last executing test programs:

10m46.53883823s ago: executing program 4 (id=236):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001400010024051000fddbdf25021f8bc8", @ANYRES32=r1, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

10m45.113609318s ago: executing program 4 (id=239):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x8000)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r5, &(0x7f0000000480), &(0x7f0000000340)=@udp6=r2}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={0xffffffffffffffff, r4, 0x25, 0x2, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x37, &(0x7f00000007c0)=ANY=[], 0x0)

10m44.647714591s ago: executing program 4 (id=244):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000001000080000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYBLOB="810703d7000000000000000000402a5ba6a073", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000050000000500"/28], 0x50)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000500)={'tunl0\x00', 0x0, 0x7, 0x8, 0x8, 0x2, {{0xe, 0x4, 0x2, 0x20, 0x38, 0x65, 0x0, 0x4, 0x4, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x23}, {[@timestamp={0x44, 0x8, 0x51, 0x0, 0x5, [0x7ff]}, @cipso={0x86, 0x6, 0x3}, @noop, @noop, @ra={0x94, 0x4}, @ssrr={0x89, 0x3, 0x97}, @timestamp_prespec={0x44, 0xc, 0xf5, 0x3, 0x8, [{@multicast1, 0x3}]}]}}}}})
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00'}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x20}, 0x18)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

10m43.248483749s ago: executing program 4 (id=247):
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0xb)
socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000100), 0x3d)
creat(0x0, 0x90)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c00"], 0x110}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffb}]})
time(0x0)

10m41.81319913s ago: executing program 4 (id=251):
syz_open_dev$tty1(0xc, 0x4, 0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x40, &(0x7f00000001c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = syz_pidfd_open(r2, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setns(r5, 0x66020000)
syz_clone(0x50a60080, 0x0, 0x0, 0x0, 0x0, 0x0)

10m38.873873546s ago: executing program 4 (id=262):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x7fffffe, 0x288, 0x210, 0x940c, 0x3002, 0x210, 0x2c0, 0x300, 0x3d8, 0x3d8, 0x300, 0x3d8, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, @private2, [0xff000000, 0xff000000, 0xff000000, 0xff000000], [0xff, 0xff000000, 0xffffffff, 0xff], 'veth1_to_team\x00', 'macsec0\x00', {}, {}, 0x62, 0x61, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x916, {0x7c7a1f6d}}}}, {{@ipv6={@mcast1, @remote, [0xff000000, 0x0, 0xffffffff, 0xffffffff], [0xffffff00, 0x0, 0xff000000, 0xffffff00], 'syzkaller0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x9, 0x4, 0x10}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8)

10m23.651420543s ago: executing program 32 (id=262):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x7fffffe, 0x288, 0x210, 0x940c, 0x3002, 0x210, 0x2c0, 0x300, 0x3d8, 0x3d8, 0x300, 0x3d8, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, @private2, [0xff000000, 0xff000000, 0xff000000, 0xff000000], [0xff, 0xff000000, 0xffffffff, 0xff], 'veth1_to_team\x00', 'macsec0\x00', {}, {}, 0x62, 0x61, 0x0, 0x8}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x916, {0x7c7a1f6d}}}}, {{@ipv6={@mcast1, @remote, [0xff000000, 0x0, 0xffffffff, 0xffffffff], [0xffffff00, 0x0, 0xff000000, 0xffffff00], 'syzkaller0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x9, 0x4, 0x10}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8)

7m19.289461076s ago: executing program 5 (id=1313):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x2}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x445bd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000)

7m18.842887653s ago: executing program 5 (id=1317):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000a40)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000a80)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r2, 0x0, 0x0)

7m15.892657846s ago: executing program 5 (id=1328):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0xfffffffb, 0x4)
sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="0001010000a1ba", 0x7}], 0x1}, 0x4000)
sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r1, 0x0, {0x2, 0xf0, 0x1}, 0xff}, 0x18, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x800)

7m15.208560975s ago: executing program 5 (id=1332):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, 0x0, 0x0)

7m13.715161036s ago: executing program 5 (id=1335):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
io_uring_setup(0x3454, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c00020008000100"], 0x3c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0)

7m11.353216515s ago: executing program 5 (id=1339):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0xffffffffffff8001}, 0x18)
unshare(0x64000600)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDELRT(r2, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x3ffc, @private=0xa010102}, {0x2, 0x4e20, @empty}, 0xab852ebbeefbd6b1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80010, 0x0, 0xffff})

6m55.369906698s ago: executing program 33 (id=1339):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0xffffffffffff8001}, 0x18)
unshare(0x64000600)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDELRT(r2, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x3ffc, @private=0xa010102}, {0x2, 0x4e20, @empty}, 0xab852ebbeefbd6b1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80010, 0x0, 0xffff})

6m46.986326614s ago: executing program 2 (id=1432):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$vim2m(&(0x7f0000000040), 0x40008, 0x2)
getpgrp(0x0)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x818f, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0x8, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47b6, 0x800000, 0x0, 0x0, 0x0)

6m46.127873968s ago: executing program 2 (id=1433):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffffffb}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521)

6m44.439658396s ago: executing program 2 (id=1434):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})

6m43.001432987s ago: executing program 2 (id=1437):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$usbfs(0x0, 0x1ff, 0x2)
r2 = io_uring_setup(0xee4, &(0x7f00000002c0)={0x0, 0xe, 0x2, 0xffffffff, 0xfffffffe})
r3 = dup3(r1, r2, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r3, 0x4004550c, 0x0)

6m42.798507356s ago: executing program 2 (id=1438):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x2, 0x7})
mq_open(&(0x7f0000000280)='\x9f;#\xd5\xe7a\xf1\x89\x8b}H\xb6\xb5\x03a\'W\x94\xac\xed\xbf\x169pz\x8a\xa7\x0f\xa8\x8eor\x97+k\x93\x8e\xcb\xdc\x17\xd9\x14\xab\xfez\xf5u\xf0\xe2o\xefg\xfd\x03\x00\x00\x00/\x86\xf6II\xf4\xce\x932\xc6\n\x94\x03b\xae\xad\a\xf2\xac\xe4\x99\x7f\xcb4\xc5\xb7\xdc\xd8', 0x40, 0x12a, &(0x7f0000000300)={0x8000000000000001, 0x124, 0x7ffffffc, 0x40000005})
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0a"], 0x208}, 0x0)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8c, &(0x7f0000000300)='trans=rdma,')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)

6m40.31798516s ago: executing program 2 (id=1441):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
unshare(0x62040200)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0x60}}, 0x0)

6m24.807386183s ago: executing program 34 (id=1441):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
unshare(0x62040200)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0x60}}, 0x0)

6m8.918258606s ago: executing program 1 (id=1491):
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x2000018, &(0x7f0000005880)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c757365725f78617474722c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303031362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0084538367d8b9c04bebbf0f4ea4d5617c063f0a30b5325e5d939d497829d8452e38794f1563bf34cdaaf9b70591db2f2a066e339d0c0b7c189bac05d8e91e9d1f4670d79a57f83b67f1f98b905d3b06be7de7829439d0b21d1744d7fad3fe3f3f9b3361f4bfa2c2e375c048af0d6ecac62d07c6a85e2558b9e8639b050137830520aea2c9243f9f9eca12969def7d15c8bac687164c38cf349d738c"], 0x1, 0x5516, &(0x7f000000d000)="$eJzs3EtvG2UXAODjpOn96xchFuw6UoWUSLVV51LBLkArLiJVVGDBChzbsdzanih2nJAVC5aIBf8EgcSKJb+BBWt2iAUVOySQZybQAK0Qdew2eR5pfGbeeX3mvFYU6cxYDuDUmk9++bkUV+JCRMxGxOWIbL9UbJm1PLwQEVcjYuahrVSM/zFwNiIuRsSVUfI8Z6k49fn14bXVn9568M13585c+uLr76e3amDaXoyI7na+v9fNY9rK471ivDZsZ7G7MixifqJ7vzhO87jX3Mwy7NUO59WyuNzK56fbu/1R3OrU6qPYam9l49u9/IL9YeswT/aGe7Wd7LjR3Mxiu59msXWQ17V/kP9vO+gP8jyNIt9HWfoYDA5jPt7cb+br2b6fxXpvUIznedNGc38Uh0UsLhf1tNPI6th8kk/66fZ2u7e7nwybO/122ktWK9WXKtWb5epO2mgOmivlWrdxcyVZaHVG08qDZq271krTVqdZqafdxWShVa+Xq9Vk4VZzs13rJdVqZblyo7y6WOxdT16/817SaSQLo/hqu7c7aHf6yVa6k+TvWEyWKssvLybXqsk76xvJxt3bt9c33v3g1vt3Xll/87Vi0t/KShaWbiwtlas3ykvVxVO0/k+Kose4fngipWkXAPDs0f8Dx+LC408fX/+/czfi+Pv/0P+PxTPV/z6m//+vbchJWT9Mhf4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODU+mHuyzeynfn8+FIx/r9i6LniuBQRMxHx2z+YjbNHcs4WeeYeMX/uLzV8W4osw+ga54rtYkSsFduv/z/uTwEAAABOrq8+vvpZ3q3nL/PTLohJym/azFz+cEz5ShExN//jmLLNjF6eH1Oy7O/7TOyPKVt2A+v8mJLlt9zOjCvbvzJ7JJx/KJTyMDPRcgAAgIk42glMtgsBAABgkj6ddgFMRykOH2UePgvOvnn/5wPBC0eOAAAAgKfXg0edKE22DgAAAGAKsv7f7/8BAADAyZb//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcz+3iQNRHICfDV7Yf1q02vu2sjcoY0vY4x4jCkgTFJADaSENUAO5pYQIIjwOgYhDJI9tJfo+yZmMZX68QXCYGWkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAunRfrRe3V7+v2+bs9u3kGQ0AAABwybZaL+p/Zqn/tbn/vbn1s+kXEVFGxKW5+yg+nWWOmpzq5fmb0+erVzXcRdQJh/eYNNeXiPjTXI8/uv4UAAAA4OPaLFfzNFtPf2ZDF0Sf0qJN+e1vprwiIqrZQ6a08pD3K1NY/f0ex/9MafUC1jRTWFpyG+dKe5P6535ctZueNEVqyosvOxaZbewAAECPRmdNv7MQAAAA+vRv6AIYRhHPW5nHrcBJaprtvc9nPQAAAOAdKoYuAAAAAOhcPf/v6fy/vfP/AAAAYBjp/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6tK3Wi81yNW+bs9u3k2c0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sT/vKhTCAAxAcx++Nun3+vES0NXV5RwopAkdCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADz5XCffO/wa9iT/tg1T65FkTnL0snRqs3Zu2PpgvPwZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk/15SYEQCIIomDP+d9L3P6wk6BlEiICGRxW1aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCTfvfL/4mpcSaZO20sHY8ka1eNravG3oPG0YPx9m8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi537eY2jigMA/p2Zna2tijFKDhFR8KAXm25ra2/iQQke/BOEkG5r7NYfbQ62FDEXb5JzL6JHEUGJt/4PPbfQS731sIcKniMzO5OdNgXXH53ZNp8PvHnfHYZ53zcLId95LwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDZ+dxpnxWFhEqfVuZv3rq4X/a0H+sL17dvLRSvipM2kHw8vNz8kS90lAgAAwMGR1fV9RNzJd1aLPl0o6/+8vqao+b9/dhLX9fyDdX/d17V/0X779e6LewMtTMYpbnp2YzQ8tj+V3qOb5Xx77m+v6JVPvnz3kpVfSPrB1gvjvHyeybc3brzXL8NDbWQLAPwbR+u+Curfh4p+0GViABwYvUbhXdf/2UK3OQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0YbwVT9dxEhHLvWlcuHXv6vrD+uvbt5frdurate34enrP4hZ5RJzdGA2PtTqb+Xbp8pXza6PR8GL7wSsR0dXo71TTP//RDBdHdPJ8BP9TkFZf9rzk83gEHf5QAgDgiZRXrajr7+Q7q8W5ZDFi94f76//XG3HMWP/f/fjUzeZYzfp/0NoM59/K5oXPVy5dvvLmxoW1c8Nzw0/fOj54e3Di9MmTp1fKdyUr3pgAAADwH/SnYbP+Txf3r/8facQxY/3/xXeDr5rDZer/iN3dfaemi36dZAQAAEDl+Vf//CN5yPmk348v1zY3Lw4mx73PxyfHDlL9xw5VrVn/Z4tdZwUAAAC0YbyV3Lf+f6YRx4zr/8/8+NLPzXtmEXG4Wv8/uv7Z6Ex705lrbfw5cddzBAAAoFuHq9Zc/8/L/f/p3paHNCLeeG0SV/8GcKb6P3v/m5+aYzX3/59ob4pzKV2aPI+yX4roLXWdEQAAAE+yp6pWFPu/5zurn/xy5MO+/f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbfsrAAD//6AmQfA=")
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff)
mknod$loop(&(0x7f0000000480)='./file2\x00', 0x6000, 0x1)
creat(&(0x7f0000000780)='./bus\x00', 0x156)
symlink(&(0x7f00000003c0)='./file2\x00', &(0x7f0000000100)='./file2\x00')

6m7.423350073s ago: executing program 1 (id=1492):
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x2000, 0x173)

6m2.530791187s ago: executing program 1 (id=1501):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="1400", @ANYRES16=r1, @ANYBLOB="010000000000000000001a"], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

6m2.079573752s ago: executing program 1 (id=1503):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000000c0)={[{@lazytime}, {@errors_remount}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ")
openat(0xffffffffffffff9c, &(0x7f0000000500)='./bus\x00', 0x101042, 0x109)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x40840)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)

6m1.004321016s ago: executing program 1 (id=1506):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x4000, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)

5m53.527493726s ago: executing program 1 (id=1520):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff2, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000005840)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x2, 0xf}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x800)

5m52.921668872s ago: executing program 35 (id=1520):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xfff2, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000005840)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x2, 0xf}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x800)

3m58.314047015s ago: executing program 9 (id=1838):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x11, 0xe, 0x0, 0x0)
epoll_create1(0x80000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x7}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r3 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r3, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731a", 0x8c, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x18)
getpid()
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0a0000000400000048fc00000c00000000000000c6ccb66f4a8ccd815275a25bdc3b6419a3e8eaaec2f3cc33deaf5b83bcea5aa2930bd2a50fe7dc61333e40682894aae8218218da68944c61557ee1721ba8578eb0479562453afa903585a2f0ba363b7fc5dd78ca2abf4d6a0714b618fce70fc154759528f80cdb9ebd6d991f1c852f530fd3605c86671b474cfa2a2b683c18", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='@\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000181100", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_GET_SPECULATION_CTRL(0x23, 0x5, 0x7fffffffeff3)
socket(0x10, 0x803, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r7, 0x5607, 0x4)
ioctl$VT_ACTIVATE(r7, 0x5606, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3)

3m56.779852233s ago: executing program 7 (id=1841):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e0000"], 0x80}}, 0x0)
syz_emit_ethernet(0x26, &(0x7f0000000640)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @broadcast, @val={@val, {0x8100, 0x5, 0x1, 0x3}}, {@can={0xc, {{0x3, 0x1, 0x1}, 0x2, 0x0, 0x0, 0x0, "b47154380b4ae609"}}}}, 0x0)

3m56.754997733s ago: executing program 9 (id=1842):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006df57108e2042414ebc7010203010902380003960000000904cc070002596105052406000105240006000d240f01900800000000070008060600000011090401"], 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000400)={0x14, 0x0, &(0x7f00000003c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41f}}}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

3m56.219775159s ago: executing program 7 (id=1845):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x18)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400df7f08000a00", @ANYRES32], 0x3c}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r8, 0x0, 0x3}, 0x18)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="f9ffffff00e41ca58a59bb90bd4aff8fe01de4ab2649d1f9e25421f754d090ec5135a81a1f6da22b4048af2942ebc27f127698043de7be5228e257588adf61b9a938494d81d5dae53f8517b5da012153e811ce8d01c22ac207687dbe75941fe250c9afbd35462df1043e4e10eef0c7d909f435bb38a191172588164523568f400d1ccab780d99b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/14], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x80000, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r9], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c580"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r11 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r11}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)

3m55.433740646s ago: executing program 7 (id=1848):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
read$FUSE(r1, &(0x7f0000002500)={0x2020}, 0x2020)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0x7}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6)
setgroups(0x0, 0x0)
setregid(0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$SG_IO(r1, 0x2285, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

3m53.569713549s ago: executing program 7 (id=1854):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x11, 0xe, 0x0, 0x0)
epoll_create1(0x80000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x7}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r3 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r3, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731a", 0x8c, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x18)
getpid()
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0a0000000400000048fc00000c00000000000000c6ccb66f4a8ccd815275a25bdc3b6419a3e8eaaec2f3cc33deaf5b83bcea5aa2930bd2a50fe7dc61333e40682894aae8218218da68944c61557ee1721ba8578eb0479562453afa903585a2f0ba363b7fc5dd78ca2abf4d6a0714b618fce70fc154759528f80cdb9ebd6d991f1c852f530fd3605c86671b474cfa2a2b683c18", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='@\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000181100", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_GET_SPECULATION_CTRL(0x23, 0x5, 0x7fffffffeff3)
socket(0x10, 0x803, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r7, 0x5607, 0x4)
ioctl$VT_ACTIVATE(r7, 0x5606, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3)

3m53.287608826s ago: executing program 9 (id=1856):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x100)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

3m53.18803121s ago: executing program 7 (id=1857):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e000000000000000000"], 0x80}}, 0x0)
syz_emit_ethernet(0x26, &(0x7f0000000640)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @broadcast, @val={@val, {0x8100, 0x5, 0x1, 0x3}}, {@can={0xc, {{0x3, 0x1, 0x1}, 0x2, 0x0, 0x0, 0x0, "b47154380b4ae609"}}}}, 0x0)

3m53.017034006s ago: executing program 9 (id=1859):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
sendmsg$inet6(r0, &(0x7f00000004c0)={&(0x7f0000000180)={0xa, 0x0, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, 0x0}, 0x20040001)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0)
shutdown(r0, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010700000000000000000000000014000300686173683a69702c706f72742c6970000900020073797a31000000000500010007000000050005000a0000000500040001000000c1590c9fe92c70409533a7"], 0x4c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

3m52.868835017s ago: executing program 9 (id=1861):
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000040)=0x9)
readv(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl0\x00', <r1=>0x0, 0x29, 0x7f, 0xa3, 0x7, 0x4, @private0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8000, 0x40, 0x9, 0x4}})
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@delchain={0x24, 0x65, 0x10, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0xd, 0x10}, {0x0, 0xfff1}, {0xc, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x4055)
dup(0xffffffffffffffff)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0xffe6)
open$dir(0x0, 0x480, 0x4)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xc, 0x0, 0x0)
sendmsg$inet6(r3, &(0x7f0000000540)={&(0x7f0000000100)={0xa, 0x4e22, 0xcf, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800}, 0x1c, 0x0}, 0x20000001)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8)
add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
syz_open_dev$tty1(0xc, 0x4, 0x1)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x2000802, 0x0)

3m52.71585377s ago: executing program 7 (id=1862):
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2(&(0x7f0000000000)={0x0, <r1=>0x0}, 0x0)
r2 = socket(0x2c, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0xff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r2}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)

3m51.830616887s ago: executing program 9 (id=1865):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r2, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

3m37.14321948s ago: executing program 36 (id=1862):
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2(&(0x7f0000000000)={0x0, <r1=>0x0}, 0x0)
r2 = socket(0x2c, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x11, 0x4, 0x4, 0xff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r2}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)

3m36.620230848s ago: executing program 37 (id=1865):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r2, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)

1m26.578628442s ago: executing program 3 (id=2094):
madvise(&(0x7f000030f000/0x3000)=nil, 0x3000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
gettid()
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000180)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x1)
r3 = socket(0x40000000015, 0x5, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000100)={0x28, 0x7, 0x0, 0x0, &(0x7f0000f6c000/0x4000)=nil, 0x4000, 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x1)

1m24.577779591s ago: executing program 3 (id=2097):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r2, 0x2007ffb)
close(r2)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0xc8a02, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)

1m20.310490582s ago: executing program 3 (id=2107):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)

1m19.150587514s ago: executing program 3 (id=2108):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
splice(r0, &(0x7f0000000400)=0x7, r0, &(0x7f0000000480)=0x86, 0x2, 0xb)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unlink(&(0x7f00000002c0)='./file0\x00')
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
rename(0x0, &(0x7f0000000140)='./file1\x00')

1m17.092379019s ago: executing program 3 (id=2114):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0201, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r2, 0x0, 0x4000080)
pipe2$9p(0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)

1m5.971678533s ago: executing program 3 (id=2127):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, &(0x7f0000000380), &(0x7f00000003c0)=r7}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000001a00)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50)
unshare(0x64000600)
r9 = inotify_init1(0x80800)
inotify_add_watch(r9, &(0x7f0000000400)='.\x00', 0xa4000021)

50.840440201s ago: executing program 38 (id=2127):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r6}, &(0x7f0000000380), &(0x7f00000003c0)=r7}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000001a00)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50)
unshare(0x64000600)
r9 = inotify_init1(0x80800)
inotify_add_watch(r9, &(0x7f0000000400)='.\x00', 0xa4000021)

14.988192281s ago: executing program 8 (id=2202):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5'])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000380), 0x1000a)

14.939756995s ago: executing program 6 (id=2203):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0xf0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0xc402, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40)

14.687696034s ago: executing program 8 (id=2205):
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x200000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000001600), 0xfc, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x1)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
r3 = open(&(0x7f00000000c0)='./file2\x00', 0x66842, 0x21)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3)

13.094445864s ago: executing program 6 (id=2207):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
gettid()
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="d80000001c0081054e81f782db44b904021d08040e000000100d10a118000c000600142603600e1208000f0000810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee0800080e408e8d8ef52a98516277ce06ebace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad8099639cace81ed0bffec193e2a9ecbee5de6ccd4d6e4ed6f3d93452a92954b", 0xd2}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$VIDIOC_CROPCAP(r4, 0xc02c563a, &(0x7f00000000c0)={0xa, {0x4, 0x3, 0x1, 0x401}, {0x0, 0x2, 0x4, 0x1000}, {0xa47, 0x5}})
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r5, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=@newlink={0x58, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_BACKUP_PORT={0x8}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000b00)={{{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x5, 0x0}, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x10, 0x1}, {0x7fe000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff}, {0x0, 0x0, 0x3}, 0x0, 0x0, 0x1, 0x1}, {{@in=@rand_addr=0xffffffff, 0x4d6, 0x32}, 0x2, @in6=@remote, 0x0, 0x2, 0x0, 0xb7, 0xb, 0x81}}, 0xe8)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000580)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xc45, 0x5112, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x8007}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x3}}}}}]}}]}}, 0x0)
flistxattr(r0, &(0x7f0000000080)=""/210, 0xd2)

12.825847799s ago: executing program 8 (id=2208):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a00010100000000000204000a"], 0x14}}, 0x0)

10.971450091s ago: executing program 8 (id=2210):
socket(0x1d, 0x2, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000080)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pxlCWptTw+bafxiLi48V/v0lf0Wkc4s81KgAAMHB+OZn3BBv7f4XYXZfu/9kcymhEPB0ROyPimYjYFRHPRlTTPhcRzzdmkERUOuS/qyG+nP+P2SxC4fYjV7KDtP/3Vja3tbL/V8iTjA5lsR0ReYd57nB2TMajNPzJ2fLckTb737JK/vX9v/SV5p/3BbNy3C42DNDNTi9MP1xtm925HrG32Fj/pJieuHwaJ4mIPRGxt4f9jtaFz7723b6lSGllutXrX1VpMaXX83xcK5VvI16tnf/FWHH+l3NMOs9PTo5Eee7wZHoVHG6Zx2+/3/igXf6r1v+nvxo3eef4z6cetdpL0vO/re76j3z+drn+o0lEsjRfOx9RGeotjxt/fFXd79ih5nUPe/1vST6qhvP29fn0wsKlIxFbkveal08tb5vH8/Rp/ccPtW7/O7Nt0iPxQkSkF/GLEfFSROzPyn4gIg5GRIuqLfn17Zc/bbeuy+t/zaT1n215/1tx/pfn67sM5BunS4bOHbj1oM3No7vzf6waGs+WtL7/JStuEd2W9NGOHgAAAGwOhah+978wsRQuFCYmamNAu2JboXxxfmF/RFyYrT0jMBqlQj7SVRsPLiX5+OdoXXyqIX40Gzf+emhrNT4xc7E8u9GVhwG3vdrmk6b2n/q7x3FeYBPqwzwasEmt1v5331ynggDrzvs/DK669r/YJsmib8rAk8n7PwyuVu3/Wnzf8dkF9wzY/CraMgw07R8GVzE+XApXH3tu+bQt8CTy/g8Dqdfn+nsLVIZbrxqJFr8YMLI2xdjaIq8NCaQ9qz7usBQR3SXe+jBZ5F3A9r/wUOhth8PRvGooOm2V9PA7DnkgPSqrJj6zu+8Xf/6bKP2+bH5YbqelLk93nwIbcjsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADou/8CAAD//98p1nk=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)

8.730726326s ago: executing program 0 (id=2211):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)

7.381318188s ago: executing program 0 (id=2212):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xff2c)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10)
r1 = getpgrp(0xffffffffffffffff)
ptrace$ARCH_MAP_VDSO_X32(0x1e, r1, 0x9, 0x2001)
socket$inet6(0xa, 0x3, 0x3c)
socket$inet(0xa, 0x801, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r3, 0x0, 0x1843}, 0x18)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rFdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00'])
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000000314010030bd7000ffdbdf250900020073797a30000000000800410073697700140033007767310000000000f4ffff0600000000"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x4008010)

6.173062743s ago: executing program 0 (id=2213):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file1\x00', 0x8, &(0x7f0000002500)=ANY=[], 0x1, 0x1e2, &(0x7f0000000100)="$eJzslc+q00AUxr9JYtKKT+DGhRfsxjRJVdwU6saVC0GhuBAsNi3V1EqbhS2I+ATu3bnwMYS69SGkCqIoulHXI/MnydimSv9oBc8P7smXzNwzZ86kX0AQxH/L2zffF/xb830FwAkcwdPPP9jFHMuY/7ry5eHLK5fbT24+f+Ut/OrP2byN13cAzC/ZSPU955yb40f6eh1Wpo+Z420w+FrfgvXxmtYxGG5ofcfQIzHf93uDJPZvj5KuEIEIoQiRCI3l+j4/Zuga9TFjfDKd3e0kSTwuhL3yZEdR3rn5p7y+CtA06jPPy4eqNij6hxAWQq0bYMh6dhFe1hvVEmP/J50iv/3L/bvYcdvvABRPevvr46pwxVJb/TvAys7+zwlv/Qu3g7AhRXaiq3OcLfvzrwg4e0vIPeB3c8Sv5C9uMLPCFy11zUt9pO43S9haM+RumEd3PvdP/ozhjOFPykqeyje6ng7v1yfT2dnBsNOP+/G9KGpcCM4FwfmoLo1IxTIDtFX+qvSn40X+arlfAi5z8aCTpuNQxfw+UrHMcS3pfxZqp9V3R7ipu5T3K4BsUab/LHkVqmavq4cgCOKQnAKTnix9ORP6a5IPcB5dPXCdBEEQBEEQBEEQBEFsz48AAAD//yY9Vcg=")
llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x6)

5.874368485s ago: executing program 0 (id=2214):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
timerfd_create(0x0, 0x80000)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)

5.421914762s ago: executing program 6 (id=2215):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x3)
timer_create(0x3, &(0x7f0000000080)={0x0, 0xe}, &(0x7f0000000100))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1, 0x0, 0x7fd}, 0x18)
fstat(0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x2}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0xb, &(0x7f00000009c0)=ANY=[@ANYRES64], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000021c0), 0x181000)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0xc0a85320, &(0x7f0000000c40)={{0x80}, 'port0\x00', 0x41, 0xfe8ee28a1d9fac77, 0x8, 0x6, 0x2, 0x40, 0x3, 0x0, 0x6, 0x5})
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r4, 0xc0a85320, &(0x7f00000007c0)={{0x80}, 'port0\x00', 0x3c, 0x800, 0xd, 0x2, 0x107, 0x6, 0x5, 0x0, 0x0, 0x3})
close(r4)

5.386171095s ago: executing program 8 (id=2216):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0xf0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0xc402, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40)

4.194966564s ago: executing program 6 (id=2217):
syz_usb_connect(0x5, 0x27, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b75c7f40470501026411010203110902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000780)={&(0x7f0000000500)=[{0x7fff, 0x800, 0x1, &(0x7f00000000c0)="18"}, {0xf1, 0x4001, 0x0, 0x0}], 0x2})

2.494069037s ago: executing program 8 (id=2218):
r0 = socket$tipc(0x1e, 0x5, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0xfeffff, 0x0, 0x0, &(0x7f0000000700), 0x0, 0xf0, 0x0, 0x0, 0x0, 0x0}, 0x50)
capset(0x0, 0x0)

2.32535357s ago: executing program 6 (id=2219):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a00010100000000000204000a"], 0x14}}, 0x0)

1.089859994s ago: executing program 6 (id=2220):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], &(0x7f0000000100)=""/125, 0x4e, 0x7d, 0x1, 0x6}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c0000000000000000000000180100002020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r0, &(0x7f0000000100)=ANY=[], 0x72)

218.719607ms ago: executing program 0 (id=2221):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000380), 0x1000a)

0s ago: executing program 0 (id=2222):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
setpgid(r0, r0)
setpgid(0x0, r0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x1f00, 0x12)
r2 = openat$autofs(0xffffffffffffff9c, 0x0, 0x40100, 0x0)
r3 = fsopen(&(0x7f0000000080)='nilfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, 0x0)

kernel console output (not intermixed with test programs):

read/64, error -71
[  559.761653][T11985] loop6: detected capacity change from 0 to 512
[  559.818124][T11985] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  559.830224][ T7231] usb usb1-port1: attempt power cycle
[  559.898240][T11987] loop8: detected capacity change from 0 to 256
[  559.911440][T11985] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  559.933648][T11985] ext4 filesystem being mounted at /223/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  559.935213][T11987] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  560.036797][ T1151] Bluetooth: hci4: Frame reassembly failed (-84)
[  561.066996][ T7231] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  561.097564][ T5973] IPVS: starting estimator thread 0...
[  561.111393][ T7231] usb 1-1: device descriptor read/8, error -71
[  561.381991][T11997] IPVS: using max 22 ests per chain, 52800 per kthread
[  561.701223][T12004] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  561.725010][T12004] overlayfs: overlapping lowerdir path
[  562.041969][T10845] Bluetooth: hci4: command 0x1003 tx timeout
[  562.049342][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  563.355541][T12024] lo speed is unknown, defaulting to 1000
[  563.466973][T12027] overlayfs: failed to resolve './file1': -2
[  563.674823][T12024] wlan0 speed is unknown, defaulting to 1000
[  563.815245][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  564.091451][T12019] loop3: detected capacity change from 0 to 8192
[  564.233173][ T6099] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  564.427366][ T6099] usb 10-1: config 150 has an invalid interface number: 204 but max is 2
[  564.464130][ T6099] usb 10-1: config 150 has 2 interfaces, different from the descriptor's value: 3
[  564.494683][ T6099] usb 10-1: config 150 has no interface number 0
[  564.515217][ T6099] usb 10-1: config 150 interface 204 has no altsetting 0
[  564.575951][ T6099] usb 10-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  564.617593][ T6099] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.651503][T12043] siw: device registration error -23
[  564.659662][T12044] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1840'.
[  564.677016][ T6099] usb 10-1: Product: syz
[  564.699381][ T6099] usb 10-1: Manufacturer: syz
[  564.714961][T12050] rdma_rxe: rxe_newlink: failed to add bond0
[  564.724315][ T6099] usb 10-1: SerialNumber: syz
[  565.134620][ T6099] xr_serial 10-1:150.204: skipping garbage
[  565.146959][T12053] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  565.223273][ T6099] xr_serial 10-1:150.204: xr_serial converter detected
[  565.262253][T12053] qnx6: wrong signature (magic) in superblock #1.
[  565.283667][T12053] qnx6: unable to read the first superblock
[  566.562570][ T6099] xr_serial ttyUSB0: Failed to set reg 0x0e: -71
[  566.569005][ T6099] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  566.744337][ T6099] usb 10-1: USB disconnect, device number 4
[  566.802043][    T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  566.817971][ T6099] xr_serial 10-1:150.204: device disconnected
[  567.008225][    T9] usb 9-1: Using ep0 maxpacket: 8
[  567.044820][    T9] usb 9-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  567.108234][    T9] usb 9-1: config 179 has 0 interfaces, different from the descriptor's value: 1
[  567.120719][T12068] syzkaller0: entered promiscuous mode
[  567.137633][T12068] syzkaller0: entered allmulticast mode
[  567.153538][    T9] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  567.197926][T12069] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  567.215250][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.224907][T12072] netlink: 'syz.6.1855': attribute type 1 has an invalid length.
[  567.412952][T12074] macvlan4: entered promiscuous mode
[  567.414124][T12077] overlayfs: failed to resolve './file1': -2
[  567.418279][T12074] macvlan4: entered allmulticast mode
[  567.419360][T12074] bond3: entered promiscuous mode
[  567.435785][T12074] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  567.495117][T12074] bond3: left promiscuous mode
[  567.537061][    T9] usb 9-1: USB disconnect, device number 2
[  567.867779][T12087] siw: device registration error -23
[  567.979929][T12090] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  568.010719][T12090] qnx6: wrong signature (magic) in superblock #1.
[  568.018066][T12090] qnx6: unable to read the first superblock
[  568.835054][T12096] Bluetooth: hci0: Opcode 0x080f failed: -22
[  569.081195][T12101] trusted_key: syz.9.1865 sent an empty control message without MSG_MORE.
[  570.082354][T12106] lo speed is unknown, defaulting to 1000
[  570.304849][T12106] wlan0 speed is unknown, defaulting to 1000
[  572.398771][T12118] syzkaller0: entered promiscuous mode
[  572.414865][T12118] syzkaller0: entered allmulticast mode
[  572.448669][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  572.458209][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  572.653885][T12122] netlink: 'syz.8.1873': attribute type 1 has an invalid length.
[  572.720584][T12122] macvlan2: entered promiscuous mode
[  572.726404][T12122] macvlan2: entered allmulticast mode
[  572.734916][T12122] bond1: entered promiscuous mode
[  572.740725][T12122] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  572.761074][T12122] bond1: left promiscuous mode
[  572.919138][T12127] overlayfs: failed to resolve './file1': -2
[  573.343878][T12131] loop8: detected capacity change from 0 to 512
[  573.369291][T12131] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  573.598512][T12131] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  573.656773][T12131] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  573.759680][T12131] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  573.873538][T12141] siw: device registration error -23
[  573.944654][T12142] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  573.986595][T12142] qnx6: wrong signature (magic) in superblock #1.
[  573.995083][T12142] qnx6: unable to read the first superblock
[  574.522176][T12145] loop3: detected capacity change from 0 to 256
[  574.573714][T12145] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  574.970310][    T9] IPVS: starting estimator thread 0...
[  575.003340][T10959] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.101913][T12150] IPVS: using max 22 ests per chain, 52800 per kthread
[  575.558195][    T9] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  575.760277][    T9] usb 1-1: config 150 has an invalid interface number: 204 but max is 2
[  575.789817][    T9] usb 1-1: config 150 has 2 interfaces, different from the descriptor's value: 3
[  575.810125][    T9] usb 1-1: config 150 has no interface number 0
[  575.820444][    T9] usb 1-1: config 150 interface 204 has no altsetting 0
[  575.837887][    T9] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  575.861067][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.129470][    T9] usb 1-1: Product: syz
[  576.134597][    T9] usb 1-1: Manufacturer: syz
[  576.139213][    T9] usb 1-1: SerialNumber: syz
[  576.622385][T12159] lo speed is unknown, defaulting to 1000
[  577.306380][    T9] xr_serial 1-1:150.204: skipping garbage
[  577.332050][    T9] xr_serial 1-1:150.204: xr_serial converter detected
[  577.483076][T12159] wlan0 speed is unknown, defaulting to 1000
[  580.372199][T12180] netlink: 'syz.6.1889': attribute type 1 has an invalid length.
[  580.522642][T12180] macvlan4: entered promiscuous mode
[  580.527999][T12180] macvlan4: entered allmulticast mode
[  580.534827][T12180] bond4: entered promiscuous mode
[  580.540650][T12180] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  580.878506][T12180] bond4: left promiscuous mode
[  580.949602][    T9] xr_serial ttyUSB0: Failed to set reg 0x0c: -71
[  580.959758][    T9] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  581.021255][    T9] usb 1-1: USB disconnect, device number 9
[  581.069408][    T9] xr_serial 1-1:150.204: device disconnected
[  581.535115][T12192] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  581.547742][T12192] qnx6: wrong signature (magic) in superblock #1.
[  581.554345][T12192] qnx6: unable to read the first superblock
[  582.061660][T12200] Bluetooth: hci0: Opcode 0x080f failed: -22
[  582.532999][T12202] loop6: detected capacity change from 0 to 4096
[  582.549656][T12202] EXT4-fs: Ignoring removed nomblk_io_submit option
[  582.624666][T12202] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.069229][T12211] 9p: Bad value for 'source'
[  583.209410][T12214] siw: device registration error -23
[  583.256637][T12212] siw: device registration error -23
[  584.224105][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.403067][T10845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  584.446111][T10845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  584.473015][T10845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  584.510099][T10845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  584.518568][T10845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  584.702787][T12223] lo speed is unknown, defaulting to 1000
[  584.750177][T12231] overlayfs: failed to resolve './file1': -2
[  586.402792][T12237] netlink: 'syz.3.1905': attribute type 1 has an invalid length.
[  586.472834][T10845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  586.483759][T10845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  586.492337][T10845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  586.506322][T10845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  586.515772][T10845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  586.612169][T10845] Bluetooth: hci4: command tx timeout
[  586.680308][T12237] macvlan3: entered promiscuous mode
[  586.746559][T12237] macvlan3: entered allmulticast mode
[  586.824150][T12237] bond1: entered promiscuous mode
[  586.879466][T12237] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  587.025557][T12237] bond1: left promiscuous mode
[  587.294159][ T6014] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  587.359334][T12223] wlan0 speed is unknown, defaulting to 1000
[  587.482258][ T6014] usb 1-1: Using ep0 maxpacket: 8
[  587.512448][ T6014] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  587.520752][ T6014] usb 1-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  587.588485][ T6014] usb 1-1: config 179 has no interface number 0
[  587.603581][ T7371] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.620359][ T6014] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  587.723699][T12247] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  587.734368][T12247] qnx6: wrong signature (magic) in superblock #1.
[  587.740790][T12247] qnx6: unable to read the first superblock
[  587.749319][ T6014] usb 1-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  587.783035][ T6014] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  587.851790][ T6014] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.878099][T12240] lo speed is unknown, defaulting to 1000
[  588.186852][T12253] syzkaller0: entered promiscuous mode
[  588.221228][ T6014] usb 1-1: USB disconnect, device number 10
[  588.240388][T12253] syzkaller0: entered allmulticast mode
[  588.276137][T12257] loop3: detected capacity change from 0 to 512
[  588.320528][T12257] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  588.446426][ T7371] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.464543][T12257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  588.491117][T12257] ext4 filesystem being mounted at /358/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  588.548514][T12257] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  588.612190][T10845] Bluetooth: hci1: command tx timeout
[  588.631378][T12259] loop8: detected capacity change from 0 to 4096
[  588.673341][T12259] EXT4-fs: Ignoring removed nomblk_io_submit option
[  588.683206][T10845] Bluetooth: hci4: command tx timeout
[  588.791615][T12259] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.045321][T12264] 9p: Bad value for 'source'
[  589.300840][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.381952][T10959] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.801944][T12268] loop3: detected capacity change from 0 to 4096
[  590.187930][T12273] netlink: 29868 bytes leftover after parsing attributes in process `syz.3.1912'.
[  590.682024][T10845] Bluetooth: hci1: command tx timeout
[  590.761979][T10845] Bluetooth: hci4: command tx timeout
[  592.787481][T10845] Bluetooth: hci1: command tx timeout
[  592.842127][T10845] Bluetooth: hci4: command tx timeout
[  594.298000][ T7371] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.342899][T12299] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  594.367062][T12299] qnx6: wrong signature (magic) in superblock #1.
[  594.374607][T12299] qnx6: unable to read the first superblock
[  594.417212][T12240] wlan0 speed is unknown, defaulting to 1000
[  594.529952][T12278] lo speed is unknown, defaulting to 1000
[  594.753320][T12278] wlan0 speed is unknown, defaulting to 1000
[  594.803588][ T7371] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.842342][ T5852] Bluetooth: hci1: command tx timeout
[  595.578093][ T7371] bridge_slave_1: left allmulticast mode
[  595.598869][ T7371] bridge_slave_1: left promiscuous mode
[  595.625673][ T7371] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.711154][T12309] loop6: detected capacity change from 0 to 512
[  595.759612][ T7371] bridge_slave_0: left allmulticast mode
[  595.778124][ T7371] bridge_slave_0: left promiscuous mode
[  595.804167][ T7371] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.872200][   T30] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  595.976743][T12309] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  596.132390][   T30] usb 4-1: Using ep0 maxpacket: 8
[  596.229752][T12309] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  596.262514][   T30] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  596.271458][   T30] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  596.400350][T12309] ext4 filesystem being mounted at /242/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  596.412027][   T30] usb 4-1: config 179 has no interface number 0
[  596.419006][   T30] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  596.533383][   T30] usb 4-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  596.552260][   T30] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  596.633073][T12309] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  596.648285][   T30] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.033717][ T7371] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  597.057236][ T7371] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  597.090318][ T7371] bond0 (unregistering): Released all slaves
[  597.139337][ T7371] bond1 (unregistering): Released all slaves
[  597.197275][ T7371] bond2 (unregistering): Released all slaves
[  597.233541][    T9] usb 4-1: USB disconnect, device number 4
[  597.314140][ T7371] bond3 (unregistering): Released all slaves
[  597.467008][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  598.400634][T12327] loop6: detected capacity change from 0 to 4096
[  598.424760][T12335] siw: device registration error -23
[  598.483090][T12327] EXT4-fs: Ignoring removed nomblk_io_submit option
[  598.608303][T12327] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  599.438816][T12338] 9p: Bad value for 'source'
[  599.845524][T12223] chnl_net:caif_netlink_parms(): no params data found
[  599.986871][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  600.794952][T12344] loop3: detected capacity change from 0 to 256
[  601.042606][T12344] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  601.106808][ T7371] hsr_slave_0: left promiscuous mode
[  601.124675][ T7371] hsr_slave_1: left promiscuous mode
[  601.430152][ T7371] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  601.672369][ T7371] batman_adv: batadv0: Removing interface: batadv_slave_0
[  601.730706][ T7371] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  601.778173][ T7371] batman_adv: batadv0: Removing interface: batadv_slave_1
[  602.003904][ T7371] veth1_macvtap: left promiscuous mode
[  602.032086][ T7371] veth0_macvtap: left promiscuous mode
[  602.061377][T12363] netlink: 'syz.3.1931': attribute type 1 has an invalid length.
[  602.080847][ T7371] veth1_vlan: left promiscuous mode
[  602.100750][ T7371] veth0_vlan: left promiscuous mode
[  602.953849][T12380] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  603.188322][ T7371] team0 (unregistering): Port device team_slave_1 removed
[  603.229578][ T7371] team0 (unregistering): Port device team_slave_0 removed
[  603.802769][T12363] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  603.821832][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  604.042265][   T10] usb 1-1: Using ep0 maxpacket: 8
[  604.053558][   T10] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  604.087022][   T10] usb 1-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  604.119955][   T10] usb 1-1: config 179 has no interface number 0
[  604.149172][   T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  604.414453][   T10] usb 1-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  604.428567][   T10] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  604.439398][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.493097][   T10] usb 1-1: USB disconnect, device number 11
[  605.819290][T12400] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  605.826471][T12400] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  605.832844][T12400] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  605.936459][T12400] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  606.048252][T12400] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  606.057388][T12400] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  606.065697][T12400] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  606.331066][T12223] bridge0: port 1(bridge_slave_0) entered blocking state
[  606.390194][T12223] bridge0: port 1(bridge_slave_0) entered disabled state
[  606.445254][T12223] bridge_slave_0: entered allmulticast mode
[  606.483788][T12223] bridge_slave_0: entered promiscuous mode
[  606.527091][T12240] chnl_net:caif_netlink_parms(): no params data found
[  606.607312][T12407] lo speed is unknown, defaulting to 1000
[  606.670696][T12223] bridge0: port 2(bridge_slave_1) entered blocking state
[  606.685842][T12414] loop3: detected capacity change from 0 to 4096
[  606.732477][T12414] EXT4-fs: Ignoring removed nomblk_io_submit option
[  606.741144][T12417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1939'.
[  606.762013][T12223] bridge0: port 2(bridge_slave_1) entered disabled state
[  606.770590][T12223] bridge_slave_1: entered allmulticast mode
[  606.800990][T12418] syz0: rxe_newlink: already configured on bond0
[  606.887566][T12223] bridge_slave_1: entered promiscuous mode
[  606.937468][T12414] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  607.112265][T12424] 9p: Bad value for 'source'
[  607.126028][T12407] wlan0 speed is unknown, defaulting to 1000
[  607.548461][T12223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  607.673234][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  607.831071][ T7371] IPVS: stop unused estimator thread 0...
[  607.883179][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  607.883194][T10845] Bluetooth: hci3: command 0x0419 tx timeout
[  607.896732][T12223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  608.122508][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[  608.585908][T12441] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  608.631973][T12441] qnx6: wrong signature (magic) in superblock #1.
[  608.639074][T12441] qnx6: unable to read the first superblock
[  608.698184][T12433] ªªªªªª: renamed from vlan0
[  608.886387][T12240] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.917900][T12240] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.121517][T12240] bridge_slave_0: entered allmulticast mode
[  609.208374][T12240] bridge_slave_0: entered promiscuous mode
[  609.281168][T12223] team0: Port device team_slave_0 added
[  609.307993][T12443] netlink: 'syz.6.1945': attribute type 1 has an invalid length.
[  609.333889][T12240] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.347102][T12445] loop3: detected capacity change from 0 to 512
[  609.388134][T12240] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.389459][T12445] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  609.460313][T12445] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  609.480222][T12240] bridge_slave_1: entered allmulticast mode
[  609.480531][T12445] ext4 filesystem being mounted at /370/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  609.510904][T12240] bridge_slave_1: entered promiscuous mode
[  609.527319][T12445] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  609.611037][T12223] team0: Port device team_slave_1 added
[  609.763354][T12446] macvlan4: entered promiscuous mode
[  609.773151][T12446] macvlan4: entered allmulticast mode
[  609.786636][T12446] bond5: entered promiscuous mode
[  609.798073][T12446] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  609.838321][T12446] bond5: left promiscuous mode
[  609.962571][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  610.212636][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[  610.283179][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  610.353477][ T1122] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.581561][ T1122] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.748232][T12240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  610.888936][ T1122] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.993495][T12223] batman_adv: batadv0: Adding interface: batadv_slave_0
[  611.023752][T12223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  611.074792][T12223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  611.109743][T12240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  611.142842][T12223] batman_adv: batadv0: Adding interface: batadv_slave_1
[  611.149791][T12223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  611.211905][T12223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  611.978195][ T1122] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.042142][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  612.095445][T12240] team0: Port device team_slave_0 added
[  612.132866][T12480] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  612.139582][T12480] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  612.146260][T12480] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  612.185780][T12240] team0: Port device team_slave_1 added
[  612.207583][T12485] syz0: rxe_newlink: already configured on bond0
[  612.533261][T12487] loop6: detected capacity change from 0 to 4096
[  612.563155][T12487] EXT4-fs: Ignoring removed nomblk_io_submit option
[  612.699089][T12487] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  613.017213][T12496] 9p: Bad value for 'source'
[  613.057883][T12240] batman_adv: batadv0: Adding interface: batadv_slave_0
[  613.098640][T12240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  613.202354][T12240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  613.261102][T12223] hsr_slave_0: entered promiscuous mode
[  613.293078][T12223] hsr_slave_1: entered promiscuous mode
[  613.340267][T12223] debugfs: 'hsr0' already exists in 'hsr'
[  613.362013][T12223] Cannot create hsr debugfs directory
[  613.424679][T12240] batman_adv: batadv0: Adding interface: batadv_slave_1
[  613.451869][T12240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  613.512065][T12240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.636075][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  614.286231][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  614.292577][T10845] Bluetooth: hci4: command 0x0c1a tx timeout
[  614.298735][ T5852] Bluetooth: hci3: command 0x0419 tx timeout
[  614.406151][T12240] hsr_slave_0: entered promiscuous mode
[  614.467696][T12240] hsr_slave_1: entered promiscuous mode
[  614.499671][T12240] debugfs: 'hsr0' already exists in 'hsr'
[  614.527597][T12240] Cannot create hsr debugfs directory
[  614.606463][ T1122] bridge_slave_1: left allmulticast mode
[  614.627653][ T1122] bridge_slave_1: left promiscuous mode
[  614.644221][ T1122] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.692178][ T1122] bridge_slave_0: left allmulticast mode
[  614.707335][ T1122] bridge_slave_0: left promiscuous mode
[  614.721037][ T1122] bridge0: port 1(bridge_slave_0) entered disabled state
[  615.482428][   T10] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  616.253381][   T10] usb 7-1: config 150 has an invalid interface number: 204 but max is 2
[  616.281839][   T10] usb 7-1: config 150 has 2 interfaces, different from the descriptor's value: 3
[  616.290990][   T10] usb 7-1: config 150 has no interface number 0
[  616.311673][   T10] usb 7-1: config 150 interface 204 has no altsetting 0
[  616.330407][   T10] usb 7-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  616.359598][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.370297][   T10] usb 7-1: Product: syz
[  616.385571][   T10] usb 7-1: Manufacturer: syz
[  616.390189][   T10] usb 7-1: SerialNumber: syz
[  616.447218][T12523] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  616.580636][ T1122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  616.593414][ T1122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  616.625309][   T10] xr_serial 7-1:150.204: skipping garbage
[  616.632439][ T1122] bond0 (unregistering): Released all slaves
[  616.641869][   T10] xr_serial 7-1:150.204: xr_serial converter detected
[  616.659401][ T1122] bond1 (unregistering): Released all slaves
[  616.685622][ T1122] bond2 (unregistering): Released all slaves
[  616.770682][T12520] lo speed is unknown, defaulting to 1000
[  617.344406][T12530] netlink: 'syz.3.1959': attribute type 1 has an invalid length.
[  617.359518][T12520] wlan0 speed is unknown, defaulting to 1000
[  617.436054][   T10] xr_serial ttyUSB0: Failed to set reg 0x0e: -71
[  617.465160][   T10] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  617.508902][   T10] usb 7-1: USB disconnect, device number 4
[  617.537191][   T10] xr_serial 7-1:150.204: device disconnected
[  617.881536][T12535] macvlan3: entered promiscuous mode
[  617.896219][T12535] macvlan3: entered allmulticast mode
[  617.913874][T12535] bond2: entered promiscuous mode
[  617.926260][T12535] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  617.938556][T12535] bond2: left promiscuous mode
[  618.067817][T12539] syzkaller0: entered promiscuous mode
[  618.093277][T12539] syzkaller0: entered allmulticast mode
[  620.873183][T12557] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  620.879303][T12557] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  620.885514][T12557] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  621.071957][ T1122] hsr_slave_0: left promiscuous mode
[  621.088618][ T1122] hsr_slave_1: left promiscuous mode
[  621.098572][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  621.118451][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  621.158693][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  621.205833][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  621.281551][ T1122] veth1_macvtap: left promiscuous mode
[  621.885955][ T1122] veth0_macvtap: left promiscuous mode
[  621.905114][ T1122] veth1_vlan: left promiscuous mode
[  621.910963][ T1122] veth0_vlan: left promiscuous mode
[  621.917669][T12565] loop6: detected capacity change from 0 to 4096
[  621.932691][T12565] EXT4-fs: Ignoring removed nomblk_io_submit option
[  621.992203][T12565] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  622.145015][T12575] 9p: Bad value for 'source'
[  622.219989][T12576] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  622.251970][T12576] qnx6: wrong signature (magic) in superblock #1.
[  622.284567][T12576] qnx6: unable to read the first superblock
[  622.406506][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  622.652488][T12578] loop6: detected capacity change from 0 to 512
[  622.667475][T12578] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  623.141889][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout
[  623.148580][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  623.155285][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  624.231922][   T30] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  624.400762][ T1122] team0 (unregistering): Port device team_slave_1 removed
[  624.412123][   T30] usb 7-1: Using ep0 maxpacket: 8
[  624.434730][   T30] usb 7-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  624.457485][   T30] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.477673][   T30] usb 7-1: Product: syz
[  624.478522][ T1122] team0 (unregistering): Port device team_slave_0 removed
[  624.484854][   T30] usb 7-1: Manufacturer: syz
[  624.497863][   T30] usb 7-1: SerialNumber: syz
[  624.549024][   T30] usb 7-1: config 0 descriptor??
[  624.593728][   T30] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  624.613270][   T30] dvb-usb: bulk message failed: -22 (2/0)
[  624.736612][   T30] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  624.816612][T12581] cxusb: i2c rd: len=120 is too big!
[  624.816612][T12581] 
[  624.837078][   T30] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  624.848245][   T30] usb 7-1: media controller created
[  624.957596][   T30] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  626.227127][   T30] cxusb: set interface failed
[  626.352011][   T30] dvb-usb: bulk message failed: -22 (1/0)
[  626.658774][T12589] loop6: detected capacity change from 0 to 512
[  626.701916][T12589] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  626.760067][T12589] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  626.814608][T12589] ext4 filesystem being mounted at /257/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  626.844489][T12589] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  626.917425][   T30] DVB: Unable to find symbol mt352_attach()
[  626.958792][   T30] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  627.531828][   T30] rc_core: IR keymap rc-dvico-portable not found
[  627.764825][T12223] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  627.801821][   T30] Registered IR keymap rc-empty
[  627.810226][   T30] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0
[  627.894582][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  627.921095][T12223] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  627.993122][ T5902] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  628.204369][ T5902] usb 1-1: config 150 has an invalid interface number: 204 but max is 2
[  628.247928][ T5902] usb 1-1: config 150 has 2 interfaces, different from the descriptor's value: 3
[  628.249599][   T30] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input6
[  628.273975][T12223] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  628.345424][ T5902] usb 1-1: config 150 has no interface number 0
[  628.373140][ T5902] usb 1-1: config 150 interface 204 has no altsetting 0
[  628.434154][ T5902] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  628.459871][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.472749][   T30] dvb-usb: schedule remote query interval to 100 msecs.
[  628.513625][ T5902] usb 1-1: Product: syz
[  628.517841][ T5902] usb 1-1: Manufacturer: syz
[  628.559454][T12223] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  628.566443][ T5902] usb 1-1: SerialNumber: syz
[  628.781848][   T30] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  628.865326][ T5902] xr_serial 1-1:150.204: skipping garbage
[  628.871132][ T5902] xr_serial 1-1:150.204: xr_serial converter detected
[  628.918520][ T6100] dvb-usb: bulk message failed: -22 (1/0)
[  629.122258][   T30] usb 7-1: USB disconnect, device number 5
[  629.289692][T12610] syzkaller0: entered promiscuous mode
[  629.299392][T12610] syzkaller0: entered allmulticast mode
[  629.524526][   T30] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  629.662210][ T5902] xr_serial ttyUSB0: Failed to set reg 0x0e: -71
[  629.669152][ T5902] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  629.715560][ T5902] usb 1-1: USB disconnect, device number 12
[  629.749606][ T5902] xr_serial 1-1:150.204: device disconnected
[  631.862598][   T31] audit: type=1800 audit(1767071154.718:1102): pid=12645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.1978" name="bus" dev="ramfs" ino=35040 res=0 errno=0
[  633.292212][T12635] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  633.298391][T12635] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  633.304575][T12635] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  634.037133][   T31] audit: type=1326 audit(1767071156.898:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12650 comm="syz.6.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  634.067176][   T31] audit: type=1326 audit(1767071156.928:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12650 comm="syz.6.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  634.112514][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  634.118899][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  635.027792][T12662] lo speed is unknown, defaulting to 1000
[  635.336101][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[  635.344882][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  635.350970][ T5852] Bluetooth: hci3: command 0x0419 tx timeout
[  635.363858][T12662] wlan0 speed is unknown, defaulting to 1000
[  635.840583][T12669] loop8: detected capacity change from 0 to 32768
[  635.849005][T12669] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1983 (12669)
[  635.992243][T12669] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  636.002761][T12669] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  636.139425][T12684] loop6: detected capacity change from 0 to 16
[  636.239062][T12669] BTRFS info (device loop8): enabling ssd optimizations
[  636.246530][T12669] BTRFS info (device loop8): turning on async discard
[  636.255405][T12669] BTRFS info (device loop8): enabling free space tree
[  636.271812][T12684] erofs (device loop6): mounted with root inode @ nid 36.
[  636.948416][T12692] syz.6.1984: attempt to access beyond end of device
[  636.948416][T12692] loop6: rw=0, sector=301990144, nr_sectors = 257 limit=16
[  636.963401][T12692] syz.6.1984: attempt to access beyond end of device
[  636.963401][T12692] loop6: rw=0, sector=301990400, nr_sectors = 1 limit=16
[  636.979937][T12692] erofs (device loop6): read error -5 @ 0 of nid 36
[  638.582887][   T31] audit: type=1800 audit(1767071160.678:1105): pid=12696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1983" name="file2" dev="loop8" ino=261 res=0 errno=0
[  639.138512][T12698] netlink: 'syz.3.1986': attribute type 1 has an invalid length.
[  639.185418][T10959] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  639.279491][T12240] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  639.356839][T12240] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  639.592459][T12240] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  639.638944][T12240] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  639.768220][T12223] 8021q: adding VLAN 0 to HW filter on device bond0
[  639.922451][T12706] loop6: detected capacity change from 0 to 2048
[  639.971473][T12223] 8021q: adding VLAN 0 to HW filter on device team0
[  640.031818][T12706] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8842c128, mo2=0002]
[  640.083106][ T4999] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.090274][ T4999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.174903][T12706] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  640.281284][ T4483] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.288524][ T4483] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.312750][T12706] EXT4-fs error (device loop6): ext4_ext_precache:647: inode #2: comm syz.6.1987: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  640.387410][T12706] EXT4-fs (loop6): Remounting filesystem read-only
[  642.159070][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  642.208069][T12735] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  642.214887][T12735] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  642.221581][T12735] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  642.424110][T12741] syzkaller0: entered promiscuous mode
[  642.454923][T12741] syzkaller0: entered allmulticast mode
[  642.812728][T12240] 8021q: adding VLAN 0 to HW filter on device bond0
[  643.062265][   T31] audit: type=1326 audit(1767071165.928:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12748 comm="syz.0.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572c78f749 code=0x7ffc0000
[  643.679157][T12240] 8021q: adding VLAN 0 to HW filter on device team0
[  644.069449][   T31] audit: type=1326 audit(1767071166.198:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12748 comm="syz.0.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572c78f749 code=0x7ffc0000
[  644.212429][ T7370] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.219653][ T7370] bridge0: port 1(bridge_slave_0) entered forwarding state
[  644.287090][T10845] Bluetooth: hci1: command 0x0c1a tx timeout
[  644.293216][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout
[  644.299332][ T5852] Bluetooth: hci3: command 0x0419 tx timeout
[  644.946444][T12773] loop8: detected capacity change from 0 to 32768
[  644.958073][T12773] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1996 (12773)
[  644.977529][T12773] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  644.987730][T12773] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  645.111504][T12783] netlink: 'syz.3.1998': attribute type 1 has an invalid length.
[  645.216993][T12773] BTRFS info (device loop8): enabling ssd optimizations
[  645.224132][T12773] BTRFS info (device loop8): turning on async discard
[  645.231286][T12773] BTRFS info (device loop8): enabling free space tree
[  645.245954][T10845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  645.255540][T10845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  645.264208][T10845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  645.275905][T10845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  645.286130][T10845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  645.659438][T10845] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  645.669922][T10845] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  645.678029][T10845] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  645.701969][T10845] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  645.709920][T10845] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  648.078154][ T5852] Bluetooth: hci7: command tx timeout
[  648.084849][T10845] Bluetooth: hci5: command tx timeout
[  648.321838][T12809] lo speed is unknown, defaulting to 1000
[  648.545605][T12809] wlan0 speed is unknown, defaulting to 1000
[  648.767765][T10959] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  648.794667][T12795] lo speed is unknown, defaulting to 1000
[  648.971400][T12803] lo speed is unknown, defaulting to 1000
[  649.067953][T12818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2003'.
[  650.202791][ T5852] Bluetooth: hci7: command tx timeout
[  650.208363][T10845] Bluetooth: hci5: command tx timeout
[  650.858812][T12795] wlan0 speed is unknown, defaulting to 1000
[  650.912306][T12829] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  650.918461][T12829] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  650.924527][T12829] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  650.987298][T12829] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  651.033480][T12829] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  651.039516][T12829] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  651.085267][T12829] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  651.615623][T12838] syzkaller0: entered promiscuous mode
[  651.621152][T12838] syzkaller0: entered allmulticast mode
[  651.894829][T12803] wlan0 speed is unknown, defaulting to 1000
[  653.001981][ T5852] Bluetooth: hci5: command 0x0419 tx timeout
[  653.008691][T10845] Bluetooth: hci3: command 0x0419 tx timeout
[  653.082149][T10845] Bluetooth: hci7: command 0x0419 tx timeout
[  653.939137][T12819] rdma_rxe: rxe_newlink: failed to add bond0
[  654.559121][   T31] audit: type=1326 audit(1767071177.418:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12864 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  654.623178][   T31] audit: type=1326 audit(1767071177.448:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12864 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  655.092009][ T5852] Bluetooth: hci5: command 0x0419 tx timeout
[  655.163574][ T5852] Bluetooth: hci7: command 0x0419 tx timeout
[  655.251978][T12795] chnl_net:caif_netlink_parms(): no params data found
[  655.957810][T12877] loop6: detected capacity change from 0 to 32768
[  655.984681][T12877] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2012 (12877)
[  656.003024][T12877] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  656.014163][T12877] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  656.330812][T12886] loop3: detected capacity change from 0 to 512
[  656.393593][T12877] BTRFS info (device loop6): enabling ssd optimizations
[  656.401394][T12877] BTRFS info (device loop6): turning on async discard
[  656.408894][T12877] BTRFS info (device loop6): enabling free space tree
[  656.432145][T12886] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.2013: inode has both inline data and extents flags
[  656.805461][T12886] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.2013: couldn't read orphan inode 15 (err -117)
[  656.889929][   T31] audit: type=1800 audit(1767071179.708:1110): pid=12903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2012" name="file2" dev="loop6" ino=261 res=0 errno=0
[  656.914938][T12886] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  657.170182][ T5852] Bluetooth: hci5: command 0x0419 tx timeout
[  657.251779][ T5852] Bluetooth: hci7: command 0x0419 tx timeout
[  657.386947][ T7053] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  658.484856][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  658.853926][T12915] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  658.860181][T12915] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  658.866400][T12915] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  659.650215][T12795] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.686493][T12795] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.992016][T12795] bridge_slave_0: entered allmulticast mode
[  660.021166][T12795] bridge_slave_0: entered promiscuous mode
[  660.808195][T12795] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.849580][T12795] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.885958][T12795] bridge_slave_1: entered allmulticast mode
[  660.914015][T12795] bridge_slave_1: entered promiscuous mode
[  660.936392][T10845] Bluetooth: hci5: command 0x0419 tx timeout
[  660.936414][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  660.949932][ T5852] Bluetooth: hci7: command 0x0419 tx timeout
[  660.965598][T12803] chnl_net:caif_netlink_parms(): no params data found
[  661.146107][T12951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2020'.
[  661.212685][T12953] rdma_rxe: rxe_newlink: failed to add bond0
[  661.618988][T12795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.824821][   T31] audit: type=1326 audit(1767071184.688:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12959 comm="syz.8.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  661.910704][   T31] audit: type=1326 audit(1767071184.708:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12959 comm="syz.8.2022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  662.735769][T12795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  664.272197][   T30] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  664.541855][   T30] usb 1-1: Using ep0 maxpacket: 8
[  664.566939][   T30] usb 1-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  664.587053][   T30] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.596638][   T30] usb 1-1: Product: syz
[  664.603589][   T30] usb 1-1: Manufacturer: syz
[  664.608800][   T30] usb 1-1: SerialNumber: syz
[  664.619930][   T30] usb 1-1: config 0 descriptor??
[  664.644340][   T30] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  664.655217][   T30] dvb-usb: bulk message failed: -22 (2/0)
[  664.910137][   T30] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  664.944954][T12795] team0: Port device team_slave_0 added
[  664.968054][   T30] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  664.996986][   T30] usb 1-1: media controller created
[  665.056946][   T30] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  665.706856][T12795] team0: Port device team_slave_1 added
[  665.803445][   T30] cxusb: set interface failed
[  665.808568][   T30] dvb-usb: bulk message failed: -22 (1/0)
[  666.412470][   T30] DVB: Unable to find symbol mt352_attach()
[  667.168189][   T30] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  667.346253][T12795] batman_adv: batadv0: Adding interface: batadv_slave_0
[  667.356080][T12992] loop3: detected capacity change from 0 to 4096
[  667.386478][T12795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  667.418798][T12992] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  667.482102][T12795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  667.534514][T12803] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.862646][T12803] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.869957][T12803] bridge_slave_0: entered allmulticast mode
[  667.907309][   T30] rc_core: IR keymap rc-dvico-portable not found
[  667.941387][   T30] Registered IR keymap rc-empty
[  668.423542][T12992] ntfs3(loop3): ino=19, mi_enum_attr
[  668.440955][T12803] bridge_slave_0: entered promiscuous mode
[  668.472760][   T30] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  668.490057][T12803] bridge0: port 2(bridge_slave_1) entered blocking state
[  668.509552][   T30] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input7
[  668.522266][T12994] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  668.526330][T12803] bridge0: port 2(bridge_slave_1) entered disabled state
[  668.528380][T12994] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  668.537415][T12803] bridge_slave_1: entered allmulticast mode
[  668.541918][T12994] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  668.559926][T12803] bridge_slave_1: entered promiscuous mode
[  668.568219][   T30] dvb-usb: schedule remote query interval to 100 msecs.
[  668.581192][   T30] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  668.603884][   T30] usb 1-1: USB disconnect, device number 13
[  668.737224][T13006] loop6: detected capacity change from 0 to 2048
[  668.793691][T13006] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8842c128, mo2=0002]
[  668.874330][T13006] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  668.926587][T13006] EXT4-fs error (device loop6): ext4_ext_precache:647: inode #2: comm syz.6.2030: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  668.998992][T13006] EXT4-fs (loop6): Remounting filesystem read-only
[  669.054780][   T30] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  669.092181][T12795] batman_adv: batadv0: Adding interface: batadv_slave_1
[  669.099719][T12795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  669.242994][T12795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  670.612823][T10845] Bluetooth: hci5: command 0x0419 tx timeout
[  670.619554][ T5852] Bluetooth: hci7: command 0x0419 tx timeout
[  670.625383][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  670.639866][T13039] loop3: detected capacity change from 0 to 2048
[  670.751659][T13039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  670.785698][T12803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  670.840773][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  670.943115][T13039] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.2034: bg 0: block 234: padding at end of block bitmap is not set
[  671.018113][T13039] EXT4-fs (loop3): Remounting filesystem read-only
[  671.050234][T12803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  671.544776][T12795] hsr_slave_0: entered promiscuous mode
[  671.594484][T12795] hsr_slave_1: entered promiscuous mode
[  671.623684][T12795] debugfs: 'hsr0' already exists in 'hsr'
[  671.656298][T12795] Cannot create hsr debugfs directory
[  672.608750][ T7236] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  672.695107][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  672.922967][ T7236] usb 9-1: Using ep0 maxpacket: 8
[  672.956586][ T7236] usb 9-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  672.966578][T12803] team0: Port device team_slave_0 added
[  673.007087][ T7236] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.046967][ T7236] usb 9-1: Product: syz
[  673.051170][ T7236] usb 9-1: Manufacturer: syz
[  673.095920][ T7236] usb 9-1: SerialNumber: syz
[  673.150175][ T7236] usb 9-1: config 0 descriptor??
[  673.175791][T12803] team0: Port device team_slave_1 added
[  673.197017][ T7236] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  673.219730][ T7236] dvb-usb: bulk message failed: -22 (2/0)
[  673.240264][ T7236] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  673.272109][ T7236] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  673.306532][ T7236] usb 9-1: media controller created
[  673.358781][ T7236] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  673.691871][   T31] audit: type=1326 audit(1767071196.548:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13058 comm="syz.3.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3631b8f749 code=0x7ffc0000
[  674.073488][   T31] audit: type=1326 audit(1767071196.548:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13058 comm="syz.3.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3631b8f749 code=0x7ffc0000
[  674.487933][ T7236] cxusb: set interface failed
[  674.615060][ T7236] dvb-usb: bulk message failed: -22 (1/0)
[  674.813677][T12803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  674.882642][ T7236] DVB: Unable to find symbol mt352_attach()
[  674.893887][T12803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  674.914854][ T7236] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  675.021872][T12803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  675.117422][T13076] loop8: detected capacity change from 0 to 8192
[  675.381802][ T7236] rc_core: IR keymap rc-dvico-portable not found
[  675.383731][T12803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  675.388172][ T7236] Registered IR keymap rc-empty
[  675.389539][ T7236] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.8/usb9/9-1/rc/rc0
[  675.411034][T12803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  675.865622][ T7236] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.8/usb9/9-1/rc/rc0/input8
[  675.984094][T12803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  676.058063][ T7236] dvb-usb: schedule remote query interval to 100 msecs.
[  676.146464][ T7236] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  676.252648][ T5902] dvb-usb: bulk message failed: -22 (1/0)
[  676.279986][ T7236] usb 9-1: USB disconnect, device number 3
[  676.293447][T13082] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  676.299562][T13082] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  676.306174][T13082] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  676.733549][ T7236] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  677.056671][T12803] hsr_slave_0: entered promiscuous mode
[  677.085551][T12803] hsr_slave_1: entered promiscuous mode
[  677.114209][T12803] debugfs: 'hsr0' already exists in 'hsr'
[  677.145191][T12803] Cannot create hsr debugfs directory
[  677.334561][ T7371] bridge_slave_1: left allmulticast mode
[  677.374257][ T7371] bridge_slave_1: left promiscuous mode
[  677.482570][ T7371] bridge0: port 2(bridge_slave_1) entered disabled state
[  677.526632][T13099] loop8: detected capacity change from 0 to 2048
[  677.650818][T13099] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8842c128, mo2=0002]
[  677.694418][T13099] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  677.758160][T13099] EXT4-fs error (device loop8): ext4_ext_precache:647: inode #2: comm syz.8.2045: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  677.833211][ T7371] bridge_slave_0: left allmulticast mode
[  677.859269][ T7371] bridge_slave_0: left promiscuous mode
[  677.872013][ T7371] bridge0: port 1(bridge_slave_0) entered disabled state
[  677.911119][T13099] EXT4-fs (loop8): Remounting filesystem read-only
[  677.919539][ T7371] bridge_slave_1: left allmulticast mode
[  677.935949][ T7371] bridge_slave_1: left promiscuous mode
[  677.941747][ T7371] bridge0: port 2(bridge_slave_1) entered disabled state
[  677.974482][ T7371] bridge_slave_0: left allmulticast mode
[  677.990172][ T7371] bridge_slave_0: left promiscuous mode
[  677.998475][ T7371] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.366581][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  678.366635][ T5852] Bluetooth: hci7: command 0x0419 tx timeout
[  678.379684][T10845] Bluetooth: hci5: command 0x0419 tx timeout
[  678.727352][T13087] loop3: detected capacity change from 0 to 32768
[  678.803913][T13087] (syz.3.2042,13087,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  678.857030][T13087] (syz.3.2042,13087,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  678.956457][T13087] JBD2: Ignoring recovery information on journal
[  679.092075][T13087] JBD2: journal reset failed
[  679.102064][T13087] (syz.3.2042,13087,0):ocfs2_journal_load:1160 ERROR: Failed to load journal!
[  679.112081][T13087] (syz.3.2042,13087,0):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4
[  679.605247][T13120] loop6: detected capacity change from 0 to 32768
[  679.639841][T13120] (syz.6.2048,13120,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  679.670220][T13120] (syz.6.2048,13120,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  682.665448][T13130] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  682.673913][T13130] overlayfs: overlapping lowerdir path
[  682.923922][T13120] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR
[  682.924868][T13120] (syz.6.2048,13120,0):ocfs2_initialize_super:2229 ERROR: status = -12
[  683.197633][T13120] (syz.6.2048,13120,1):ocfs2_fill_super:1177 ERROR: status = -12
[  683.566664][ T7371] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  683.782246][   T31] audit: type=1326 audit(1767071206.638:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572c78f749 code=0x7ffc0000
[  683.883684][   T31] audit: type=1326 audit(1767071206.638:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.0.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f572c78f749 code=0x7ffc0000
[  684.052803][ T7371] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  684.094813][ T7371] bond0 (unregistering): Released all slaves
[  685.247600][ T7371] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  685.275082][ T7371] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  685.294413][ T7371] bond0 (unregistering): Released all slaves
[  685.787412][T10959] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  686.923695][T13162] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  686.930237][T13162] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  686.936765][T13162] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  689.082112][ T5852] Bluetooth: hci7: command 0x0419 tx timeout
[  689.084387][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  689.095840][T10845] Bluetooth: hci5: command 0x0419 tx timeout
[  689.502457][T13182] fuse: Bad value for 'fd'
[  690.978590][T13185] loop3: detected capacity change from 0 to 4096
[  691.046886][T13185] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  691.698826][T13185] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  691.756654][T13185] ntfs3(loop3): ino=1a, mi_enum_attr
[  691.775374][T13185] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  691.854356][T13185] futex_wake_op: syz.3.2061 tries to shift op by -1; fix this program
[  692.381775][T13187] netlink: 'syz.0.2062': attribute type 1 has an invalid length.
[  693.085736][T13196] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  693.094196][T13196] overlayfs: overlapping lowerdir path
[  695.342345][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  695.348771][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  695.708784][T12795] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  696.253296][T12795] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  696.503728][T13205] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  696.510470][T13205] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  696.517212][T13205] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  696.618524][T12795] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  696.791174][T12795] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  697.090926][ T7371] hsr_slave_0: left promiscuous mode
[  697.330772][ T7371] hsr_slave_1: left promiscuous mode
[  697.358132][ T7371] batman_adv: batadv0: Removing interface: batadv_slave_0
[  697.366660][   T31] audit: type=1326 audit(1767071220.228:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13213 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  697.389918][   T31] audit: type=1326 audit(1767071220.248:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13213 comm="syz.6.2067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  697.390734][ T7371] batman_adv: batadv0: Removing interface: batadv_slave_1
[  697.421008][ T6014] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  697.447693][ T7371] hsr_slave_0: left promiscuous mode
[  697.483709][ T7371] hsr_slave_1: left promiscuous mode
[  697.503689][ T7371] batman_adv: batadv0: Removing interface: batadv_slave_0
[  697.524166][ T7371] batman_adv: batadv0: Removing interface: batadv_slave_1
[  697.584453][ T6014] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  697.611791][ T6014] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  697.642361][ T6014] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  697.651440][ T6014] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.725024][T13223] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  697.769547][ T6014] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  697.971474][T10845] Bluetooth: hci3: command 0x0419 tx timeout
[  698.609470][ T5848] Bluetooth: hci7: command 0x0419 tx timeout
[  698.616543][T10845] Bluetooth: hci5: command 0x0419 tx timeout
[  698.894942][T13131] usb 1-1: USB disconnect, device number 14
[  699.380481][T13243] netlink: 584 bytes leftover after parsing attributes in process `syz.8.2072'.
[  699.659537][ T7371] team0 (unregistering): Port device team_slave_1 removed
[  699.857676][ T7371] team0 (unregistering): Port device team_slave_0 removed
[  700.779683][T13256] fuse: Unknown parameter 'gro00000000000000000000'
[  702.087830][T13266] loop8: detected capacity change from 0 to 128
[  702.137782][T13266] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  702.182915][T13266] ext4 filesystem being mounted at /69/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  702.356928][T10959] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  702.370521][ T7371] team0 (unregistering): Port device team_slave_1 removed
[  702.562824][ T7371] team0 (unregistering): Port device team_slave_0 removed
[  703.729898][   T31] audit: type=1800 audit(1767071226.588:1119): pid=13281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2077" name="bus" dev="ramfs" ino=37460 res=0 errno=0
[  704.468873][T13294] loop3: detected capacity change from 0 to 2048
[  704.597189][T13294] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8842c128, mo2=0002]
[  704.730789][T13294] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  704.756406][T13291] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  704.763000][T13291] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  704.769401][T13291] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  704.966637][T13294] EXT4-fs error (device loop3): ext4_ext_precache:647: inode #2: comm syz.3.2079: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  705.102365][T13294] EXT4-fs (loop3): Remounting filesystem read-only
[  706.532758][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  706.841819][ T5848] Bluetooth: hci7: command 0x0419 tx timeout
[  706.849887][ T5848] Bluetooth: hci5: command 0x0419 tx timeout
[  706.876994][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  707.794810][ T5852] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  707.817261][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  707.829958][T13321] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  707.838394][T13321] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  707.855061][T13321] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  707.863302][T13321] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  707.872849][T13321] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  707.905402][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  707.915193][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  707.923783][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  708.904252][T13317] lo speed is unknown, defaulting to 1000
[  709.060630][T13314] lo speed is unknown, defaulting to 1000
[  710.006863][ T5848] Bluetooth: hci1: command tx timeout
[  710.014779][T10845] Bluetooth: hci4: command tx timeout
[  710.918757][T13336] loop8: detected capacity change from 0 to 32768
[  710.972235][T13336] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.2086 (13336)
[  711.004761][T13336] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  711.016656][T13336] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  711.231147][T13336] BTRFS info (device loop8): enabling ssd optimizations
[  711.239998][T13336] BTRFS info (device loop8): turning on async discard
[  711.247429][T13336] BTRFS info (device loop8): enabling free space tree
[  711.732857][   T31] audit: type=1800 audit(1767071234.538:1120): pid=13357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2086" name="file2" dev="loop8" ino=261 res=0 errno=0
[  711.929868][T13361] overlayfs: missing 'workdir'
[  712.051973][ T5848] Bluetooth: hci4: command tx timeout
[  712.057558][T10845] Bluetooth: hci1: command tx timeout
[  712.133338][T13359] loop3: detected capacity change from 0 to 4096
[  712.193313][T13359] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  712.513394][T13317] wlan0 speed is unknown, defaulting to 1000
[  713.131311][T13359] ntfs3(loop3): ino=1a, mi_enum_attr
[  713.190187][T13359] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  713.287997][T13359] ntfs3(loop3): ino=1a, mi_enum_attr
[  713.355786][T13359] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  713.673195][T10959] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  714.221866][ T5848] Bluetooth: hci4: command tx timeout
[  714.227408][T10845] Bluetooth: hci1: command tx timeout
[  714.537940][T13367] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  714.544747][T13367] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  714.550720][T13367] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  714.657928][T13367] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  714.726071][T13367] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  714.732163][T13367] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  715.423294][T13367] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  716.010636][T13386] loop6: detected capacity change from 0 to 512
[  716.110590][T13386] EXT4-fs: Ignoring removed nobh option
[  716.253593][T13386] EXT4-fs error (device loop6): ext4_orphan_get:1391: inode #15: comm syz.6.2095: iget: bad i_size value: 38620345925642
[  716.309050][T13386] EXT4-fs error (device loop6): ext4_orphan_get:1394: comm syz.6.2095: couldn't read orphan inode 15 (err -117)
[  716.410614][T13386] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  716.519060][T13314] wlan0 speed is unknown, defaulting to 1000
[  716.602227][T10845] Bluetooth: hci1: command 0x0c1a tx timeout
[  716.608649][T10845] Bluetooth: hci3: command 0x0419 tx timeout
[  716.749748][T13403] loop8: detected capacity change from 0 to 128
[  717.008420][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout
[  717.587897][T13403] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  718.059573][T13403] ext4 filesystem being mounted at /75/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  718.141580][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  718.247961][T13403] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  718.459849][T13417] fscrypt: loop8: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  718.600284][T13421] overlayfs: missing 'workdir'
[  718.681947][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  718.719833][T10959] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  719.086357][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout
[  719.290041][T13427] loop8: detected capacity change from 0 to 1764
[  720.848973][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  720.975540][T13317] chnl_net:caif_netlink_parms(): no params data found
[  721.098971][T13439] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  721.108558][T13439] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  721.116680][T13439] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  721.133344][T13424] loop6: detected capacity change from 0 to 32768
[  721.233550][T13424] JBD2: Ignoring recovery information on journal
[  721.456831][T13424] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  721.871664][ T7053] ocfs2: Unmounting device (7,6) on (node local)
[  722.125091][T13466] loop6: detected capacity change from 0 to 16
[  722.148985][T13466] erofs (device loop6): mounted with root inode @ nid 36.
[  722.700473][T13473] syz.6.2111: attempt to access beyond end of device
[  722.700473][T13473] loop6: rw=0, sector=301990144, nr_sectors = 257 limit=16
[  722.715278][T13473] syz.6.2111: attempt to access beyond end of device
[  722.715278][T13473] loop6: rw=0, sector=301990400, nr_sectors = 1 limit=16
[  722.732583][T13473] erofs (device loop6): read error -5 @ 0 of nid 36
[  722.754399][T13473] syz.6.2111: attempt to access beyond end of device
[  722.754399][T13473] loop6: rw=0, sector=301990144, nr_sectors = 257 limit=16
[  722.769188][T13473] syz.6.2111: attempt to access beyond end of device
[  722.769188][T13473] loop6: rw=0, sector=301990400, nr_sectors = 1 limit=16
[  722.785575][T13473] erofs (device loop6): read error -5 @ 0 of nid 36
[  722.807127][T13473] syz.6.2111: attempt to access beyond end of device
[  722.807127][T13473] loop6: rw=0, sector=301990144, nr_sectors = 257 limit=16
[  722.822306][T13473] syz.6.2111: attempt to access beyond end of device
[  722.822306][T13473] loop6: rw=0, sector=301990400, nr_sectors = 1 limit=16
[  722.837300][T13473] erofs (device loop6): read error -5 @ 0 of nid 36
[  723.215641][T13321] Bluetooth: hci1: command 0x0c1a tx timeout
[  723.221770][T10845] Bluetooth: hci3: command 0x0419 tx timeout
[  723.236827][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout
[  723.318947][T13317] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.362000][T13317] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.471904][T13317] bridge_slave_0: entered allmulticast mode
[  723.780522][T13317] bridge_slave_0: entered promiscuous mode
[  724.840902][T13317] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.859304][T13317] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.934466][T13317] bridge_slave_1: entered allmulticast mode
[  724.977133][T13483] overlayfs: missing 'workdir'
[  724.983404][T13317] bridge_slave_1: entered promiscuous mode
[  726.151432][T13317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  726.399562][ T1151] bridge_slave_1: left allmulticast mode
[  726.423939][ T1151] bridge_slave_1: left promiscuous mode
[  726.450112][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.497130][ T1151] bridge_slave_0: left allmulticast mode
[  726.528807][ T1151] bridge_slave_0: left promiscuous mode
[  726.546761][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.597390][ T1151] bridge_slave_1: left allmulticast mode
[  726.641859][ T1151] bridge_slave_1: left promiscuous mode
[  726.688497][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.781286][ T1151] bridge_slave_0: left allmulticast mode
[  727.065100][ T1151] bridge_slave_0: left promiscuous mode
[  727.071410][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state
[  728.859074][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  728.881484][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  728.916536][ T1151] bond0 (unregistering): Released all slaves
[  729.362544][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  729.400451][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  729.426136][ T1151] bond0 (unregistering): Released all slaves
[  729.455430][T13317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  729.681063][T13501] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  729.688279][T13501] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  729.694420][T13501] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  730.034350][T13317] team0: Port device team_slave_0 added
[  730.113501][T13317] team0: Port device team_slave_1 added
[  730.548861][T13314] chnl_net:caif_netlink_parms(): no params data found
[  730.561080][T13525] loop8: detected capacity change from 0 to 1024
[  730.579014][T13525] EXT4-fs: Ignoring removed oldalloc option
[  730.628325][T13525] EXT4-fs: Ignoring removed bh option
[  731.464537][T13525] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  731.985236][ T5848] Bluetooth: hci3: command 0x0419 tx timeout
[  731.992064][T10845] Bluetooth: hci1: command 0x0c1a tx timeout
[  731.998584][T13321] Bluetooth: hci4: command 0x0c1a tx timeout
[  734.088345][T13544] fuse: Unknown parameter 'gro00000000000000000000'
[  734.719809][T10959] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  734.902396][T13317] batman_adv: batadv0: Adding interface: batadv_slave_0
[  734.909379][T13317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  734.982079][T13317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  736.377612][T13317] batman_adv: batadv0: Adding interface: batadv_slave_1
[  736.407304][T13317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  736.741551][T13317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  736.772961][T13556] lo speed is unknown, defaulting to 1000
[  737.042777][T13556] wlan0 speed is unknown, defaulting to 1000
[  738.134908][T13571] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  738.141632][T13571] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  738.148555][T13571] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  739.918553][T13581] binder: 13578:13581 ioctl c0306201 0 returned -14
[  740.121914][T13321] Bluetooth: hci3: command 0x0419 tx timeout
[  740.451811][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  740.478168][T13321] Bluetooth: hci4: command 0x0c1a tx timeout
[  741.822827][T13592] loop8: detected capacity change from 0 to 40427
[  741.844168][T13592] F2FS-fs (loop8): invalid crc value
[  741.943365][T13592] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  741.955097][T13592] F2FS-fs (loop8): Start checkpoint disabled!
[  741.970516][T13592] F2FS-fs (loop8): f2fs_disable_checkpoint() finish, err:0
[  741.979311][T13592] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  741.995864][   T31] audit: type=1800 audit(1767071264.858:1121): pid=13592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2135" name="file1" dev="loop8" ino=10 res=0 errno=0
[  742.644670][T13602] syz.8.2135: attempt to access beyond end of device
[  742.644670][T13602] loop8: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  742.663117][T13602] syz.8.2135: attempt to access beyond end of device
[  742.663117][T13602] loop8: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  742.679435][T13602] syz.8.2135: attempt to access beyond end of device
[  742.679435][T13602] loop8: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  742.695455][T13602] syz.8.2135: attempt to access beyond end of device
[  742.695455][T13602] loop8: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  742.711043][T13602] syz.8.2135: attempt to access beyond end of device
[  742.711043][T13602] loop8: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  742.728003][T13602] syz.8.2135: attempt to access beyond end of device
[  742.728003][T13602] loop8: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  742.743661][T13602] syz.8.2135: attempt to access beyond end of device
[  742.743661][T13602] loop8: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  742.758994][T13602] syz.8.2135: attempt to access beyond end of device
[  742.758994][T13602] loop8: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  742.774692][T13602] syz.8.2135: attempt to access beyond end of device
[  742.774692][T13602] loop8: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  742.790222][T13602] syz.8.2135: attempt to access beyond end of device
[  742.790222][T13602] loop8: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  743.864656][T13317] hsr_slave_0: entered promiscuous mode
[  743.874441][T13317] hsr_slave_1: entered promiscuous mode
[  743.881603][T13317] debugfs: 'hsr0' already exists in 'hsr'
[  743.988097][T13317] Cannot create hsr debugfs directory
[  744.004938][ T4580] CPU: 0 UID: 0 PID: 4580 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT(full) 
[  744.004982][ T4580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  744.005006][ T4580] Workqueue: writeback wb_workfn (flush-7:8)
[  744.005058][ T4580] Call Trace:
[  744.005069][ T4580]  <TASK>
[  744.005083][ T4580]  dump_stack_lvl+0x16c/0x1f0
[  744.005144][ T4580]  f2fs_handle_critical_error+0x624/0x9f0
[  744.005189][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.005234][ T4580]  ? f2fs_build_fault_attr+0x53/0x1f0
[  744.005307][ T4580]  f2fs_write_end_io+0x958/0xcf0
[  744.005358][ T4580]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  744.005410][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.005472][ T4580]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  744.005516][ T4580]  bio_endio+0x751/0x8a0
[  744.005578][ T4580]  submit_bio_noacct+0x306/0x1f40
[  744.005636][ T4580]  __submit_merged_bio+0x33c/0x710
[  744.005687][ T4580]  __submit_merged_write_cond+0x315/0x3f0
[  744.005747][ T4580]  f2fs_write_cache_pages+0x2075/0x2570
[  744.005833][ T4580]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  744.005890][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.005936][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.005980][ T4580]  ? do_raw_spin_lock+0x12c/0x2b0
[  744.006030][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006081][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006131][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006175][ T4580]  ? do_raw_spin_unlock+0x172/0x230
[  744.006244][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006290][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006334][ T4580]  ? f2fs_available_free_memory+0x279/0xa30
[  744.006480][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006524][ T4580]  ? lock_acquire+0x179/0x330
[  744.006568][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006623][ T4580]  f2fs_write_data_pages+0x5ac/0x1080
[  744.006672][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006732][ T4580]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  744.006801][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.006845][ T4580]  ? __lock_acquire+0x436/0x2890
[  744.006888][ T4580]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  744.006944][ T4580]  do_writepages+0x27a/0x600
[  744.006994][ T4580]  ? __pfx_do_writepages+0x10/0x10
[  744.007038][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007083][ T4580]  ? reacquire_held_locks+0xcd/0x1f0
[  744.007134][ T4580]  __writeback_single_inode+0x168/0x14a0
[  744.007179][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007228][ T4580]  ? __pfx___writeback_single_inode+0x10/0x10
[  744.007267][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007312][ T4580]  ? do_raw_spin_unlock+0x172/0x230
[  744.007365][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007417][ T4580]  writeback_sb_inodes+0x72e/0x1ce0
[  744.007488][ T4580]  ? do_raw_spin_lock+0x12c/0x2b0
[  744.007541][ T4580]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  744.007579][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007623][ T4580]  ? find_held_lock+0x2b/0x80
[  744.007757][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007801][ T4580]  ? rcu_is_watching+0x12/0xc0
[  744.007834][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.007877][ T4580]  ? queue_io+0x3f6/0x4f0
[  744.007943][ T4580]  wb_writeback+0x419/0xae0
[  744.007997][ T4580]  ? __pfx_wb_writeback+0x10/0x10
[  744.008033][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008092][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008143][ T4580]  ? mark_held_locks+0x49/0x80
[  744.008195][ T4580]  wb_workfn+0x14d/0xbb0
[  744.008241][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008286][ T4580]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  744.008346][ T4580]  ? __pfx_wb_workfn+0x10/0x10
[  744.008393][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008442][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008498][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008542][ T4580]  ? rcu_is_watching+0x12/0xc0
[  744.008587][ T4580]  process_one_work+0x9ba/0x1b20
[  744.008660][ T4580]  ? __pfx_process_one_work+0x10/0x10
[  744.008711][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008769][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008812][ T4580]  ? assign_work+0x1a0/0x250
[  744.008865][ T4580]  worker_thread+0x6c8/0xf10
[  744.008927][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.008974][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.009018][ T4580]  ? __kthread_parkme+0x19e/0x250
[  744.009053][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.009101][ T4580]  ? __pfx_worker_thread+0x10/0x10
[  744.009149][ T4580]  kthread+0x3c5/0x780
[  744.009196][ T4580]  ? __pfx_kthread+0x10/0x10
[  744.009245][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.009288][ T4580]  ? rcu_is_watching+0x12/0xc0
[  744.009324][ T4580]  ? __pfx_kthread+0x10/0x10
[  744.009372][ T4580]  ret_from_fork+0x983/0xb10
[  744.009416][ T4580]  ? __pfx_ret_from_fork+0x10/0x10
[  744.009462][ T4580]  ? srso_alias_return_thunk+0x5/0xfbef5
[  744.009511][ T4580]  ? __switch_to+0x7af/0x10d0
[  744.009561][ T4580]  ? __pfx_kthread+0x10/0x10
[  744.009609][ T4580]  ret_from_fork_asm+0x1a/0x30
[  744.009700][ T4580]  </TASK>
[  744.009713][ T4580] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  744.806440][ T1151] hsr_slave_0: left promiscuous mode
[  744.832459][ T1151] hsr_slave_1: left promiscuous mode
[  745.404124][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0
[  745.724250][T13618] fuse: Unknown parameter 'gro00000000000000000000'
[  745.863902][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1
[  746.307216][ T1151] hsr_slave_0: left promiscuous mode
[  746.331781][ T1151] hsr_slave_1: left promiscuous mode
[  746.340119][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0
[  746.366235][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1
[  747.826414][ T1151] team0 (unregistering): Port device team_slave_1 removed
[  747.896946][ T1151] team0 (unregistering): Port device team_slave_0 removed
[  749.693363][ T1151] team0 (unregistering): Port device team_slave_1 removed
[  750.716741][ T1151] team0 (unregistering): Port device team_slave_0 removed
[  751.733242][T13652] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  751.739817][T13652] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  751.749249][T13652] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  752.035413][T10845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  752.059888][T10845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  752.076468][T10845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  752.085222][T10845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  752.093564][T10845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  752.447325][T13314] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.491942][T13314] bridge0: port 1(bridge_slave_0) entered disabled state
[  752.520863][T13314] bridge_slave_0: entered allmulticast mode
[  752.581308][T13314] bridge_slave_0: entered promiscuous mode
[  752.639025][T13314] bridge0: port 2(bridge_slave_1) entered blocking state
[  752.686102][T13314] bridge0: port 2(bridge_slave_1) entered disabled state
[  752.704847][T13314] bridge_slave_1: entered allmulticast mode
[  752.812637][T13314] bridge_slave_1: entered promiscuous mode
[  754.106050][T13672] loop6: detected capacity change from 0 to 131072
[  754.131816][T13321] Bluetooth: hci3: command 0x0419 tx timeout
[  754.138399][T13672] F2FS-fs (loop6): Wrong CP boundary, start(512) end(1536) blocks(0)
[  754.147084][T13672] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  754.156262][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout
[  754.162511][T10845] Bluetooth: hci4: command 0x0c1a tx timeout
[  754.191632][T13672] F2FS-fs (loop6): invalid crc value
[  754.201876][ T5848] Bluetooth: hci5: command tx timeout
[  754.330747][T13674] overlayfs: missing 'lowerdir'
[  754.335767][T13672] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  754.370988][T13672] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  754.378684][T13672] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  755.544248][T13314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  755.661883][T13314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  756.349850][ T5848] Bluetooth: hci5: command tx timeout
[  756.995332][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  757.002873][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  757.511424][T13314] team0: Port device team_slave_0 added
[  757.525133][   T31] audit: type=1326 audit(1767071280.388:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  757.591909][T13659] lo speed is unknown, defaulting to 1000
[  757.618773][   T31] audit: type=1326 audit(1767071280.388:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  757.723224][   T31] audit: type=1326 audit(1767071280.388:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  757.760090][T13314] team0: Port device team_slave_1 added
[  757.863905][   T31] audit: type=1326 audit(1767071280.388:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  757.909618][   T31] audit: type=1326 audit(1767071280.458:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  758.052055][   T31] audit: type=1326 audit(1767071280.468:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  758.101757][   T31] audit: type=1326 audit(1767071280.478:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  758.179826][T13314] batman_adv: batadv0: Adding interface: batadv_slave_0
[  758.226184][   T31] audit: type=1326 audit(1767071280.478:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  758.232185][T13314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  758.361819][ T5848] Bluetooth: hci5: command tx timeout
[  758.405941][   T31] audit: type=1326 audit(1767071280.478:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  758.437204][T13314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  758.500441][   T31] audit: type=1326 audit(1767071280.478:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13692 comm="syz.8.2153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f738a18f749 code=0x7ffc0000
[  758.714539][T13314] batman_adv: batadv0: Adding interface: batadv_slave_1
[  758.741786][T13314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  758.810435][T13314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  759.058050][T13697] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  759.063113][T13659] wlan0 speed is unknown, defaulting to 1000
[  759.098798][T13697] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  759.419660][T13697] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  759.467691][T13697] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  759.503385][T13697] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  759.509809][T13697] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  759.583470][T13697] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  759.589942][T13697] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  760.090753][T13314] hsr_slave_0: entered promiscuous mode
[  760.119659][T13314] hsr_slave_1: entered promiscuous mode
[  760.150384][T13314] debugfs: 'hsr0' already exists in 'hsr'
[  760.173582][T13314] Cannot create hsr debugfs directory
[  760.407193][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.000159][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.559781][T13730] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  762.633265][T13730] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  762.737249][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.852980][   T10] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  762.986744][T13738] loop6: detected capacity change from 0 to 512
[  763.010653][T13738] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  763.064965][   T10] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  763.099845][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.148690][   T10] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  763.186356][   T10] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  763.313770][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.622075][T13731] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  763.658587][   T10] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  763.879790][T13317] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  763.948423][   T10] usb 9-1: USB disconnect, device number 4
[  764.109041][T13317] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  764.648110][T13752] vcan0: tx drop: invalid da for name 0xfffffffffffffffe
[  765.099447][T13317] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  765.752232][T13317] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  767.040310][   T12] bridge_slave_1: left allmulticast mode
[  767.082106][   T12] bridge_slave_1: left promiscuous mode
[  767.111993][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  767.177815][T13321] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  767.188895][T13321] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  767.196942][T13321] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  767.206666][T13321] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  767.214869][T13321] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  767.250144][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  767.267063][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  767.293217][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  767.327610][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  767.355895][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  767.408597][   T12] bridge_slave_0: left allmulticast mode
[  767.461756][   T12] bridge_slave_0: left promiscuous mode
[  767.528371][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  767.969197][ T5848] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  767.981561][ T5848] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  768.940072][ T5848] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  768.950604][ T5848] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  768.960412][ T5848] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  769.238170][    T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  769.308275][   T31] audit: type=1326 audit(1767071292.168:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  769.411803][ T5848] Bluetooth: hci2: command tx timeout
[  769.427295][   T31] audit: type=1326 audit(1767071292.198:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58baf865e7 code=0x7ffc0000
[  769.441790][    T9] usb 1-1: Using ep0 maxpacket: 8
[  769.501028][    T9] usb 1-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  769.530738][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.539453][   T31] audit: type=1326 audit(1767071292.198:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58baf2b829 code=0x7ffc0000
[  769.551011][    T9] usb 1-1: Product: syz
[  769.583501][    T9] usb 1-1: Manufacturer: syz
[  769.588140][    T9] usb 1-1: SerialNumber: syz
[  769.609369][    T9] usb 1-1: config 0 descriptor??
[  769.619455][    T9] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  769.639826][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  769.660099][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  769.670745][    T9] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  769.685170][T13786] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  769.696119][   T31] audit: type=1326 audit(1767071292.198:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  769.696654][    T9] usb 1-1: media controller created
[  769.720642][T13786] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  769.755327][ T5975] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  769.762359][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  769.784477][   T31] audit: type=1326 audit(1767071292.218:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58baf865e7 code=0x7ffc0000
[  769.810888][   T31] audit: type=1326 audit(1767071292.218:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58baf2b829 code=0x7ffc0000
[  769.836202][T13775] cxusb: i2c rd: len=120 is too big!
[  769.836202][T13775] 
[  769.918187][   T31] audit: type=1326 audit(1767071292.218:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  769.962060][ T5975] usb 9-1: Using ep0 maxpacket: 8
[  769.972913][ T5975] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  769.982454][ T5975] usb 9-1: config 179 has no interface number 0
[  769.987783][   T31] audit: type=1326 audit(1767071292.218:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58baf865e7 code=0x7ffc0000
[  769.989284][ T5975] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  770.050667][   T31] audit: type=1326 audit(1767071292.218:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58baf2b829 code=0x7ffc0000
[  770.129176][ T5975] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  770.138746][   T31] audit: type=1326 audit(1767071292.218:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13774 comm="syz.6.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58baf8f749 code=0x7ffc0000
[  770.150882][ T5975] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  770.291834][ T5975] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  770.339217][ T5975] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  770.411414][ T5975] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  770.450134][ T5975] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.678011][T13784] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  770.782824][T13801] siw: device registration error -23
[  771.004064][ T5848] Bluetooth: hci7: command tx timeout
[  771.011401][    T9] cxusb: set interface failed
[  771.032118][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  771.185369][ T7236] usb 9-1: USB disconnect, device number 5
[  771.185416][    C1] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  771.200822][    C1] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  771.312076][    T9] DVB: Unable to find symbol mt352_attach()
[  771.331821][    T9] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  771.435052][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  771.482111][ T5848] Bluetooth: hci2: command tx timeout
[  771.531924][    T9] rc_core: IR keymap rc-dvico-portable not found
[  771.538297][    T9] Registered IR keymap rc-empty
[  771.560809][    T9] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  771.588740][    T9] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input9
[  771.618258][    T9] dvb-usb: schedule remote query interval to 100 msecs.
[  771.634916][    T9] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  771.662029][    T9] usb 1-1: USB disconnect, device number 15
[  772.162412][ T7236] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  772.204380][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  772.250281][   T12] bond0 (unregistering): Released all slaves
[  772.344356][   T12] bond1 (unregistering): Released all slaves
[  772.366768][    T9] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  772.404061][   T12] bond2 (unregistering): Released all slaves
[  772.404069][ T7236] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  772.462101][ T7236] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  772.489331][   T12] bond3 (unregistering): Released all slaves
[  772.500891][ T7236] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  772.529711][ T7236] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.581272][T13809] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  772.586937][   T12] bond4 (unregistering): Released all slaves
[  772.645011][ T7236] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  772.672244][   T12] bond5 (unregistering): Released all slaves
[  772.779639][   T12] bond6 (unregistering): Released all slaves
[  772.899204][ T7236] usb 9-1: USB disconnect, device number 6
[  773.087090][ T5848] Bluetooth: hci7: command tx timeout
[  773.300455][T13659] chnl_net:caif_netlink_parms(): no params data found
[  773.561855][ T5848] Bluetooth: hci2: command tx timeout
[  773.700946][T13765] lo speed is unknown, defaulting to 1000
[  774.452534][T13770] lo speed is unknown, defaulting to 1000
[  774.840944][T13659] bridge0: port 1(bridge_slave_0) entered blocking state
[  774.879016][T13659] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.899325][T13659] bridge_slave_0: entered allmulticast mode
[  774.961085][T13659] bridge_slave_0: entered promiscuous mode
[  775.015323][T13659] bridge0: port 2(bridge_slave_1) entered blocking state
[  775.053709][T13659] bridge0: port 2(bridge_slave_1) entered disabled state
[  775.061006][T13659] bridge_slave_1: entered allmulticast mode
[  775.090888][T13659] bridge_slave_1: entered promiscuous mode
[  775.162351][ T5848] Bluetooth: hci7: command tx timeout
[  775.320100][T13765] wlan0 speed is unknown, defaulting to 1000
[  775.340361][T13659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  775.402217][T13659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  775.614540][T13659] team0: Port device team_slave_0 added
[  775.625917][T13659] team0: Port device team_slave_1 added
[  775.641863][ T5848] Bluetooth: hci2: command tx timeout
[  775.767509][T13659] batman_adv: batadv0: Adding interface: batadv_slave_0
[  775.771814][ T7236] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  775.796534][T13659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  775.899758][T13659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  775.941961][T13659] batman_adv: batadv0: Adding interface: batadv_slave_1
[  775.949510][T13659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  775.975590][ T7236] usb 9-1: Using ep0 maxpacket: 8
[  775.982777][ T7236] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  775.982820][ T7236] usb 9-1: config 179 has no interface number 0
[  775.982876][ T7236] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  775.982925][ T7236] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  775.982975][ T7236] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  775.983022][ T7236] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  775.983072][ T7236] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  776.144802][T13659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  776.179088][ T7236] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  776.197901][ T7236] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.260345][T13841] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  776.709601][T13770] wlan0 speed is unknown, defaulting to 1000
[  776.792206][   T31] kauditd_printk_skb: 6 callbacks suppressed
[  776.792235][   T31] audit: type=1800 audit(1767071299.648:1148): pid=13849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2185" name="bus" dev="ramfs" ino=39257 res=0 errno=0
[  776.855436][   T10] usb 9-1: USB disconnect, device number 7
[  776.855509][    C0] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  776.869635][    C0] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  777.192423][T13659] hsr_slave_0: entered promiscuous mode
[  777.232945][T13659] hsr_slave_1: entered promiscuous mode
[  777.242830][T13321] Bluetooth: hci7: command tx timeout
[  777.272833][T13659] debugfs: 'hsr0' already exists in 'hsr'
[  777.296455][T13659] Cannot create hsr debugfs directory
[  778.021846][   T10] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  778.205437][   T10] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  778.223125][   T10] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  778.279335][   T10] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  778.324564][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.373581][T13855] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  778.426208][   T10] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  778.815182][   T10] usb 9-1: USB disconnect, device number 8
[  778.937297][T13703] udevd[13703]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  779.544113][   T12] hsr_slave_0: left promiscuous mode
[  779.562169][   T12] hsr_slave_1: left promiscuous mode
[  779.569110][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  780.056809][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  780.082872][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  780.091540][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  780.261377][   T12] veth1_macvtap: left promiscuous mode
[  780.300859][   T12] veth0_macvtap: left promiscuous mode
[  780.315053][   T12] veth1_vlan: left promiscuous mode
[  780.320830][   T12] veth0_vlan: left promiscuous mode
[  780.815448][T13879] loop6: detected capacity change from 0 to 2048
[  780.878709][T13879] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8842c128, mo2=0002]
[  780.896687][T13879] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  780.936008][T13879] EXT4-fs error (device loop6): ext4_ext_precache:647: inode #2: comm syz.6.2193: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  780.957653][T13879] EXT4-fs (loop6): Remounting filesystem read-only
[  781.250471][   T12] team0 (unregistering): Port device team_slave_1 removed
[  781.291020][   T12] team0 (unregistering): Port device team_slave_0 removed
[  781.783767][T13891] loop8: detected capacity change from 0 to 512
[  781.791976][T13765] chnl_net:caif_netlink_parms(): no params data found
[  781.800926][T13891] EXT4-fs: Ignoring removed nobh option
[  781.825570][T13891] EXT4-fs error (device loop8): ext4_orphan_get:1391: inode #15: comm syz.8.2195: iget: bad i_size value: 38620345925642
[  781.878072][T13891] EXT4-fs error (device loop8): ext4_orphan_get:1394: comm syz.8.2195: couldn't read orphan inode 15 (err -117)
[  781.928143][T13891] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  782.292918][ T7053] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  783.540912][T13765] bridge0: port 1(bridge_slave_0) entered blocking state
[  783.559855][T13765] bridge0: port 1(bridge_slave_0) entered disabled state
[  783.578950][T13765] bridge_slave_0: entered allmulticast mode
[  783.613765][T13765] bridge_slave_0: entered promiscuous mode
[  783.686902][T13765] bridge0: port 2(bridge_slave_1) entered blocking state
[  783.717994][T13765] bridge0: port 2(bridge_slave_1) entered disabled state
[  783.743982][T13765] bridge_slave_1: entered allmulticast mode
[  783.767698][T13765] bridge_slave_1: entered promiscuous mode
[  783.842910][ T5843] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  783.977067][T13770] chnl_net:caif_netlink_parms(): no params data found
[  783.990582][   T12] IPVS: stop unused estimator thread 0...
[  784.038556][T13765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  784.092609][T13765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  784.297601][ T5843] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  784.329966][T10959] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  784.362889][ T5843] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  784.395054][ T5843] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  784.444698][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.526300][T13910] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  784.646254][ T5843] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  784.774162][T13659] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  785.451577][ T5843] usb 1-1: USB disconnect, device number 16
[  785.491357][T13765] team0: Port device team_slave_0 added
[  785.538146][T13659] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  785.903289][T13765] team0: Port device team_slave_1 added
[  786.071854][T13659] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  786.263703][T13659] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  786.267294][T13934] loop8: detected capacity change from 0 to 32768
[  786.278769][T13934] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.2205 (13934)
[  786.295991][T13934] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  786.306283][T13934] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  786.444801][T13934] BTRFS info (device loop8): enabling ssd optimizations
[  786.451976][T13934] BTRFS info (device loop8): turning on async discard
[  786.458871][T13934] BTRFS info (device loop8): enabling free space tree
[  786.486504][T13770] bridge0: port 1(bridge_slave_0) entered blocking state
[  786.506895][T13770] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.526476][T13770] bridge_slave_0: entered allmulticast mode
[  786.548952][T13770] bridge_slave_0: entered promiscuous mode
[  786.589614][T13765] batman_adv: batadv0: Adding interface: batadv_slave_0
[  786.612194][T13765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  786.706607][T13765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  786.742101][T13770] bridge0: port 2(bridge_slave_1) entered blocking state
[  786.791977][T13770] bridge0: port 2(bridge_slave_1) entered disabled state
[  786.826202][T13770] bridge_slave_1: entered allmulticast mode
[  786.979229][   T31] audit: type=1800 audit(1767071309.738:1149): pid=13955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2205" name="file2" dev="loop8" ino=261 res=0 errno=0
[  787.037737][T13770] bridge_slave_1: entered promiscuous mode
[  787.272597][T13765] batman_adv: batadv0: Adding interface: batadv_slave_1
[  787.289000][T13765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  787.343977][T13765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  787.661069][T13659] 8021q: adding VLAN 0 to HW filter on device bond0
[  787.710616][T13659] 8021q: adding VLAN 0 to HW filter on device team0
[  787.829784][T10959] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  787.906258][T13770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  788.214024][T13765] hsr_slave_0: entered promiscuous mode
[  788.222256][T13765] hsr_slave_1: entered promiscuous mode
[  788.229638][T13765] debugfs: 'hsr0' already exists in 'hsr'
[  788.236270][T13765] Cannot create hsr debugfs directory
[  788.561846][ T5959] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  788.954335][T13770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  789.671515][ T5959] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.671582][ T5959] usb 7-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[  789.671629][ T5959] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.739053][ T5959] usb 7-1: config 0 descriptor??
[  790.257792][ T5959] usbhid 7-1:0.0: can't add hid device: -22
[  790.487047][ T5959] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  791.522935][T13977] loop8: detected capacity change from 0 to 512
[  791.586601][T13977] EXT4-fs: Ignoring removed nobh option
[  791.686222][T13977] EXT4-fs error (device loop8): ext4_orphan_get:1391: inode #15: comm syz.8.2210: iget: bad i_size value: 38620345925642
[  791.776054][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  791.783466][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  791.817854][T13977] EXT4-fs error (device loop8): ext4_orphan_get:1394: comm syz.8.2210: couldn't read orphan inode 15 (err -117)
[  791.887077][T13977] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  791.919381][T13770] team0: Port device team_slave_0 added
[  792.237132][T13770] team0: Port device team_slave_1 added
[  792.439580][T13984] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  792.490058][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  792.497455][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  793.445858][T13770] batman_adv: batadv0: Adding interface: batadv_slave_0
[  793.474240][T13770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  793.547879][T13770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  793.621437][T13987] 9p: Bad value for 'wfdno'
[  793.643640][T13987] siw: device registration error -23
[  793.707832][T13770] batman_adv: batadv0: Adding interface: batadv_slave_1
[  793.727467][T13770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  793.795696][T13770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  794.187671][   T12] bridge_slave_1: left allmulticast mode
[  794.199985][   T12] bridge_slave_1: left promiscuous mode
[  794.212856][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  794.234116][   T12] bridge_slave_0: left allmulticast mode
[  794.246521][   T12] bridge_slave_0: left promiscuous mode
[  794.262541][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  794.298433][   T12] bridge_slave_1: left allmulticast mode
[  794.311751][   T12] bridge_slave_1: left promiscuous mode
[  794.327780][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  794.381566][   T12] bridge_slave_0: left allmulticast mode
[  794.412008][   T12] bridge_slave_0: left promiscuous mode
[  794.417788][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  794.866703][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  794.893905][T13993] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  794.913345][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  794.923707][T13993] overlayfs: overlapping lowerdir path
[  794.952067][   T12] bond0 (unregistering): Released all slaves
[  795.041194][ T5959] usb 7-1: USB disconnect, device number 6
[  795.223849][T10959] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  795.504463][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  795.528400][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  795.544565][   T12] bond0 (unregistering): Released all slaves
[  795.609470][T13770] hsr_slave_0: entered promiscuous mode
[  795.640511][T13770] hsr_slave_1: entered promiscuous mode
[  795.670671][T13770] debugfs: 'hsr0' already exists in 'hsr'
[  795.680155][T13770] Cannot create hsr debugfs directory
[  796.751753][T13131] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  796.933794][T13131] usb 7-1: too many configurations: 17, using maximum allowed: 8
[  796.981609][T13131] usb 7-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  797.025626][T13131] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.053044][T13131] usb 7-1: Product: syz
[  797.057627][T13131] usb 7-1: Manufacturer: syz
[  797.083600][T13131] usb 7-1: SerialNumber: syz
[  797.129693][T13131] usb 7-1: config 0 descriptor??
[  797.207893][T13131] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  797.308924][T13131] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  797.343439][T13131] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  797.398882][T13131] usb 7-1: media controller created
[  797.405975][T14002] dvb-usb: bulk message failed: -22 (7/0)
[  797.464228][T13131] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  797.760650][T13131] DVB: Unable to find symbol mt352_attach()
[  798.756288][T13131] DVB: Unable to find symbol nxt6000_attach()
[  798.769922][T13131] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  799.195130][T13131] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input10
[  799.206840][   T12] hsr_slave_0: left promiscuous mode
[  799.223643][   T12] hsr_slave_1: left promiscuous mode
[  799.236493][T13131] dvb-usb: schedule remote query interval to 1000 msecs.
[  799.259645][T13131] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  799.280668][T13131] dvb-usb: bulk message failed: -22 (7/0)
[  799.292343][T13131] dvb-usb: bulk message failed: -22 (7/0)
[  799.326376][T13131] usb 7-1: USB disconnect, device number 7
[  799.510078][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  799.574700][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  799.637662][   T12] hsr_slave_0: left promiscuous mode
[  799.648188][T13131] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  799.660567][   T12] hsr_slave_1: left promiscuous mode
[  799.676339][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  799.700833][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  800.207790][   T12] team0 (unregistering): Port device team_slave_1 removed
[  800.280097][   T12] team0 (unregistering): Port device team_slave_0 removed
[  800.728254][T14026] 
[  800.730637][T14026] ======================================================
[  800.737652][T14026] WARNING: possible circular locking dependency detected
[  800.744674][T14026] syzkaller #0 Not tainted
[  800.749261][T14026] ------------------------------------------------------
[  800.756446][T14026] syz.0.2222/14026 is trying to acquire lock:
[  800.762519][T14026] ffff88807a792068 (&pipe->mutex){+.+.}-{4:4}, at: anon_pipe_write+0x15d/0x1bd0
[  800.771616][T14026] 
[  800.771616][T14026] but task is already holding lock:
[  800.778982][T14026] ffff88801dae6948 (&sbi->pipe_mutex){+.+.}-{4:4}, at: autofs_notify_daemon+0x4a6/0xd60
[  800.788764][T14026] 
[  800.788764][T14026] which lock already depends on the new lock.
[  800.788764][T14026] 
[  800.799163][T14026] 
[  800.799163][T14026] the existing dependency chain (in reverse order) is:
[  800.808167][T14026] 
[  800.808167][T14026] -> #2 (&sbi->pipe_mutex){+.+.}-{4:4}:
[  800.815923][T14026]        __mutex_lock+0x1aa/0x1ca0
[  800.821043][T14026]        autofs_notify_daemon+0x4a6/0xd60
[  800.826782][T14026]        autofs_wait+0x10f3/0x1ac0
[  800.831899][T14026]        autofs_mount_wait+0x132/0x3c0
[  800.837388][T14026]        autofs_d_automount+0x4b2/0x960
[  800.842935][T14026]        __traverse_mounts+0x1b9/0x830
[  800.848412][T14026]        step_into_slowpath+0x772/0xf50
[  800.853964][T14026]        path_lookupat+0x627/0xc40
[  800.859078][T14026]        filename_lookup+0x224/0x5f0
[  800.864372][T14026]        kern_path+0x35/0x50
[  800.868978][T14026]        lookup_bdev+0xd8/0x280
[  800.873833][T14026]        resume_store+0x1d6/0x490
[  800.878878][T14026]        kobj_attr_store+0x58/0x80
[  800.884013][T14026]        sysfs_kf_write+0xf2/0x150
[  800.889146][T14026]        kernfs_fop_write_iter+0x3af/0x570
[  800.894974][T14026]        vfs_write+0x7d3/0x11d0
[  800.899848][T14026]        ksys_write+0x12a/0x250
[  800.904715][T14026]        do_syscall_64+0xcd/0xf80
[  800.909764][T14026]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.916183][T14026] 
[  800.916183][T14026] -> #1 (&of->mutex){+.+.}-{4:4}:
[  800.923413][T14026]        __mutex_lock+0x1aa/0x1ca0
[  800.928528][T14026]        kernfs_fop_write_iter+0x28f/0x570
[  800.934358][T14026]        iter_file_splice_write+0xa24/0x12b0
[  800.940357][T14026]        do_splice+0x1478/0x1fc0
[  800.945313][T14026]        __do_splice+0x32a/0x360
[  800.950268][T14026]        __x64_sys_splice+0x187/0x250
[  800.955658][T14026]        do_syscall_64+0xcd/0xf80
[  800.960720][T14026]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.967148][T14026] 
[  800.967148][T14026] -> #0 (&pipe->mutex){+.+.}-{4:4}:
[  800.974557][T14026]        __lock_acquire+0x1669/0x2890
[  800.979964][T14026]        lock_acquire+0x179/0x330
[  800.985017][T14026]        __mutex_lock+0x1aa/0x1ca0
[  800.990133][T14026]        anon_pipe_write+0x15d/0x1bd0
[  800.995520][T14026]        __kernel_write_iter+0x720/0xb10
[  801.001161][T14026]        __kernel_write+0xf5/0x140
[  801.006282][T14026]        autofs_notify_daemon+0x4db/0xd60
[  801.012007][T14026]        autofs_wait+0x10f3/0x1ac0
[  801.017127][T14026]        autofs_mount_wait+0x132/0x3c0
[  801.022626][T14026]        autofs_d_automount+0x4b2/0x960
[  801.028172][T14026]        __traverse_mounts+0x1b9/0x830
[  801.033651][T14026]        step_into_slowpath+0x772/0xf50
[  801.039199][T14026]        path_lookupat+0x627/0xc40
[  801.044312][T14026]        filename_lookup+0x224/0x5f0
[  801.049601][T14026]        kern_path+0x35/0x50
[  801.054196][T14026]        lookup_bdev+0xd8/0x280
[  801.059049][T14026]        resume_store+0x1d6/0x490
[  801.064114][T14026]        kobj_attr_store+0x58/0x80
[  801.069262][T14026]        sysfs_kf_write+0xf2/0x150
[  801.074397][T14026]        kernfs_fop_write_iter+0x3af/0x570
[  801.080320][T14026]        vfs_write+0x7d3/0x11d0
[  801.085189][T14026]        ksys_write+0x12a/0x250
[  801.090045][T14026]        do_syscall_64+0xcd/0xf80
[  801.095092][T14026]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.101518][T14026] 
[  801.101518][T14026] other info that might help us debug this:
[  801.101518][T14026] 
[  801.111739][T14026] Chain exists of:
[  801.111739][T14026]   &pipe->mutex --> &of->mutex --> &sbi->pipe_mutex
[  801.111739][T14026] 
[  801.124192][T14026]  Possible unsafe locking scenario:
[  801.124192][T14026] 
[  801.131630][T14026]        CPU0                    CPU1
[  801.136989][T14026]        ----                    ----
[  801.142340][T14026]   lock(&sbi->pipe_mutex);
[  801.146859][T14026]                                lock(&of->mutex);
[  801.153360][T14026]                                lock(&sbi->pipe_mutex);
[  801.160383][T14026]   lock(&pipe->mutex);
[  801.164543][T14026] 
[  801.164543][T14026]  *** DEADLOCK ***
[  801.164543][T14026] 
[  801.172676][T14026] 5 locks held by syz.0.2222/14026:
[  801.177965][T14026]  #0: ffff888053eebeb8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[  801.187073][T14026]  #1: ffff8880327fe420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  801.196089][T14026]  #2: ffff888055035c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570
[  801.205886][T14026]  #3: ffff8881416ae008 (kn->active#69){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570
[  801.215956][T14026]  #4: ffff88801dae6948 (&sbi->pipe_mutex){+.+.}-{4:4}, at: autofs_notify_daemon+0x4a6/0xd60
[  801.226186][T14026] 
[  801.226186][T14026] stack backtrace:
[  801.232070][T14026] CPU: 1 UID: 0 PID: 14026 Comm: syz.0.2222 Not tainted syzkaller #0 PREEMPT(full) 
[  801.232110][T14026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  801.232130][T14026] Call Trace:
[  801.232142][T14026]  <TASK>
[  801.232155][T14026]  dump_stack_lvl+0x116/0x1f0
[  801.232211][T14026]  print_circular_bug+0x275/0x340
[  801.232251][T14026]  check_noncircular+0x146/0x160
[  801.232295][T14026]  __lock_acquire+0x1669/0x2890
[  801.232338][T14026]  ? __kasan_check_byte+0x13/0x50
[  801.232381][T14026]  lock_acquire+0x179/0x330
[  801.232418][T14026]  ? anon_pipe_write+0x15d/0x1bd0
[  801.232463][T14026]  ? __pfx___might_resched+0x10/0x10
[  801.232492][T14026]  ? rcu_is_watching+0x12/0xc0
[  801.232523][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.232568][T14026]  __mutex_lock+0x1aa/0x1ca0
[  801.232596][T14026]  ? anon_pipe_write+0x15d/0x1bd0
[  801.232636][T14026]  ? is_bpf_text_address+0x94/0x1a0
[  801.232668][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.232708][T14026]  ? kernel_text_address+0x8d/0x100
[  801.232758][T14026]  ? anon_pipe_write+0x15d/0x1bd0
[  801.232797][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.232837][T14026]  ? unwind_get_return_address+0x59/0xa0
[  801.232884][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.232924][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.232963][T14026]  ? __bfs+0x148/0x290
[  801.232992][T14026]  ? __pfx___mutex_lock+0x10/0x10
[  801.233023][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.233064][T14026]  ? check_irq_usage+0xe8/0xbc0
[  801.233113][T14026]  ? anon_pipe_write+0x15d/0x1bd0
[  801.233152][T14026]  anon_pipe_write+0x15d/0x1bd0
[  801.233193][T14026]  ? irqentry_exit+0x1dd/0x8c0
[  801.233244][T14026]  ? lockdep_hardirqs_on+0x7c/0x110
[  801.233295][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.233336][T14026]  ? irqentry_exit+0x1dd/0x8c0
[  801.233386][T14026]  ? trace_irq_disable.constprop.0+0xd4/0x110
[  801.233438][T14026]  ? __pfx_anon_pipe_write+0x10/0x10
[  801.233486][T14026]  ? lock_acquire+0x62/0x330
[  801.233528][T14026]  ? __pfx_anon_pipe_write+0x10/0x10
[  801.233568][T14026]  __kernel_write_iter+0x720/0xb10
[  801.233608][T14026]  ? __pfx___kernel_write_iter+0x10/0x10
[  801.233644][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.233684][T14026]  ? __mutex_lock+0x27b/0x1ca0
[  801.233712][T14026]  ? __kernel_text_address+0xd/0x40
[  801.233767][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.233808][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.233853][T14026]  __kernel_write+0xf5/0x140
[  801.233889][T14026]  ? __pfx___kernel_write+0x10/0x10
[  801.233925][T14026]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  801.233995][T14026]  autofs_notify_daemon+0x4db/0xd60
[  801.234032][T14026]  ? __pfx_autofs_notify_daemon+0x10/0x10
[  801.234066][T14026]  ? kernfs_fop_write_iter+0x3af/0x570
[  801.234112][T14026]  ? vfs_write+0x7d3/0x11d0
[  801.234145][T14026]  ? ksys_write+0x12a/0x250
[  801.234201][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.234242][T14026]  ? lockdep_init_map_type+0x5c/0x270
[  801.234284][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.234324][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.234364][T14026]  ? lockdep_init_map_type+0x5c/0x270
[  801.234405][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.234449][T14026]  autofs_wait+0x10f3/0x1ac0
[  801.234487][T14026]  ? __pfx_autofs_wait+0x10/0x10
[  801.234521][T14026]  ? __pfx___schedule+0x10/0x10
[  801.234566][T14026]  ? find_held_lock+0x2b/0x80
[  801.234618][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.234660][T14026]  ? preempt_schedule_thunk+0x16/0x30
[  801.234693][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.234738][T14026]  ? preempt_schedule_common+0x44/0xc0
[  801.234792][T14026]  autofs_mount_wait+0x132/0x3c0
[  801.234850][T14026]  autofs_d_automount+0x4b2/0x960
[  801.234885][T14026]  __traverse_mounts+0x1b9/0x830
[  801.234938][T14026]  step_into_slowpath+0x772/0xf50
[  801.234971][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235013][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235053][T14026]  ? __up_read+0x2d1/0x700
[  801.235097][T14026]  ? __pfx_step_into_slowpath+0x10/0x10
[  801.235132][T14026]  ? __entry_text_end+0x1020b5/0x1020b9
[  801.235180][T14026]  path_lookupat+0x627/0xc40
[  801.235219][T14026]  filename_lookup+0x224/0x5f0
[  801.235258][T14026]  ? __pfx_filename_lookup+0x10/0x10
[  801.235314][T14026]  ? getname_kernel+0x52/0x370
[  801.235362][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235402][T14026]  ? __asan_memcpy+0x3c/0x60
[  801.235453][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235497][T14026]  kern_path+0x35/0x50
[  801.235532][T14026]  lookup_bdev+0xd8/0x280
[  801.235563][T14026]  ? __pfx_lookup_bdev+0x10/0x10
[  801.235594][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235634][T14026]  ? __asan_memcpy+0x3c/0x60
[  801.235689][T14026]  resume_store+0x1d6/0x490
[  801.235743][T14026]  ? __pfx_resume_store+0x10/0x10
[  801.235795][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235838][T14026]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.235877][T14026]  ? find_held_lock+0x2b/0x80
[  801.235932][T14026]  ? __pfx_resume_store+0x10/0x10
[  801.235980][T14026]  kobj_attr_store+0x58/0x80
[  801.236033][T14026]  ? __pfx_kobj_attr_store+0x10/0x10
[  801.236087][T14026]  sysfs_kf_write+0xf2/0x150
[  801.236142][T14026]  kernfs_fop_write_iter+0x3af/0x570
[  801.236187][T14026]  ? __pfx_sysfs_kf_write+0x10/0x10
[  801.236243][T14026]  vfs_write+0x7d3/0x11d0
[  801.236279][T14026]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  801.236329][T14026]  ? __pfx_vfs_write+0x10/0x10
[  801.236381][T14026]  ksys_write+0x12a/0x250
[  801.236416][T14026]  ? __pfx_ksys_write+0x10/0x10
[  801.236459][T14026]  do_syscall_64+0xcd/0xf80
[  801.236514][T14026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.236548][T14026] RIP: 0033:0x7f572c78f749
[  801.236573][T14026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  801.236606][T14026] RSP: 002b:00007f572d696038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  801.236635][T14026] RAX: ffffffffffffffda RBX: 00007f572c9e5fa0 RCX: 00007f572c78f749
[  801.236658][T14026] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000003
[  801.236679][T14026] RBP: 00007f572c813f91 R08: 0000000000000000 R09: 0000000000000000
[  801.236705][T14026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  801.236729][T14026] R13: 00007f572c9e6038 R14: 00007f572c9e5fa0 R15: 00007ffc2bd387f8
[  801.236769][T14026]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  802.117486][T14026] PM: Image not found (code -22)
[  802.221223][   T12] team0 (unregistering): Port device team_slave_1 removed
[  802.315833][   T12] team0 (unregistering): Port device team_slave_0 removed
[  803.690293][   T12] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.760707][   T12] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.816176][   T12] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.856948][   T12] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.283638][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.345937][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.399842][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.491580][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  804.502393][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.625308][   T12] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.669752][   T12] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.720643][   T12] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.780563][   T12] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.907638][   T12] bridge_slave_1: left allmulticast mode
[  804.915243][   T12] bridge_slave_1: left promiscuous mode
[  804.920952][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  804.929709][   T12] bridge_slave_0: left allmulticast mode
[  804.936311][   T12] bridge_slave_0: left promiscuous mode
[  804.942260][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.951600][   T12] bridge_slave_1: left allmulticast mode
[  804.957983][   T12] bridge_slave_1: left promiscuous mode
[  804.963999][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  804.973651][   T12] bridge_slave_0: left allmulticast mode
[  804.979294][   T12] bridge_slave_0: left promiscuous mode
[  804.985246][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.995767][   T12] bridge_slave_1: left allmulticast mode
[  805.007434][   T12] bridge_slave_1: left promiscuous mode
[  805.016468][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.028605][   T12] bridge_slave_0: left allmulticast mode
[  805.034844][   T12] bridge_slave_0: left promiscuous mode
[  805.041043][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.054255][   T12] bridge_slave_1: left allmulticast mode
[  805.060267][   T12] bridge_slave_1: left promiscuous mode
[  805.066751][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.076833][   T12] bridge_slave_0: left allmulticast mode
[  805.083120][   T12] bridge_slave_0: left promiscuous mode
[  805.089135][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.100904][   T12] bridge_slave_1: left allmulticast mode
[  805.107072][   T12] bridge_slave_1: left promiscuous mode
[  805.114640][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.127230][   T12] bridge_slave_0: left allmulticast mode
[  805.138463][   T12] bridge_slave_0: left promiscuous mode
[  805.144911][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.429365][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  805.441199][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  805.456597][   T12] bond0 (unregistering): Released all slaves
[  805.799267][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  805.813149][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  805.824007][   T12] bond0 (unregistering): Released all slaves
[  805.838556][   T12] bond1 (unregistering): Released all slaves
[  805.853552][   T12] bond2 (unregistering): Released all slaves
[  805.870075][   T12] bond3 (unregistering): Released all slaves
[  805.888324][   T12] bond4 (unregistering): Released all slaves
[  805.907248][   T12] bond5 (unregistering): Released all slaves
[  806.028966][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  806.042715][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  806.054409][   T12] bond0 (unregistering): Released all slaves
[  806.335672][ T7368] smc: removing ib device syz0
[  806.341135][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  806.351501][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  806.361526][   T12] bond0 (unregistering): Released all slaves
[  806.456394][   T12] bond1 (unregistering): Released all slaves
[  806.468218][   T12] bond2 (unregistering): Released all slaves
[  806.480179][   T12] bond3 (unregistering): Released all slaves
[  806.491731][   T12] bond4 (unregistering): Released all slaves
[  806.601025][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  806.612025][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  806.622845][   T12] bond0 (unregistering): Released all slaves
[  806.634638][   T12] bond1 (unregistering): Released all slaves
[  807.933237][   T12] tipc: Left network mode
[  808.995462][   T12] hsr_slave_0: left promiscuous mode
[  809.001323][   T12] hsr_slave_1: left promiscuous mode
[  809.007713][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  809.015848][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  809.027303][   T12] hsr_slave_0: left promiscuous mode
[  809.033978][   T12] hsr_slave_1: left promiscuous mode
[  809.041044][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  809.050683][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  809.058928][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  809.069443][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  809.091079][   T12] hsr_slave_0: left promiscuous mode
[  809.097503][   T12] hsr_slave_1: left promiscuous mode
[  809.103713][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  809.111367][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  809.124004][   T12] hsr_slave_0: left promiscuous mode
[  809.130233][   T12] hsr_slave_1: left promiscuous mode
[  809.137251][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  809.148413][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  809.156890][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  809.168828][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  809.186605][   T12] hsr_slave_0: left promiscuous mode
[  809.193161][   T12] hsr_slave_1: left promiscuous mode
[  809.199432][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  809.207525][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  809.216765][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  809.225049][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  809.253888][   T12] veth1_macvtap: left promiscuous mode
[  809.259404][   T12] veth0_macvtap: left promiscuous mode
[  809.266221][   T12] veth1_vlan: left promiscuous mode
[  809.271505][   T12] veth0_vlan: left promiscuous mode
[  809.278978][   T12] veth1_macvtap: left promiscuous mode
[  809.284668][   T12] veth0_macvtap: left promiscuous mode
[  809.290241][   T12] veth1_vlan: left promiscuous mode
[  809.297875][   T12] veth0_vlan: left promiscuous mode
[  809.304154][   T12] veth1_macvtap: left promiscuous mode
[  809.309665][   T12] veth0_macvtap: left promiscuous mode
[  809.315562][   T12] veth1_vlan: left promiscuous mode
[  809.320843][   T12] veth0_vlan: left promiscuous mode
[  809.620495][   T12] team0 (unregistering): Port device team_slave_1 removed
[  809.635091][   T12] team0 (unregistering): Port device team_slave_0 removed
[  809.785665][   T12] team0 (unregistering): Port device team_slave_1 removed
[  809.818602][   T12] team0 (unregistering): Port device team_slave_0 removed
[  810.076051][   T12] team0 (unregistering): Port device team_slave_1 removed
[  810.090148][   T12] team0 (unregistering): Port device team_slave_0 removed
[  810.238150][   T12] team0 (unregistering): Port device team_slave_1 removed
[  810.257913][   T12] team0 (unregistering): Port device team_slave_0 removed
[  810.473336][   T12] team0 (unregistering): Port device team_slave_1 removed
[  810.493348][   T12] team0 (unregistering): Port device team_slave_0 removed