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  369.357504][ T3591] usb 3-1: Failed to submit usb control message: -71
[  369.365401][ T3591] usb 3-1: unable to send the bmi data to the device: -71
[  369.372918][ T3591] usb 3-1: unable to get target info from device
[  369.379659][ T3591] usb 3-1: could not get target info (-71)
[  369.385744][ T3591] usb 3-1: could not probe fw (-71)
[  369.389253][ T5882] usb 3-1: USB disconnect, device number 20
[  369.434749][ T5817] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.632100][ T7252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'.
[  369.641437][ T7252] FAULT_INJECTION: forcing a failure.
[  369.641437][ T7252] name failslab, interval 1, probability 0, space 0, times 0
[  369.657246][ T7252] CPU: 1 UID: 0 PID: 7252 Comm: syz.0.360 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  369.657395][ T7252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  369.657471][ T7252] Call Trace:
[  369.657522][ T7252]  <TASK>
[  369.657572][ T7252]  __dump_stack+0x26/0x30
[  369.657730][ T7252]  dump_stack_lvl+0x1df/0x270
[  369.657894][ T7252]  dump_stack+0x1e/0x25
[  369.658035][ T7252]  should_fail_ex+0x7dc/0x8a0
[  369.658204][ T7252]  should_failslab+0x15b/0x200
[  369.658394][ T7252]  kmem_cache_alloc_node_noprof+0xf3/0xf00
[  369.658536][ T7252]  ? __alloc_skb+0x1e0/0x7d0
[  369.658717][ T7252]  ? kmsan_get_metadata+0xfb/0x160
[  369.658881][ T7252]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  369.659058][ T7252]  __alloc_skb+0x1e0/0x7d0
[  369.659236][ T7252]  netlink_ack+0x23f/0xf80
[  369.659380][ T7252]  ? kmsan_get_metadata+0xfb/0x160
[  369.659570][ T7252]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  369.659759][ T7252]  netlink_rcv_skb+0x3f9/0x680
[  369.659912][ T7252]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  369.660075][ T7252]  rtnetlink_rcv+0x35/0x40
[  369.660208][ T7252]  ? __pfx_rtnetlink_rcv+0x10/0x10
[  369.660350][ T7252]  netlink_unicast+0xed5/0x1290
[  369.660504][ T7252]  netlink_sendmsg+0x10b3/0x1250
[  369.660668][ T7252]  ? __pfx_netlink_sendmsg+0x10/0x10
[  369.660806][ T7252]  ? __pfx_netlink_sendmsg+0x10/0x10
[  369.660949][ T7252]  __sock_sendmsg+0x333/0x3d0
[  369.661102][ T7252]  ____sys_sendmsg+0x7e0/0xd80
[  369.661264][ T7252]  ___sys_sendmsg+0x271/0x3b0
[  369.661430][ T7252]  ? __rcu_read_unlock+0x6d/0xd0
[  369.661564][ T7252]  ? __fget_files+0x3b4/0x4a0
[  369.661686][ T7252]  ? __fget_files+0x3b9/0x4a0
[  369.661814][ T7252]  ? kmsan_get_metadata+0xfb/0x160
[  369.661986][ T7252]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  369.662171][ T7252]  __x64_sys_sendmsg+0x211/0x3e0
[  369.662326][ T7252]  ? kmsan_get_metadata+0xfb/0x160
[  369.662515][ T7252]  x64_sys_call+0x32fb/0x3db0
[  369.662679][ T7252]  do_syscall_64+0xd9/0x210
[  369.662810][ T7252]  ? irqentry_exit+0x16/0x60
[  369.662976][ T7252]  ? clear_bhb_loop+0x40/0x90
[  369.663117][ T7252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.663262][ T7252] RIP: 0033:0x7f7982b8e929
[  369.663362][ T7252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.663476][ T7252] RSP: 002b:00007f7983916038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  369.663605][ T7252] RAX: ffffffffffffffda RBX: 00007f7982db5fa0 RCX: 00007f7982b8e929
[  369.663700][ T7252] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[  369.663785][ T7252] RBP: 00007f7983916090 R08: 0000000000000000 R09: 0000000000000000
[  369.663868][ T7252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.663949][ T7252] R13: 0000000000000000 R14: 00007f7982db5fa0 R15: 00007ffddf1b70d8
[  369.664070][ T7252]  </TASK>
[  370.309180][ T7262] FAULT_INJECTION: forcing a failure.
[  370.309180][ T7262] name failslab, interval 1, probability 0, space 0, times 0
[  370.322438][ T7262] CPU: 0 UID: 0 PID: 7262 Comm: syz.2.363 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  370.322582][ T7262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  370.322659][ T7262] Call Trace:
[  370.322705][ T7262]  <TASK>
[  370.322752][ T7262]  __dump_stack+0x26/0x30
[  370.322909][ T7262]  dump_stack_lvl+0x1df/0x270
[  370.323074][ T7262]  dump_stack+0x1e/0x25
[  370.323212][ T7262]  should_fail_ex+0x7dc/0x8a0
[  370.323381][ T7262]  should_failslab+0x15b/0x200
[  370.323569][ T7262]  __kmalloc_noprof+0x182/0x1310
[  370.323702][ T7262]  ? tomoyo_encode+0x626/0xa10
[  370.323848][ T7262]  ? prepend_path+0xff2/0x10c0
[  370.323978][ T7262]  ? kmsan_get_metadata+0xfb/0x160
[  370.324147][ T7262]  ? kmsan_get_metadata+0xfb/0x160
[  370.324331][ T7262]  tomoyo_encode+0x626/0xa10
[  370.324522][ T7262]  tomoyo_realpath_from_path+0x92e/0x9f0
[  370.324717][ T7262]  tomoyo_path_number_perm+0x1d0/0x7d0
[  370.324856][ T7262]  ? stack_depot_save_flags+0x35/0x7b0
[  370.325019][ T7262]  ? kmsan_get_metadata+0xfb/0x160
[  370.325191][ T7262]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  370.325411][ T7262]  tomoyo_file_ioctl+0x3d/0x50
[  370.325580][ T7262]  security_file_ioctl+0x141/0x590
[  370.325762][ T7262]  __se_sys_ioctl+0xbb/0x400
[  370.325926][ T7262]  __x64_sys_ioctl+0x97/0xe0
[  370.326087][ T7262]  x64_sys_call+0x1ebe/0x3db0
[  370.326250][ T7262]  do_syscall_64+0xd9/0x210
[  370.326379][ T7262]  ? irqentry_exit+0x16/0x60
[  370.326550][ T7262]  ? clear_bhb_loop+0x40/0x90
[  370.326693][ T7262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.326828][ T7262] RIP: 0033:0x7efee0d8e929
[  370.326927][ T7262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.327041][ T7262] RSP: 002b:00007efee1b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.327169][ T7262] RAX: ffffffffffffffda RBX: 00007efee0fb5fa0 RCX: 00007efee0d8e929
[  370.327260][ T7262] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004
[  370.327348][ T7262] RBP: 00007efee1b3e090 R08: 0000000000000000 R09: 0000000000000000
[  370.327428][ T7262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.327513][ T7262] R13: 0000000000000000 R14: 00007efee0fb5fa0 R15: 00007fff1869bd58
[  370.327634][ T7262]  </TASK>
[  370.327724][ T7262] ERROR: Out of memory at tomoyo_realpath_from_path.
[  370.393137][ T7263] binder_alloc: 7261: binder_alloc_buf, no vma
[  370.594040][ T7262] binder: 7261:7262 ioctl c0306201 200000000300 returned -14
[  370.896539][ T7259] loop3: detected capacity change from 0 to 4096
[  371.089388][ T5860] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  371.317910][ T5860] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  371.327702][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.336837][ T5860] usb 2-1: Product: syz
[  371.341796][ T5860] usb 2-1: Manufacturer: syz
[  371.346646][ T5860] usb 2-1: SerialNumber: syz
[  371.397240][ T5860] usb 2-1: config 0 descriptor??
[  371.421090][ T5860] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 021
[  371.439462][ T5882] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  371.580674][ T7273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.366'.
[  371.647393][ T5882] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  371.656709][ T5882] usb 3-1: config 0 has no interface number 0
[  371.696357][ T7273] bond1: entered promiscuous mode
[  371.709576][ T7273] 8021q: adding VLAN 0 to HW filter on device bond1
[  371.747715][ T5882] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  371.758140][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.766917][ T5882] usb 3-1: Product: syz
[  371.771987][ T5882] usb 3-1: Manufacturer: syz
[  371.776809][ T5882] usb 3-1: SerialNumber: syz
[  371.824472][ T5860]  (null): failure reading functionality
[  371.850296][ T7279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.368'.
[  371.853610][ T5860] i2c i2c-1: connected i2c-tiny-usb device
[  371.860645][ T7278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  371.889608][ T5882] usb 3-1: config 0 descriptor??
[  371.972559][ T7281] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  371.980860][ T7281] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  372.073211][   T30] audit: type=1800 audit(1751554331.390:9): pid=7270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.365" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  372.102856][ T5860] usb 2-1: USB disconnect, device number 21
[  372.266162][   T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  372.355699][ T5882] usb 3-1: Firmware: major: 79, minor: 230, hardware type: UNKNOWN (84)
[  372.449436][   T24] usb 4-1: Using ep0 maxpacket: 16
[  372.474087][   T24] usb 4-1: unable to get BOS descriptor or descriptor too short
[  372.491460][   T24] usb 4-1: config 2 has an invalid interface number: 139 but max is 0
[  372.500375][   T24] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  372.510953][   T24] usb 4-1: config 2 has no interface number 0
[  372.520028][   T24] usb 4-1: config 2 interface 139 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  372.534471][   T24] usb 4-1: config 2 interface 139 has no altsetting 0
[  372.583524][ T5882] usb 3-1: Firmware: build 
[  372.612066][   T24] usb 4-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=81.f5
[  372.625303][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.635679][   T24] usb 4-1: Product: syz
[  372.640280][   T24] usb 4-1: Manufacturer: syz
[  372.645280][   T24] usb 4-1: SerialNumber: syz
[  372.788193][ T5882] usb 3-1: failed to fetch extended address, random address set
[  372.796611][ T5882] usb 3-1: atusb_probe: initialization failed, error = -524
[  372.805469][ T5882] atusb 3-1:0.128: probe with driver atusb failed with error -524
[  372.829600][ T5882] usb 3-1: USB disconnect, device number 21
[  372.862561][ T7288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.372'.
[  372.890232][ T7281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  372.890744][ T7288] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  372.899627][ T7281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.051954][   T24] cxacru 4-1:2.139: cxacru_bind: interface has incorrect endpoints
[  373.061129][   T24] cxacru 4-1:2.139: usbatm_usb_probe: bind failed: -19!
[  373.121835][   T24] usb 4-1: USB disconnect, device number 14
[  373.445520][   T30] audit: type=1800 audit(1751554332.770:10): pid=7291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.373" name="bus" dev="overlay" ino=415 res=0 errno=0
[  373.641750][ T7298] IPVS: sed: SCTP 172.20.20.187:0 - no destination available
[  373.729349][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  373.917053][   T24] usb 1-1: device descriptor read/64, error -71
[  374.109111][ T5882] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  374.161022][   T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  374.509395][   T24] usb 1-1: device descriptor read/64, error -71
[  374.621054][   T24] usb usb1-port1: attempt power cycle
[  374.629862][ T5882] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.640392][ T5882] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.731629][ T5882] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  374.741199][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  374.749639][ T5882] usb 3-1: SerialNumber: syz
[  374.858960][ T7303] loop1: detected capacity change from 0 to 32768
[  375.049204][   T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  375.098422][ T5882] usb 3-1: 0:2 : does not exist
[  375.129677][   T24] usb 1-1: device descriptor read/8, error -71
[  375.194623][ T7303] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  375.194771][ T7303]   allowing incompatible features above 0.0: (unknown version)
[  375.194854][ T7303]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  375.240383][ T7303] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  375.249047][ T7303] bcachefs (loop1): initializing new filesystem
[  375.268021][ T7303] bcachefs (loop1): going read-write
[  375.277895][ T5882] usb 3-1: USB disconnect, device number 22
[  375.301402][ T7303] bcachefs (loop1): marking superblocks
[  375.349622][ T7303] bcachefs (loop1): initializing freespace
[  375.375840][ T7303] bcachefs (loop1): done initializing freespace
[  375.401481][ T7303] bcachefs (loop1): reading snapshots table
[  375.403263][   T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  375.407718][ T7303] bcachefs (loop1): reading snapshots done
[  375.517369][   T24] usb 1-1: device descriptor read/8, error -71
[  375.533245][ T7303] bcachefs (loop1): done starting filesystem
[  375.635109][   T24] usb usb1-port1: unable to enumerate USB device
[  375.847959][ T5800] bcachefs (loop1): shutting down
[  375.853592][ T5800] bcachefs (loop1): going read-only
[  375.859200][ T5800] bcachefs (loop1): finished waiting for writes to stop
[  375.909124][ T5800] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[  376.115434][ T5800] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  376.172476][ T5800] bcachefs (loop1): clean shutdown complete, journal seq 4
[  376.182387][ T5800] bcachefs (loop1): marking filesystem clean
[  376.193635][ T7320] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  376.253489][ T5800] bcachefs (loop1): shutdown complete
[  377.889047][   T24] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  378.124218][   T24] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  378.132876][   T24] usb 1-1: config 0 has no interface number 0
[  378.226364][   T24] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  378.235826][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.244177][   T24] usb 1-1: Product: syz
[  378.248576][   T24] usb 1-1: Manufacturer: syz
[  378.255897][   T24] usb 1-1: SerialNumber: syz
[  379.361169][ T7338] loop3: detected capacity change from 0 to 1024
[  379.416625][ T7338] hfsplus: Bad value for 'umask'
[  380.810218][    C0] wlan1: beacon TX faster than countdown (channel/color switch) completion
[  381.034130][ T7346] loop1: detected capacity change from 0 to 32768
[  381.159193][   T24] usb 1-1: config 0 descriptor??
[  381.367800][ T7346] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  381.367947][ T7346]   allowing incompatible features above 0.0: (unknown version)
[  381.368040][ T7346]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  381.413824][ T7346] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  381.422526][ T7346] bcachefs (loop1): initializing new filesystem
[  381.449265][ T7346] bcachefs (loop1): going read-write
[  381.498235][   T24] usb 1-1: can't set config #0, error -71
[  381.553516][ T7346] bcachefs (loop1): marking superblocks
[  381.561622][   T24] usb 1-1: USB disconnect, device number 17
[  381.607166][ T7346] bcachefs (loop1): initializing freespace
[  381.640718][ T7346] bcachefs (loop1): done initializing freespace
[  381.660040][ T7346] bcachefs (loop1): reading snapshots table
[  381.666986][ T7346] bcachefs (loop1): reading snapshots done
[  381.759142][ T7346] bcachefs (loop1): done starting filesystem
[  381.968134][ T5800] bcachefs (loop1): shutting down
[  381.973709][ T5800] bcachefs (loop1): going read-only
[  381.979369][ T5800] bcachefs (loop1): finished waiting for writes to stop
[  381.995869][ T7361] netlink: 'syz.2.393': attribute type 11 has an invalid length.
[  382.004734][ T7361] netlink: 20 bytes leftover after parsing attributes in process `syz.2.393'.
[  382.116316][ T5800] bcachefs (loop1): flushing journal and stopping allocators, journal seq 4
[  382.195079][ T7363] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  382.322633][ T5800] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[  382.395779][ T5800] bcachefs (loop1): clean shutdown complete, journal seq 5
[  382.412072][ T7371] netlink: 4 bytes leftover after parsing attributes in process `syz.3.398'.
[  382.430953][ T5800] bcachefs (loop1): marking filesystem clean
[  382.679155][   T24] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  382.872361][   T24] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  382.882036][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.890413][   T24] usb 3-1: Product: syz
[  382.894795][   T24] usb 3-1: Manufacturer: syz
[  382.899842][   T24] usb 3-1: SerialNumber: syz
[  382.951151][   T24] usb 3-1: config 0 descriptor??
[  382.974465][   T24] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 023
[  383.214067][ T7371] loop3: detected capacity change from 0 to 32768
[  383.223348][ T7371] XFS: noikeep mount option is deprecated.
[  383.258619][ T5800] bcachefs (loop1): shutdown complete
[  383.302966][ T7371] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  383.366854][   T24]  (null): failure reading functionality
[  383.401988][   T24] i2c i2c-1: connected i2c-tiny-usb device
[  383.670631][   T24] usb 3-1: USB disconnect, device number 23
[  383.726556][ T7371] XFS (loop3): Ending clean mount
[  383.750608][ T7371] XFS (loop3): Quotacheck needed: Please wait.
[  383.814410][ T7371] XFS (loop3): Quotacheck: Done.
[  383.913543][ T5804] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  383.937118][ T7386] netlink: 24 bytes leftover after parsing attributes in process `syz.0.401'.
[  383.947875][ T7386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.401'.
[  384.281600][   T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  384.489504][   T24] usb 1-1: Using ep0 maxpacket: 16
[  384.519419][   T24] usb 1-1: config 1 has an invalid descriptor of length 249, skipping remainder of the config
[  384.530415][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  384.588519][   T24] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  384.598039][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.609557][   T24] usb 1-1: Product: syz
[  384.614127][   T24] usb 1-1: Manufacturer: syz
[  384.621528][   T24] usb 1-1: SerialNumber: syz
[  384.956126][ T7386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.966180][ T7386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  385.062476][ T7387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  385.071892][ T7387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  385.106656][ T7392] loop3: detected capacity change from 0 to 1024
[  385.132454][ T7392] hfsplus: Bad value for 'umask'
[  385.669416][ T5860] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  385.879476][ T5860] usb 3-1: Using ep0 maxpacket: 32
[  385.950434][ T5860] usb 3-1: config 0 has an invalid interface number: 4 but max is 0
[  385.958866][ T5860] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  385.969406][ T5860] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  385.978618][ T5860] usb 3-1: config 0 has no interface number 1
[  385.985190][ T5860] usb 3-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  386.724901][ T7402] loop0: detected capacity change from 0 to 32768
[  386.746432][ T5860] usb 3-1: New USB device found, idVendor=046d, idProduct=08b0, bcdDevice=e5.27
[  386.759557][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.769129][ T5860] usb 3-1: Product: syz
[  386.773514][ T5860] usb 3-1: Manufacturer: syz
[  386.778321][ T5860] usb 3-1: SerialNumber: syz
[  386.882962][ T5860] usb 3-1: config 0 descriptor??
[  386.922864][ T7399] overlayfs: failed to clone upperpath
[  386.961032][ T5860] pwc: Logitech QuickCam Pro 3000 USB webcam detected.
[  388.149816][   T24] usb 1-1: 0:2 : does not exist
[  388.265894][   T24] usb 1-1: USB disconnect, device number 18
[  388.387219][ T7402] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  388.387362][ T7402]   allowing incompatible features above 0.0: (unknown version)
[  388.387442][ T7402]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  388.439690][ T7402] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  388.448324][ T7402] bcachefs (loop0): initializing new filesystem
[  388.474305][ T7402] bcachefs (loop0): going read-write
[  388.513681][ T7402] bcachefs (loop0): marking superblocks
[  388.580489][ T7402] bcachefs (loop0): initializing freespace
[  388.629813][ T7402] bcachefs (loop0): done initializing freespace
[  388.659943][ T7402] bcachefs (loop0): reading snapshots table
[  388.668478][ T7402] bcachefs (loop0): reading snapshots done
[  388.767788][ T5860] pwc: Failed to set LED on/off time (-71)
[  388.788600][ T5860] pwc: send_video_command error -71
[  388.795168][ T5860] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  388.811321][ T5860] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  388.828345][ T5860] usb 3-1: USB disconnect, device number 24
[  388.845946][ T7402] bcachefs (loop0): done starting filesystem
[  389.124560][ T7425] FAULT_INJECTION: forcing a failure.
[  389.124560][ T7425] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.138358][ T7425] CPU: 0 UID: 0 PID: 7425 Comm: syz.2.409 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  389.138505][ T7425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  389.138583][ T7425] Call Trace:
[  389.138630][ T7425]  <TASK>
[  389.138680][ T7425]  __dump_stack+0x26/0x30
[  389.138835][ T7425]  dump_stack_lvl+0x1df/0x270
[  389.139000][ T7425]  dump_stack+0x1e/0x25
[  389.139141][ T7425]  should_fail_ex+0x7dc/0x8a0
[  389.139319][ T7425]  should_fail+0x2a/0x40
[  389.139457][ T7425]  should_fail_usercopy+0x2e/0x40
[  389.139612][ T7425]  _copy_from_iter+0x1ba/0x3350
[  389.139748][ T7425]  ? kmsan_get_metadata+0xfb/0x160
[  389.139924][ T7425]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  389.140106][ T7425]  ? kmsan_get_metadata+0xfb/0x160
[  389.140279][ T7425]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  389.140487][ T7425]  netlink_sendmsg+0xc64/0x1250
[  389.140650][ T7425]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.140780][ T7425]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.140924][ T7425]  __sock_sendmsg+0x333/0x3d0
[  389.141089][ T7425]  ____sys_sendmsg+0x7e0/0xd80
[  389.141254][ T7425]  ___sys_sendmsg+0x271/0x3b0
[  389.141418][ T7425]  ? __rcu_read_unlock+0x6d/0xd0
[  389.141559][ T7425]  ? __fget_files+0x3b4/0x4a0
[  389.141682][ T7425]  ? __fget_files+0x3b9/0x4a0
[  389.141816][ T7425]  ? kmsan_get_metadata+0xfb/0x160
[  389.141989][ T7425]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  389.142175][ T7425]  __x64_sys_sendmsg+0x211/0x3e0
[  389.142332][ T7425]  ? kmsan_get_metadata+0xfb/0x160
[  389.142523][ T7425]  x64_sys_call+0x32fb/0x3db0
[  389.142691][ T7425]  do_syscall_64+0xd9/0x210
[  389.142822][ T7425]  ? irqentry_exit+0x16/0x60
[  389.142991][ T7425]  ? clear_bhb_loop+0x40/0x90
[  389.143132][ T7425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.143277][ T7425] RIP: 0033:0x7efee0d8e929
[  389.143376][ T7425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.143491][ T7425] RSP: 002b:00007efee1b3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  389.143620][ T7425] RAX: ffffffffffffffda RBX: 00007efee0fb5fa0 RCX: 00007efee0d8e929
[  389.143716][ T7425] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000003
[  389.143799][ T7425] RBP: 00007efee1b3e090 R08: 0000000000000000 R09: 0000000000000000
[  389.143882][ T7425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.143964][ T7425] R13: 0000000000000000 R14: 00007efee0fb5fa0 R15: 00007fff1869bd58
[  389.144085][ T7425]  </TASK>
[  389.585145][ T5814] bcachefs (loop0): shutting down
[  389.591005][ T5814] bcachefs (loop0): going read-only
[  389.596450][ T5814] bcachefs (loop0): finished waiting for writes to stop
[  389.696277][ T5814] bcachefs (loop0): flushing journal and stopping allocators, journal seq 4
[  389.938337][ T5814] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4
[  389.985111][ T5814] bcachefs (loop0): clean shutdown complete, journal seq 5
[  390.015103][ T5814] bcachefs (loop0): marking filesystem clean
[  390.135739][ T5814] bcachefs (loop0): shutdown complete
[  390.409946][   T24] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  390.624786][   T24] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  390.634418][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.645179][   T24] usb 4-1: Product: syz
[  390.650469][   T24] usb 4-1: Manufacturer: syz
[  390.655293][   T24] usb 4-1: SerialNumber: syz
[  390.701098][   T24] usb 4-1: config 0 descriptor??
[  390.716120][   T24] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 015
[  390.954236][ T7446] FAULT_INJECTION: forcing a failure.
[  390.954236][ T7446] name failslab, interval 1, probability 0, space 0, times 0
[  390.968958][ T7446] CPU: 0 UID: 0 PID: 7446 Comm: syz.2.418 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  390.969106][ T7446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  390.969180][ T7446] Call Trace:
[  390.969229][ T7446]  <TASK>
[  390.969275][ T7446]  __dump_stack+0x26/0x30
[  390.969434][ T7446]  dump_stack_lvl+0x1df/0x270
[  390.969595][ T7446]  dump_stack+0x1e/0x25
[  390.969736][ T7446]  should_fail_ex+0x7dc/0x8a0
[  390.969907][ T7446]  should_failslab+0x15b/0x200
[  390.970095][ T7446]  __kmalloc_noprof+0x182/0x1310
[  390.970229][ T7446]  ? tomoyo_realpath_from_path+0xeb/0x9f0
[  390.970392][ T7446]  ? __msan_warning+0x1b/0x30
[  390.970540][ T7446]  ? filter_irq_stacks+0x13f/0x190
[  390.970665][ T7446]  ? kmsan_get_metadata+0xfb/0x160
[  390.970852][ T7446]  tomoyo_realpath_from_path+0xeb/0x9f0
[  390.971028][ T7446]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  390.971220][ T7446]  ? __srcu_read_lock+0x5e/0xd0
[  390.971383][ T7446]  tomoyo_path_number_perm+0x1d0/0x7d0
[  390.971519][ T7446]  ? stack_depot_save_flags+0x35/0x7b0
[  390.971701][ T7446]  ? kmsan_get_metadata+0xfb/0x160
[  390.971870][ T7446]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  390.972086][ T7446]  tomoyo_file_ioctl+0x3d/0x50
[  390.972248][ T7446]  security_file_ioctl+0x141/0x590
[  390.972433][ T7446]  __se_sys_ioctl+0xbb/0x400
[  390.972600][ T7446]  __x64_sys_ioctl+0x97/0xe0
[  390.972761][ T7446]  x64_sys_call+0x1ebe/0x3db0
[  390.972924][ T7446]  do_syscall_64+0xd9/0x210
[  390.973059][ T7446]  ? irqentry_exit+0x16/0x60
[  390.973221][ T7446]  ? clear_bhb_loop+0x40/0x90
[  390.973359][ T7446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.973496][ T7446] RIP: 0033:0x7efee0d8e929
[  390.973592][ T7446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.973706][ T7446] RSP: 002b:00007efee1b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  390.973833][ T7446] RAX: ffffffffffffffda RBX: 00007efee0fb5fa0 RCX: 00007efee0d8e929
[  390.973927][ T7446] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  390.974005][ T7446] RBP: 00007efee1b3e090 R08: 0000000000000000 R09: 0000000000000000
[  390.974095][ T7446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.974172][ T7446] R13: 0000000000000000 R14: 00007efee0fb5fa0 R15: 00007fff1869bd58
[  390.974290][ T7446]  </TASK>
[  390.974351][ T7446] ERROR: Out of memory at tomoyo_realpath_from_path.
[  391.122169][   T24]  (null): failure reading functionality
[  391.128035][ T7446] input: syz1 as /devices/virtual/input/input9
[  391.170989][   T24] i2c i2c-1: connected i2c-tiny-usb device
[  391.395802][   T24] usb 4-1: USB disconnect, device number 15
[  392.499347][ T7458] loop2: detected capacity change from 0 to 512
[  392.571435][ T7458] EXT4-fs warning (device loop2): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop2.
[  392.864339][ T7455] loop1: detected capacity change from 0 to 32768
[  393.049011][ T7455] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  393.049149][ T7455]   allowing incompatible features above 0.0: (unknown version)
[  393.049234][ T7455]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  393.094821][ T7455] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  393.108517][ T7455] bcachefs (loop1): initializing new filesystem
[  393.125692][ T7455] bcachefs (loop1): going read-write
[  393.181495][ T7455] bcachefs (loop1): marking superblocks
[  393.236359][ T7455] bcachefs (loop1): initializing freespace
[  393.262364][ T7455] bcachefs (loop1): done initializing freespace
[  393.281580][ T7455] bcachefs (loop1): reading snapshots table
[  393.287907][ T7455] bcachefs (loop1): reading snapshots done
[  393.419735][ T7455] bcachefs (loop1): done starting filesystem
[  393.811486][ T5800] bcachefs (loop1): shutting down
[  393.811551][ T5800] bcachefs (loop1): going read-only
[  393.811651][ T5800] bcachefs (loop1): finished waiting for writes to stop
[  393.826277][ T5800] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3
[  393.905345][ T7484] loop3: detected capacity change from 0 to 512
[  394.046973][ T7484] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.427: invalid block
[  394.074737][ T7484] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.427: invalid indirect mapped block 4294967295 (level 1)
[  394.092028][ T7484] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.427: invalid indirect mapped block 4294967295 (level 1)
[  394.095902][ T7484] EXT4-fs (loop3): 2 truncates cleaned up
[  394.098258][ T7484] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.162413][ T5800] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[  394.231823][ T5800] bcachefs (loop1): clean shutdown complete, journal seq 5
[  394.242051][ T5800] bcachefs (loop1): marking filesystem clean
[  394.355981][ T5800] bcachefs (loop1): shutdown complete
[  394.510483][ T5804] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.876556][ T7503] loop3: detected capacity change from 0 to 128
[  394.970473][ T7503] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  395.036523][ T7503] ext4 filesystem being mounted at /80/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  395.068553][    C1] vkms_vblank_simulate: vblank timer overrun
[  395.181885][ T7506] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  395.482916][ T7511] loop2: detected capacity change from 0 to 128
[  395.531858][ T7511] udf: Unknown parameter '�'
[  395.701616][ T5804] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  396.315285][ T7521] process 'syz.3.433' launched '/dev/fd/3' with NULL argv: empty string added
[  396.323738][ T7524] FAULT_INJECTION: forcing a failure.
[  396.323738][ T7524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.338394][ T7524] CPU: 1 UID: 0 PID: 7524 Comm: syz.0.435 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  396.338544][ T7524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  396.338620][ T7524] Call Trace:
[  396.338669][ T7524]  <TASK>
[  396.338719][ T7524]  __dump_stack+0x26/0x30
[  396.338873][ T7524]  dump_stack_lvl+0x1df/0x270
[  396.339029][ T7524]  dump_stack+0x1e/0x25
[  396.339166][ T7524]  should_fail_ex+0x7dc/0x8a0
[  396.339333][ T7524]  should_fail+0x2a/0x40
[  396.339475][ T7524]  should_fail_usercopy+0x2e/0x40
[  396.339634][ T7524]  _copy_from_user+0x33/0x100
[  396.339778][ T7524]  do_sock_getsockopt+0x1f6/0x980
[  396.339941][ T7524]  __x64_sys_getsockopt+0x32e/0x520
[  396.340063][ T7524]  ? kmsan_save_stack_with_flags+0x60/0x60
[  396.340241][ T7524]  ? kmsan_save_stack_with_flags+0x60/0x60
[  396.340413][ T7524]  x64_sys_call+0x165d/0x3db0
[  396.340585][ T7524]  do_syscall_64+0xd9/0x210
[  396.340716][ T7524]  ? irqentry_exit+0x16/0x60
[  396.340885][ T7524]  ? clear_bhb_loop+0x40/0x90
[  396.341025][ T7524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.341164][ T7524] RIP: 0033:0x7f7982b8e929
[  396.341263][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.341375][ T7524] RSP: 002b:00007f7983916038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  396.341510][ T7524] RAX: ffffffffffffffda RBX: 00007f7982db5fa0 RCX: 00007f7982b8e929
[  396.341604][ T7524] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000006
[  396.341683][ T7524] RBP: 00007f7983916090 R08: 0000200000000040 R09: 0000000000000000
[  396.341771][ T7524] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.341855][ T7524] R13: 0000000000000000 R14: 00007f7982db5fa0 R15: 00007ffddf1b70d8
[  396.341976][ T7524]  </TASK>
[  396.526152][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.288594][ T7526] tmpfs: Bad value for 'mpol'
[  398.130648][ T7530] loop0: detected capacity change from 0 to 32768
[  398.348239][ T7530] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  398.348387][ T7530]   allowing incompatible features above 0.0: (unknown version)
[  398.348471][ T7530]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  398.350747][ T7528] loop3: detected capacity change from 0 to 4096
[  398.371565][ T7530] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  398.409145][ T7530] bcachefs (loop0): initializing new filesystem
[  398.434475][ T7530] bcachefs (loop0): going read-write
[  398.472619][ T7526] loop2: detected capacity change from 0 to 8192
[  398.481485][ T7530] bcachefs (loop0): marking superblocks
[  398.534554][ T7530] bcachefs (loop0): initializing freespace
[  398.545806][ T7528] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  398.561230][ T7530] bcachefs (loop0): done initializing freespace
[  398.580461][ T7530] bcachefs (loop0): reading snapshots table
[  398.586774][ T7530] bcachefs (loop0): reading snapshots done
[  398.689240][ T7530] bcachefs (loop0): done starting filesystem
[  398.813571][ T7542] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  399.017690][ T5814] bcachefs (loop0): shutting down
[  399.023139][ T5814] bcachefs (loop0): going read-only
[  399.028667][ T5814] bcachefs (loop0): finished waiting for writes to stop
[  399.071764][ T5814] bcachefs (loop0): flushing journal and stopping allocators, journal seq 4
[  399.295045][ T5814] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4
[  399.325068][ T5814] bcachefs (loop0): clean shutdown complete, journal seq 5
[  399.337255][ T5814] bcachefs (loop0): marking filesystem clean
[  399.420244][   T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  399.472728][ T5814] bcachefs (loop0): shutdown complete
[  399.604922][   T24] usb 3-1: Using ep0 maxpacket: 16
[  399.663836][   T24] usb 3-1: New USB device found, idVendor=061d, idProduct=c160, bcdDevice=a8.f7
[  399.683541][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.683664][   T24] usb 3-1: Product: syz
[  399.683758][   T24] usb 3-1: Manufacturer: syz
[  399.701252][   T24] usb 3-1: SerialNumber: syz
[  399.771350][   T24] usb 3-1: config 0 descriptor??
[  399.801345][   T24] quatech2 3-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  400.057041][ T7526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  400.057732][ T7526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.290835][   T24] usb 3-1: qt2_attach - failed to power on unit: -71
[  400.299115][   T24] quatech2 3-1:0.0: probe with driver quatech2 failed with error -71
[  400.313919][   T24] usb 3-1: USB disconnect, device number 25
[  400.560019][ T7566] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  401.077720][ T7575] FAULT_INJECTION: forcing a failure.
[  401.077720][ T7575] name failslab, interval 1, probability 0, space 0, times 0
[  401.093326][ T7575] CPU: 1 UID: 0 PID: 7575 Comm: syz.1.447 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  401.093470][ T7575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  401.093546][ T7575] Call Trace:
[  401.093595][ T7575]  <TASK>
[  401.093642][ T7575]  __dump_stack+0x26/0x30
[  401.093799][ T7575]  dump_stack_lvl+0x1df/0x270
[  401.093972][ T7575]  dump_stack+0x1e/0x25
[  401.094114][ T7575]  should_fail_ex+0x7dc/0x8a0
[  401.094287][ T7575]  should_failslab+0x15b/0x200
[  401.094468][ T7575]  kmem_cache_alloc_noprof+0xf0/0xec0
[  401.094601][ T7575]  ? alloc_empty_file+0x10d/0x5b0
[  401.094755][ T7575]  ? kmsan_get_metadata+0xfb/0x160
[  401.094944][ T7575]  alloc_empty_file+0x10d/0x5b0
[  401.095090][ T7575]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  401.095272][ T7575]  path_openat+0xa1/0x6760
[  401.095424][ T7575]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  401.095603][ T7575]  ? kmsan_get_metadata+0xfb/0x160
[  401.095772][ T7575]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  401.095962][ T7575]  ? do_filp_open+0x31/0x660
[  401.096112][ T7575]  ? filter_irq_stacks+0x49/0x190
[  401.096240][ T7575]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  401.096421][ T7575]  ? stack_depot_save_flags+0x35/0x7b0
[  401.096568][ T7575]  ? kmsan_get_metadata+0xfb/0x160
[  401.096740][ T7575]  ? kmsan_get_metadata+0xfb/0x160
[  401.096920][ T7575]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  401.097085][ T7575]  ? kmsan_get_metadata+0xfb/0x160
[  401.097254][ T7575]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  401.097448][ T7575]  do_filp_open+0x280/0x660
[  401.097667][ T7575]  do_sys_openat2+0x1bb/0x2f0
[  401.097836][ T7575]  __x64_sys_open+0x219/0x2c0
[  401.098009][ T7575]  x64_sys_call+0x18ec/0x3db0
[  401.098175][ T7575]  do_syscall_64+0xd9/0x210
[  401.098305][ T7575]  ? irqentry_exit+0x16/0x60
[  401.098472][ T7575]  ? clear_bhb_loop+0x40/0x90
[  401.098613][ T7575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.098765][ T7575] RIP: 0033:0x7f29a498e929
[  401.098863][ T7575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.098977][ T7575] RSP: 002b:00007f29a570f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  401.099105][ T7575] RAX: ffffffffffffffda RBX: 00007f29a4bb6080 RCX: 00007f29a498e929
[  401.099201][ T7575] RDX: 00000000000001e8 RSI: 0000000000101000 RDI: 0000200000000000
[  401.099288][ T7575] RBP: 00007f29a570f090 R08: 0000000000000000 R09: 0000000000000000
[  401.099370][ T7575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.099449][ T7575] R13: 0000000000000001 R14: 00007f29a4bb6080 R15: 00007ffee05f3148
[  401.099570][ T7575]  </TASK>
[  401.969410][ T5860] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  402.230004][ T5860] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  402.240114][ T5860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.383866][ T5860] usb 4-1: config 0 descriptor??
[  402.466320][ T5860] gspca_main: cpia1-2.14.0 probing 0813:0001
[  403.295583][ T5860] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  403.398990][ T7590] vivid-004: disconnect
[  403.506320][ T7588] vivid-004: reconnect
[  403.611042][ T7586] loop1: detected capacity change from 0 to 4096
[  403.668994][ T7586] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  403.793432][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  403.800319][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  403.915988][ T5860] gspca_cpia1: usb_control_msg 02, error -71
[  403.930993][ T5860] gspca_cpia1: usb_control_msg 05, error -71
[  403.937364][ T5860] cpia1 4-1:0.0: unexpected systemstate: 00
[  403.991682][ T5860] usb 4-1: USB disconnect, device number 16
[  404.165421][ T7585] FAULT_INJECTION: forcing a failure.
[  404.165421][ T7585] name failslab, interval 1, probability 0, space 0, times 0
[  404.178644][ T7585] CPU: 0 UID: 0 PID: 7585 Comm: syz.1.451 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  404.178789][ T7585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  404.178861][ T7585] Call Trace:
[  404.178910][ T7585]  <TASK>
[  404.178954][ T7585]  __dump_stack+0x26/0x30
[  404.179111][ T7585]  dump_stack_lvl+0x1df/0x270
[  404.179276][ T7585]  dump_stack+0x1e/0x25
[  404.179419][ T7585]  should_fail_ex+0x7dc/0x8a0
[  404.179595][ T7585]  should_failslab+0x15b/0x200
[  404.179781][ T7585]  kmem_cache_alloc_noprof+0xf0/0xec0
[  404.179912][ T7585]  ? security_file_alloc+0x7a/0x6e0
[  404.180086][ T7585]  ? kmsan_get_metadata+0x138/0x160
[  404.180253][ T7585]  ? kmsan_get_metadata+0xfb/0x160
[  404.180433][ T7585]  security_file_alloc+0x7a/0x6e0
[  404.180619][ T7585]  init_file+0x91/0x330
[  404.180777][ T7585]  alloc_empty_file+0x165/0x5b0
[  404.180920][ T7585]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  404.181102][ T7585]  path_openat+0xa1/0x6760
[  404.181254][ T7585]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  404.181425][ T7585]  ? kmsan_get_metadata+0xfb/0x160
[  404.181594][ T7585]  ? do_sys_openat2+0x1bb/0x2f0
[  404.181746][ T7585]  ? filter_irq_stacks+0x13f/0x190
[  404.181887][ T7585]  ? stack_depot_save_flags+0x35/0x7b0
[  404.182035][ T7585]  ? kmsan_get_metadata+0xfb/0x160
[  404.182207][ T7585]  ? kmsan_get_metadata+0xfb/0x160
[  404.182378][ T7585]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  404.182548][ T7585]  ? kmsan_get_metadata+0xfb/0x160
[  404.182716][ T7585]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  404.182906][ T7585]  do_filp_open+0x280/0x660
[  404.183123][ T7585]  do_sys_openat2+0x1bb/0x2f0
[  404.183289][ T7585]  __x64_sys_openat+0x240/0x300
[  404.183460][ T7585]  x64_sys_call+0x213/0x3db0
[  404.183633][ T7585]  do_syscall_64+0xd9/0x210
[  404.183764][ T7585]  ? irqentry_exit+0x16/0x60
[  404.183927][ T7585]  ? clear_bhb_loop+0x40/0x90
[  404.184066][ T7585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.184203][ T7585] RIP: 0033:0x7f29a498e929
[  404.184300][ T7585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.184415][ T7585] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  404.184544][ T7585] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  404.184639][ T7585] RDX: 0000000000143042 RSI: 0000200000000d80 RDI: ffffffffffffff9c
[  404.184730][ T7585] RBP: 00007f29a5730090 R08: 0000000000000000 R09: 0000000000000000
[  404.184813][ T7585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.184892][ T7585] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  404.185014][ T7585]  </TASK>
[  404.312907][ T7594] overlayfs: failed to clone upperpath
[  404.314768][    C0] vkms_vblank_simulate: vblank timer overrun
[  404.551763][   T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  404.778260][   T24] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  404.789911][   T24] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  404.810625][   T24] usb 1-1: config 0 interface 0 has no altsetting 0
[  404.817663][   T24] usb 1-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00
[  404.827066][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.951372][   T24] usb 1-1: config 0 descriptor??
[  405.424781][ T7613] loop0: detected capacity change from 0 to 256
[  405.461339][ T7613] exfat: Bad value for 'dmask'
[  405.570980][ T7598] netlink: 3 bytes leftover after parsing attributes in process `syz.0.440'.
[  405.659638][ T5860] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  405.704427][ T7622] loop1: detected capacity change from 0 to 22
[  405.738469][ T7622] romfs: Unknown parameter '~��A�ٍ'
[  405.848585][ T7598] loop0: detected capacity change from 0 to 2048
[  405.893206][ T5860] usb 3-1: unable to read config index 0 descriptor/start: -61
[  405.905014][ T5860] usb 3-1: can't read configurations, error -61
[  406.004760][ T7598] Dev loop0: RDB in block 1 has bad checksum
[  406.107823][ T5860] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  406.200538][ T7628] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  406.341360][ T5860] usb 3-1: unable to read config index 0 descriptor/start: -61
[  406.349629][ T5860] usb 3-1: can't read configurations, error -61
[  406.400506][   T24] usb 1-1: string descriptor 0 read error: -71
[  406.419322][ T5860] usb usb3-port1: attempt power cycle
[  406.498319][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  406.505236][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  406.543563][   T24] usb 1-1: USB disconnect, device number 19
[  406.805954][ T5860] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  406.870981][ T5860] usb 3-1: unable to read config index 0 descriptor/start: -61
[  406.879600][ T5860] usb 3-1: can't read configurations, error -61
[  407.034686][ T5860] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  407.088656][ T5860] usb 3-1: unable to read config index 0 descriptor/start: -61
[  407.096921][ T5860] usb 3-1: can't read configurations, error -61
[  407.190523][ T5860] usb usb3-port1: unable to enumerate USB device
[  407.889214][ T7649] FAULT_INJECTION: forcing a failure.
[  407.889214][ T7649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.903077][ T7649] CPU: 0 UID: 0 PID: 7649 Comm: syz.3.464 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  407.903220][ T7649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.903299][ T7649] Call Trace:
[  407.903348][ T7649]  <TASK>
[  407.903395][ T7649]  __dump_stack+0x26/0x30
[  407.903552][ T7649]  dump_stack_lvl+0x1df/0x270
[  407.903717][ T7649]  dump_stack+0x1e/0x25
[  407.903868][ T7649]  should_fail_ex+0x7dc/0x8a0
[  407.904037][ T7649]  should_fail+0x2a/0x40
[  407.904173][ T7649]  should_fail_usercopy+0x2e/0x40
[  407.904327][ T7649]  _copy_from_iter+0x1ba/0x3350
[  407.904459][ T7649]  ? kmsan_get_metadata+0xfb/0x160
[  407.904637][ T7649]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  407.904820][ T7649]  ? kmsan_get_metadata+0xfb/0x160
[  407.905004][ T7649]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  407.905215][ T7649]  netlink_sendmsg+0xc64/0x1250
[  407.905387][ T7649]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.905525][ T7649]  ? __pfx_netlink_sendmsg+0x10/0x10
[  407.905667][ T7649]  __sock_sendmsg+0x333/0x3d0
[  407.905829][ T7649]  ____sys_sendmsg+0x7e0/0xd80
[  407.905998][ T7649]  ___sys_sendmsg+0x271/0x3b0
[  407.906156][ T7649]  ? __rcu_read_unlock+0x6d/0xd0
[  407.906294][ T7649]  ? __fget_files+0x3b4/0x4a0
[  407.906415][ T7649]  ? __fget_files+0x3b9/0x4a0
[  407.906547][ T7649]  ? kmsan_get_metadata+0xfb/0x160
[  407.906715][ T7649]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  407.906910][ T7649]  __x64_sys_sendmsg+0x211/0x3e0
[  407.907056][ T7649]  ? kmsan_get_metadata+0xfb/0x160
[  407.907246][ T7649]  x64_sys_call+0x32fb/0x3db0
[  407.907414][ T7649]  do_syscall_64+0xd9/0x210
[  407.907542][ T7649]  ? irqentry_exit+0x16/0x60
[  407.907705][ T7649]  ? clear_bhb_loop+0x40/0x90
[  407.907855][ T7649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.907992][ T7649] RIP: 0033:0x7f3bd798e929
[  407.908090][ T7649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.908203][ T7649] RSP: 002b:00007f3bd875b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.908328][ T7649] RAX: ffffffffffffffda RBX: 00007f3bd7bb5fa0 RCX: 00007f3bd798e929
[  407.908424][ T7649] RDX: 0000000000004000 RSI: 0000200000000380 RDI: 0000000000000003
[  407.908512][ T7649] RBP: 00007f3bd875b090 R08: 0000000000000000 R09: 0000000000000000
[  407.908592][ T7649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.908673][ T7649] R13: 0000000000000000 R14: 00007f3bd7bb5fa0 R15: 00007fff2dc35468
[  407.908793][ T7649]  </TASK>
[  408.164452][ T7646] loop1: detected capacity change from 0 to 32768
[  408.328371][ T7653] overlayfs: missing 'lowerdir'
[  408.453239][ T7651] overlayfs: failed to clone upperpath
[  408.512740][ T7657] FAULT_INJECTION: forcing a failure.
[  408.512740][ T7657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.526370][ T7657] CPU: 0 UID: 0 PID: 7657 Comm: syz.2.466 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  408.526516][ T7657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  408.526595][ T7657] Call Trace:
[  408.526642][ T7657]  <TASK>
[  408.526693][ T7657]  __dump_stack+0x26/0x30
[  408.526855][ T7657]  dump_stack_lvl+0x1df/0x270
[  408.527030][ T7657]  dump_stack+0x1e/0x25
[  408.527171][ T7657]  should_fail_ex+0x7dc/0x8a0
[  408.527345][ T7657]  should_fail+0x2a/0x40
[  408.527481][ T7657]  should_fail_usercopy+0x2e/0x40
[  408.527640][ T7657]  _copy_from_iter+0x1ba/0x3350
[  408.527771][ T7657]  ? kmsan_get_metadata+0xfb/0x160
[  408.527950][ T7657]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  408.528135][ T7657]  ? kmsan_get_metadata+0xfb/0x160
[  408.528309][ T7657]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  408.528524][ T7657]  netlink_sendmsg+0xc64/0x1250
[  408.528698][ T7657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.528827][ T7657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.528969][ T7657]  __sock_sendmsg+0x333/0x3d0
[  408.529142][ T7657]  ____sys_sendmsg+0x7e0/0xd80
[  408.529310][ T7657]  ___sys_sendmsg+0x271/0x3b0
[  408.529468][ T7657]  ? __rcu_read_unlock+0x6d/0xd0
[  408.529606][ T7657]  ? __fget_files+0x3b4/0x4a0
[  408.529746][ T7657]  ? __fget_files+0x3b9/0x4a0
[  408.529875][ T7657]  ? kmsan_get_metadata+0xfb/0x160
[  408.530054][ T7657]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  408.530243][ T7657]  __x64_sys_sendmsg+0x211/0x3e0
[  408.530390][ T7657]  ? kmsan_get_metadata+0xfb/0x160
[  408.530578][ T7657]  x64_sys_call+0x32fb/0x3db0
[  408.530747][ T7657]  do_syscall_64+0xd9/0x210
[  408.530875][ T7657]  ? irqentry_exit+0x16/0x60
[  408.531050][ T7657]  ? clear_bhb_loop+0x40/0x90
[  408.531192][ T7657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.531327][ T7657] RIP: 0033:0x7efee0d8e929
[  408.531427][ T7657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.531542][ T7657] RSP: 002b:00007efee1b3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  408.531668][ T7657] RAX: ffffffffffffffda RBX: 00007efee0fb5fa0 RCX: 00007efee0d8e929
[  408.531763][ T7657] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  408.531846][ T7657] RBP: 00007efee1b3e090 R08: 0000000000000000 R09: 0000000000000000
[  408.531927][ T7657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.532005][ T7657] R13: 0000000000000000 R14: 00007efee0fb5fa0 R15: 00007fff1869bd58
[  408.532124][ T7657]  </TASK>
[  409.101419][ T7646] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  409.101565][ T7646]   allowing incompatible features above 0.0: (unknown version)
[  409.101648][ T7646]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  409.147038][ T7646] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  409.156115][ T7646] bcachefs (loop1): initializing new filesystem
[  409.173759][ T7646] bcachefs (loop1): going read-write
[  409.226409][ T7666] loop3: detected capacity change from 0 to 128
[  409.235401][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.243217][ T7646] bcachefs (loop1): marking superblocks
[  409.293502][ T7646] bcachefs (loop1): initializing freespace
[  409.319018][ T7646] bcachefs (loop1): done initializing freespace
[  409.337504][ T7646] bcachefs (loop1): reading snapshots table
[  409.344035][ T7646] bcachefs (loop1): reading snapshots done
[  409.403204][ T7666] loop3: detected capacity change from 0 to 128
[  409.411552][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.433097][ T7666] loop3: detected capacity change from 0 to 128
[  409.441041][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.460053][ T7666] loop3: detected capacity change from 0 to 128
[  409.468063][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.492721][ T7646] bcachefs (loop1): done starting filesystem
[  409.549779][ T7666] loop3: detected capacity change from 0 to 128
[  409.558244][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.613715][ T7666] loop3: detected capacity change from 0 to 128
[  409.629303][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.702948][ T7666] loop3: detected capacity change from 0 to 128
[  409.711185][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.713211][ T5800] bcachefs (loop1): shutting down
[  409.723324][ T5800] bcachefs (loop1): going read-only
[  409.729039][ T5800] bcachefs (loop1): finished waiting for writes to stop
[  409.733481][ T7666] loop3: detected capacity change from 0 to 128
[  409.746483][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.779037][ T5800] bcachefs (loop1): flushing journal and stopping allocators, journal seq 4
[  409.815535][ T7666] loop3: detected capacity change from 0 to 128
[  409.827503][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  409.926460][ T7666] loop3: detected capacity change from 0 to 128
[  409.964496][ T5800] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[  410.000700][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.023186][ T5800] bcachefs (loop1): clean shutdown complete, journal seq 5
[  410.034315][ T5800] bcachefs (loop1): marking filesystem clean
[  410.105586][ T5800] bcachefs (loop1): shutdown complete
[  410.119468][ T7666] loop3: detected capacity change from 0 to 128
[  410.140502][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.187593][ T7666] loop3: detected capacity change from 0 to 128
[  410.266950][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.350158][ T7679] netlink: 240 bytes leftover after parsing attributes in process `syz.4.473'.
[  410.363904][ T7666] loop3: detected capacity change from 0 to 128
[  410.390724][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.424949][ T7666] loop3: detected capacity change from 0 to 128
[  410.480205][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.513263][ T7666] loop3: detected capacity change from 0 to 128
[  410.535579][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.633932][ T7666] loop3: detected capacity change from 0 to 128
[  410.668461][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.737902][ T7666] loop3: detected capacity change from 0 to 128
[  410.753975][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.784471][ T7666] loop3: detected capacity change from 0 to 128
[  410.799597][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.843642][ T7666] loop3: detected capacity change from 0 to 128
[  410.911023][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  410.957353][ T7666] loop3: detected capacity change from 0 to 128
[  410.994482][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.047994][ T7666] loop3: detected capacity change from 0 to 128
[  411.065879][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.149185][ T7666] loop3: detected capacity change from 0 to 128
[  411.167995][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.254536][ T7666] loop3: detected capacity change from 0 to 128
[  411.265746][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.304525][ T7666] loop3: detected capacity change from 0 to 128
[  411.329204][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.360506][ T7666] loop3: detected capacity change from 0 to 128
[  411.368371][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.387471][ T7666] loop3: detected capacity change from 0 to 128
[  411.396118][ T7688] loop2: detected capacity change from 0 to 8192
[  411.420795][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.453244][ T7666] loop3: detected capacity change from 0 to 128
[  411.475388][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.507121][   T30] audit: type=1800 audit(1751554370.830:11): pid=7688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.477" name="file1" dev="loop2" ino=1048621 res=0 errno=0
[  411.533871][ T7688] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  411.544092][ T7688] FAT-fs (loop2): Filesystem has been set read-only
[  411.560062][ T7666] loop3: detected capacity change from 0 to 128
[  411.568100][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.583763][ T7688] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068)
[  411.599150][ T7693] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  411.606270][ T7666] loop3: detected capacity change from 0 to 128
[  411.615067][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.744548][ T7666] loop3: detected capacity change from 0 to 128
[  411.822156][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.891833][ T7666] loop3: detected capacity change from 0 to 128
[  411.911461][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  411.986314][ T7666] loop3: detected capacity change from 0 to 128
[  412.009512][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  412.066889][ T7666] loop3: detected capacity change from 0 to 128
[  412.092641][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  412.138503][ T7666] loop3: detected capacity change from 0 to 128
[  412.166515][ T7666] zonefs: Unknown parameter '00000000000000000000'
[  412.569971][ T5860] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  412.680791][   T24] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  412.739192][ T5860] usb 3-1: Using ep0 maxpacket: 16
[  412.768916][ T5860] usb 3-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  412.778356][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.786813][ T5860] usb 3-1: Product: syz
[  412.791260][ T5860] usb 3-1: Manufacturer: syz
[  412.796080][ T5860] usb 3-1: SerialNumber: syz
[  412.826949][ T5860] usb 3-1: config 0 descriptor??
[  412.843792][ T5860] usb 3-1: Found UVC 0.00 device syz (046d:0721)
[  412.850694][ T5860] usb 3-1: No valid video chain found.
[  412.881669][   T24] usb 4-1: Using ep0 maxpacket: 8
[  412.919412][   T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  412.929586][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.937843][   T24] usb 4-1: Product: syz
[  412.942336][   T24] usb 4-1: Manufacturer: syz
[  412.947169][   T24] usb 4-1: SerialNumber: syz
[  412.974312][   T24] usb 4-1: config 0 descriptor??
[  413.052017][ T5860] usb 3-1: USB disconnect, device number 30
[  413.093616][ T7705] netlink: 24 bytes leftover after parsing attributes in process `syz.1.471'.
[  413.116728][ T7706] IPVS: sync thread started: state = MASTER, mcast_ifn = wlan0, syncid = 33554432, id = 0
[  413.192293][ T7705] loop1: detected capacity change from 0 to 1024
[  413.210667][   T24] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  413.253027][ T7705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  413.394575][ T7712] capability: warning: `syz.1.471' uses deprecated v2 capabilities in a way that may be insecure
[  413.432307][ T7715] netlink: 8 bytes leftover after parsing attributes in process `syz.4.484'.
[  413.441871][ T7715] netlink: 72 bytes leftover after parsing attributes in process `syz.4.484'.
[  413.834539][ T7699] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  413.951248][ T5800] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.339002][ T5860] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  414.479806][ T5860] usb 3-1: device descriptor read/64, error -71
[  414.735839][ T5860] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  414.826386][ T7722] FAULT_INJECTION: forcing a failure.
[  414.826386][ T7722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.840382][ T7722] CPU: 0 UID: 0 PID: 7722 Comm: syz.1.487 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  414.840526][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.840602][ T7722] Call Trace:
[  414.840649][ T7722]  <TASK>
[  414.840696][ T7722]  __dump_stack+0x26/0x30
[  414.840855][ T7722]  dump_stack_lvl+0x1df/0x270
[  414.841019][ T7722]  dump_stack+0x1e/0x25
[  414.841165][ T7722]  should_fail_ex+0x7dc/0x8a0
[  414.841334][ T7722]  should_fail+0x2a/0x40
[  414.841473][ T7722]  should_fail_usercopy+0x2e/0x40
[  414.841632][ T7722]  _copy_to_user+0x35/0x120
[  414.841764][ T7722]  ? video_usercopy+0x1a1d/0x1f70
[  414.841896][ T7722]  video_usercopy+0x1a54/0x1f70
[  414.842092][ T7722]  ? kmsan_get_metadata+0xfb/0x160
[  414.842266][ T7722]  ? __pfx_video_ioctl2+0x10/0x10
[  414.842390][ T7722]  video_ioctl2+0x46/0x60
[  414.842512][ T7722]  v4l2_ioctl+0x1b8/0x200
[  414.842684][ T7722]  ? __pfx_v4l2_ioctl+0x10/0x10
[  414.842851][ T7722]  __se_sys_ioctl+0x23c/0x400
[  414.843018][ T7722]  __x64_sys_ioctl+0x97/0xe0
[  414.843185][ T7722]  x64_sys_call+0x1ebe/0x3db0
[  414.843349][ T7722]  do_syscall_64+0xd9/0x210
[  414.843480][ T7722]  ? irqentry_exit+0x16/0x60
[  414.843642][ T7722]  ? clear_bhb_loop+0x40/0x90
[  414.843783][ T7722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.843921][ T7722] RIP: 0033:0x7f29a498e929
[  414.844016][ T7722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.844137][ T7722] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  414.844263][ T7722] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  414.844357][ T7722] RDX: 0000200000000100 RSI: 00000000c0745645 RDI: 0000000000000003
[  414.844443][ T7722] RBP: 00007f29a5730090 R08: 0000000000000000 R09: 0000000000000000
[  414.844526][ T7722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.844605][ T7722] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  414.844725][ T7722]  </TASK>
[  415.226794][ T7699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.236866][ T7699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.250626][ T5860] usb 3-1: device descriptor read/64, error -71
[  415.305858][ T7717] overlayfs: failed to clone upperpath
[  415.342401][ T7724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.488'.
[  415.361351][ T5860] usb usb3-port1: attempt power cycle
[  415.394086][ T7724] FAULT_INJECTION: forcing a failure.
[  415.394086][ T7724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.411942][ T7724] CPU: 1 UID: 0 PID: 7724 Comm: syz.1.488 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  415.412093][ T7724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  415.412171][ T7724] Call Trace:
[  415.412220][ T7724]  <TASK>
[  415.412267][ T7724]  __dump_stack+0x26/0x30
[  415.412427][ T7724]  dump_stack_lvl+0x1df/0x270
[  415.412592][ T7724]  dump_stack+0x1e/0x25
[  415.412735][ T7724]  should_fail_ex+0x7dc/0x8a0
[  415.412904][ T7724]  should_fail+0x2a/0x40
[  415.413045][ T7724]  should_fail_usercopy+0x2e/0x40
[  415.413202][ T7724]  _copy_from_iter+0x1ba/0x3350
[  415.413333][ T7724]  ? kmsan_get_metadata+0xfb/0x160
[  415.413510][ T7724]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  415.413692][ T7724]  ? kmsan_get_metadata+0xfb/0x160
[  415.413856][ T7724]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  415.414067][ T7724]  netlink_sendmsg+0xc64/0x1250
[  415.414232][ T7724]  ? __pfx_netlink_sendmsg+0x10/0x10
[  415.414370][ T7724]  ? __pfx_netlink_sendmsg+0x10/0x10
[  415.414514][ T7724]  __sock_sendmsg+0x333/0x3d0
[  415.414679][ T7724]  ____sys_sendmsg+0x7e0/0xd80
[  415.414843][ T7724]  ___sys_sendmsg+0x271/0x3b0
[  415.415007][ T7724]  ? __rcu_read_unlock+0x6d/0xd0
[  415.415143][ T7724]  ? __fget_files+0x3b4/0x4a0
[  415.415268][ T7724]  ? __fget_files+0x3b9/0x4a0
[  415.415396][ T7724]  ? kmsan_get_metadata+0xfb/0x160
[  415.415570][ T7724]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  415.415758][ T7724]  __x64_sys_sendmsg+0x211/0x3e0
[  415.415909][ T7724]  ? kmsan_get_metadata+0xfb/0x160
[  415.416105][ T7724]  x64_sys_call+0x32fb/0x3db0
[  415.416271][ T7724]  do_syscall_64+0xd9/0x210
[  415.416403][ T7724]  ? irqentry_exit+0x16/0x60
[  415.416572][ T7724]  ? clear_bhb_loop+0x40/0x90
[  415.416718][ T7724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.416858][ T7724] RIP: 0033:0x7f29a498e929
[  415.416957][ T7724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.417071][ T7724] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  415.417197][ T7724] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  415.417290][ T7724] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  415.417373][ T7724] RBP: 00007f29a5730090 R08: 0000000000000000 R09: 0000000000000000
[  415.417457][ T7724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.417537][ T7724] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  415.417650][ T7724]  </TASK>
[  415.999709][ T5860] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  416.022142][ T5860] usb 3-1: device descriptor read/8, error -71
[  416.150291][   T24] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  416.166036][   T24] usb 4-1: USB disconnect, device number 17
[  416.174596][ T5882] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  416.259170][ T5860] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  416.280039][ T5860] usb 3-1: device descriptor read/8, error -71
[  416.340649][ T5882] usb 2-1: Using ep0 maxpacket: 8
[  416.362558][ T5882] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  416.372143][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.380954][ T5882] usb 2-1: Product: syz
[  416.385295][ T5882] usb 2-1: Manufacturer: syz
[  416.390291][ T5882] usb 2-1: SerialNumber: syz
[  416.400501][ T5882] usb 2-1: config 0 descriptor??
[  416.405843][ T5860] usb usb3-port1: unable to enumerate USB device
[  416.416359][ T5882] gspca_main: sq930x-2.14.0 probing 2770:930c
[  417.049024][ T7728] netlink: 24 bytes leftover after parsing attributes in process `syz.1.490'.
[  417.429033][ T5882] gspca_sq930x: reg_w 0305 fd00 failed -110
[  418.152772][ T7744] FAULT_INJECTION: forcing a failure.
[  418.152772][ T7744] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.166708][ T7744] CPU: 0 UID: 0 PID: 7744 Comm: syz.3.495 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  418.166860][ T7744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.166935][ T7744] Call Trace:
[  418.166985][ T7744]  <TASK>
[  418.167031][ T7744]  __dump_stack+0x26/0x30
[  418.167188][ T7744]  dump_stack_lvl+0x1df/0x270
[  418.167353][ T7744]  dump_stack+0x1e/0x25
[  418.167494][ T7744]  should_fail_ex+0x7dc/0x8a0
[  418.167664][ T7744]  should_fail+0x2a/0x40
[  418.167805][ T7744]  should_fail_usercopy+0x2e/0x40
[  418.167962][ T7744]  _copy_from_iter+0x1ba/0x3350
[  418.168096][ T7744]  ? kmsan_get_metadata+0xfb/0x160
[  418.168271][ T7744]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  418.168453][ T7744]  ? kmsan_get_metadata+0xfb/0x160
[  418.168641][ T7744]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  418.168856][ T7744]  netlink_sendmsg+0xc64/0x1250
[  418.169024][ T7744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  418.169159][ T7744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  418.169301][ T7744]  __sock_sendmsg+0x333/0x3d0
[  418.169462][ T7744]  ____sys_sendmsg+0x7e0/0xd80
[  418.169630][ T7744]  ___sys_sendmsg+0x271/0x3b0
[  418.169791][ T7744]  ? __rcu_read_unlock+0x6d/0xd0
[  418.169927][ T7744]  ? __fget_files+0x3b4/0x4a0
[  418.170052][ T7744]  ? __fget_files+0x3b9/0x4a0
[  418.170181][ T7744]  ? kmsan_get_metadata+0xfb/0x160
[  418.170351][ T7744]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  418.170540][ T7744]  __x64_sys_sendmsg+0x211/0x3e0
[  418.170690][ T7744]  ? kmsan_get_metadata+0xfb/0x160
[  418.170885][ T7744]  x64_sys_call+0x32fb/0x3db0
[  418.171049][ T7744]  do_syscall_64+0xd9/0x210
[  418.171181][ T7744]  ? irqentry_exit+0x16/0x60
[  418.171346][ T7744]  ? clear_bhb_loop+0x40/0x90
[  418.171493][ T7744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.171629][ T7744] RIP: 0033:0x7f3bd798e929
[  418.171727][ T7744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.171848][ T7744] RSP: 002b:00007f3bd875b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  418.171976][ T7744] RAX: ffffffffffffffda RBX: 00007f3bd7bb5fa0 RCX: 00007f3bd798e929
[  418.172070][ T7744] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  418.172153][ T7744] RBP: 00007f3bd875b090 R08: 0000000000000000 R09: 0000000000000000
[  418.172236][ T7744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.172314][ T7744] R13: 0000000000000000 R14: 00007f3bd7bb5fa0 R15: 00007fff2dc35468
[  418.172433][ T7744]  </TASK>
[  418.639158][ T5882] gspca_sq930x: Unknown sensor
[  418.644756][ T5882] sq930x 2-1:0.0: probe with driver sq930x failed with error -22
[  418.672943][ T7749] netlink: 24 bytes leftover after parsing attributes in process `syz.2.497'.
[  418.965985][ T7753] netlink: 12 bytes leftover after parsing attributes in process `syz.0.498'.
[  419.064818][ T5860] usb 2-1: USB disconnect, device number 22
[  419.156518][ T7755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'.
[  419.225600][ T7755] loop3: detected capacity change from 0 to 256
[  419.306976][ T7755] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 256)
[  419.820157][ T5860] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  419.849044][   T24] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  420.045956][   T24] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  420.055425][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.063766][   T24] usb 3-1: Product: syz
[  420.065696][ T5860] usb 2-1: config 0 has no interfaces?
[  420.068087][   T24] usb 3-1: Manufacturer: syz
[  420.078535][   T24] usb 3-1: SerialNumber: syz
[  420.082144][ T5860] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  420.093431][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.101844][ T5860] usb 2-1: Product: syz
[  420.106226][ T5860] usb 2-1: Manufacturer: syz
[  420.111187][ T5860] usb 2-1: SerialNumber: syz
[  420.124579][ T7770] overlayfs: failed to resolve './file0': -2
[  420.192015][   T24] usb 3-1: config 0 descriptor??
[  420.215054][ T5860] usb 2-1: config 0 descriptor??
[  420.220999][   T24] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 035
[  420.468165][ T5860] usb 2-1: USB disconnect, device number 23
[  420.648640][   T24]  (null): failure reading functionality
[  420.678374][   T24] i2c i2c-1: failure reading functionality
[  420.703239][ T5882] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  420.724230][   T24] i2c i2c-1: connected i2c-tiny-usb device
[  420.727324][ T7778] netlink: 20 bytes leftover after parsing attributes in process `syz.3.509'.
[  420.750727][   T24] usb 3-1: USB disconnect, device number 35
[  420.916486][ T5882] usb 1-1: Using ep0 maxpacket: 8
[  420.946687][ T5882] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  420.957601][ T5882] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  420.968970][ T5882] usb 1-1: config 0 has no interface number 0
[  420.975504][ T5882] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  420.986917][ T5882] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  421.000287][ T5882] usb 1-1: config 0 interface 52 has no altsetting 0
[  421.029989][ T5882] usb 1-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  421.040344][ T5882] usb 1-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  421.049176][ T5882] usb 1-1: Manufacturer: syz
[  421.115908][ T5882] usb 1-1: config 0 descriptor??
[  421.382810][ T5882] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input10
[  421.402213][ T7785] netlink: 24 bytes leftover after parsing attributes in process `syz.4.511'.
[  421.680193][ T5860] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  421.791497][ T7792] FAULT_INJECTION: forcing a failure.
[  421.791497][ T7792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.805254][ T7792] CPU: 0 UID: 0 PID: 7792 Comm: syz.3.513 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  421.805398][ T7792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  421.805475][ T7792] Call Trace:
[  421.805521][ T7792]  <TASK>
[  421.805571][ T7792]  __dump_stack+0x26/0x30
[  421.805733][ T7792]  dump_stack_lvl+0x1df/0x270
[  421.805897][ T7792]  dump_stack+0x1e/0x25
[  421.806037][ T7792]  should_fail_ex+0x7dc/0x8a0
[  421.806208][ T7792]  should_fail+0x2a/0x40
[  421.806350][ T7792]  should_fail_usercopy+0x2e/0x40
[  421.806507][ T7792]  _copy_from_iter+0x1ba/0x3350
[  421.806639][ T7792]  ? kmsan_get_metadata+0xfb/0x160
[  421.806816][ T7792]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  421.806994][ T7792]  ? kmsan_get_metadata+0xfb/0x160
[  421.807166][ T7792]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  421.807392][ T7792]  netlink_sendmsg+0xc64/0x1250
[  421.807561][ T7792]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.807699][ T7792]  ? __pfx_netlink_sendmsg+0x10/0x10
[  421.807838][ T7792]  __sock_sendmsg+0x333/0x3d0
[  421.808001][ T7792]  ____sys_sendmsg+0x7e0/0xd80
[  421.808185][ T7792]  ___sys_sendmsg+0x271/0x3b0
[  421.808348][ T7792]  ? __rcu_read_unlock+0x6d/0xd0
[  421.808485][ T7792]  ? __fget_files+0x3b4/0x4a0
[  421.808607][ T7792]  ? __fget_files+0x3b9/0x4a0
[  421.808741][ T7792]  ? kmsan_get_metadata+0xfb/0x160
[  421.808912][ T7792]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  421.809097][ T7792]  __x64_sys_sendmsg+0x211/0x3e0
[  421.809251][ T7792]  ? kmsan_get_metadata+0xfb/0x160
[  421.809439][ T7792]  x64_sys_call+0x32fb/0x3db0
[  421.809613][ T7792]  do_syscall_64+0xd9/0x210
[  421.809742][ T7792]  ? irqentry_exit+0x16/0x60
[  421.809910][ T7792]  ? clear_bhb_loop+0x40/0x90
[  421.810052][ T7792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.810190][ T7792] RIP: 0033:0x7f3bd798e929
[  421.810294][ T7792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.810410][ T7792] RSP: 002b:00007f3bd875b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  421.810534][ T7792] RAX: ffffffffffffffda RBX: 00007f3bd7bb5fa0 RCX: 00007f3bd798e929
[  421.810627][ T7792] RDX: 0000000000000010 RSI: 00002000000016c0 RDI: 0000000000000004
[  421.810710][ T7792] RBP: 00007f3bd875b090 R08: 0000000000000000 R09: 0000000000000000
[  421.810794][ T7792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.810869][ T7792] R13: 0000000000000000 R14: 00007f3bd7bb5fa0 R15: 00007fff2dc35468
[  421.810989][ T7792]  </TASK>
[  422.077297][ T5803] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  422.091739][ T7793] loop0: detected capacity change from 0 to 256
[  422.100429][ T7793] msdos: Unknown parameter '0xffffffffffffffff0xffffffffffffffff���?��iH�f3A��n���y�I����[�	#⩾�� �\1������E�<P5#��Z/��.�Aݟ_��<eݺ}�p�Y�-.D��ԍ�J^m���G5��`��0�ٷGx�u|������H���p@'ˢ—���2��
��bY��o�r��VS���F�l}/�$�hI'
[  422.169344][ T7791] loop2: detected capacity change from 0 to 2048
[  422.244017][ T7791] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  422.249707][ T5860] usb 2-1: config index 0 descriptor too short (expected 30768, got 36)
[  422.271512][ T5860] usb 2-1: config 102 has too many interfaces: 102, using maximum allowed: 32
[  422.280936][ T5860] usb 2-1: config 102 has an invalid descriptor of length 102, skipping remainder of the config
[  422.296518][ T5860] usb 2-1: config 102 has 0 interfaces, different from the descriptor's value: 102
[  422.306335][ T5860] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  422.315808][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.687678][ T5882] usb 2-1: USB disconnect, device number 24
[  423.841746][ T5817] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.050024][ T1912] usb 1-1: USB disconnect, device number 20
[  424.050239][    C1] synaptics_usb 1-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  424.104654][ T7805] overlayfs: failed to resolve './file0': -2
[  424.766696][ T7819] netlink: 20 bytes leftover after parsing attributes in process `syz.4.523'.
[  424.989269][ T5882] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  424.997635][   T24] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  425.089189][ T1912] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  425.139130][ T5860] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  425.199078][   T24] usb 2-1: config 0 has no interfaces?
[  425.207868][ T5882] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  425.210346][ T7831] bond0: (slave bond_slave_0): Releasing backup interface
[  425.218632][ T5882] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  425.235248][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.255341][   T24] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  425.260387][ T1912] usb 3-1: Using ep0 maxpacket: 8
[  425.264911][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.277962][   T24] usb 2-1: Product: syz
[  425.282424][   T24] usb 2-1: Manufacturer: syz
[  425.287241][   T24] usb 2-1: SerialNumber: syz
[  425.297528][ T5882] usb 1-1: config 0 descriptor??
[  425.313901][ T5882] pwc: Askey VC010 type 2 USB webcam detected.
[  425.320865][ T5860] usb 4-1: Using ep0 maxpacket: 16
[  425.325042][   T24] usb 2-1: config 0 descriptor??
[  425.334907][ T1912] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  425.344690][ T1912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.353344][ T1912] usb 3-1: Product: syz
[  425.361449][ T1912] usb 3-1: Manufacturer: syz
[  425.366266][ T1912] usb 3-1: SerialNumber: syz
[  425.386231][ T1912] usb 3-1: config 0 descriptor??
[  425.387695][   T24] IPVS: starting estimator thread 0...
[  425.410458][ T1912] gspca_main: sq930x-2.14.0 probing 2770:930c
[  425.421683][ T5860] usb 4-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82
[  425.431636][ T5860] usb 4-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10
[  425.440392][ T5860] usb 4-1: Product: syz
[  425.444948][ T5860] usb 4-1: Manufacturer: syz
[  425.450062][ T5860] usb 4-1: SerialNumber: syz
[  425.487467][ T5860] usb 4-1: config 0 descriptor??
[  425.499458][ T7832] IPVS: using max 240 ests per chain, 12000 per kthread
[  425.519656][ T5860] usb 4-1: selecting invalid altsetting 1
[  425.552986][   T24] usb 2-1: USB disconnect, device number 25
[  425.626058][ T5860] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22
[  425.774698][ T5882] pwc: recv_control_msg error -32 req 02 val 2b00
[  425.785907][ T5882] pwc: recv_control_msg error -32 req 02 val 2700
[  425.807299][ T5882] pwc: recv_control_msg error -32 req 02 val 2c00
[  425.836888][ T5882] pwc: recv_control_msg error -32 req 04 val 1000
[  425.849153][ T5882] pwc: recv_control_msg error -32 req 04 val 1300
[  425.859454][ T5882] pwc: recv_control_msg error -32 req 04 val 1400
[  425.876248][ T5882] pwc: recv_control_msg error -32 req 02 val 2000
[  425.890421][ T7837] netlink: 16 bytes leftover after parsing attributes in process `syz.3.524'.
[  425.908410][ T5882] pwc: recv_control_msg error -32 req 02 val 2100
[  425.922084][ T5882] pwc: recv_control_msg error -32 req 04 val 1500
[  426.050380][ T7824] netlink: 24 bytes leftover after parsing attributes in process `syz.2.525'.
[  426.133779][ T5882] pwc: recv_control_msg error -71 req 02 val 2400
[  426.172868][ T5882] pwc: recv_control_msg error -71 req 02 val 2600
[  426.252530][ T5882] pwc: recv_control_msg error -71 req 02 val 2900
[  426.302974][ T5882] pwc: recv_control_msg error -71 req 02 val 2800
[  426.352717][ T5882] pwc: recv_control_msg error -71 req 04 val 1100
[  426.416833][ T5882] pwc: recv_control_msg error -71 req 04 val 1200
[  426.468511][ T5882] pwc: Registered as video103.
[  426.476104][ T5882] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input11
[  426.618895][ T1912] gspca_sq930x: reg_w 0305 fd00 failed -110
[  426.805572][ T5882] usb 1-1: USB disconnect, device number 21
[  427.076849][ T7843] overlayfs: failed to resolve './file0': -2
[  427.850010][ T7845] loop0: detected capacity change from 0 to 16
[  427.913491][ T7845] erofs (device loop0): mounted with root inode @ nid 36.
[  428.021057][ T1912] gspca_sq930x: Unknown sensor
[  428.026268][ T1912] sq930x 3-1:0.0: probe with driver sq930x failed with error -22
[  428.043214][ T1912] usb 3-1: USB disconnect, device number 36
[  428.193206][ T5860] usb 4-1: USB disconnect, device number 18
[  428.337887][ T7849] loop2: detected capacity change from 0 to 8
[  428.379841][ T7849] unable to read xattr id index table
[  429.142892][ T3620] bridge_slave_1: left allmulticast mode
[  429.154653][ T3620] bridge_slave_1: left promiscuous mode
[  429.161483][ T3620] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.221426][ T3620] bridge_slave_0: left allmulticast mode
[  429.227484][ T3620] bridge_slave_0: left promiscuous mode
[  429.234215][ T3620] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.483274][ T7853] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  429.494594][ T7856] loop3: detected capacity change from 0 to 4096
[  429.575411][ T7856] nilfs2: Unknown parameter ''
[  429.711990][ T3620] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  429.744015][ T3620] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  429.771456][ T3620] bond0 (unregistering): Released all slaves
[  430.353571][ T3620] hsr_slave_0: left promiscuous mode
[  430.379822][ T3620] hsr_slave_1: left promiscuous mode
[  430.387711][ T3620] batman_adv: batadv0: Removing interface: batadv_slave_0
[  430.426179][ T3620] batman_adv: batadv0: Removing interface: batadv_slave_1
[  430.920020][ T3620] team0 (unregistering): Port device team_slave_1 removed
[  431.006393][ T3620] team0 (unregistering): Port device team_slave_0 removed
[  431.170602][ T7875] overlayfs: failed to resolve './file0': -2
[  431.716948][ T5882] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  431.839526][ T5860] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  431.932314][ T5882] usb 3-1: config 0 has no interfaces?
[  431.951731][ T5882] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  431.961218][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.969559][ T5882] usb 3-1: Product: syz
[  431.973942][ T5882] usb 3-1: Manufacturer: syz
[  431.978869][ T5882] usb 3-1: SerialNumber: syz
[  432.005890][ T5882] usb 3-1: config 0 descriptor??
[  432.042306][ T5860] usb 4-1: Using ep0 maxpacket: 8
[  432.084795][ T5860] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  432.094427][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.102871][ T5860] usb 4-1: Product: syz
[  432.107261][ T5860] usb 4-1: Manufacturer: syz
[  432.112259][ T5860] usb 4-1: SerialNumber: syz
[  432.181117][ T5860] usb 4-1: config 0 descriptor??
[  432.205755][ T5860] gspca_main: sq930x-2.14.0 probing 2770:930c
[  432.233668][ T1912] usb 3-1: USB disconnect, device number 37
[  432.262726][ T5812] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  432.278158][ T5812] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  432.288371][ T5812] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  432.317128][ T5812] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  432.334921][ T5812] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  432.479021][ T7894] netlink: 16 bytes leftover after parsing attributes in process `syz.1.547'.
[  432.837681][ T7883] netlink: 24 bytes leftover after parsing attributes in process `syz.3.545'.
[  433.192032][ T5860] gspca_sq930x: reg_w 0305 fd00 failed -110
[  434.069370][ T5860] gspca_sq930x: Unknown sensor
[  434.074991][ T5860] sq930x 4-1:0.0: probe with driver sq930x failed with error -22
[  434.386526][ T5812] Bluetooth: hci3: command tx timeout
[  434.504396][ T1912] usb 4-1: USB disconnect, device number 19
[  434.516820][ T7889] chnl_net:caif_netlink_parms(): no params data found
[  435.660826][ T7926] loop3: detected capacity change from 0 to 512
[  435.670438][ T7926] EXT4-fs: Ignoring removed orlov option
[  435.730748][ T7926] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  435.834191][ T7929] veth0_macvtap: left promiscuous mode
[  435.843265][ T7929] macvtap0: entered promiscuous mode
[  435.860488][ T7929] veth0_macvtap: entered promiscuous mode
[  435.873787][ T7929] team0: Device macvtap0 failed to register rx_handler
[  435.890854][ T7926] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.553: bg 0: block 248: padding at end of block bitmap is not set
[  435.910251][ T7929] veth0_macvtap: left promiscuous mode
[  435.929212][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state
[  435.936744][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.945240][ T7889] bridge_slave_0: entered allmulticast mode
[  435.954462][ T7889] bridge_slave_0: entered promiscuous mode
[  435.969161][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state
[  435.976665][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.984328][ T7889] bridge_slave_1: entered allmulticast mode
[  435.994360][ T7889] bridge_slave_1: entered promiscuous mode
[  436.007256][ T7926] Quota error (device loop3): write_blk: dquota write failed
[  436.015352][ T7926] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  436.027214][ T7926] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.553: Failed to acquire dquot type 1
[  436.131919][ T7926] EXT4-fs (loop3): 1 truncate cleaned up
[  436.141626][ T7926] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  436.154732][ T7926] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  436.340742][ T7889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  436.448962][ T7889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  436.489198][ T5812] Bluetooth: hci3: command tx timeout
[  436.553531][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.559'.
[  436.564655][ T7948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  436.757446][ T7889] team0: Port device team_slave_0 added
[  436.769241][ T5882] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  436.773887][ T7889] team0: Port device team_slave_1 added
[  436.809408][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  436.921538][ T7889] batman_adv: batadv0: Adding interface: batadv_slave_0
[  436.931360][ T7889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  436.958666][ T7889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  437.032307][ T5882] usb 3-1: config 0 has no interfaces?
[  437.046475][ T5882] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  437.055932][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.064410][ T5882] usb 3-1: Product: syz
[  437.068893][ T5882] usb 3-1: Manufacturer: syz
[  437.073724][ T5882] usb 3-1: SerialNumber: syz
[  437.080686][   T24] usb 4-1: device descriptor read/64, error -71
[  437.104192][ T7889] batman_adv: batadv0: Adding interface: batadv_slave_1
[  437.111534][ T7889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  437.140698][ T7889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  437.158027][ T5882] usb 3-1: config 0 descriptor??
[  437.398952][   T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  437.430174][ T5882] usb 3-1: USB disconnect, device number 38
[  437.528252][ T7889] hsr_slave_0: entered promiscuous mode
[  437.537954][ T7889] hsr_slave_1: entered promiscuous mode
[  437.550333][ T7889] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  437.558226][ T7889] Cannot create hsr debugfs directory
[  437.630396][   T24] usb 4-1: device descriptor read/64, error -71
[  437.717724][ T7968] cifs: Unknown parameter 'por'
[  437.755259][   T24] usb usb4-port1: attempt power cycle
[  438.099510][   T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  438.141647][   T24] usb 4-1: device descriptor read/8, error -71
[  438.409130][   T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  438.471319][   T24] usb 4-1: device descriptor read/8, error -71
[  438.580031][   T24] usb usb4-port1: unable to enumerate USB device
[  438.609019][ T5812] Bluetooth: hci3: command tx timeout
[  438.644869][ T7889] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  438.691610][ T7889] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  438.721571][ T7889] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  438.762723][ T7889] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  438.807097][ T5804] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.059977][   T24] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  439.209760][ T7983] loop1: detected capacity change from 0 to 1024
[  439.254974][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  439.286968][   T24] usb 3-1: not running at top speed; connect to a high speed hub
[  439.339388][   T24] usb 3-1: config 1 has an invalid descriptor of length 203, skipping remainder of the config
[  439.350478][   T24] usb 3-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  439.363777][   T24] usb 3-1: config 1 interface 0 has no altsetting 0
[  439.464752][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  439.474461][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.482847][   T24] usb 3-1: Product: syz
[  439.489466][   T24] usb 3-1: Manufacturer: syz
[  439.493623][ T7987] hfsplus: request for non-existent node 134217728 in B*Tree
[  439.494200][   T24] usb 3-1: SerialNumber: syz
[  439.501795][ T7987] hfsplus: request for non-existent node 134217728 in B*Tree
[  439.808478][ T7889] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.961294][ T7889] 8021q: adding VLAN 0 to HW filter on device team0
[  440.005201][ T3992] bridge0: port 1(bridge_slave_0) entered blocking state
[  440.012887][ T3992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  440.089319][ T3992] bridge0: port 2(bridge_slave_1) entered blocking state
[  440.096853][ T3992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  440.620658][ T5812] Bluetooth: hci3: command tx timeout
[  440.757094][ T7998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.571'.
[  440.813204][ T7997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  441.267167][ T7889] 8021q: adding VLAN 0 to HW filter on device batadv0
[  441.805199][ T7979] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  441.812241][ T7979] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  441.818635][ T7979] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  441.883599][ T7979] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  441.890391][ T7979] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  441.912566][ T7979] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  441.921152][ T7979] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  441.939289][ T7979] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  441.945603][ T7979] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  441.988614][ T7979] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  442.476854][ T8017] loop3: detected capacity change from 0 to 256
[  442.486815][ T5858] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  442.511026][   T24] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  442.536711][   T24] usb 3-1: USB disconnect, device number 39
[  442.656153][ T5858] usb 2-1: config 0 has no interfaces?
[  442.728627][ T5858] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  442.738603][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.747010][ T5858] usb 2-1: Product: syz
[  442.752220][ T5858] usb 2-1: Manufacturer: syz
[  442.757046][ T5858] usb 2-1: SerialNumber: syz
[  442.760984][ T8021] Bluetooth: MGMT ver 1.23
[  442.772862][ T5858] usb 2-1: config 0 descriptor??
[  443.038493][ T7889] veth0_vlan: entered promiscuous mode
[  443.065000][ T5860] usb 2-1: USB disconnect, device number 26
[  443.129409][ T7889] veth1_vlan: entered promiscuous mode
[  443.282279][ T7889] veth0_macvtap: entered promiscuous mode
[  443.312102][ T5858] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  443.313811][ T7889] veth1_macvtap: entered promiscuous mode
[  443.529485][ T5858] usb 4-1: Using ep0 maxpacket: 8
[  443.559990][ T5858] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  443.568632][ T5858] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  443.579054][ T5858] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  443.591421][ T5858] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  443.602537][ T5858] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  443.615930][ T5858] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  443.625332][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.802913][   T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  443.879380][ T5812] Bluetooth: hci1: command 0x0406 tx timeout
[  443.939150][ T5812] Bluetooth: hci2: command 0x0406 tx timeout
[  443.979482][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout
[  443.986238][ T5803] Bluetooth: hci4: command 0x0406 tx timeout
[  444.206383][ T8040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.582'.
[  444.245441][ T5858] usb 4-1: usb_control_msg returned -32
[  444.251795][ T5858] usbtmc 4-1:16.0: can't read capabilities
[  444.264796][ T8038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  444.391964][ T7889] batman_adv: batadv0: Interface activated: batadv_slave_0
[  444.678166][ T7889] batman_adv: batadv0: Interface activated: batadv_slave_1
[  444.840165][ T7889] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  444.850559][ T7889] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  444.859647][ T7889] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  444.868638][ T7889] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  444.960404][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  445.019353][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  445.386596][ T8050] netlink: 'syz.4.585': attribute type 8 has an invalid length.
[  445.683542][ T8056] loop1: detected capacity change from 0 to 512
[  445.779559][ T8056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  445.793647][ T8056] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  445.828500][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz.2.587'.
[  445.943376][ T5812] Bluetooth: hci1: command 0x0406 tx timeout
[  445.969691][ T8059] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.980388][ T5812] Bluetooth: hci2: command 0x0406 tx timeout
[  445.990868][ T8059] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.125300][ T8059] macvtap0: left promiscuous mode
[  446.199016][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout
[  446.205304][ T5812] Bluetooth: hci4: command 0x0406 tx timeout
[  446.333433][ T1912] usb 4-1: USB disconnect, device number 24
[  446.953807][ T8074] ntfs3(nbd2): try to read out of volume at offset 0x0
[  448.299922][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout
[  449.104499][ T8070] loop3: detected capacity change from 0 to 32768
[  449.105418][ T8098] overlayfs: failed to resolve './file0': -2
[  449.171580][ T8070] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.588 (8070)
[  449.175769][ T8098] overlayfs: failed to resolve './file0': -2
[  449.242508][ T8070] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  449.254046][ T8070] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm
[  449.265345][ T8070] BTRFS info (device loop3): using free-space-tree
[  449.475339][ T8111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.595'.
[  449.494258][ T8109] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  449.694170][ T8070] BTRFS error (device loop3): open_ctree failed: -4
[  449.769926][ T5800] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.211504][ T3992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  450.219955][ T3992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  450.410037][ T4234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  450.418095][ T4234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  450.638287][ T8128] loop2: detected capacity change from 0 to 64
[  450.688020][ T8128] hfs: unable to locate alternate MDB
[  450.694096][ T8128] hfs: continuing without an alternate MDB
[  450.766239][ T8128] hfs: inconsistency in B*Tree (3,2,0,3,0)
[  450.772762][ T8128] hfs: get root inode failed
[  451.443878][ T8139] FAULT_INJECTION: forcing a failure.
[  451.443878][ T8139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  451.457573][ T8139] CPU: 0 UID: 0 PID: 8139 Comm: syz.1.601 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  451.457718][ T8139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  451.457794][ T8139] Call Trace:
[  451.457843][ T8139]  <TASK>
[  451.457890][ T8139]  __dump_stack+0x26/0x30
[  451.458057][ T8139]  dump_stack_lvl+0x1df/0x270
[  451.458220][ T8139]  dump_stack+0x1e/0x25
[  451.458363][ T8139]  should_fail_ex+0x7dc/0x8a0
[  451.458533][ T8139]  should_fail+0x2a/0x40
[  451.458671][ T8139]  should_fail_usercopy+0x2e/0x40
[  451.458826][ T8139]  _copy_from_user+0x33/0x100
[  451.458971][ T8139]  __se_sys_mount+0x287/0x7d0
[  451.459152][ T8139]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  451.459344][ T8139]  __x64_sys_mount+0xe4/0x150
[  451.459537][ T8139]  x64_sys_call+0xfa7/0x3db0
[  451.459702][ T8139]  do_syscall_64+0xd9/0x210
[  451.459834][ T8139]  ? irqentry_exit+0x16/0x60
[  451.460004][ T8139]  ? clear_bhb_loop+0x40/0x90
[  451.460156][ T8139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.460295][ T8139] RIP: 0033:0x7f29a498e929
[  451.460388][ T8139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.460500][ T8139] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  451.460625][ T8139] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  451.460728][ T8139] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 0000000000000000
[  451.460894][ T8139] RBP: 00007f29a5730090 R08: 00002000000001c0 R09: 0000000000000000
[  451.460988][ T8139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.461080][ T8139] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  451.461202][ T8139]  </TASK>
[  451.655717][ T8139] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  451.670703][ T8139] overlayfs: overlapping lowerdir path
[  451.801581][ T8136] loop3: detected capacity change from 0 to 4096
[  451.811976][ T8136] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  452.134436][ T8136] ntfs3(loop3): Failed to initialize $Secure (-22).
[  452.308627][ T8145] loop2: detected capacity change from 0 to 2048
[  452.375011][ T8145] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  452.427101][ T8145] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  452.513211][   T30] audit: type=1800 audit(1751554411.840:12): pid=8145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.604" name="bus" dev="loop2" ino=1367 res=0 errno=0
[  452.538010][ T1912] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  452.729337][ T1912] usb 4-1: Using ep0 maxpacket: 32
[  452.748351][ T1912] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  452.757169][ T1912] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  452.768865][ T1912] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 28, changing to 8
[  452.780908][ T1912] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 1293, setting to 1024
[  452.792494][ T1912] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  452.810451][ T1912] usb 4-1: config 0 interface 0 has no altsetting 0
[  452.835100][ T1912] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  452.844727][ T1912] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  452.853528][ T1912] usb 4-1: Product: syz
[  452.857921][ T1912] usb 4-1: Manufacturer: syz
[  452.862890][ T1912] usb 4-1: SerialNumber: syz
[  452.890117][ T1912] usb 4-1: config 0 descriptor??
[  452.897248][ T8136] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  453.060590][ T1912] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  453.252081][ T1912] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  453.649516][ T8166] netlink: 20 bytes leftover after parsing attributes in process `syz.4.608'.
[  453.702680][ T8168] netlink: 'syz.2.610': attribute type 2 has an invalid length.
[  453.776093][ T8171] overlayfs: failed to resolve './file0': -2
[  453.870618][ T8168] binder_alloc: 8167: binder_alloc_buf, no vma
[  454.074435][ T8175] FAULT_INJECTION: forcing a failure.
[  454.074435][ T8175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.088164][ T8175] CPU: 0 UID: 0 PID: 8175 Comm: syz.1.611 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  454.088307][ T8175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  454.088382][ T8175] Call Trace:
[  454.088431][ T8175]  <TASK>
[  454.088485][ T8175]  __dump_stack+0x26/0x30
[  454.088640][ T8175]  dump_stack_lvl+0x1df/0x270
[  454.088806][ T8175]  dump_stack+0x1e/0x25
[  454.088946][ T8175]  should_fail_ex+0x7dc/0x8a0
[  454.089117][ T8175]  should_fail+0x2a/0x40
[  454.089255][ T8175]  should_fail_usercopy+0x2e/0x40
[  454.089411][ T8175]  _copy_from_user+0x33/0x100
[  454.089566][ T8175]  binder_ioctl_write_read+0x1949/0x17170
[  454.089734][ T8175]  ? binder_debug+0x51/0x340
[  454.089873][ T8175]  ? filter_irq_stacks+0x49/0x190
[  454.090021][ T8175]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  454.090197][ T8175]  ? kmsan_get_metadata+0xfb/0x160
[  454.090379][ T8175]  ? binder_debug+0x2ce/0x340
[  454.090549][ T8175]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  454.090714][ T8175]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  454.090924][ T8175]  binder_ioctl+0x593/0x33b0
[  454.091077][ T8175]  ? do_vfs_ioctl+0x17c3/0x3720
[  454.091277][ T8175]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  454.091451][ T8175]  ? __pfx_binder_ioctl+0x10/0x10
[  454.091605][ T8175]  ? __pfx_binder_ioctl+0x10/0x10
[  454.091746][ T8175]  __se_sys_ioctl+0x23c/0x400
[  454.091913][ T8175]  __x64_sys_ioctl+0x97/0xe0
[  454.092071][ T8175]  x64_sys_call+0x1ebe/0x3db0
[  454.092236][ T8175]  do_syscall_64+0xd9/0x210
[  454.092359][ T8175]  ? irqentry_exit+0x16/0x60
[  454.092526][ T8175]  ? clear_bhb_loop+0x40/0x90
[  454.092666][ T8175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.092800][ T8175] RIP: 0033:0x7f29a498e929
[  454.092893][ T8175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.093003][ T8175] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.093127][ T8175] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  454.093220][ T8175] RDX: 00002000000002c0 RSI: 00000000c0306201 RDI: 0000000000000005
[  454.093307][ T8175] RBP: 00007f29a5730090 R08: 0000000000000000 R09: 0000000000000000
[  454.093388][ T8175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.093471][ T8175] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  454.093591][ T8175]  </TASK>
[  454.341202][ T8175] binder: 8173:8175 ioctl c0306201 2000000002c0 returned -14
[  454.386996][ T8176] netlink: 20 bytes leftover after parsing attributes in process `syz.5.612'.
[  454.876774][ T5882] usb 4-1: USB disconnect, device number 25
[  454.920617][ T5882] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  455.105898][ T8190] FAULT_INJECTION: forcing a failure.
[  455.105898][ T8190] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  455.106622][ T8181] loop2: detected capacity change from 0 to 4096
[  455.119786][ T8190] CPU: 1 UID: 0 PID: 8190 Comm: syz.1.619 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  455.119927][ T8190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  455.120002][ T8190] Call Trace:
[  455.120051][ T8190]  <TASK>
[  455.120097][ T8190]  __dump_stack+0x26/0x30
[  455.120252][ T8190]  dump_stack_lvl+0x1df/0x270
[  455.120420][ T8190]  dump_stack+0x1e/0x25
[  455.120562][ T8190]  should_fail_ex+0x7dc/0x8a0
[  455.120730][ T8190]  should_fail+0x2a/0x40
[  455.120865][ T8190]  should_fail_usercopy+0x2e/0x40
[  455.121020][ T8190]  _copy_to_user+0x35/0x120
[  455.121165][ T8190]  drm_ioctl+0xf4d/0x1730
[  455.121375][ T8190]  ? __pfx_drm_mode_getresources+0x10/0x10
[  455.121555][ T8190]  ? kmsan_get_metadata+0xfb/0x160
[  455.121728][ T8190]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  455.121901][ T8190]  ? __pfx_drm_ioctl+0x10/0x10
[  455.122067][ T8190]  ? __pfx_drm_ioctl+0x10/0x10
[  455.122230][ T8190]  __se_sys_ioctl+0x23c/0x400
[  455.122405][ T8190]  __x64_sys_ioctl+0x97/0xe0
[  455.122563][ T8190]  x64_sys_call+0x1ebe/0x3db0
[  455.122727][ T8190]  do_syscall_64+0xd9/0x210
[  455.122857][ T8190]  ? irqentry_exit+0x16/0x60
[  455.123018][ T8190]  ? clear_bhb_loop+0x40/0x90
[  455.123158][ T8190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.123293][ T8190] RIP: 0033:0x7f29a498e929
[  455.123389][ T8190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.123506][ T8190] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  455.123631][ T8190] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  455.123725][ T8190] RDX: 0000200000000440 RSI: 00000000c04064a0 RDI: 0000000000000003
[  455.123813][ T8190] RBP: 00007f29a5730090 R08: 0000000000000000 R09: 0000000000000000
[  455.123892][ T8190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.123970][ T8190] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  455.124087][ T8190]  </TASK>
[  455.346377][ T1912] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  455.453698][ T8181] NILFS (loop2): invalid segment: Checksum error in segment payload
[  455.470567][ T8181] NILFS (loop2): trying rollback from an earlier position
[  455.534534][ T1912] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  455.546053][ T1912] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  455.556265][ T1912] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  455.570194][ T1912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.590468][ T8186] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  455.609173][ T8181] NILFS (loop2): recovery complete
[  455.641159][ T1912] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  455.659924][ T8198] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  455.698402][   T30] audit: type=1800 audit(1751554415.020:13): pid=8181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.615" name="bus" dev="loop2" ino=12 res=0 errno=0
[  455.779181][ T5882] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  456.006629][ T5882] usb 4-1: config 0 has no interfaces?
[  456.059673][ T5882] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  456.069345][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.080746][ T5882] usb 4-1: Product: syz
[  456.085148][ T5882] usb 4-1: Manufacturer: syz
[  456.093688][ T5882] usb 4-1: SerialNumber: syz
[  456.138646][ T8199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.149895][ T8199] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.229902][ T8199] ������: renamed from vcan0 (while UP)
[  456.242013][ T8200] netlink: 596 bytes leftover after parsing attributes in process `syz.4.621'.
[  456.261340][ T5882] usb 4-1: config 0 descriptor??
[  456.350274][ T8200] netlink: 16 bytes leftover after parsing attributes in process `syz.4.621'.
[  456.407834][ T8203] overlayfs: failed to resolve './file0': -2
[  456.641233][ T5882] usb 4-1: USB disconnect, device number 26
[  456.865913][ T8207] loop1: detected capacity change from 0 to 64
[  456.881582][ T8207] minix: Unknown parameter '18446744073709551615��'
[  457.560863][   T30] audit: type=1804 audit(1751554416.790:14): pid=8211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.615" name="/newroot/131/file2/file1" dev="loop2" ino=14 res=1 errno=0
[  458.072590][ T8181] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  458.127927][ T8213] netlink: 'syz.3.626': attribute type 6 has an invalid length.
[  458.259752][ T5882] usb 6-1: USB disconnect, device number 2
[  458.729127][ T1912] IPVS: starting estimator thread 0...
[  458.829106][ T8230] IPVS: using max 240 ests per chain, 12000 per kthread
[  458.931025][ T8234] overlayfs: failed to resolve './file0': -2
[  459.141796][ T8236] syzkaller0: entered promiscuous mode
[  459.154249][ T8236] syzkaller0: entered allmulticast mode
[  459.175356][ T8238] loop3: detected capacity change from 0 to 128
[  459.182701][ T8236] FAULT_INJECTION: forcing a failure.
[  459.182701][ T8236] name failslab, interval 1, probability 0, space 0, times 0
[  459.195976][ T8236] CPU: 1 UID: 0 PID: 8236 Comm: syz.1.634 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  459.196118][ T8236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  459.196207][ T8236] Call Trace:
[  459.196256][ T8236]  <TASK>
[  459.196303][ T8236]  __dump_stack+0x26/0x30
[  459.196456][ T8236]  dump_stack_lvl+0x1df/0x270
[  459.196620][ T8236]  dump_stack+0x1e/0x25
[  459.196763][ T8236]  should_fail_ex+0x7dc/0x8a0
[  459.196923][ T8236]  should_failslab+0x15b/0x200
[  459.197111][ T8236]  kmem_cache_alloc_node_noprof+0xf3/0xf00
[  459.197258][ T8236]  ? __alloc_skb+0x1e0/0x7d0
[  459.197416][ T8236]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  459.197581][ T8236]  ? kmsan_get_metadata+0xfb/0x160
[  459.197742][ T8236]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  459.197920][ T8236]  __alloc_skb+0x1e0/0x7d0
[  459.198088][ T8236]  rtmsg_ifinfo_build_skb+0xab/0x420
[  459.198251][ T8236]  rtnetlink_event+0x24d/0x3d0
[  459.198399][ T8236]  ? __pfx_rtnetlink_event+0x10/0x10
[  459.198538][ T8236]  ? __pfx_rtnetlink_event+0x10/0x10
[  459.198677][ T8236]  raw_notifier_call_chain+0xdd/0x410
[  459.198877][ T8236]  call_netdevice_notifiers_info+0x1ac/0x2b0
[  459.199057][ T8236]  netif_change_tx_queue_len+0x16c/0x340
[  459.199257][ T8236]  dev_change_tx_queue_len+0x185/0x320
[  459.199429][ T8236]  dev_ifsioc+0x279/0x1930
[  459.199581][ T8236]  dev_ioctl+0xa12/0x1100
[  459.199704][ T8236]  ? kmsan_get_metadata+0xfb/0x160
[  459.199888][ T8236]  sock_do_ioctl+0x36a/0x480
[  459.200054][ T8236]  sock_ioctl+0x70b/0xd60
[  459.200221][ T8236]  ? __pfx_sock_ioctl+0x10/0x10
[  459.200354][ T8236]  __se_sys_ioctl+0x23c/0x400
[  459.200523][ T8236]  __x64_sys_ioctl+0x97/0xe0
[  459.200676][ T8236]  x64_sys_call+0x1ebe/0x3db0
[  459.200844][ T8236]  do_syscall_64+0xd9/0x210
[  459.200965][ T8236]  ? irqentry_exit+0x16/0x60
[  459.201132][ T8236]  ? clear_bhb_loop+0x40/0x90
[  459.201282][ T8236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.201420][ T8236] RIP: 0033:0x7f29a498e929
[  459.201515][ T8236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.201628][ T8236] RSP: 002b:00007f29a5730038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  459.201752][ T8236] RAX: ffffffffffffffda RBX: 00007f29a4bb5fa0 RCX: 00007f29a498e929
[  459.201846][ T8236] RDX: 0000200000000000 RSI: 0000000000008943 RDI: 0000000000000004
[  459.201931][ T8236] RBP: 00007f29a5730090 R08: 0000000000000000 R09: 0000000000000000
[  459.202005][ T8236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.202081][ T8236] R13: 0000000000000000 R14: 00007f29a4bb5fa0 R15: 00007ffee05f3148
[  459.202201][ T8236]  </TASK>
[  459.470647][    C1] vkms_vblank_simulate: vblank timer overrun
[  459.821438][ T1912] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  460.001116][ T8251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.638'.
[  460.019431][ T1912] usb 3-1: config 0 has no interfaces?
[  460.037574][ T8250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  460.040226][ T1912] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  460.057147][ T1912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.068407][ T1912] usb 3-1: Product: syz
[  460.080224][ T1912] usb 3-1: Manufacturer: syz
[  460.085081][ T1912] usb 3-1: SerialNumber: syz
[  460.113605][ T1912] usb 3-1: config 0 descriptor??
[  460.353631][ T8257] loop5: detected capacity change from 0 to 2048
[  460.357650][ T1912] usb 3-1: USB disconnect, device number 41
[  460.425028][ T8257]  loop5: p3 < > p4 < >
[  460.429881][ T8257] loop5: partition table partially beyond EOD, truncated
[  460.444197][ T8257] loop5: p3 start 4284289 is beyond EOD, truncated
[  460.878121][ T8268] overlayfs: failed to resolve './file0': -2
[  461.484155][ T8274] loop1: detected capacity change from 0 to 1024
[  461.816170][ T8287] loop3: detected capacity change from 0 to 256
[  462.189210][ T5882] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  462.358375][ T8298] =====================================================
[  462.365893][ T8298] BUG: KMSAN: uninit-value in hfsplus_rename_cat+0x1173/0x17e0
[  462.374064][ T8298]  hfsplus_rename_cat+0x1173/0x17e0
[  462.379617][ T8298]  hfsplus_rename+0x1fc/0x2f0
[  462.384506][ T8298]  vfs_rename+0x1e87/0x2460
[  462.389433][ T8298]  do_renameat2+0x175e/0x1d70
[  462.394341][ T8298]  __x64_sys_rename+0xd7/0x140
[  462.399390][ T8298]  x64_sys_call+0x3553/0x3db0
[  462.404287][ T8298]  do_syscall_64+0xd9/0x210
[  462.409194][ T8298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.415277][ T8298] 
[  462.417700][ T8298] Uninit was stored to memory at:
[  462.429218][ T8298]  hfsplus_rename_cat+0x10a9/0x17e0
[  462.434632][ T8298]  hfsplus_rename+0x1fc/0x2f0
[  462.440717][ T8298]  vfs_rename+0x1e87/0x2460
[  462.445452][ T8298]  do_renameat2+0x175e/0x1d70
[  462.450894][ T8298]  __x64_sys_rename+0xd7/0x140
[  462.455827][ T8298]  x64_sys_call+0x3553/0x3db0
[  462.460865][ T8298]  do_syscall_64+0xd9/0x210
[  462.465543][ T8298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.471714][ T8298] 
[  462.474145][ T8298] Uninit was stored to memory at:
[  462.480173][ T8298]  hfsplus_create_cat+0x18fb/0x1910
[  462.485569][ T8298]  hfsplus_fill_super+0x212e/0x2740
[  462.491074][ T8298]  get_tree_bdev_flags+0x6e6/0x920
[  462.496412][ T8298]  get_tree_bdev+0x38/0x50
[  462.501128][ T8298]  hfsplus_get_tree+0x35/0x40
[  462.505977][ T8298]  vfs_get_tree+0xb3/0x5c0
[  462.510794][ T8298]  do_new_mount+0x738/0x1610
[  462.515600][ T8298]  path_mount+0x6db/0x1e90
[  462.520386][ T8298]  __se_sys_mount+0x6eb/0x7d0
[  462.525284][ T8298]  __x64_sys_mount+0xe4/0x150
[  462.537448][ T8298]  x64_sys_call+0xfa7/0x3db0
[  462.542372][ T8298]  do_syscall_64+0xd9/0x210
[  462.547068][ T8298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.553275][ T8298] 
[  462.555699][ T8298] Uninit was created at:
[  462.560290][ T8298]  __alloc_frozen_pages_noprof+0x689/0xf00
[  462.566316][ T8298]  alloc_pages_mpol+0x328/0x860
[  462.571631][ T8298]  alloc_frozen_pages_noprof+0xf7/0x200
[  462.577440][ T8298]  allocate_slab+0x24d/0x1220
[  462.582486][ T8298]  ___slab_alloc+0xfec/0x3480
[  462.587348][ T8298]  kmem_cache_alloc_lru_noprof+0x922/0xed0
[  462.593569][ T8298]  hfsplus_alloc_inode+0x5a/0xd0
[  462.598803][ T8298]  alloc_inode+0x87/0x4a0
[  462.603375][ T8298]  iget_locked+0x239/0x12d0
[  462.608054][ T8298]  hfsplus_iget+0x5c/0xb80
[  462.612501][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.4.657'.
[  462.612692][ T8298]  hfsplus_btree_open+0x134/0x1d00
[  462.626768][ T8298]  hfsplus_fill_super+0x1161/0x2740
[  462.638669][ T8298]  get_tree_bdev_flags+0x6e6/0x920
[  462.645176][ T8298]  get_tree_bdev+0x38/0x50
[  462.649924][ T8298]  hfsplus_get_tree+0x35/0x40
[  462.654792][ T8298]  vfs_get_tree+0xb3/0x5c0
[  462.659526][ T8298]  do_new_mount+0x738/0x1610
[  462.664326][ T8298]  path_mount+0x6db/0x1e90
[  462.669056][ T8298]  __se_sys_mount+0x6eb/0x7d0
[  462.673956][ T8298]  __x64_sys_mount+0xe4/0x150
[  462.678964][ T8298]  x64_sys_call+0xfa7/0x3db0
[  462.683771][ T8298]  do_syscall_64+0xd9/0x210
[  462.688448][ T8298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.694807][ T8298] 
[  462.697261][ T8298] CPU: 0 UID: 0 PID: 8298 Comm: syz.1.649 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  462.699961][ T8297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  462.709507][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.709570][ T8298] =====================================================
[  462.709619][ T8298] Disabling lock debugging due to kernel taint
[  462.709663][ T8298] Kernel panic - not syncing: kmsan.panic set ...
[  462.709741][ T8298] CPU: 0 UID: 0 PID: 8298 Comm: syz.1.649 Tainted: G    B               6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(undef) 
[  462.709895][ T8298] Tainted: [B]=BAD_PAGE
[  462.709932][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.709996][ T8298] Call Trace:
[  462.710034][ T8298]  <TASK>
[  462.710071][ T8298]  __dump_stack+0x26/0x30
[  462.710207][ T8298]  dump_stack_lvl+0x53/0x270
[  462.710337][ T8298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  462.710499][ T8298]  dump_stack+0x1e/0x25
[  462.710619][ T8298]  panic+0x4bd/0xd50
[  462.710806][ T8298]  kmsan_report+0x31c/0x320
[  462.710949][ T8298]  ? __msan_memcpy+0x108/0x1c0
[  462.711075][ T8298]  ? __msan_warning+0x1b/0x30
[  462.711198][ T8298]  ? hfsplus_rename_cat+0x1173/0x17e0
[  462.711335][ T8298]  ? hfsplus_rename+0x1fc/0x2f0
[  462.711467][ T8298]  ? vfs_rename+0x1e87/0x2460
[  462.711611][ T8298]  ? do_renameat2+0x175e/0x1d70
[  462.711706][ T8298]  ? __x64_sys_rename+0xd7/0x140
[  462.711808][ T8298]  ? x64_sys_call+0x3553/0x3db0
[  462.711947][ T8298]  ? do_syscall_64+0xd9/0x210
[  462.712049][ T8298]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.712168][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.712317][ T8298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  462.712483][ T8298]  ? hfsplus_bnode_dump+0x50a/0x560
[  462.712635][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.712789][ T8298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  462.712953][ T8298]  ? hfsplus_brec_remove+0x92f/0xa60
[  462.713124][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.713280][ T8298]  __msan_warning+0x1b/0x30
[  462.713409][ T8298]  hfsplus_rename_cat+0x1173/0x17e0
[  462.713566][ T8298]  ? kfree+0x121/0xec0
[  462.713656][ T8298]  ? filter_irq_stacks+0x49/0x190
[  462.713776][ T8298]  ? stack_depot_save_flags+0x35/0x7b0
[  462.713902][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.714049][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.714198][ T8298]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  462.714344][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.714490][ T8298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  462.714644][ T8298]  ? kmsan_get_metadata+0xfb/0x160
[  462.714797][ T8298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  462.714986][ T8298]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  462.715146][ T8298]  hfsplus_rename+0x1fc/0x2f0
[  462.715284][ T8298]  ? __pfx_hfsplus_rename+0x10/0x10
[  462.715417][ T8298]  vfs_rename+0x1e87/0x2460
[  462.715628][ T8298]  do_renameat2+0x175e/0x1d70
[  462.715798][ T8298]  __x64_sys_rename+0xd7/0x140
[  462.715905][ T8298]  x64_sys_call+0x3553/0x3db0
[  462.716048][ T8298]  do_syscall_64+0xd9/0x210
[  462.716152][ T8298]  ? irqentry_exit+0x16/0x60
[  462.716300][ T8298]  ? clear_bhb_loop+0x40/0x90
[  462.716417][ T8298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.716530][ T8298] RIP: 0033:0x7f29a498e929
[  462.716604][ T8298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.716703][ T8298] RSP: 002b:00007f29a570f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  462.716808][ T8298] RAX: ffffffffffffffda RBX: 00007f29a4bb6080 RCX: 00007f29a498e929
[  462.716888][ T8298] RDX: 0000000000000000 RSI: 0000200000000f40 RDI: 00002000000003c0
[  462.716961][ T8298] RBP: 00007f29a4a10b39 R08: 0000000000000000 R09: 0000000000000000
[  462.717027][ T8298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  462.717090][ T8298] R13: 0000000000000001 R14: 00007f29a4bb6080 R15: 00007ffee05f3148
[  462.717193][ T8298]  </TASK>
[  462.719844][ T8298] Kernel Offset: disabled