last executing test programs:

39.493717635s ago: executing program 1 (id=700):
r0 = socket$kcm(0x10, 0x2, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_create1(0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x10000001})
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x14, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0) (fail_nth: 3)

39.139819723s ago: executing program 1 (id=702):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000069104c00000000000400eaffff0700009500006896311100"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffffb1}, 0x48)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
timer_gettime(r1, &(0x7f0000000040))
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x20, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x304}, "480ca6eda49ed6a6", "3a2cc8b276a753b0e23e2a8436b0e1d53d11b70c57abe2e932240e766d3aebfd", "a0eb068e", "e96e232f2004a832"}, 0x38)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="310300000000000000000900000008000300", @ANYRES32=r5, @ANYBLOB="08000600", @ANYRES32], 0x24}}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000ecffffff8802"])
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r2, 0x0, r9, 0x0, 0x4, 0x0)
recvmmsg(r2, &(0x7f00000061c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x40, 0x0)

37.560481727s ago: executing program 2 (id=707):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0xb8, 0xd8, 0x0, {0x0, 0x7a010000}, [@common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0x108, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2d8)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000003, 0x80010, r1, 0x36e2f000)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="1200000000000000", @ANYRES32=0x0, @ANYBLOB="0fb9b2f78a4dba2dac27c2c38e62a221b33eb66c4597a9ee0ff4b05ad1794942a2274e666f79a555e35fa688d4d918358ca3eba2dffca616", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20)
write$tcp_congestion(r0, &(0x7f0000000300)='reno\x00', 0x5)
unshare(0x2040400)
r6 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00', <r7=>0x0})
bind$xdp(r6, &(0x7f0000000240)={0x2c, 0x20, r7, 0x0, r5}, 0x10)
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000100)=<r8=>0x0)
ptrace$setopts(0x4206, r8, 0xffffffffffffffff, 0x10002a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x20000000000002e0, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)

37.559839036s ago: executing program 1 (id=708):
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x50009405, &(0x7f0000000180))

37.55516798s ago: executing program 0 (id=711):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid() (async)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB], 0x7)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0) (async)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2) (async)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) (async)
bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
socket$inet6(0xa, 0x3, 0x2f) (async)
r6 = socket$inet6(0xa, 0x3, 0x2f)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@private=0xa010105, @in=@empty, 0x0, 0xfffb, 0xffff, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xd}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xe, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4, 0x0, 0x3}}, 0xe8) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@private=0xa010105, @in=@empty, 0x0, 0xfffb, 0xffff, 0x0, 0xa, 0x0, 0x20, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xd}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xe, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x4, 0x0, 0x3}}, 0xe8)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r7}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r7}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r9, 0x2000000, 0x11, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{}, @hci_rp_role_discovery={{0x1}, {0x0, 0xc9, 0x1}}}}, 0x4a)

37.320305622s ago: executing program 3 (id=712):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r4, 0xc02c5341, &(0x7f00000001c0))

37.270376076s ago: executing program 2 (id=713):
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
r0 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r0, &(0x7f0000000a40)={'#! ', './file0'}, 0xb)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000880)=@newqdisc={0x50, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_choke={{0xa}, {0xfffffffffffffe69, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x8, 0x1, 0x0, 0x12, 0xa, 0x14, 0x8}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x7}]}}]}, 0x50}}, 0x8840)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x7fffffff, 0x0, 0x1, 0xd, '\x00', r3, 0xffffffffffffffff, 0x0, 0x2, 0x2}, 0x50)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb010018000000000000005c0000005c0000000400000000f4dbfa632be10000000a00000d000000000d000000050000000d0000000400000009000000020000000100000000000000080000000300000009000000010000000a0000000200000001000000050000000f000000000000000e0000000100000000610000"], &(0x7f0000002040)=""/4096, 0x78, 0x1000, 0x1, 0x1, 0x10000}, 0x28)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES64=r1], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = userfaultfd(0x801)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r8, 0x65, 0x2, &(0x7f0000000080)=0x8, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r9=>0x0})
bind$can_raw(r8, &(0x7f00000000c0)={0x1d, r9}, 0x10)
close(r8)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r10, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r10, &(0x7f0000000100)={0xa, 0x4, 0x0, @mcast2, 0x9}, 0x1c)
setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r10, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f0000000040)="4c86dd", 0x3}], 0x2}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)="55f273a201", 0x5}], 0x1}}], 0x2, 0x4400c800)
sendto$inet6(r10, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
r11 = syz_io_uring_setup(0x5b0f, &(0x7f0000000000)={0x0, 0xfffffffc, 0x1000, 0xfffffffb, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000))
close_range(r7, r7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='pwc_handler_exit\x00', r6, 0x0, 0x6}, 0x18)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pidfd_getfd(r11, r4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r12, 0x0, 0x5}, 0x18)

37.269942641s ago: executing program 1 (id=714):
r0 = getpid()
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000400), 0x4)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
kcmp$KCMP_EPOLL_TFD(r4, r0, 0x7, r3, &(0x7f0000000280)={r2, 0xffffffffffffffff, 0x80000005})

37.069067097s ago: executing program 1 (id=715):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe0500"/16], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r2 = socket$inet(0x2, 0x3, 0x2)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x20c000, &(0x7f00000002c0)={[{@journal_checksum}, {@jqfmt_vfsold}, {@nodioread_nolock}, {@abort}, {@nouid32}]}, 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000000380)={&(0x7f0000000340)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0}, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, 0x0}, 0x20004800)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
fsetxattr(r7, 0x0, 0x0, 0x0, 0x0)
fgetxattr(r7, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', 0x0, 0xffde)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r8, 0xc0c0583b, &(0x7f0000000d40)=ANY=[@ANYBLOB="000000004c90020052feffff030001000000000000000000000000000100ddff00000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000002300"/192])
sendmsg$inet(r2, &(0x7f0000001f00)={&(0x7f00000001c0)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xe, 0x0, 0x0, &(0x7f0000000240)=[@ip_tos_int={{0x0, 0x0, 0x1, 0x7f}}]}, 0x844)
readv(r6, &(0x7f0000000300)=[{&(0x7f0000000280)=""/62, 0x3e}], 0x1)
r9 = fcntl$dupfd(r1, 0x0, r1)
write$sndseq(r9, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0x0, @tick=0xb, {0x0, 0xb8}, {0x0, 0x89}, @control={0x9, 0x2, 0xa}}, {0x0, 0x4, 0x0, 0x0, @time={0x0, 0x3ff}, {0x6, 0xc}, {}, @result={0x4, 0x8}}], 0x38)

37.068897154s ago: executing program 0 (id=716):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10)
sendmsg$can_raw(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}}, 0x20000000) (fail_nth: 1)

36.972123603s ago: executing program 2 (id=717):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000240)={<r4=>0xffffffffffffffff})
r5 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r5, 0x2007ffc)
r6 = openat(0xffffffffffffff9c, 0x0, 0x40942, 0x0)
copy_file_range(r5, 0x0, r6, 0x0, 0xfffffbffa003e45b, 0x700000000000000)
read$FUSE(r4, &(0x7f00000014c0)={0x2020}, 0x2020)
ioctl$NS_GET_OWNER_UID(r4, 0xb704, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r7)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r8, 0x205, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x80)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000000300))
write$FUSE_STATX(r5, 0x0, 0x0)

35.613798822s ago: executing program 3 (id=718):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5, 0x4, 0x2})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x2, 0xdda, 0x1})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000001c0)={0x2, 0x8, 0x2}) (fail_nth: 3)

35.549434206s ago: executing program 0 (id=719):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r0, 0x3ba0, &(0x7f0000000000)={0x48, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000c40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000500)=ANY=[], 0x5, 0x6cb, &(0x7f0000001400)="$eJzs3c9vHGf5APBnxrsbb75Rvk6btBEqwkqkArJI/EMumAsGIeRDhapy4GwlDrGycSrbqdwKgQsITkgc+gcUJIsLJyTuQeHcqgd6tThVqsQl4mD1YjSzM7tr79heO/7V8vlEs/POvO+888yz78x4d7PaAP5nzY1F7UkkMTf2+lq2vLkx1drcmLpQVLciIiunEbX2LJKliORpxGxWn7TXZ/Ponfd5f3HmzU+ebX7aXqpFz3bpfttVqGi7XkwxGhFDxbxffdBd7OjvTkQM9zVpDNpX2XC2fLhZLsBZ2+6zfpjND3PeAudMeXdK2vfNPiMRF4v7X/43QXF1SE8vwv396+OjbZcdx+PjDgYAAADOmQ8fnXUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MVT/P5/UkxpMY/RSMrf/2+U64ryufPZR4O3fXKSgQAAAAAAAADAKfnaVmzFWlwul7eT/DP/G/nC1fh8O+L/4nGsxEIsx61Yi/lYjdVYjomIGOnpqLE2v7q6PNHZMlO95WTllpOndcQAAAAAAAAA8KX0q5jrfv4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnQRIx1J7l09WyPBJpLdp1jazdesRHZfkLIqla+eT04wAAAIDnMnyEbf5/K7ZiLS6Xy9tJ/pr/pfz18nA8jqVYjcVYjVYsxN3iNXT2qj/d3JhqbW5MPcym/n6//+9DhZH3WLy/UL3n63mLZtyLxXzNrbiTB3M30nzLzPUynuq43stiSr5XGDCyWpHWbGd/2OtdhGNx2LciRrLgIjoZGS9iy7JxpZ2BJH+jJmJ3Jg58dmq79xRp1Dt7moi0887P1X1zfulIOb9YzLPj+e2J5vywOplII8/EZM/oe6knCxGXou+s+Prf/vLT+62lB/fvrYydn0PqSCvXDu1e0ezdojsmpnoy8fL+5+E5z0TtkO3H80xc6yzPxY/iJzEWo/FGLMdivB3zsRoLsV3UzxfjOXscqc7UetF0dseO3jgokkYxQtvP2SAxjcYP89J83Mi3vRyLkcSjuBsL8Vr+bzIm4tsxHdMx0/MMX9vzGc6PLT/r091nfflM/70y+JvfKArZAPtdd6DN7nfEfaPzmLWv/Vler/TktT3qn3Va/fmbb9e6V+Full4os1Ov7Pwo18baV4pCto9f73nWnoWRPEv1rX9GdO4SZXQvtjNRy+9F/VeEP+bnxkpr6cHy/fm39uh/fdfyq8U8G1YbXx0gwHrn4YRl4+WFGC6uJFd6rpLjed2LnavMlR131UbxiUu7Lu2ru5bXJUl5pv54zzO1UfwN19/TZF73cmXdVF53vadux99b8ShacfcU8gfAcxqJi43mZ80Pmx80f9O833x9+AcXvnPhlUbU/1H/bm186NX0leSv8UH8ovv6HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOLqVd959MN9qLSxXF9K9qw4oHNTzrkJS/KDPkfZ1DgvDEbFjTT1bcephNHeH0VfY/mXEqeen/BHB6ja/zwq1GKTD2YPavHf4CD+/sFdgX8rCUFQPgDO+MAEn7vbqw7dur7zz7rcWH85/vPCzhaX69PTM+Mz0a1O37y22Fsbbj2cdJXASujf9s44EAAAAAAAAAAAAGFTVFwNuXDroSyMDfcfD/ywEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjsXcWNSeRBIT47fGs+XNjalWNpXlbstaRKRpRPLziORpxGy0pxjp6S6JPz2N7Yr9vL848+YnzzY/7fZVa7ePSIv5c1gvphiNiKFiflz93Xnu/pL/lEeYJexmmTg4a/8NAAD//wWP+go=")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006100000a00000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000000202000001af8ff00000000bfa100f677b76a2730a99a00f8ffffffb702000008000000b50200000000000085000000cb0000009500000000000000d1b11a1c101573ea698c22ff9d37f3720fcd824097f3ddb100ec100347dccedbf13d054cbc8ceae765b28454fe36cd091ee7485f3708b753eb6b624b052c328cad23d31624f0f6d05d9bbbd8207e9d043e573d8365b68684b2928a8aafc4a09c6b27c18a9a4b4865d7a3b249f1e867b03c73412df563e997344dc73d95969f1a67c6c855c04759609d97fa73c1ef403c247cb788edf1da97777e59954bb580d3e577ae7bb18a22a8f6b9613ab8abcb5a820f8427448ed1fbd00432c00f240b1225fc3c96b4c690ed7f3e0fd5"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x21)
syz_open_dev$vcsn(&(0x7f0000000000), 0x80, 0x100)

34.498037906s ago: executing program 3 (id=720):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r2=>0x0})
r3 = socket(0x10, 0x4, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4008000, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r8, &(0x7f0000000000), 0xd)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x3000000, 0x0, {0x0, 0x0, 0x0, r2, {0x9}, {}, {0xfff3, 0xfffa}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)

34.452109459s ago: executing program 1 (id=721):
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000880)={0x0, @in6={{0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, '\x00', 0x14}, 0x1f8}}, 0x1, 0x1ba0}, 0x90)
syz_open_dev$cec(0x0, 0xffffffffffffffff, 0xc0c00)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000"], 0x0, 0x46, 0x0, 0x0, 0xfffffffc}, 0x28)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r3 = fanotify_init(0xf00, 0x1)
fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0)
fallocate(r1, 0x0, 0x1000000, 0x3)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000)
truncate(&(0x7f0000000200)='./file1\x00', 0x20fffffffc)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

34.345316765s ago: executing program 0 (id=722):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x1, 0x8893, [{0xfffffffd, 0x1, 0x1000000}]}]}}, &(0x7f0000000000)=""/140, 0x32, 0x8c, 0x1}, 0x28)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000001dc0)={0x0, @l2tp={0x2, 0x0, @multicast2}, @isdn, @qipcrtr})
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000101c1b3e1b0000000000010900092105000001220500090581031000000007"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="002212"], 0x0}, 0x0)

33.20221166s ago: executing program 2 (id=723):
openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x2, @local, 0x7}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_mcast\x00')
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2, 0x0, 0xfffffffffffffffc}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xa20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = openat$kvm(0x0, 0x0, 0x2382, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000240)={0x1, @pix_mp={0x0, 0x0, 0x50424752, 0x0, 0xd, [{}, {}, {}, {0xf, 0xd}, {}, {0x0, 0xfffffffe}, {0x7}], 0x0, 0x0, 0x0, 0x0, 0x6}})
syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x0)
syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000)=<r9=>0x0, &(0x7f0000000000)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, r1, &(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='./file1\x00', 0xffffffffffffffff, 0x0, 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0)
chroot(&(0x7f0000000180)='./file0\x00')
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)=ANY=[@ANYRES32=r7, @ANYRES32=r1, @ANYBLOB=')\x00'/12, @ANYRES32=r2, @ANYBLOB="f358e67bf1d3cd4024edc84cac5faff18adcc1b8dbeaccd31c56f2ffbf54193923224270e01bc6f7ac54bef26a6098efb1e15c9571cd", @ANYRES64=0x0], 0x20)

32.211789122s ago: executing program 3 (id=724):
r0 = socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ustat(0x6, &(0x7f0000000080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = openat$sequencer(0xffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r4, 0xc0046d00, &(0x7f0000001500))
r5 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r5, &(0x7f0000000340)=[{{&(0x7f00000000c0)={0xa, 0x0, 0xb4ef, @private1, 0x40000}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="3800000000000000290000003900000e21"], 0x38}}], 0x1, 0x0)

31.528802256s ago: executing program 4 (id=725):
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000640), 0x800, 0x0)
pipe(&(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f00000005c0)='fd', 0x0, r2)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00')
r4 = fsmount(r3, 0x0, 0x2)
symlinkat(&(0x7f0000000080)='./file0\x00', r4, &(0x7f00000000c0)='./file0\x00')
unlinkat(r1, &(0x7f0000000040)='./file0\x00', 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/12, 0xc}, {&(0x7f0000000180)=""/90, 0x5a}], 0x2, 0x7ff, 0x4f)

29.301889008s ago: executing program 0 (id=726):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2, 0x3, 0x3})
syz_usb_connect(0x5, 0x1b, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x46, 0xee, 0x58, 0x40, 0xc45, 0x6251, 0x959c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x0, 0xfe, 0x0, 0xcb}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x60, 0x2, 0x1, 0x8, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "ca8cc0e6"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x7, 0xa75, 0x9}, {0x6, 0x24, 0x1a, 0x6b97, 0xe}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x7, 0xfc, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x7f, 0x34, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x3ef, 0x0, 0x5, 0x6}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x300, 0x7, 0xd8, 0x8, 0x10, 0x6}, 0x5, &(0x7f00000000c0)={0x5, 0xf, 0x5}, 0x7, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x416}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x402}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1009}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x443}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x180a}}, {0x28, &(0x7f0000000280)=@string={0x28, 0x3, "0611767e78cd6c6ef59d326f87482ad38223f3f52661681ad93d0e2f4a7384a765b29c6185bd"}}, {0x3d, &(0x7f00000002c0)=@string={0x3d, 0x3, "19c157be75240be51f99b8a544612d26873e2f1536fce8206c344c8808509a596aea29294d09a4f78849f0c3a2beb69db9b475d0608a8ea2484577"}}]})

29.301127124s ago: executing program 4 (id=727):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r4, 0xc02c5341, &(0x7f00000001c0)) (fail_nth: 3)

28.70937708s ago: executing program 4 (id=728):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7)
sendfile(r1, r1, 0x0, 0x9)

28.381079594s ago: executing program 4 (id=729):
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf09"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa110000"], 0x0)
chroot(&(0x7f0000000040)='./file0\x00')
syz_emit_ethernet(0x52, &(0x7f0000000940)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd601927f2001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000e"], 0x0)

27.240025601s ago: executing program 3 (id=730):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x28000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fb}}, &(0x7f0000000300)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x10c, 0x10, 0x7, 0x0, 0x0, {{@in=@rand_addr=0x64010100, @in=@multicast2, 0xffff, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@dev, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @extra_flags={0x8, 0x18, 0x9}]}, 0x10c}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000240)={{0x80, 0xfc}, 'port1\x00', 0xe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x20})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000180)={{0x80, 0x80}, 'port0\x00', 0x151, 0x0, 0x86c4, 0x0, 0x4, 0x0, 0x9, 0x0, 0x5})

26.78932659s ago: executing program 4 (id=731):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040)={0x0, @adiantum, 0x0, @desc3})
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x31, &(0x7f0000000000)={0x0, 0x0}, 0x10)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e20, 0x10001, @empty, 0x3}, 0x1c)
syz_usb_connect(0x2, 0x56, &(0x7f0000000000)=ANY=[], 0x0)

25.342235706s ago: executing program 2 (id=732):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, 0x0, &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
syz_emit_ethernet(0x22, &(0x7f0000000100)=ANY=[], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

24.269241887s ago: executing program 0 (id=733):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x161141)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf, 0x10}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x6f6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x4, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x5}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x400c080)
r7 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0xcc04, &(0x7f0000000440)=ANY=[@ANYRES16=r5, @ANYRES32=r5, @ANYBLOB="fe4a0dd184464a5396acf2c0bbdb24989c32b3bbd9e7c8c6545d8d4b20d499773f0dc05dfdfa7bb3a15e992167ec4d7d0e18165673f87d67e75e5e721ac2705752e5b1823cf688de16d190de0ae14d7e8bf492418440e8c0e647cc91237da2621d34a9126cc2febf58ef631e129354947c5f34f2e15f9da1c91e708587397b003b5a02063df5c261257544c5b1a9", @ANYRES32=r5, @ANYBLOB="82748df47a6caf08098b8332add50d4601417e6cf4816d71745b84a35eadc9c923e1c44b86fe4c103d9a0cd91b716de72ffa0e8a8113407808f33a0ea24ac7162653231066cf7d3354557a440b30d7be460680020f021af80a5ed2886958457ca0c1a59180f6cfb73a59142f6773888799db18fd084c3e2401", @ANYRES32=r5], 0x1, 0x207, &(0x7f0000000740)="$eJzs3b9uUmEUAPBDS/ljHLqZmJhc46BToz5BjamJkcSkhkG3JnYqEyzA0j6Gr+B7+QCmE4v5DF5uQUoRiRe0/n5LTznfufc73HBh4ZAi9+Xep2g0KrFzGIcxqsR+7EThIgCA22SUUnxNud+vrpaxJQCgZCu8/3/b8JYAgJK9e//hzYtW6+g4yxoRlxf9dr+d/83zr163jp5mP+xPqy77/fbuVf5ZNv/ZYZzfizuT/PO8PrtK1yKiXYsnj/L8OPfybSv7ub4eH0vuHQAAAAAAAAAAAAAAAAAAAAAAtuVBZIWF830ODubzzUk+/29mPtDc/J5q3C/GA0/HA6XzTTQFAAAAAAAAAAAAAAAAAAAA/5jeYHh20umcdqdBPSJmH6kuWHNzUJkceKXF2w92Yr3y5qTNNU5amTxF5TbYXHxxVwmi+rdcnXWD7E8dsF5c5uupZlSWlKc0Dha/CoqxGDeW1yJi+cYeH6/b1yil1Pn8sNsbRFq6eHqPqG/sbgQAAAAAAAAAAAAAAAAAAP+3mW99X9PY3caOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDzeoNh8Sv/w7OTTue02xusHJxHxN345eLiXHvR2F6jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3GrfAwAA//8nTRyq")
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000100001000000000000000000af00000a20000000000a01040000000000000000010000000900010073797a310000000020000000030a01020000000000000000010000000900030073797a320000000030000000050400000000000000000000010020000c00024000000000000000010900010073797a310000000004000480140000001100010000000000000000000000000a181685e90d979373737e518700fba8d7aeb03fcf"], 0x98}}, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x2e, &(0x7f0000000180)="117dde48de338d454e1be175fcb08478f75f7e1d08f091b41da7d2a7deafe8eb22f7974a58dec227331a9f653ecd33aac2ac84c33a079904fe64af3e8f80d938e8aa69aeda5bc2173d78afb4e4f229e21113a263e30500000138f59e4b929dff5501008ba32026db9888cad06536fe5aea5df6e79fdd64188f8e01a465a6e4f4842c1ffe9f6230747be6614d98001ae689f9dd5a7a82a93ea9049111843caeb0ba1a8082beaa0d497dc85295e96e15b7914650d2701f298fc5e31b35c617fea588d53b1515eec5bba16979c641098097ef8ae7d7a7ff0d1565414831f349a230dae8b06b55dd4dcd2888f91f6eec1db4086367606578b63f3b17da4f3a714cab709772e4c0cbea023bd54c98ab14e5321200716df3cccdac0d953d3028d670478c6aef9d1b2c3787c8335192145b264af736277b24f4e45471f54dcae23e7a4f9e0b129287879f00c60f2c282abbdb0e3aedfb8a17a29cdb026e40d34cb073d5c111bda65efe376ce27b55f03459e9215b0ee453469fba60c77fb8b073cd568cf60d251225261a98ef7417ae4a5b9797141a5d3ce9724e01ea7118c154736dda47c083c6", 0x1a4)
syz_usb_connect(0x5, 0x35, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff707900082402ff200126ff09058503"], 0x0)
setresuid(0x0, 0xee01, 0xffffffffffffffff)
r9 = socket(0x2, 0x2, 0x0)
sendto$inet(r9, 0x0, 0xffe5, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r10=>r7, {0x9}}, './file0\x00'})
openat$cgroup_ro(r10, &(0x7f0000000080)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)

24.197289167s ago: executing program 3 (id=734):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r2=>0x0})
r3 = socket(0x10, 0x4, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4008000, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x3000000, 0x0, {0x0, 0x0, 0x0, r2, {0x9}, {}, {0xfff3, 0xfffa}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)

21.136555904s ago: executing program 2 (id=735):
syz_open_dev$tty20(0xc, 0x4, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in=@broadcast, 0x4e20, 0x0, 0x4e22, 0x7, 0xa, 0x0, 0x0, 0x3b}, {0xa, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@rand_addr=0x64010101, 0x800, 0x33}, 0xa, @in=@remote, 0x0, 0x0, 0x3, 0x4, 0x8, 0x4, 0x401}}, 0xe8)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

19.648479491s ago: executing program 4 (id=736):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_DO_IT(r0, 0xab03)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000340)={<r5=>0x0, @in={{0x2, 0x4e24, @multicast2}}, 0xb, 0x691}, &(0x7f0000000100)=0x90)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000480)={r5, 0x0, &(0x7f0000000440)}, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000084}, 0x4040010)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28)
r9 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r8, 0x2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x2, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r9}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080)={0xffffffff}, 0x8)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000010000002400018006000500000000000600010002000000080003"], 0x38}}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

15.354727167s ago: executing program 32 (id=721):
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000880)={0x0, @in6={{0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, '\x00', 0x14}, 0x1f8}}, 0x1, 0x1ba0}, 0x90)
syz_open_dev$cec(0x0, 0xffffffffffffffff, 0xc0c00)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000"], 0x0, 0x46, 0x0, 0x0, 0xfffffffc}, 0x28)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r3 = fanotify_init(0xf00, 0x1)
fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0)
fallocate(r1, 0x0, 0x1000000, 0x3)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000)
truncate(&(0x7f0000000200)='./file1\x00', 0x20fffffffc)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

7.205771837s ago: executing program 33 (id=733):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x161141)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf, 0x10}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x6f6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x4, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x5}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x400c080)
r7 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0xcc04, &(0x7f0000000440)=ANY=[@ANYRES16=r5, @ANYRES32=r5, @ANYBLOB="fe4a0dd184464a5396acf2c0bbdb24989c32b3bbd9e7c8c6545d8d4b20d499773f0dc05dfdfa7bb3a15e992167ec4d7d0e18165673f87d67e75e5e721ac2705752e5b1823cf688de16d190de0ae14d7e8bf492418440e8c0e647cc91237da2621d34a9126cc2febf58ef631e129354947c5f34f2e15f9da1c91e708587397b003b5a02063df5c261257544c5b1a9", @ANYRES32=r5, @ANYBLOB="82748df47a6caf08098b8332add50d4601417e6cf4816d71745b84a35eadc9c923e1c44b86fe4c103d9a0cd91b716de72ffa0e8a8113407808f33a0ea24ac7162653231066cf7d3354557a440b30d7be460680020f021af80a5ed2886958457ca0c1a59180f6cfb73a59142f6773888799db18fd084c3e2401", @ANYRES32=r5], 0x1, 0x207, &(0x7f0000000740)="$eJzs3b9uUmEUAPBDS/ljHLqZmJhc46BToz5BjamJkcSkhkG3JnYqEyzA0j6Gr+B7+QCmE4v5DF5uQUoRiRe0/n5LTznfufc73HBh4ZAi9+Xep2g0KrFzGIcxqsR+7EThIgCA22SUUnxNud+vrpaxJQCgZCu8/3/b8JYAgJK9e//hzYtW6+g4yxoRlxf9dr+d/83zr163jp5mP+xPqy77/fbuVf5ZNv/ZYZzfizuT/PO8PrtK1yKiXYsnj/L8OPfybSv7ub4eH0vuHQAAAAAAAAAAAAAAAAAAAAAAtuVBZIWF830ODubzzUk+/29mPtDc/J5q3C/GA0/HA6XzTTQFAAAAAAAAAAAAAAAAAAAA/5jeYHh20umcdqdBPSJmH6kuWHNzUJkceKXF2w92Yr3y5qTNNU5amTxF5TbYXHxxVwmi+rdcnXWD7E8dsF5c5uupZlSWlKc0Dha/CoqxGDeW1yJi+cYeH6/b1yil1Pn8sNsbRFq6eHqPqG/sbgQAAAAAAAAAAAAAAAAAAP+3mW99X9PY3caOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDzeoNh8Sv/w7OTTue02xusHJxHxN345eLiXHvR2F6jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3GrfAwAA//8nTRyq")
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000100001000000000000000000af00000a20000000000a01040000000000000000010000000900010073797a310000000020000000030a01020000000000000000010000000900030073797a320000000030000000050400000000000000000000010020000c00024000000000000000010900010073797a310000000004000480140000001100010000000000000000000000000a181685e90d979373737e518700fba8d7aeb03fcf"], 0x98}}, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x2e, &(0x7f0000000180)="117dde48de338d454e1be175fcb08478f75f7e1d08f091b41da7d2a7deafe8eb22f7974a58dec227331a9f653ecd33aac2ac84c33a079904fe64af3e8f80d938e8aa69aeda5bc2173d78afb4e4f229e21113a263e30500000138f59e4b929dff5501008ba32026db9888cad06536fe5aea5df6e79fdd64188f8e01a465a6e4f4842c1ffe9f6230747be6614d98001ae689f9dd5a7a82a93ea9049111843caeb0ba1a8082beaa0d497dc85295e96e15b7914650d2701f298fc5e31b35c617fea588d53b1515eec5bba16979c641098097ef8ae7d7a7ff0d1565414831f349a230dae8b06b55dd4dcd2888f91f6eec1db4086367606578b63f3b17da4f3a714cab709772e4c0cbea023bd54c98ab14e5321200716df3cccdac0d953d3028d670478c6aef9d1b2c3787c8335192145b264af736277b24f4e45471f54dcae23e7a4f9e0b129287879f00c60f2c282abbdb0e3aedfb8a17a29cdb026e40d34cb073d5c111bda65efe376ce27b55f03459e9215b0ee453469fba60c77fb8b073cd568cf60d251225261a98ef7417ae4a5b9797141a5d3ce9724e01ea7118c154736dda47c083c6", 0x1a4)
syz_usb_connect(0x5, 0x35, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff707900082402ff200126ff09058503"], 0x0)
setresuid(0x0, 0xee01, 0xffffffffffffffff)
r9 = socket(0x2, 0x2, 0x0)
sendto$inet(r9, 0x0, 0xffe5, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r10=>r7, {0x9}}, './file0\x00'})
openat$cgroup_ro(r10, &(0x7f0000000080)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)

4.957539844s ago: executing program 34 (id=734):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r2=>0x0})
r3 = socket(0x10, 0x4, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4008000, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x3000000, 0x0, {0x0, 0x0, 0x0, r2, {0x9}, {}, {0xfff3, 0xfffa}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)

3.008273945s ago: executing program 35 (id=735):
syz_open_dev$tty20(0xc, 0x4, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in=@broadcast, 0x4e20, 0x0, 0x4e22, 0x7, 0xa, 0x0, 0x0, 0x3b}, {0xa, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@rand_addr=0x64010101, 0x800, 0x33}, 0xa, @in=@remote, 0x0, 0x0, 0x3, 0x4, 0x8, 0x4, 0x401}}, 0xe8)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)

0s ago: executing program 36 (id=736):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_DO_IT(r0, 0xab03)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000340)={<r5=>0x0, @in={{0x2, 0x4e24, @multicast2}}, 0xb, 0x691}, &(0x7f0000000100)=0x90)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000480)={r5, 0x0, &(0x7f0000000440)}, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000084}, 0x4040010)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28)
r9 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r8, 0x2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x2, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r9}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080)={0xffffffff}, 0x8)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000010000002400018006000500000000000600010002000000080003"], 0x38}}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

kernel console output (not intermixed with test programs):

0 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.057658][ T6197] RSP: 002b:00007f57f8bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  104.057677][ T6197] RAX: ffffffffffffffda RBX: 00007f57fafb6080 RCX: 00007f57fad8e929
[  104.057689][ T6197] RDX: 0000000000143042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  104.057707][ T6197] RBP: 00007f57f8bd5090 R08: 0000000000000000 R09: 0000000000000000
[  104.057718][ T6197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.057727][ T6197] R13: 0000000000000000 R14: 00007f57fafb6080 R15: 00007ffdd1ee4de8
[  104.057754][ T6197]  </TASK>
[  104.584210][ T6186] loop1: detected capacity change from 0 to 32768
[  104.643049][ T3437] kworker/u8:8: attempt to access beyond end of device
[  104.643049][ T3437] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  104.705314][ T3437] CPU: 0 UID: 0 PID: 3437 Comm: kworker/u8:8 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  104.705339][ T3437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.705351][ T3437] Workqueue: writeback wb_workfn (flush-7:3)
[  104.705379][ T3437] Call Trace:
[  104.705386][ T3437]  <TASK>
[  104.705394][ T3437]  dump_stack_lvl+0x189/0x250
[  104.705424][ T3437]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.705445][ T3437]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  104.705468][ T3437]  ? __pfx_queue_work_on+0x10/0x10
[  104.705490][ T3437]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  104.705512][ T3437]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.705535][ T3437]  ? f2fs_hw_is_readonly+0x39b/0x470
[  104.705561][ T3437]  f2fs_handle_critical_error+0x37c/0x540
[  104.705590][ T3437]  f2fs_write_end_io+0x495/0x810
[  104.705610][ T3437]  ? blkg_put+0x22/0x240
[  104.705655][ T3437]  __submit_merged_bio+0x27a/0x6a0
[  104.705681][ T3437]  __submit_merged_write_cond+0x255/0x530
[  104.705710][ T3437]  f2fs_write_data_pages+0x261d/0x3000
[  104.705773][ T3437]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.705846][ T3437]  ? ret_from_fork_asm+0x1a/0x30
[  104.705869][ T3437]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.705902][ T3437]  ? stack_trace_save+0x9c/0xe0
[  104.705938][ T3437]  ? call_rcu+0x157/0x9c0
[  104.705957][ T3437]  ? release_task+0x13f5/0x17f0
[  104.705972][ T3437]  ? wait_consider_task+0x195a/0x2e60
[  104.705989][ T3437]  ? __do_wait+0x541/0x740
[  104.706004][ T3437]  ? kernel_wait+0xab/0x170
[  104.706017][ T3437]  ? call_usermodehelper_exec_work+0xbe/0x230
[  104.706039][ T3437]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.706063][ T3437]  do_writepages+0x32e/0x550
[  104.706089][ T3437]  ? reacquire_held_locks+0x127/0x1d0
[  104.706109][ T3437]  ? writeback_sb_inodes+0x384/0x1010
[  104.706142][ T3437]  __writeback_single_inode+0x145/0xff0
[  104.706165][ T3437]  ? do_raw_spin_unlock+0x122/0x240
[  104.706187][ T3437]  writeback_sb_inodes+0x6c7/0x1010
[  104.706243][ T3437]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  104.706317][ T3437]  ? rcu_is_watching+0x15/0xb0
[  104.706351][ T3437]  wb_writeback+0x43b/0xaf0
[  104.706383][ T3437]  ? queue_io+0x3d1/0x590
[  104.706410][ T3437]  ? __pfx_wb_writeback+0x10/0x10
[  104.706443][ T3437]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.706471][ T3437]  wb_workfn+0x409/0xef0
[  104.706512][ T3437]  ? __pfx_wb_workfn+0x10/0x10
[  104.706535][ T3437]  ? __lock_acquire+0xab9/0xd20
[  104.706568][ T3437]  ? process_scheduled_works+0x9ef/0x17b0
[  104.706596][ T3437]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.706615][ T3437]  ? process_scheduled_works+0x9ef/0x17b0
[  104.706635][ T3437]  ? process_scheduled_works+0x9ef/0x17b0
[  104.706668][ T3437]  process_scheduled_works+0xae1/0x17b0
[  104.706727][ T3437]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.706769][ T3437]  worker_thread+0x8a0/0xda0
[  104.706822][ T3437]  kthread+0x70e/0x8a0
[  104.706842][ T3437]  ? __pfx_worker_thread+0x10/0x10
[  104.706863][ T3437]  ? __pfx_kthread+0x10/0x10
[  104.706882][ T3437]  ? _raw_spin_unlock_irq+0x23/0x50
[  104.706901][ T3437]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.706923][ T3437]  ? __pfx_kthread+0x10/0x10
[  104.706942][ T3437]  ret_from_fork+0x3fc/0x770
[  104.706968][ T3437]  ? __pfx_ret_from_fork+0x10/0x10
[  104.706996][ T3437]  ? __switch_to_asm+0x39/0x70
[  104.707011][ T3437]  ? __switch_to_asm+0x33/0x70
[  104.707025][ T3437]  ? __pfx_kthread+0x10/0x10
[  104.707044][ T3437]  ret_from_fork_asm+0x1a/0x30
[  104.707081][ T3437]  </TASK>
[  104.707089][ T3437] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  104.816576][  T978] usb usb36-port1: attempt power cycle
[  105.088199][ T6186] workqueue: Failed to create a rescuer kthread for wq "bcachefs_copygc": -EINTR
[  105.088272][ T6186] bcachefs (loop1): shutdown complete
[  105.502740][ T6213] loop0: detected capacity change from 0 to 1024
[  105.521388][ T6213] hfsplus: unable to find HFS+ superblock
[  106.247130][  T978] usb usb36-port1: unable to enumerate USB device
[  106.379640][ T6222] loop3: detected capacity change from 0 to 8
[  107.650424][ T6235] Bluetooth: MGMT ver 1.23
[  107.662334][ T6235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.66'.
[  108.502836][ T6235] bridge_slave_1: left allmulticast mode
[  108.503073][ T6239] loop2: detected capacity change from 0 to 16
[  108.508581][ T6235] bridge_slave_1: left promiscuous mode
[  108.521080][ T6235] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.538997][ T6235] bridge_slave_0: left allmulticast mode
[  108.544668][ T6235] bridge_slave_0: left promiscuous mode
[  108.550674][ T6235] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.552502][ T6239] erofs (device loop2): mounted with root inode @ nid 36.
[  108.764617][ T6237] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  108.774603][ T6237] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  108.784209][ T6237] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  108.859797][   T30] audit: type=1800 audit(1751369173.154:16): pid=6237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.67" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  108.904927][ T6240] FAULT_INJECTION: forcing a failure.
[  108.904927][ T6240] name failslab, interval 1, probability 0, space 0, times 0
[  108.918087][ T6240] CPU: 0 UID: 0 PID: 6240 Comm: syz.2.68 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  108.918111][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  108.918122][ T6240] Call Trace:
[  108.918129][ T6240]  <TASK>
[  108.918136][ T6240]  dump_stack_lvl+0x189/0x250
[  108.918164][ T6240]  ? __pfx____ratelimit+0x10/0x10
[  108.918189][ T6240]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.918212][ T6240]  ? __pfx__printk+0x10/0x10
[  108.918232][ T6240]  ? __pfx___might_resched+0x10/0x10
[  108.918256][ T6240]  should_fail_ex+0x414/0x560
[  108.918279][ T6240]  should_failslab+0xa8/0x100
[  108.918296][ T6240]  kmem_cache_alloc_noprof+0x73/0x3c0
[  108.918318][ T6240]  ? getname_flags+0xb8/0x540
[  108.918340][ T6240]  getname_flags+0xb8/0x540
[  108.918360][ T6240]  __x64_sys_renameat2+0xba/0xe0
[  108.918379][ T6240]  do_syscall_64+0xfa/0x3b0
[  108.918397][ T6240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.918412][ T6240]  ? asm_sysvec_call_function_single+0x1a/0x20
[  108.918428][ T6240]  ? clear_bhb_loop+0x60/0xb0
[  108.918449][ T6240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.918465][ T6240] RIP: 0033:0x7fd7f878e929
[  108.918480][ T6240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.918494][ T6240] RSP: 002b:00007fd7f95fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  108.918513][ T6240] RAX: ffffffffffffffda RBX: 00007fd7f89b6080 RCX: 00007fd7f878e929
[  108.918526][ T6240] RDX: ffffffffffffff9c RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  108.918545][ T6240] RBP: 00007fd7f95fd090 R08: 0000000000000002 R09: 0000000000000000
[  108.918555][ T6240] R10: 0000200000001240 R11: 0000000000000246 R12: 0000000000000001
[  108.918564][ T6240] R13: 0000000000000000 R14: 00007fd7f89b6080 R15: 00007ffffc399fd8
[  108.918589][ T6240]  </TASK>
[  108.951917][ T6242] loop0: detected capacity change from 0 to 1024
[  109.569895][ T6242] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.582827][ T6242] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.201345][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.233093][ T6186] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc
[  110.296017][ T6264] loop2: detected capacity change from 0 to 128
[  110.346975][ T6264] ext4: Unknown parameter 'measure'
[  110.379865][ T6268] loop4: detected capacity change from 0 to 512
[  110.416627][ T6268] EXT4-fs: Ignoring removed oldalloc option
[  110.446642][ T6268] EXT4-fs (loop4): 1 truncate cleaned up
[  110.474624][ T6268] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.776422][ T6276] loop2: detected capacity change from 0 to 16
[  110.810782][ T6276] erofs (device loop2): mounted with root inode @ nid 36.
[  110.843015][ T6278] netlink: 'syz.1.77': attribute type 10 has an invalid length.
[  110.924696][ T6278] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  111.231748][ T6268] EXT4-fs error (device loop4): ext4_lookup:1787: inode #14: comm syz.4.76: invalid fast symlink length 39
[  111.573557][ T6268] EXT4-fs (loop4): Remounting filesystem read-only
[  111.592153][ T6290] loop1: detected capacity change from 0 to 1024
[  111.707110][ T6290] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.869497][ T6290] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.80: Abort forced by user
[  111.904638][ T6290] EXT4-fs (loop1): Remounting filesystem read-only
[  111.917513][ T6290] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  112.190467][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.205866][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.473144][ T5948] libceph: connect (1)[c::]:6789 error -101
[  112.482182][ T5948] libceph: mon0 (1)[c::]:6789 connect error
[  112.789341][ T5948] libceph: connect (1)[c::]:6789 error -101
[  112.901097][ T5948] libceph: mon0 (1)[c::]:6789 connect error
[  113.140682][ T6301] ceph: No mds server is up or the cluster is laggy
[  113.601031][ T6329] loop4: detected capacity change from 0 to 1024
[  113.693832][ T6329] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  113.747705][ T6335] loop0: detected capacity change from 0 to 8
[  113.752525][ T6336] process 'syz.3.89' launched './file1' with NULL argv: empty string added
[  113.776714][ T6335] squashfs: Unknown parameter '~y��̀�j��'
[  113.783398][ T6339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  113.985235][ T5908] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  114.025034][ T6339] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.643080][ T5908] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  114.670999][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.693476][ T5908] usb 2-1: Product: syz
[  114.715203][ T5908] usb 2-1: Manufacturer: syz
[  114.746185][ T5908] usb 2-1: SerialNumber: syz
[  114.769805][ T5908] usb 2-1: config 0 descriptor??
[  115.668944][ T5908] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  115.713619][ T6352] veth0: entered promiscuous mode
[  115.846999][ T5908] asix 2-1:0.0: probe with driver asix failed with error -71
[  115.873547][ T6352] veth0: left promiscuous mode
[  116.478829][ T5908] usb 2-1: USB disconnect, device number 2
[  116.820971][ T6363] loop3: detected capacity change from 0 to 16
[  117.907291][ T6363] erofs (device loop3): mounted with root inode @ nid 36.
[  117.920510][ T6361] FAULT_INJECTION: forcing a failure.
[  117.920510][ T6361] name failslab, interval 1, probability 0, space 0, times 0
[  117.933185][ T6361] CPU: 1 UID: 0 PID: 6361 Comm: syz.3.95 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  117.933201][ T6361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.933208][ T6361] Call Trace:
[  117.933214][ T6361]  <TASK>
[  117.933219][ T6361]  dump_stack_lvl+0x189/0x250
[  117.933239][ T6361]  ? __pfx____ratelimit+0x10/0x10
[  117.933254][ T6361]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.933267][ T6361]  ? __pfx__printk+0x10/0x10
[  117.933281][ T6361]  ? __pfx___might_resched+0x10/0x10
[  117.933297][ T6361]  should_fail_ex+0x414/0x560
[  117.933311][ T6361]  should_failslab+0xa8/0x100
[  117.933322][ T6361]  kmem_cache_alloc_noprof+0x73/0x3c0
[  117.933336][ T6361]  ? getname_flags+0xb8/0x540
[  117.933349][ T6361]  getname_flags+0xb8/0x540
[  117.933361][ T6361]  __x64_sys_renameat2+0xba/0xe0
[  117.933372][ T6361]  do_syscall_64+0xfa/0x3b0
[  117.933380][ T6361]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.933394][ T6361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.933403][ T6361]  ? clear_bhb_loop+0x60/0xb0
[  117.933415][ T6361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.933424][ T6361] RIP: 0033:0x7f57fad8e929
[  117.933434][ T6361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.933442][ T6361] RSP: 002b:00007f57f8bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  117.933453][ T6361] RAX: ffffffffffffffda RBX: 00007f57fafb6080 RCX: 00007f57fad8e929
[  117.933460][ T6361] RDX: ffffffffffffff9c RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  117.933467][ T6361] RBP: 00007f57f8bd5090 R08: 0000000000000002 R09: 0000000000000000
[  117.933473][ T6361] R10: 0000200000001240 R11: 0000000000000246 R12: 0000000000000001
[  117.933479][ T6361] R13: 0000000000000000 R14: 00007f57fafb6080 R15: 00007ffdd1ee4de8
[  117.933498][ T6361]  </TASK>
[  118.117778][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.448479][ T6372] loop4: detected capacity change from 0 to 1024
[  118.459549][ T6372] EXT4-fs: Ignoring removed nobh option
[  118.465231][ T6372] EXT4-fs: Ignoring removed bh option
[  119.811975][ T6372] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.024110][ T6368] netlink: 24 bytes leftover after parsing attributes in process `syz.4.96'.
[  120.195816][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.596307][ T6393] veth0: entered promiscuous mode
[  120.630005][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.4.103'.
[  120.639012][ T6393] netlink: 4 bytes leftover after parsing attributes in process `syz.4.103'.
[  121.222661][ T6392] loop1: detected capacity change from 0 to 2048
[  121.403617][ T6392] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  122.575835][ T6385] veth0: left promiscuous mode
[  122.747455][   T30] audit: type=1800 audit(1751369187.144:17): pid=6392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.104" name="file2" dev="loop1" ino=1416 res=0 errno=0
[  123.162590][ T6399] loop3: detected capacity change from 0 to 40427
[  123.170049][ T5922] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  123.180845][ T6399] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  123.188649][ T6399] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  123.321789][ T6399] F2FS-fs (loop3): invalid crc value
[  123.347572][ T5922] usb 2-1: Using ep0 maxpacket: 8
[  123.407381][ T6399] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  123.414482][ T6399] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  123.441251][ T5922] usb 2-1: config 1 has an invalid descriptor of length 111, skipping remainder of the config
[  123.581725][ T5922] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  123.636281][ T5922] usb 2-1: config 1 has no interface number 1
[  123.730640][ T6405] netlink: 48 bytes leftover after parsing attributes in process `syz.3.106'.
[  124.367676][ T5922] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  124.501465][ T5922] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 105, changing to 7
[  124.552258][ T5922] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 25632, setting to 1024
[  124.622577][ T5922] usb 2-1: config 1 interface 2 has no altsetting 0
[  124.661518][ T5922] usb 2-1: string descriptor 0 read error: -71
[  124.706203][ T5922] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  124.719518][ T6407] loop4: detected capacity change from 0 to 1024
[  124.739819][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.740495][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.1.108'.
[  124.779605][ T6407] EXT4-fs: Ignoring removed nobh option
[  124.819202][ T5922] usb 2-1: can't set config #1, error -71
[  124.829024][ T6407] EXT4-fs: Ignoring removed bh option
[  124.972960][ T5922] usb 2-1: USB disconnect, device number 3
[  124.996289][ T6412] geneve1: entered promiscuous mode
[  125.080121][ T6415] loop0: detected capacity change from 0 to 16
[  125.139887][ T6415] erofs (device loop0): mounted with root inode @ nid 36.
[  125.275857][ T6412] geneve1: entered allmulticast mode
[  125.601659][ T6407] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.709077][ T6407] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  125.960178][ T6406] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.536970][ T6434] overlayfs: failed to resolve './file0': -2
[  127.878030][ T6438] loop1: detected capacity change from 0 to 8
[  127.892359][ T6438] squashfs: Unknown parameter '~y��̀�j��'
[  128.503159][ T5840] kernel write not supported for file /snd/seq (pid: 5840 comm: kworker/1:3)
[  128.678571][ T6421] loop0: detected capacity change from 0 to 32768
[  128.689224][ T6421] btrfs: Deprecated parameter 'usebackuproot'
[  128.785300][ T6421] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  128.901056][ T6446] loop2: detected capacity change from 0 to 1024
[  128.926407][ T6446] EXT4-fs: Ignoring removed bh option
[  129.016935][ T6446] EXT4-fs (loop2): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.907889][ T6464] loop1: detected capacity change from 0 to 40427
[  129.966545][ T6464] F2FS-fs (loop1): invalid crc value
[  129.972673][ T5850] EXT4-fs (loop2): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[  130.058603][ T6464] F2FS-fs (loop1): Start checkpoint disabled!
[  130.079793][ T6464] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  130.435270][ T5922] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  130.462159][   T30] audit: type=1800 audit(1751369194.664:18): pid=6468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.121" name="bus" dev="loop1" ino=10 res=0 errno=0
[  130.680116][ T5922] usb 4-1: unable to get BOS descriptor or descriptor too short
[  130.697956][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.123'.
[  130.724266][ T3437] kworker/u8:8: attempt to access beyond end of device
[  130.724266][ T3437] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  130.742844][ T6472] bond_slave_0: entered promiscuous mode
[  130.748787][ T6472] bond_slave_1: entered promiscuous mode
[  130.761082][ T5922] usb 4-1: config 6 has an invalid interface number: 32 but max is 0
[  130.785429][ T5922] usb 4-1: config 6 has no interface number 0
[  130.795812][ T3437] CPU: 0 UID: 0 PID: 3437 Comm: kworker/u8:8 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  130.795835][ T3437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  130.795846][ T3437] Workqueue: writeback wb_workfn (flush-7:1)
[  130.795885][ T3437] Call Trace:
[  130.795892][ T3437]  <TASK>
[  130.795900][ T3437]  dump_stack_lvl+0x189/0x250
[  130.795930][ T3437]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.795950][ T3437]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  130.795974][ T3437]  ? __pfx_queue_work_on+0x10/0x10
[  130.795999][ T3437]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  130.796019][ T3437]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  130.796041][ T3437]  ? f2fs_hw_is_readonly+0x39b/0x470
[  130.796067][ T3437]  f2fs_handle_critical_error+0x37c/0x540
[  130.796094][ T3437]  f2fs_write_end_io+0x495/0x810
[  130.796116][ T3437]  ? blkg_put+0x22/0x240
[  130.796150][ T3437]  __submit_merged_bio+0x27a/0x6a0
[  130.796178][ T3437]  __submit_merged_write_cond+0x255/0x530
[  130.796213][ T3437]  f2fs_write_data_pages+0x261d/0x3000
[  130.796271][ T3437]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  130.796307][ T3437]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  130.796397][ T3437]  ? bpf_trace_run4+0x19c/0x4a0
[  130.796430][ T3437]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  130.796453][ T3437]  do_writepages+0x32e/0x550
[  130.796482][ T3437]  ? reacquire_held_locks+0x127/0x1d0
[  130.796504][ T3437]  ? writeback_sb_inodes+0x384/0x1010
[  130.796535][ T3437]  __writeback_single_inode+0x145/0xff0
[  130.796558][ T3437]  ? do_raw_spin_unlock+0x122/0x240
[  130.796579][ T3437]  writeback_sb_inodes+0x6c7/0x1010
[  130.796629][ T3437]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  130.796694][ T3437]  ? rcu_is_watching+0x15/0xb0
[  130.796724][ T3437]  wb_writeback+0x43b/0xaf0
[  130.796755][ T3437]  ? queue_io+0x3d1/0x590
[  130.796780][ T3437]  ? __pfx_wb_writeback+0x10/0x10
[  130.796811][ T3437]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.796838][ T3437]  wb_workfn+0x409/0xef0
[  130.796873][ T3437]  ? __pfx_wb_workfn+0x10/0x10
[  130.796898][ T3437]  ? __lock_acquire+0xab9/0xd20
[  130.796930][ T3437]  ? process_scheduled_works+0x9ef/0x17b0
[  130.796957][ T3437]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.796977][ T3437]  ? process_scheduled_works+0x9ef/0x17b0
[  130.796996][ T3437]  ? process_scheduled_works+0x9ef/0x17b0
[  130.797019][ T3437]  process_scheduled_works+0xae1/0x17b0
[  130.797072][ T3437]  ? __pfx_process_scheduled_works+0x10/0x10
[  130.797111][ T3437]  worker_thread+0x8a0/0xda0
[  130.797161][ T3437]  kthread+0x70e/0x8a0
[  130.797181][ T3437]  ? __pfx_worker_thread+0x10/0x10
[  130.797202][ T3437]  ? __pfx_kthread+0x10/0x10
[  130.797225][ T3437]  ? _raw_spin_unlock_irq+0x23/0x50
[  130.797246][ T3437]  ? lockdep_hardirqs_on+0x9c/0x150
[  130.797268][ T3437]  ? __pfx_kthread+0x10/0x10
[  130.797286][ T3437]  ret_from_fork+0x3fc/0x770
[  130.797311][ T3437]  ? __pfx_ret_from_fork+0x10/0x10
[  130.797338][ T3437]  ? __switch_to_asm+0x39/0x70
[  130.797353][ T3437]  ? __switch_to_asm+0x33/0x70
[  130.797368][ T3437]  ? __pfx_kthread+0x10/0x10
[  130.797385][ T3437]  ret_from_fork_asm+0x1a/0x30
[  130.797419][ T3437]  </TASK>
[  130.797426][ T3437] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  130.851676][ T6472] macvtap1: entered promiscuous mode
[  130.862292][ T5922] usb 4-1: config 6 interface 32 has no altsetting 0
[  130.897259][ T6472] bond0: entered promiscuous mode
[  130.929892][ T5922] usb 4-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=9f.66
[  131.138509][ T6472] macvtap1: entered allmulticast mode
[  131.143911][ T6472] bond0: entered allmulticast mode
[  131.149136][ T6472] bond_slave_0: entered allmulticast mode
[  131.154869][ T6472] bond_slave_1: entered allmulticast mode
[  131.182877][ T6472] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  131.211154][ T6473] bond0: left allmulticast mode
[  131.229114][ T6473] bond_slave_0: left allmulticast mode
[  131.246109][ T6473] bond_slave_1: left allmulticast mode
[  131.253743][ T6458] loop0: detected capacity change from 0 to 32768
[  131.255031][ T6473] bond0: left promiscuous mode
[  131.264290][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.273246][ T5922] usb 4-1: Product: syz
[  131.277890][ T5922] usb 4-1: Manufacturer: syz
[  131.282498][ T5922] usb 4-1: SerialNumber: syz
[  131.295156][ T6473] bond_slave_0: left promiscuous mode
[  131.300773][ T6473] bond_slave_1: left promiscuous mode
[  131.324018][ T6458] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  131.441933][ T6458] XFS (loop0): Ending clean mount
[  131.485449][ T6458] XFS (loop0): Quotacheck needed: Please wait.
[  131.559918][ T5922] snd_usb_toneport 4-1:6.32: Line 6 GuitarPort found
[  131.583848][ T5922] usb 4-1: selecting invalid altsetting 2
[  131.598158][ T6458] XFS (loop0): Quotacheck: Done.
[  131.599656][ T5922] snd_usb_toneport 4-1:6.32: set_interface failed
[  131.613100][ T5922] snd_usb_toneport 4-1:6.32: Line 6 GuitarPort now disconnected
[  131.646960][ T5922] snd_usb_toneport 4-1:6.32: probe with driver snd_usb_toneport failed with error -22
[  131.703521][ T5922] usb 4-1: USB disconnect, device number 2
[  131.915208][ T5849] Bluetooth: hci4: unexpected cc 0x0809 length: 68 > 4
[  131.926706][ T5832] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  132.390184][ T6493] netlink: 60 bytes leftover after parsing attributes in process `syz.4.126'.
[  132.400513][ T6493] unsupported nlmsg_type 40
[  132.902181][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  132.909945][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  133.283294][ T6496] loop0: detected capacity change from 0 to 40427
[  133.476477][ T6496] F2FS-fs (loop0): invalid crc value
[  133.914070][ T6496] F2FS-fs (loop0): Start checkpoint disabled!
[  133.923439][ T6496] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  134.320696][ T6506] loop2: detected capacity change from 0 to 32768
[  134.328082][ T6506] XFS: ikeep mount option is deprecated.
[  134.361874][   T30] audit: type=1800 audit(1751369198.754:19): pid=6510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.127" name="bus" dev="loop0" ino=10 res=0 errno=0
[  134.562941][ T6506] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  134.733995][   T13] kworker/u8:1: attempt to access beyond end of device
[  134.733995][   T13] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  134.739678][ T6506] XFS (loop2): Ending clean mount
[  134.763870][ T6506] XFS (loop2): Quotacheck needed: Please wait.
[  134.833519][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  134.833546][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.833556][   T13] Workqueue: writeback wb_workfn (flush-7:0)
[  134.833584][   T13] Call Trace:
[  134.833591][   T13]  <TASK>
[  134.833598][   T13]  dump_stack_lvl+0x189/0x250
[  134.833627][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.833647][   T13]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  134.833669][   T13]  ? __pfx_queue_work_on+0x10/0x10
[  134.833693][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  134.833714][   T13]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  134.833738][   T13]  ? f2fs_hw_is_readonly+0x39b/0x470
[  134.833764][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  134.833791][   T13]  f2fs_write_end_io+0x495/0x810
[  134.833812][   T13]  ? blkg_put+0x22/0x240
[  134.833847][   T13]  __submit_merged_bio+0x27a/0x6a0
[  134.833875][   T13]  __submit_merged_write_cond+0x255/0x530
[  134.833902][   T13]  f2fs_write_data_pages+0x261d/0x3000
[  134.833957][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.833992][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  134.834059][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  134.834080][   T13]  ? look_up_lock_class+0x74/0x170
[  134.834114][   T13]  ? trace_f2fs_writepages+0x7f/0x200
[  134.834136][   T13]  ? f2fs_write_node_pages+0x478/0x6e0
[  134.834162][   T13]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  134.834196][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  134.834219][   T13]  do_writepages+0x32e/0x550
[  134.834248][   T13]  ? reacquire_held_locks+0x127/0x1d0
[  134.834269][   T13]  ? writeback_sb_inodes+0x384/0x1010
[  134.834300][   T13]  __writeback_single_inode+0x145/0xff0
[  134.834323][   T13]  ? do_raw_spin_unlock+0x122/0x240
[  134.834345][   T13]  writeback_sb_inodes+0x6c7/0x1010
[  134.834394][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  134.834459][   T13]  ? rcu_is_watching+0x15/0xb0
[  134.834489][   T13]  wb_writeback+0x43b/0xaf0
[  134.834520][   T13]  ? queue_io+0x3d1/0x590
[  134.834545][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  134.834573][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.834599][   T13]  wb_workfn+0x409/0xef0
[  134.834632][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  134.834656][   T13]  ? __lock_acquire+0xab9/0xd20
[  134.834687][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  134.834715][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.834735][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  134.834753][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  134.834776][   T13]  process_scheduled_works+0xae1/0x17b0
[  134.834824][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  134.834861][   T13]  worker_thread+0x8a0/0xda0
[  134.834910][   T13]  kthread+0x70e/0x8a0
[  134.834929][   T13]  ? __pfx_worker_thread+0x10/0x10
[  134.834949][   T13]  ? __pfx_kthread+0x10/0x10
[  134.834967][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  134.834987][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  134.835007][   T13]  ? __pfx_kthread+0x10/0x10
[  134.835023][   T13]  ret_from_fork+0x3fc/0x770
[  134.835053][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  134.835083][   T13]  ? __switch_to_asm+0x39/0x70
[  134.835096][   T13]  ? __switch_to_asm+0x33/0x70
[  134.835109][   T13]  ? __pfx_kthread+0x10/0x10
[  134.835126][   T13]  ret_from_fork_asm+0x1a/0x30
[  134.835154][   T13]  </TASK>
[  135.461622][ T6506] XFS (loop2): Quotacheck: Done.
[  136.216437][ T6529] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  136.850963][ T6528] FAULT_INJECTION: forcing a failure.
[  136.850963][ T6528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.865723][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: syz.2.130 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  136.865746][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.865756][ T6528] Call Trace:
[  136.865763][ T6528]  <TASK>
[  136.865771][ T6528]  dump_stack_lvl+0x189/0x250
[  136.865801][ T6528]  ? __pfx____ratelimit+0x10/0x10
[  136.865826][ T6528]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.865849][ T6528]  ? __pfx__printk+0x10/0x10
[  136.865878][ T6528]  should_fail_ex+0x414/0x560
[  136.865905][ T6528]  _copy_to_user+0x31/0xb0
[  136.865928][ T6528]  simple_read_from_buffer+0xe1/0x170
[  136.865957][ T6528]  proc_fail_nth_read+0x1df/0x250
[  136.865979][ T6528]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.866001][ T6528]  ? rw_verify_area+0x258/0x650
[  136.866023][ T6528]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.866043][ T6528]  vfs_read+0x1fd/0x980
[  136.866064][ T6528]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  136.866095][ T6528]  ? __pfx_vfs_read+0x10/0x10
[  136.866114][ T6528]  ? irqentry_exit+0x74/0x90
[  136.866137][ T6528]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.866186][ T6528]  ksys_read+0x145/0x250
[  136.866206][ T6528]  ? __fget_files+0x2a/0x420
[  136.866226][ T6528]  ? __pfx_ksys_read+0x10/0x10
[  136.866254][ T6528]  ? do_syscall_64+0xbe/0x3b0
[  136.866274][ T6528]  do_syscall_64+0xfa/0x3b0
[  136.866291][ T6528]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.866308][ T6528]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  136.866324][ T6528]  ? clear_bhb_loop+0x60/0xb0
[  136.866344][ T6528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.866361][ T6528] RIP: 0033:0x7fd7f878d33c
[  136.866387][ T6528] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  136.866401][ T6528] RSP: 002b:00007fd7f95fd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  136.866419][ T6528] RAX: ffffffffffffffda RBX: 00007fd7f89b6080 RCX: 00007fd7f878d33c
[  136.866432][ T6528] RDX: 000000000000000f RSI: 00007fd7f95fd0a0 RDI: 000000000000000d
[  136.866442][ T6528] RBP: 00007fd7f95fd090 R08: 0000000000000000 R09: 0000000000000000
[  136.866453][ T6528] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  136.866463][ T6528] R13: 0000000000000000 R14: 00007fd7f89b6080 R15: 00007ffffc399fd8
[  136.866492][ T6528]  </TASK>
[  136.883960][   T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  137.222562][ T6537] netlink: 36 bytes leftover after parsing attributes in process `syz.3.137'.
[  137.318433][ T5850] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.619457][ T6551] loop1: detected capacity change from 0 to 4096
[  139.707961][ T6559] loop2: detected capacity change from 0 to 4096
[  139.721432][ T6559] ntfs3: Unknown parameter 'spar�e'
[  140.341029][ T6551] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  140.550454][ T6562] loop0: detected capacity change from 0 to 32768
[  140.557850][ T6562] XFS: ikeep mount option is deprecated.
[  140.624961][ T6571] loop3: detected capacity change from 0 to 512
[  140.632198][ T6562] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  140.668823][  T978] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  140.707904][ T6571] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  140.814009][ T6562] XFS (loop0): Ending clean mount
[  140.815003][ T6571] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  140.824178][ T6562] XFS (loop0): Quotacheck needed: Please wait.
[  140.868741][ T6562] XFS (loop0): Quotacheck: Done.
[  140.898560][ T6568] loop2: detected capacity change from 0 to 32768
[  140.914030][  T978] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  140.915835][ T6568] btrfs: Deprecated parameter 'usebackuproot'
[  140.944007][  T978] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184
[  140.957741][ T6571] EXT4-fs (loop3): 1 truncate cleaned up
[  140.964335][ T6568] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  140.992960][  T978] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  141.035747][ T6568] btrfs: Deprecated parameter 'usebackuproot'
[  141.116989][ T6568] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  141.135468][  T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.170814][ T6571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.320160][ T6568] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.146 (6568)
[  141.701679][ T5832] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  141.724483][  T978] usb 2-1: can't set config #220, error -71
[  141.944558][  T978] usb 2-1: USB disconnect, device number 4
[  141.949926][ T6568] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  142.000246][ T6568] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  142.059839][ T6568] BTRFS info (device loop2): using free-space-tree
[  142.103361][ T6586] FAULT_INJECTION: forcing a failure.
[  142.103361][ T6586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  142.116731][ T6586] CPU: 1 UID: 0 PID: 6586 Comm: syz.1.149 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  142.116752][ T6586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.116760][ T6586] Call Trace:
[  142.116765][ T6586]  <TASK>
[  142.116771][ T6586]  dump_stack_lvl+0x189/0x250
[  142.116793][ T6586]  ? __pfx____ratelimit+0x10/0x10
[  142.116812][ T6586]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.116829][ T6586]  ? __pfx__printk+0x10/0x10
[  142.116844][ T6586]  ? __might_fault+0xb0/0x130
[  142.116870][ T6586]  should_fail_ex+0x414/0x560
[  142.116891][ T6586]  _copy_from_user+0x2d/0xb0
[  142.116907][ T6586]  snd_pcm_oss_write+0x84f/0x11a0
[  142.116924][ T6586]  ? get_pid_task+0x20/0x1f0
[  142.116951][ T6586]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  142.116968][ T6586]  ? bpf_lsm_file_permission+0x9/0x20
[  142.116984][ T6586]  ? security_file_permission+0x75/0x290
[  142.116998][ T6586]  ? rw_verify_area+0x258/0x650
[  142.117016][ T6586]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  142.117032][ T6586]  vfs_write+0x27b/0xa90
[  142.117057][ T6586]  ? __pfx_vfs_write+0x10/0x10
[  142.117076][ T6586]  ? __fget_files+0x2a/0x420
[  142.117093][ T6586]  ? __fget_files+0x2a/0x420
[  142.117104][ T6586]  ? __fget_files+0x3a0/0x420
[  142.117116][ T6586]  ? __fget_files+0x2a/0x420
[  142.117146][ T6586]  ksys_write+0x145/0x250
[  142.117166][ T6586]  ? __pfx_ksys_write+0x10/0x10
[  142.117188][ T6586]  ? do_syscall_64+0xbe/0x3b0
[  142.117206][ T6586]  do_syscall_64+0xfa/0x3b0
[  142.117220][ T6586]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.117232][ T6586]  ? asm_sysvec_call_function_single+0x1a/0x20
[  142.117245][ T6586]  ? clear_bhb_loop+0x60/0xb0
[  142.117261][ T6586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.117272][ T6586] RIP: 0033:0x7f13aeb8e929
[  142.117286][ T6586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.117296][ T6586] RSP: 002b:00007f13afa16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  142.117311][ T6586] RAX: ffffffffffffffda RBX: 00007f13aedb6080 RCX: 00007f13aeb8e929
[  142.117320][ T6586] RDX: 00000000ffffffd9 RSI: 00002000000001c0 RDI: 0000000000000003
[  142.117328][ T6586] RBP: 00007f13afa16090 R08: 0000000000000000 R09: 0000000000000000
[  142.117337][ T6586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  142.117345][ T6586] R13: 0000000000000000 R14: 00007f13aedb6080 R15: 00007ffd456da3a8
[  142.117366][ T6586]  </TASK>
[  142.598760][ T6600] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  142.760944][ T6607] netlink: 'syz.4.150': attribute type 1 has an invalid length.
[  142.816101][ T6568] BTRFS info (device loop2): rebuilding free space tree
[  142.894370][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.036955][ T6566] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  143.081473][ T6568] btrfs: Unknown parameter '�����j�����/�Y|ԗk��� �M��gm\��Z�?��?k��gU�W{�?'
[  143.123100][ T6615] FAULT_INJECTION: forcing a failure.
[  143.123100][ T6615] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.177238][ T6615] CPU: 0 UID: 0 PID: 6615 Comm: syz.3.151 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  143.177274][ T6615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.177284][ T6615] Call Trace:
[  143.177291][ T6615]  <TASK>
[  143.177299][ T6615]  dump_stack_lvl+0x189/0x250
[  143.177328][ T6615]  ? __pfx____ratelimit+0x10/0x10
[  143.177353][ T6615]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.177376][ T6615]  ? __pfx__printk+0x10/0x10
[  143.177395][ T6615]  ? __might_fault+0xb0/0x130
[  143.177430][ T6615]  should_fail_ex+0x414/0x560
[  143.177455][ T6615]  _copy_from_user+0x2d/0xb0
[  143.177476][ T6615]  cec_ioctl+0x32e/0x2f20
[  143.177507][ T6615]  ? __pfx_cec_ioctl+0x10/0x10
[  143.177527][ T6615]  ? do_vfs_ioctl+0xf37/0x1990
[  143.177551][ T6615]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  143.177578][ T6615]  ? kasan_quarantine_put+0xdd/0x220
[  143.177609][ T6615]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  143.177630][ T6615]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  143.177649][ T6615]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  143.177667][ T6615]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  143.177687][ T6615]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  143.177723][ T6615]  ? __lock_acquire+0xab9/0xd20
[  143.177762][ T6615]  ? __fget_files+0x2a/0x420
[  143.177783][ T6615]  ? __fget_files+0x2a/0x420
[  143.177798][ T6615]  ? __fget_files+0x3a0/0x420
[  143.177814][ T6615]  ? __fget_files+0x2a/0x420
[  143.177834][ T6615]  ? bpf_lsm_file_ioctl+0x9/0x20
[  143.177855][ T6615]  ? __pfx_cec_ioctl+0x10/0x10
[  143.177875][ T6615]  __se_sys_ioctl+0xfc/0x170
[  143.177899][ T6615]  do_syscall_64+0xfa/0x3b0
[  143.177914][ T6615]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.177937][ T6615]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.177954][ T6615]  ? clear_bhb_loop+0x60/0xb0
[  143.177975][ T6615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.178012][ T6615] RIP: 0033:0x7f57fad8e929
[  143.178027][ T6615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.178041][ T6615] RSP: 002b:00007f57f8bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  143.178060][ T6615] RAX: ffffffffffffffda RBX: 00007f57fafb5fa0 RCX: 00007f57fad8e929
[  143.178073][ T6615] RDX: 0000000000000000 RSI: 0000000040046109 RDI: 0000000000000003
[  143.178083][ T6615] RBP: 00007f57f8bf6090 R08: 0000000000000000 R09: 0000000000000000
[  143.178094][ T6615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.178104][ T6615] R13: 0000000000000000 R14: 00007f57fafb5fa0 R15: 00007ffdd1ee4de8
[  143.178131][ T6615]  </TASK>
[  143.704068][ T6617] loop1: detected capacity change from 0 to 32768
[  143.712288][ T6617] btrfs: Deprecated parameter 'usebackuproot'
[  143.719004][ T6617] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  143.733494][ T6617] btrfs: Deprecated parameter 'usebackuproot'
[  143.739688][ T6617] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  143.762686][ T6617] BTRFS info: device /dev/loop1 (7:1) using temp-fsid d00aadcf-fe8b-4281-9aec-cfde3e18abce
[  143.784329][ T6617] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.153 (6617)
[  144.069029][ T6621] loop3: detected capacity change from 0 to 32768
[  144.076587][ T6621] XFS: ikeep mount option is deprecated.
[  144.819039][ T6621] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  144.861301][ T5850] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  144.889965][ T6617] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  144.965805][ T6617] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  144.974384][ T6617] BTRFS info (device loop1): using free-space-tree
[  145.104247][ T6621] XFS (loop3): Ending clean mount
[  145.141022][ T6621] XFS (loop3): Quotacheck needed: Please wait.
[  145.286932][ T6621] XFS (loop3): Quotacheck: Done.
[  145.324534][ T6617] BTRFS info (device loop1): rebuilding free space tree
[  145.397676][   T30] audit: type=1800 audit(1751369209.784:20): pid=6621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.154" name="file1" dev="loop3" ino=9286 res=0 errno=0
[  145.482600][ T5834] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  145.585568][ T6617] btrfs: Deprecated parameter 'usebackuproot'
[  145.591805][ T6617] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  145.605637][ T6617] btrfs: Deprecated parameter 'usebackuproot'
[  145.621991][ T6617] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  145.731512][ T6617] BTRFS info (device loop1 state M): force clearing of disk cache
[  145.751190][ T6617] BTRFS info (device loop1 state M): trying to use backup root at mount time
[  145.775666][ T5948] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  145.939155][ T6639] loop0: detected capacity change from 0 to 32768
[  145.976541][ T5948] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  146.014932][ T6639] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.157 (6639)
[  146.029674][ T5948] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  146.056279][ T5843] BTRFS info (device loop1): last unmount of filesystem d00aadcf-fe8b-4281-9aec-cfde3e18abce
[  146.094319][ T5948] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  146.130082][ T5948] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  146.170074][ T5948] usb 3-1: SerialNumber: syz
[  146.253557][ T6662] netlink: 'syz.4.159': attribute type 1 has an invalid length.
[  146.294206][ T6639] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  146.315002][ T6639] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm
[  148.211879][ T6639] BTRFS info (device loop0): rebuilding free space tree
[  148.977197][ T6639] BTRFS info (device loop0): disabling free space tree
[  149.152761][ T6639] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  149.208191][ T6639] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  149.230040][ T5948] usb 3-1: 0:2 : does not exist
[  149.254790][ T5948] usb 3-1: USB disconnect, device number 2
[  150.241908][ T5997] udevd[5997]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  150.301204][ T5832] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  150.498261][ T6708] loop2: detected capacity change from 0 to 4096
[  150.677048][ T6718] netlink: 'syz.1.169': attribute type 1 has an invalid length.
[  150.747412][ T6719] loop3: detected capacity change from 0 to 256
[  150.867053][ T6718] 8021q: adding VLAN 0 to HW filter on device bond1
[  150.895002][ T6719] FAT-fs (loop3): Directory bread(block 64) failed
[  150.930874][ T6719] FAT-fs (loop3): Directory bread(block 65) failed
[  150.958067][ T6719] FAT-fs (loop3): Directory bread(block 66) failed
[  151.041755][ T6719] FAT-fs (loop3): Directory bread(block 67) failed
[  151.093772][ T6719] FAT-fs (loop3): Directory bread(block 68) failed
[  151.136905][ T6719] FAT-fs (loop3): Directory bread(block 69) failed
[  151.160809][ T6719] FAT-fs (loop3): Directory bread(block 70) failed
[  151.170851][ T6719] FAT-fs (loop3): Directory bread(block 71) failed
[  151.185786][ T6719] FAT-fs (loop3): Directory bread(block 72) failed
[  151.209461][ T6719] FAT-fs (loop3): Directory bread(block 73) failed
[  151.229724][ T6721] 8021q: adding VLAN 0 to HW filter on device bond1
[  151.369416][ T6721] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  151.395951][ T6721] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  151.531238][ T6722] gretap1: entered promiscuous mode
[  151.560149][ T6722] bond1: (slave gretap1): making interface the new active one
[  151.576989][ T6722] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  151.600160][ T6735] netlink: 8 bytes leftover after parsing attributes in process `syz.0.168'.
[  151.628457][ T6718] macvlan2: entered promiscuous mode
[  151.634183][ T6718] macvlan2: entered allmulticast mode
[  151.661688][ T6718] bond1: entered promiscuous mode
[  151.671438][ T6718] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  151.688732][ T6718] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  151.729662][ T6718] bond1: left promiscuous mode
[  151.798636][ T6734] tipc: Started in network mode
[  151.816393][ T6734] tipc: Node identity 5a4bec22d85b, cluster identity 4711
[  151.824113][ T6734] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.954379][ T6736] syzkaller0: entered promiscuous mode
[  151.961863][ T6736] syzkaller0: entered allmulticast mode
[  151.968634][ T6736] tipc: Resetting bearer <eth:syzkaller0>
[  151.978189][ T6717] tipc: Resetting bearer <eth:syzkaller0>
[  152.003510][ T6743] syz.0.173 uses obsolete (PF_INET,SOCK_PACKET)
[  152.078227][ T6748] loop0: detected capacity change from 0 to 128
[  152.432806][ T6718] syz.1.169 (6718) used greatest stack depth: 19200 bytes left
[  152.924070][  T978] tipc: Node number set to 2182147106
[  152.983646][ T6754] loop1: detected capacity change from 0 to 2048
[  153.036567][ T6754] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  153.247879][ T6762] netlink: 128 bytes leftover after parsing attributes in process `syz.4.178'.
[  155.058372][ T6776] loop1: detected capacity change from 0 to 1024
[  155.067198][ T6776] hfsplus: unable to find HFS+ superblock
[  155.189057][ T6717] tipc: Disabling bearer <eth:syzkaller0>
[  155.216354][ T6762] netlink: 40 bytes leftover after parsing attributes in process `syz.4.178'.
[  156.242804][ T6784] Cannot find del_set index 4 as target
[  157.065797][  T978] usb 3-1: new low-speed USB device number 3 using dummy_hcd
[  157.863964][  T978] usb 3-1: No LPM exit latency info found, disabling LPM.
[  158.058331][  T978] usb 3-1: config 1 interface 0 altsetting 24 endpoint 0x81 has invalid maxpacket 512, setting to 8
[  158.119983][  T978] usb 3-1: config 1 interface 0 altsetting 24 endpoint 0x82 is Bulk; changing to Interrupt
[  158.159098][  T978] usb 3-1: config 1 interface 0 altsetting 24 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  158.241653][  T978] usb 3-1: config 1 interface 0 has no altsetting 0
[  158.275034][  T978] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  158.286089][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.294093][  T978] usb 3-1: Product: 癈턋㔧⩃ь秜춚쀉泑趪唔¬拈籰䗽膊綆ጋ宾혫팿誱鍳緘ꪟ࿨輗︂䚸壵꿲⇲躘ꀠ⾾﮳␻槚衮詪ী糨㮕⌭ढ़쉖㜎鮩˹媡꩗疮阁瞑飸銷Ꭱ鯱䴂蟿晳䦚匲탂譍꼾ⷂ㾌᷺샮눹늺碊촓㊌飤∐
[  158.351367][  T978] usb 3-1: Manufacturer: ⮩镹쉨쑆獸㉜賈お㈲豷뿍튰㔪磄䓪㍦浣㇡㪕㨭웓怾㠧꽞곧໌挥왻읦科躟ⱹ䖨᳴⁨⬽㢦쿖å岥䵒뀦㝆▯配瘙䰜뜏霾⪂΍籬Ǣ狭⽖崭法励꯿윊행펀
[  158.393015][  T978] usb 3-1: SerialNumber: 멭
[  158.543961][ T6816] loop0: detected capacity change from 0 to 1024
[  158.559516][ T6816] hfsplus: unable to find HFS+ superblock
[  158.785759][ T6792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  158.948027][ T6792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  158.986666][ T6792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  159.717870][  T978] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  159.815536][  T978] usb 3-1: USB disconnect, device number 3
[  160.061680][ T6810] loop1: detected capacity change from 0 to 32768
[  160.115247][ T6810] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.193 (6810)
[  160.162167][ T6810] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  160.195917][ T6810] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm
[  160.365565][ T6810] BTRFS info (device loop1): rebuilding free space tree
[  160.395977][ T6810] BTRFS info (device loop1): disabling free space tree
[  160.403606][ T6810] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  160.415487][ T6810] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  161.094970][ T6853] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  161.226033][ T6853] netlink: 'syz.3.198': attribute type 1 has an invalid length.
[  161.866234][ T6853] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  161.916725][ T6843] tty tty4: ldisc open failed (-12), clearing slot 3
[  161.932285][ T5915] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  162.124188][ T5915] usb 2-1: device descriptor read/all, error -71
[  162.166823][ T5843] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  163.932280][ T6875] loop2: detected capacity change from 0 to 1024
[  163.939970][ T6875] hfsplus: unable to find HFS+ superblock
[  164.135022][ T6869] loop0: detected capacity change from 0 to 4096
[  164.301608][ T6877] input: syz1 as /devices/virtual/input/input5
[  164.402452][ T6881] loop2: detected capacity change from 0 to 512
[  164.820435][ T6881] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  165.224724][ T6881] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.550913][ T6895] loop1: detected capacity change from 0 to 512
[  166.182606][ T6895] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  166.240273][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  166.274684][ T6895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.287560][ T6895] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.332776][ T6892] EXT4-fs error (device loop1): ext4_get_verity_descriptor_location:335: inode #15: comm syz.1.204: verity file corrupted; can't find descriptor
[  166.336147][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 12: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  166.382082][ T6892] EXT4-fs (loop1): Remounting filesystem read-only
[  166.388912][ T6892] fs-verity (loop1, inode 15): Error -117 getting verity descriptor size
[  166.400863][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 13: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  166.436089][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 14: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  166.493235][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 15: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  166.537744][ T6901] 9pnet_fd: Insufficient options for proto=fd
[  166.564984][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.565511][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  166.692944][ T6881] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 17: comm syz.2.208: path /38/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  166.779639][ T6909] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  166.790703][ T6881] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #2: block 18: comm syz.2.208: lblock 23 mapped to illegal pblock 18 (length 1)
[  166.818454][ T6911] netlink: 20 bytes leftover after parsing attributes in process `syz.0.216'.
[  166.828548][ T6911] netlink: 20 bytes leftover after parsing attributes in process `syz.0.216'.
[  167.078409][ T5901] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  167.374631][ T5901] usb 4-1: Using ep0 maxpacket: 32
[  167.399089][ T5901] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  167.463002][ T5901] usb 4-1: config 0 has no interface number 0
[  167.941334][ T5901] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  167.955405][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.967962][ T5901] usb 4-1: Product: syz
[  167.969722][ T5850] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  167.972211][ T5901] usb 4-1: Manufacturer: syz
[  168.002377][ T5901] usb 4-1: SerialNumber: syz
[  168.021026][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.042510][ T5901] usb 4-1: config 0 descriptor??
[  168.069353][ T5901] smsc95xx v2.0.0
[  168.319667][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  169.346817][ T5901] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  169.564996][ T5901] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  170.680063][ T5901] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  170.705491][ T5901] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  170.747761][ T5901] usb 4-1: USB disconnect, device number 3
[  170.775825][ T6940] loop0: detected capacity change from 0 to 1024
[  170.850730][ T6940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.867482][ T6940] FAULT_INJECTION: forcing a failure.
[  170.867482][ T6940] name failslab, interval 1, probability 0, space 0, times 0
[  170.875377][   T30] audit: type=1800 audit(1751369235.264:21): pid=6940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.222" name="file1" dev="loop0" ino=15 res=0 errno=0
[  170.880201][ T6940] CPU: 1 UID: 0 PID: 6940 Comm: syz.0.222 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  170.880223][ T6940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.880232][ T6940] Call Trace:
[  170.880240][ T6940]  <TASK>
[  170.880247][ T6940]  dump_stack_lvl+0x189/0x250
[  170.880277][ T6940]  ? __pfx____ratelimit+0x10/0x10
[  170.880302][ T6940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.880324][ T6940]  ? __pfx__printk+0x10/0x10
[  170.880348][ T6940]  ? __pfx___might_resched+0x10/0x10
[  170.880368][ T6940]  ? fs_reclaim_acquire+0x7d/0x100
[  170.880391][ T6940]  should_fail_ex+0x414/0x560
[  170.880416][ T6940]  should_failslab+0xa8/0x100
[  170.880433][ T6940]  __kmalloc_noprof+0xcb/0x4f0
[  170.880455][ T6940]  ? copy_splice_read+0x143/0x9b0
[  170.880482][ T6940]  copy_splice_read+0x143/0x9b0
[  170.880516][ T6940]  ? __pfx_copy_splice_read+0x10/0x10
[  170.880536][ T6940]  ? look_up_lock_class+0x74/0x170
[  170.880562][ T6940]  ? register_lock_class+0x51/0x320
[  170.880585][ T6940]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  170.880614][ T6940]  ? alloc_pipe_info+0x374/0x4d0
[  170.880637][ T6940]  ? __pfx_ext4_file_splice_read+0x10/0x10
[  170.880657][ T6940]  splice_direct_to_actor+0x4d0/0xcc0
[  170.880704][ T6940]  ? __pfx_direct_splice_actor+0x10/0x10
[  170.880727][ T6940]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  170.880760][ T6940]  do_splice_direct+0x181/0x270
[  170.880786][ T6940]  ? __pfx_do_splice_direct+0x10/0x10
[  170.880810][ T6940]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  170.880833][ T6940]  ? rw_verify_area+0x258/0x650
[  170.880858][ T6940]  do_sendfile+0x4da/0x7e0
[  170.880875][ T6940]  ? __pfx_vfs_write+0x10/0x10
[  170.880902][ T6940]  ? __pfx_do_sendfile+0x10/0x10
[  170.880919][ T6940]  ? __fget_files+0x3a0/0x420
[  170.880946][ T6940]  __se_sys_sendfile64+0x13e/0x190
[  170.880966][ T6940]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  170.880981][ T6940]  ? rcu_is_watching+0x15/0xb0
[  170.881007][ T6940]  ? do_syscall_64+0xbe/0x3b0
[  170.881026][ T6940]  do_syscall_64+0xfa/0x3b0
[  170.881040][ T6940]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.881062][ T6940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.881079][ T6940]  ? clear_bhb_loop+0x60/0xb0
[  170.881099][ T6940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.881114][ T6940] RIP: 0033:0x7fb336f8e929
[  170.881130][ T6940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.881143][ T6940] RSP: 002b:00007fb337e52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  170.881161][ T6940] RAX: ffffffffffffffda RBX: 00007fb3371b5fa0 RCX: 00007fb336f8e929
[  170.881173][ T6940] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  170.881182][ T6940] RBP: 00007fb337e52090 R08: 0000000000000000 R09: 0000000000000000
[  170.881192][ T6940] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001
[  170.881203][ T6940] R13: 0000000000000000 R14: 00007fb3371b5fa0 R15: 00007fff01e08f68
[  170.881229][ T6940]  </TASK>
[  171.231022][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.495023][ T6937] loop1: detected capacity change from 0 to 32768
[  171.505971][ T6958] loop0: detected capacity change from 0 to 1024
[  171.610947][ T6954] wg1: entered promiscuous mode
[  171.616030][ T6954] wg1: entered allmulticast mode
[  171.628303][ T6954] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:0000:0000 with DS=0xd
[  171.663542][ T6960] loop3: detected capacity change from 0 to 512
[  171.722936][ T6958] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.779860][   T30] audit: type=1800 audit(1751369236.174:22): pid=6958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.224" name="file1" dev="loop0" ino=15 res=0 errno=0
[  172.021388][ T6960] EXT4-fs error (device loop3): ext4_iget_extra_inode:5034: inode #15: comm syz.3.230: corrupted in-inode xattr: e_value size too large
[  172.259981][ T6960] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.230: couldn't read orphan inode 15 (err -117)
[  172.375370][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.386976][ T6960] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.399596][ T5948] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  172.799524][ T5948] usb 2-1: config 4 has an invalid interface number: 39 but max is 1
[  172.809757][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.819811][ T5948] usb 2-1: config 4 has an invalid interface number: 49 but max is 1
[  172.827963][ T5948] usb 2-1: config 4 has no interface number 0
[  172.836822][ T5948] usb 2-1: config 4 has no interface number 1
[  172.843161][ T5948] usb 2-1: config 4 interface 39 has no altsetting 0
[  173.796601][ T5948] usb 2-1: config 4 interface 49 has no altsetting 0
[  174.127188][ T5948] usb 2-1: string descriptor 0 read error: -71
[  174.133523][ T5948] usb 2-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  174.320007][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.335332][ T5948] usb 2-1: can't set config #4, error -71
[  174.358503][ T5948] usb 2-1: USB disconnect, device number 7
[  175.386950][ T6989] loop1: detected capacity change from 0 to 32768
[  175.413733][ T6989] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.235 (6989)
[  175.431248][ T6989] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  175.441529][ T6989] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm
[  175.450560][ T6989] BTRFS info (device loop1): using free-space-tree
[  176.205203][ T6989] BTRFS info (device loop1): rebuilding free space tree
[  176.248496][ T6989] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  176.792013][ T5843] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  177.227628][ T7028] loop0: detected capacity change from 0 to 512
[  177.264610][ T7026] netlink: 'syz.2.244': attribute type 1 has an invalid length.
[  177.295641][ T7028] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.243: casefold flag without casefold feature
[  177.421088][ T7028] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.243: couldn't read orphan inode 15 (err -117)
[  177.458896][ T7028] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.649141][ T7028] bridge0: entered promiscuous mode
[  179.028466][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.460466][ T7064] loop0: detected capacity change from 0 to 4096
[  180.483534][ T7064] ntfs3(loop0): It is recommened to use chkdsk.
[  180.510859][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  180.592755][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  180.642783][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  180.755303][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  180.763194][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc1c00
[  180.801125][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc2c00
[  180.844906][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc4c00
[  181.088170][ T7071] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.255'.
[  181.097482][ T7071] netlink: zone id is out of range
[  181.102595][ T7071] netlink: zone id is out of range
[  181.107768][ T7071] netlink: zone id is out of range
[  181.112875][ T7071] netlink: get zone limit has 8 unknown bytes
[  181.163376][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffc8c00
[  181.171606][ T7064] ntfs3(loop0): try to read out of volume at offset 0x3fffffd0c00
[  181.324712][ T7051] loop1: detected capacity change from 0 to 40427
[  182.039699][ T7051] F2FS-fs (loop1): Wrong CP boundary, start(512) end(516) blocks(1024)
[  182.079758][ T7051] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  182.111171][ T7051] F2FS-fs (loop1): invalid crc value
[  182.117861][ T7051] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4)
[  182.806064][ T7090] netlink: 4 bytes leftover after parsing attributes in process `syz.0.260'.
[  182.814935][ T7090] bridge_slave_1: left allmulticast mode
[  182.820727][ T7090] bridge_slave_1: left promiscuous mode
[  182.828141][ T7090] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.148221][ T7090] bridge_slave_0: left allmulticast mode
[  183.153909][ T7090] bridge_slave_0: left promiscuous mode
[  183.162177][ T7090] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.474409][ T7122] loop0: detected capacity change from 0 to 512
[  186.561625][   T30] audit: type=1326 audit(1751369250.954:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.2.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7f878e929 code=0x7ffc0000
[  186.562417][ T7123] loop0: detected capacity change from 0 to 4096
[  186.620656][   T30] audit: type=1326 audit(1751369250.954:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.2.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7f878e929 code=0x7ffc0000
[  186.649731][ T7131] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.268'.
[  186.661096][ T7131] netlink: zone id is out of range
[  186.666242][ T7131] netlink: zone id is out of range
[  186.671330][ T7131] netlink: zone id is out of range
[  186.676457][ T7131] netlink: get zone limit has 8 unknown bytes
[  186.685001][   T30] audit: type=1326 audit(1751369250.994:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.2.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7fd7f878e929 code=0x7ffc0000
[  186.731750][   T30] audit: type=1326 audit(1751369250.994:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.2.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7f878e929 code=0x7ffc0000
[  186.774951][   T30] audit: type=1326 audit(1751369250.994:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.2.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7f878e929 code=0x7ffc0000
[  189.315613][ T7159] capability: warning: `syz.2.276' uses deprecated v2 capabilities in a way that may be insecure
[  190.857318][ T7186] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.284'.
[  190.866708][ T7186] netlink: zone id is out of range
[  190.871822][ T7186] netlink: zone id is out of range
[  190.876960][ T7186] netlink: zone id is out of range
[  190.882094][ T7186] netlink: get zone limit has 8 unknown bytes
[  191.678136][ T5908] libceph: connect (1)[c::]:6789 error -101
[  191.783418][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  192.051509][ T7195] ceph: No mds server is up or the cluster is laggy
[  192.659457][ T7210] netlink: 76 bytes leftover after parsing attributes in process `syz.4.288'.
[  194.665248][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  194.671600][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  195.120050][ T7241] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.297'.
[  195.129411][ T7241] netlink: zone id is out of range
[  195.134509][ T7241] netlink: zone id is out of range
[  195.139630][ T7241] netlink: zone id is out of range
[  195.144727][ T7241] netlink: get zone limit has 8 unknown bytes
[  195.729830][ T7256] rdma_op ffff88802dc949f0 conn xmit_rdma 0000000000000000
[  196.707452][ T7258] ceph: No mds server is up or the cluster is laggy
[  196.729867][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  196.735985][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  196.742000][ T5854] Bluetooth: hci3: command 0x0406 tx timeout
[  196.749235][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  196.756510][ T5841] Bluetooth: hci4: command 0x0405 tx timeout
[  196.798157][ T5901] libceph: connect (1)[c::]:6789 error -101
[  196.804262][ T5901] libceph: mon0 (1)[c::]:6789 connect error
[  199.216344][ T7294] delete_channel: no stack
[  199.903143][ T7296] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  199.913078][ T7296] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0
[  200.611888][ T5948] libceph: connect (1)[c::]:6789 error -101
[  200.850580][ T5948] libceph: mon0 (1)[c::]:6789 connect error
[  201.016634][ T7310] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.315'.
[  201.025929][ T7310] netlink: zone id is out of range
[  201.031036][ T7310] netlink: zone id is out of range
[  201.036263][ T7310] netlink: zone id is out of range
[  201.041380][ T7310] netlink: get zone limit has 8 unknown bytes
[  201.056625][ T7314] ceph: No mds server is up or the cluster is laggy
[  205.185588][ T7364] netlink: 96 bytes leftover after parsing attributes in process `syz.3.328'.
[  205.297537][ T7359] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117.87.150326315.2007.15776.1
[  205.306527][ T7359] PKCS7: Only support pkcs7_signedData type
[  205.728321][ T7375] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  206.796400][ T7381] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  207.297092][ T7386] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  208.417125][ T7375] loop0: detected capacity change from 0 to 8192
[  209.334721][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.340'.
[  211.137189][ T5908] libceph: connect (1)[c::]:6789 error -101
[  211.211690][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  211.514719][ T7426] ceph: No mds server is up or the cluster is laggy
[  212.994702][ T7450] loop0: detected capacity change from 0 to 4096
[  213.223574][ T7450] ntfs3(loop0): It is recommened to use chkdsk.
[  213.258974][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  213.432992][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  213.622792][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  213.744877][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  213.847781][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc1c00
[  213.929381][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc2c00
[  213.979289][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc4c00
[  214.010717][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffc8c00
[  214.023456][ T7450] ntfs3(loop0): try to read out of volume at offset 0x3fffffd0c00
[  215.311619][ T5901] libceph: connect (1)[c::]:6789 error -101
[  215.318325][ T5901] libceph: mon0 (1)[c::]:6789 connect error
[  215.378253][ T7475] ceph: No mds server is up or the cluster is laggy
[  215.680185][ T5840] IPVS: starting estimator thread 0...
[  215.795438][ T7489] IPVS: using max 25 ests per chain, 60000 per kthread
[  216.189080][ T7497] netlink: 4 bytes leftover after parsing attributes in process `syz.4.362'.
[  216.198824][ T7497] bridge_slave_1: left allmulticast mode
[  216.204551][ T7497] bridge_slave_1: left promiscuous mode
[  216.213567][ T7497] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.650045][ T7497] bridge_slave_0: left allmulticast mode
[  216.655861][ T7497] bridge_slave_0: left promiscuous mode
[  216.661651][ T7497] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.961677][ T7505] delete_channel: no stack
[  219.199442][ T7526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.372'.
[  220.706814][ T7547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.376'.
[  220.717822][ T7547] bridge_slave_1: left allmulticast mode
[  220.723585][ T7547] bridge_slave_1: left promiscuous mode
[  220.731704][ T7547] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.858455][ T7547] bridge_slave_0: left allmulticast mode
[  220.864303][ T7547] bridge_slave_0: left promiscuous mode
[  220.872123][ T7547] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.403583][ T7570] binder: BINDER_SET_CONTEXT_MGR already set
[  223.410289][ T7570] binder: 7569:7570 ioctl 4018620d 200000000040 returned -16
[  223.424917][ T7570] loop0: detected capacity change from 0 to 256
[  223.432572][ T7570] exfat: Deprecated parameter 'utf8'
[  223.462016][ T7570] exfat: Deprecated parameter 'utf8'
[  223.477242][ T7570] exfat: Deprecated parameter 'utf8'
[  223.550876][ T7570] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  223.798301][   T30] audit: type=1326 audit(1751369288.194:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7564 comm="syz.2.384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7f878e929 code=0x0
[  224.030944][ T7583] netlink: 4 bytes leftover after parsing attributes in process `syz.4.387'.
[  225.091999][ T7605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.392'.
[  225.101303][ T7605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.392'.
[  225.110807][ T7605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.392'.
[  226.505257][ T7612] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.395'.
[  226.514546][ T7612] netlink: zone id is out of range
[  226.519795][ T7612] netlink: zone id is out of range
[  226.524890][ T7612] netlink: zone id is out of range
[  226.530073][ T7612] netlink: get zone limit has 8 unknown bytes
[  228.619244][ T7634] loop0: detected capacity change from 0 to 512
[  228.629281][ T7634] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  228.656612][ T7634] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.675475][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 3: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  228.716257][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 12: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  228.739444][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 13: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  228.762146][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 14: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  228.787838][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 15: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  228.818276][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 16: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  228.854609][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 17: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  228.922724][ T7634] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #2: block 18: comm syz.0.404: lblock 23 mapped to illegal pblock 18 (length 1)
[  229.312551][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 19: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  229.404737][ T7650] netlink: 48 bytes leftover after parsing attributes in process `syz.3.406'.
[  230.107920][ T7634] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 20: comm syz.0.404: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  230.216794][ T5832] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  230.240692][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.315533][ T7663] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.411'.
[  231.324873][ T7663] netlink: zone id is out of range
[  231.330055][ T7663] netlink: zone id is out of range
[  231.335269][ T7663] netlink: zone id is out of range
[  231.340554][ T7663] netlink: get zone limit has 8 unknown bytes
[  231.734569][ T7674] x_tables: duplicate underflow at hook 1
[  232.389679][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.420'.
[  232.540476][ T7691] warning: `syz.3.421' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  232.652966][ T7694] loop0: detected capacity change from 0 to 2048
[  232.664871][ T7694] EXT4-fs: Ignoring removed mblk_io_submit option
[  232.671680][ T7694] ext4: Unknown parameter 'euid>00000000000000000000'
[  232.787571][ T7694] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.423'.
[  232.796972][ T7694] netlink: zone id is out of range
[  232.802638][ T7694] netlink: zone id is out of range
[  232.807859][ T7694] netlink: zone id is out of range
[  232.812961][ T7694] netlink: get zone limit has 8 unknown bytes
[  233.430376][ T7694] loop0: detected capacity change from 0 to 4096
[  233.437333][ T7694] ntfs3: Bad value for 'uid'
[  233.441936][ T7694] ntfs3: Bad value for 'uid'
[  234.522382][ T7716] netlink: 48 bytes leftover after parsing attributes in process `syz.2.427'.
[  237.035190][ T5915] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[  237.387383][ T5915] usb 1-1: Invalid ep0 maxpacket: 64
[  237.685504][ T5915] usb 1-1: new low-speed USB device number 3 using dummy_hcd
[  238.317481][ T7746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.430'.
[  238.328690][ T7746] bridge_slave_1: left allmulticast mode
[  238.334436][ T7746] bridge_slave_1: left promiscuous mode
[  238.341956][ T7746] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.378534][ T7746] bridge_slave_0: left allmulticast mode
[  238.384434][ T7746] bridge_slave_0: left promiscuous mode
[  238.392220][ T7746] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.994222][ T7745] FAULT_INJECTION: forcing a failure.
[  238.994222][ T7745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.403400][ T7745] CPU: 1 UID: 0 PID: 7745 Comm: syz.0.432 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  239.403418][ T7745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  239.403425][ T7745] Call Trace:
[  239.403429][ T7745]  <TASK>
[  239.403434][ T7745]  dump_stack_lvl+0x189/0x250
[  239.403453][ T7745]  ? __pfx____ratelimit+0x10/0x10
[  239.403469][ T7745]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.403482][ T7745]  ? __pfx__printk+0x10/0x10
[  239.403499][ T7745]  should_fail_ex+0x414/0x560
[  239.403514][ T7745]  _copy_to_user+0x31/0xb0
[  239.403528][ T7745]  simple_read_from_buffer+0xe1/0x170
[  239.403545][ T7745]  proc_fail_nth_read+0x1df/0x250
[  239.403557][ T7745]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  239.403570][ T7745]  ? rw_verify_area+0x258/0x650
[  239.403583][ T7745]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  239.403594][ T7745]  vfs_read+0x1fd/0x980
[  239.403609][ T7745]  ? __pfx___mutex_lock+0x10/0x10
[  239.403620][ T7745]  ? __pfx_vfs_read+0x10/0x10
[  239.403633][ T7745]  ? __fget_files+0x2a/0x420
[  239.403646][ T7745]  ? __fget_files+0x3a0/0x420
[  239.403654][ T7745]  ? __fget_files+0x2a/0x420
[  239.403668][ T7745]  ksys_read+0x145/0x250
[  239.403682][ T7745]  ? __pfx_ksys_read+0x10/0x10
[  239.403693][ T7745]  ? rcu_is_watching+0x15/0xb0
[  239.403710][ T7745]  ? do_syscall_64+0xbe/0x3b0
[  239.403722][ T7745]  do_syscall_64+0xfa/0x3b0
[  239.403732][ T7745]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.403741][ T7745]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  239.403750][ T7745]  ? clear_bhb_loop+0x60/0xb0
[  239.403762][ T7745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.403771][ T7745] RIP: 0033:0x7fb336f8d33c
[  239.403782][ T7745] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  239.403790][ T7745] RSP: 002b:00007fb337e52030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  239.403801][ T7745] RAX: ffffffffffffffda RBX: 00007fb3371b5fa0 RCX: 00007fb336f8d33c
[  239.403808][ T7745] RDX: 000000000000000f RSI: 00007fb337e520a0 RDI: 0000000000000004
[  239.403815][ T7745] RBP: 00007fb337e52090 R08: 0000000000000000 R09: 0000000000000000
[  239.403821][ T7745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.403826][ T7745] R13: 0000000000000000 R14: 00007fb3371b5fa0 R15: 00007fff01e08f68
[  239.403841][ T7745]  </TASK>
[  241.433254][ T7778] netlink: 48 bytes leftover after parsing attributes in process `syz.1.440'.
[  242.592646][ T7786] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'.
[  242.607086][ T7786] netlink: 16 bytes leftover after parsing attributes in process `syz.3.444'.
[  242.629894][ T7786] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'.
[  242.656709][ T7786] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'.
[  242.764692][ T7782] loop0: detected capacity change from 0 to 32768
[  245.057667][ T7782] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  245.145706][   T30] audit: type=1326 audit(1751369309.534:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  245.280710][ T7782] (syz.0.442,7782,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=16, inode=65, rec_len=64016, name_len=255
[  245.362420][   T30] audit: type=1326 audit(1751369309.534:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  245.437506][   T30] audit: type=1326 audit(1751369309.534:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  245.527215][   T30] audit: type=1326 audit(1751369309.534:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  245.701305][ T7809] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.449'.
[  245.710644][ T7809] netlink: zone id is out of range
[  245.715769][ T7809] netlink: zone id is out of range
[  245.720859][ T7809] netlink: zone id is out of range
[  245.726004][ T7809] netlink: get zone limit has 8 unknown bytes
[  245.807214][ T7814] netlink: 4 bytes leftover after parsing attributes in process `syz.4.450'.
[  246.469010][   T30] audit: type=1326 audit(1751369309.534:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  246.531214][ T5832] ocfs2: Unmounting device (7,0) on (node local)
[  246.569677][   T30] audit: type=1326 audit(1751369309.534:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  246.672254][   T30] audit: type=1326 audit(1751369309.534:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  246.751326][   T30] audit: type=1326 audit(1751369309.534:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  246.815382][   T30] audit: type=1326 audit(1751369309.534:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  246.867194][   T30] audit: type=1326 audit(1751369309.534:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x7ffc0000
[  246.914891][ T7817] overlayfs: failed to clone upperpath
[  246.981604][ T7823] netlink: 24 bytes leftover after parsing attributes in process `syz.4.455'.
[  246.991102][ T7823] netlink: 24 bytes leftover after parsing attributes in process `syz.4.455'.
[  247.668126][ T7832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.456'.
[  247.851770][ T7834] loop0: detected capacity change from 0 to 40427
[  247.892888][ T7834] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  247.900732][ T7834] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  247.913915][ T7834] F2FS-fs (loop0): invalid crc value
[  248.639520][ T7834] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  248.646725][ T7834] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  248.914586][ T7846] netlink: 48 bytes leftover after parsing attributes in process `syz.0.458'.
[  249.568867][ T7847] delete_channel: no stack
[  249.728548][ T7821] syz.3.454 (7821): attempted to duplicate a private mapping with mremap.  This is not supported.
[  249.762379][ T7854] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.463'.
[  249.771916][ T7854] netlink: zone id is out of range
[  249.777083][ T7854] netlink: zone id is out of range
[  249.782182][ T7854] netlink: zone id is out of range
[  249.787342][ T7854] netlink: get zone limit has 8 unknown bytes
[  250.331838][ T7870] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'.
[  253.003030][ T7904] netlink: 48 bytes leftover after parsing attributes in process `syz.3.478'.
[  253.560952][ T7893] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.476'.
[  253.570298][ T7893] netlink: zone id is out of range
[  253.575512][ T7893] netlink: zone id is out of range
[  253.580626][ T7893] netlink: zone id is out of range
[  253.586151][ T7893] netlink: get zone limit has 8 unknown bytes
[  254.571353][ T7924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.482'.
[  255.767723][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.774026][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  256.600880][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  256.600898][   T30] audit: type=1326 audit(1751369320.994:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7965 comm="syz.4.499" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b9298e929 code=0x0
[  257.406679][ T7981] fuse: Bad value for 'group_id'
[  257.411707][ T7981] fuse: Bad value for 'group_id'
[  258.031329][ T7989] random: crng reseeded on system resumption
[  258.187025][ T7993] fuse: Unknown parameter 'subj_type'
[  258.589116][ T8002] loop0: detected capacity change from 0 to 256
[  258.598759][ T8005] netlink: 12 bytes leftover after parsing attributes in process `syz.4.512'.
[  258.625151][ T8002] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x0a19abd0)
[  258.642917][ T8002] exFAT-fs (loop0): invalid boot region
[  258.655195][ T8002] exFAT-fs (loop0): failed to recognize exfat type
[  258.738694][ T8005] netlink: 28 bytes leftover after parsing attributes in process `syz.4.512'.
[  258.864550][ T8007] 8021q: adding VLAN 0 to HW filter on device bond3
[  258.879736][ T8007] bond2: (slave bond3): Enslaving as an active interface with an up link
[  258.898605][ T8005] 8021q: adding VLAN 0 to HW filter on device bond2
[  259.281164][ T8023] netlink: 'syz.2.517': attribute type 11 has an invalid length.
[  259.576787][ T8026] 9pnet_fd: Insufficient options for proto=fd
[  260.053262][ T8035] loop0: detected capacity change from 0 to 2048
[  260.454211][ T8035] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  260.978290][ T8047] 9pnet_fd: Insufficient options for proto=fd
[  261.000854][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  261.020767][ T8045] Illegal XDP return value 197836800 on prog  (id 118) dev N/A, expect packet loss!
[  261.165585][    T9] usb 1-1: too many configurations: 89, using maximum allowed: 8
[  261.202470][    T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  261.225293][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.257035][    T9] usb 1-1: Product: syz
[  261.261232][    T9] usb 1-1: Manufacturer: syz
[  261.282588][    T9] usb 1-1: SerialNumber: syz
[  261.307712][    T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  261.340999][ T5901] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  261.899634][  T978] usb 1-1: USB disconnect, device number 4
[  262.405598][ T5901] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  262.534751][ T5901] ath9k_htc: Failed to initialize the device
[  262.772830][  T978] usb 1-1: ath9k_htc: USB layer deinitialized
[  263.155612][ T8084] netlink: 12 bytes leftover after parsing attributes in process `syz.1.538'.
[  264.035279][   T30] audit: type=1326 audit(1751369328.374:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8072 comm="syz.2.536" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7f878e929 code=0x0
[  264.125151][   T10] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  265.189725][   T10] usb 1-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  265.612555][   T10] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  265.627740][ T8094] netlink: 48 bytes leftover after parsing attributes in process `syz.1.540'.
[  266.154580][   T10] usb 1-1: string descriptor 0 read error: -71
[  266.175352][   T10] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  266.223205][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.256405][   T10] usb 1-1: config 0 descriptor??
[  266.277826][   T10] usb 1-1: can't set config #0, error -71
[  266.318294][   T10] usb 1-1: USB disconnect, device number 5
[  267.395514][   T30] audit: type=1326 audit(1751369331.784:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8118 comm="syz.4.551" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b9298e929 code=0x0
[  267.519291][ T8116] Falling back ldisc for ttyS3.
[  267.766715][ T8116] loop0: detected capacity change from 0 to 32768
[  269.798963][ T8167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.559'.
[  271.860547][   T30] audit: type=1326 audit(1751369335.704:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8176 comm="syz.4.560" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b9298e929 code=0x0
[  271.994910][ T8197] 9pnet_fd: Insufficient options for proto=fd
[  274.042455][ T8236] syz.1.576: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  274.085219][  T978] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  274.096521][ T8236] CPU: 0 UID: 0 PID: 8236 Comm: syz.1.576 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  274.096546][ T8236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.096572][ T8236] Call Trace:
[  274.096580][ T8236]  <TASK>
[  274.096588][ T8236]  dump_stack_lvl+0x189/0x250
[  274.096622][ T8236]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.096656][ T8236]  ? __pfx__printk+0x10/0x10
[  274.096677][ T8236]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  274.096704][ T8236]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  274.096732][ T8236]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  274.096764][ T8236]  warn_alloc+0x214/0x310
[  274.096783][ T8236]  ? stack_depot_save_flags+0x429/0x900
[  274.096811][ T8236]  ? __pfx_warn_alloc+0x10/0x10
[  274.096831][ T8236]  ? kasan_save_track+0x4f/0x80
[  274.096856][ T8236]  ? xskq_create+0x56/0x170
[  274.096879][ T8236]  ? xsk_init_queue+0xb0/0x110
[  274.096900][ T8236]  ? xsk_setsockopt+0x43f/0x710
[  274.096921][ T8236]  ? do_sock_setsockopt+0x25a/0x3e0
[  274.096939][ T8236]  ? __x64_sys_setsockopt+0x18b/0x220
[  274.096957][ T8236]  ? do_syscall_64+0xfa/0x3b0
[  274.096973][ T8236]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.096998][ T8236]  __vmalloc_node_range_noprof+0x125/0x12f0
[  274.097048][ T8236]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  274.097077][ T8236]  ? xskq_create+0x56/0x170
[  274.097104][ T8236]  ? __kasan_kmalloc+0x93/0xb0
[  274.097133][ T8236]  vmalloc_user_noprof+0xad/0xf0
[  274.097151][ T8236]  ? xskq_create+0xbf/0x170
[  274.097178][ T8236]  xskq_create+0xbf/0x170
[  274.097205][ T8236]  xsk_init_queue+0xb0/0x110
[  274.097232][ T8236]  xsk_setsockopt+0x43f/0x710
[  274.097259][ T8236]  ? __pfx_xsk_setsockopt+0x10/0x10
[  274.097281][ T8236]  ? __lock_acquire+0xab9/0xd20
[  274.097306][ T8236]  ? aa_sock_opt_perm+0xff/0x1b0
[  274.097333][ T8236]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  274.097354][ T8236]  ? __pfx_xsk_setsockopt+0x10/0x10
[  274.097379][ T8236]  do_sock_setsockopt+0x25a/0x3e0
[  274.097402][ T8236]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  274.097426][ T8236]  ? __fget_files+0x2a/0x420
[  274.097453][ T8236]  __x64_sys_setsockopt+0x18b/0x220
[  274.097480][ T8236]  do_syscall_64+0xfa/0x3b0
[  274.097496][ T8236]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.097518][ T8236]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.097535][ T8236]  ? clear_bhb_loop+0x60/0xb0
[  274.097555][ T8236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.097571][ T8236] RIP: 0033:0x7f13aeb8e929
[  274.097587][ T8236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.097601][ T8236] RSP: 002b:00007f13afa37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  274.097620][ T8236] RAX: ffffffffffffffda RBX: 00007f13aedb5fa0 RCX: 00007f13aeb8e929
[  274.097633][ T8236] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  274.097645][ T8236] RBP: 00007f13aec10b39 R08: 0000000000000004 R09: 0000000000000000
[  274.097665][ T8236] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  274.097677][ T8236] R13: 0000000000000000 R14: 00007f13aedb5fa0 R15: 00007ffd456da3a8
[  274.097707][ T8236]  </TASK>
[  274.097722][ T8236] Mem-Info:
[  274.549673][ T8236] active_anon:12651 inactive_anon:0 isolated_anon:0
[  274.549673][ T8236]  active_file:12305 inactive_file:39923 isolated_file:0
[  274.549673][ T8236]  unevictable:768 dirty:943 writeback:0
[  274.549673][ T8236]  slab_reclaimable:11100 slab_unreclaimable:97236
[  274.549673][ T8236]  mapped:33754 shmem:8467 pagetables:1220
[  274.549673][ T8236]  sec_pagetables:0 bounce:0
[  274.549673][ T8236]  kernel_misc_reclaimable:0
[  274.549673][ T8236]  free:1294249 free_pcp:14890 free_cma:0
[  274.564589][ T8197] Invalid ELF header magic: != ELF
[  274.603014][ T8246] netlink: 4 bytes leftover after parsing attributes in process `syz.4.578'.
[  274.625636][  T978] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  274.636837][  T978] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  274.652208][ T8236] Node 0 active_anon:48604kB inactive_anon:0kB active_file:49220kB inactive_file:159492kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135116kB dirty:3772kB writeback:0kB shmem:30232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12500kB pagetables:4724kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  274.690463][  T978] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  274.699615][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  274.715133][  T978] usb 1-1: SerialNumber: syz
[  274.721810][ T8236] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  274.756632][  T978] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  274.778568][  T978] usb-storage 1-1:1.0: USB Mass Storage device detected
[  274.792084][ T8236] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  274.837745][  T978] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  274.840534][ T8236] lowmem_reserve[]: 0 2498 2500 2500 2500
[  274.852511][ T8236] Node 0 DMA32 free:1280216kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:41956kB inactive_anon:0kB active_file:49220kB inactive_file:157916kB unevictable:1536kB writepending:3772kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:58308kB local_pcp:32740kB free_cma:0kB
[  274.907406][  T978] scsi host1: usb-storage 1-1:1.0
[  274.929416][ T8236] lowmem_reserve[]: 0 0 1 1 1
[  274.934210][ T8236] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  275.054317][ T8236] lowmem_reserve[]: 0 0 0 0 0
[  275.062136][ T8236] Node 1 Normal free:3889408kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15468kB local_pcp:5728kB free_cma:0kB
[  275.115157][ T8236] lowmem_reserve[]: 0 0 0 0 0
[  275.129728][ T8236] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  275.219241][ T8236] Node 0 DMA32: 1*4kB (U) 206*8kB (UM) 510*16kB (ME) 342*32kB (UM) 185*64kB (UME) 61*128kB (UM) 34*256kB (UME) 25*512kB (UME) 12*1024kB (UM) 6*2048kB (UME) 294*4096kB (UM) = 1290708kB
[  275.238402][ T8236] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  275.251143][ T8236] Node 1 Normal: 166*4kB (UM) 47*8kB (UME) 39*16kB (UME) 152*32kB (UME) 42*64kB (UME) 4*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 945*4096kB (M) = 3889408kB
[  275.270022][ T8236] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  275.279990][ T8236] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  275.291299][ T8236] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  275.981763][ T8236] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  276.003392][ T8228] loop0: detected capacity change from 0 to 512
[  276.005328][ T8236] 54104 total pagecache pages
[  276.071408][ T8228] ext4: Unknown parameter 'fsuuid'
[  276.093615][ T8228] tmpfs: Bad value for 'mpol'
[  276.110000][ T8265] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  276.155708][ T8236] 0 pages in swap cache
[  276.193464][ T8236] Free swap  = 124996kB
[  276.198771][ T8236] Total swap = 124996kB
[  276.203086][ T8236] 2097051 pages RAM
[  276.217427][ T8236] 0 pages HighMem/MovableOnly
[  276.231586][ T8236] 425399 pages reserved
[  276.241564][ T8236] 0 pages cma reserved
[  276.538248][ T8277] netlink: 'syz.4.590': attribute type 21 has an invalid length.
[  276.588490][ T8277] 9pnet_fd: Insufficient options for proto=fd
[  276.838688][ T8286] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  277.108998][ T8293] hugetlbfs: syz.2.594 (8293): Using mlock ulimits for SHM_HUGETLB is obsolete
[  277.463983][ T8297] loop0: detected capacity change from 0 to 40427
[  277.530475][ T5915] usb 1-1: USB disconnect, device number 6
[  277.665368][ T8297] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  277.673192][ T8297] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  278.706455][ T8297] F2FS-fs (loop0): invalid crc value
[  279.990856][ T8297] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  280.000172][ T8297] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  280.537917][ T8315] FAULT_INJECTION: forcing a failure.
[  280.537917][ T8315] name failslab, interval 1, probability 0, space 0, times 0
[  280.550841][ T8315] CPU: 0 UID: 0 PID: 8315 Comm: syz.0.597 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  280.550866][ T8315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.550877][ T8315] Call Trace:
[  280.550884][ T8315]  <TASK>
[  280.550892][ T8315]  dump_stack_lvl+0x189/0x250
[  280.550921][ T8315]  ? __pfx____ratelimit+0x10/0x10
[  280.550946][ T8315]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.550970][ T8315]  ? __pfx__printk+0x10/0x10
[  280.550999][ T8315]  ? __pfx___might_resched+0x10/0x10
[  280.551020][ T8315]  ? fs_reclaim_acquire+0x7d/0x100
[  280.551044][ T8315]  should_fail_ex+0x414/0x560
[  280.551069][ T8315]  should_failslab+0xa8/0x100
[  280.551088][ T8315]  kmem_cache_alloc_noprof+0x73/0x3c0
[  280.551112][ T8315]  ? alloc_empty_file+0x55/0x1d0
[  280.551135][ T8315]  alloc_empty_file+0x55/0x1d0
[  280.551155][ T8315]  path_openat+0x107/0x3830
[  280.551176][ T8315]  ? arch_stack_walk+0xfc/0x150
[  280.551226][ T8315]  ? kasan_save_track+0x4f/0x80
[  280.551247][ T8315]  ? kasan_save_track+0x3e/0x80
[  280.551266][ T8315]  ? __kasan_slab_alloc+0x6c/0x80
[  280.551287][ T8315]  ? getname_flags+0xb8/0x540
[  280.551305][ T8315]  ? __pfx_path_openat+0x10/0x10
[  280.551324][ T8315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.551361][ T8315]  do_filp_open+0x1fa/0x410
[  280.551381][ T8315]  ? __lock_acquire+0xab9/0xd20
[  280.551402][ T8315]  ? __pfx_do_filp_open+0x10/0x10
[  280.551445][ T8315]  ? _raw_spin_unlock+0x28/0x50
[  280.551466][ T8315]  ? alloc_fd+0x64c/0x6c0
[  280.551494][ T8315]  do_sys_openat2+0x121/0x1c0
[  280.551517][ T8315]  ? __pfx_do_sys_openat2+0x10/0x10
[  280.551538][ T8315]  ? ksys_write+0x22a/0x250
[  280.551562][ T8315]  ? __pfx_ksys_write+0x10/0x10
[  280.551582][ T8315]  ? rcu_is_watching+0x15/0xb0
[  280.551608][ T8315]  __x64_sys_openat+0x138/0x170
[  280.551633][ T8315]  do_syscall_64+0xfa/0x3b0
[  280.551649][ T8315]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.551672][ T8315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.551689][ T8315]  ? clear_bhb_loop+0x60/0xb0
[  280.551709][ T8315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.551726][ T8315] RIP: 0033:0x7fb336f8e929
[  280.551743][ T8315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.551757][ T8315] RSP: 002b:00007fb337e10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  280.551775][ T8315] RAX: ffffffffffffffda RBX: 00007fb3371b6160 RCX: 00007fb336f8e929
[  280.551788][ T8315] RDX: 0000000000040942 RSI: 0000200000000200 RDI: ffffffffffffff9c
[  280.551800][ T8315] RBP: 00007fb337e10090 R08: 0000000000000000 R09: 0000000000000000
[  280.551812][ T8315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.551822][ T8315] R13: 0000000000000000 R14: 00007fb3371b6160 R15: 00007fff01e08f68
[  280.551850][ T8315]  </TASK>
[  280.858989][   T30] audit: type=1800 audit(1751369344.924:67): pid=8315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.597" name="file1" dev="loop0" ino=10 res=0 errno=0
[  281.476820][ T8319] netlink: 'syz.4.603': attribute type 1 has an invalid length.
[  281.484652][ T8319] netlink: 'syz.4.603': attribute type 1 has an invalid length.
[  282.899171][ T8336] netlink: 'syz.4.607': attribute type 11 has an invalid length.
[  282.920661][ T8336] netlink: 12 bytes leftover after parsing attributes in process `syz.4.607'.
[  285.110952][ T8363] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f���_ٮ,��
�<�_e�F��"
[  285.122927][ T8363] CUSE: unknown device info "3�ܟ�,��̘�"
[  285.133744][ T8363] CUSE: unknown device info "J���2SZ�� !e/��������J�+-n��a4����D�|G$��5O~�q	��
[  285.133744][ T8363] f����z��X�SA�x��j��T�ǔ��w���xR�ɐQ��(hҏj	p�VdY0��|M?2J��I�v�^
R�@��"
[  285.152820][ T8363] CUSE: unknown device info "!To�}ݝ&|L+U��o��ϲ���"��FstV�:׌E�gJ�����<@c�����4�T�M�M|�����"
[  285.164568][ T8363] CUSE: DEVNAME unspecified
[  285.586986][ T8368] RDS: rds_bind could not find a transport for 2001::1, load rds_tcp or rds_rdma?
[  286.138431][ T8381] netlink: 'syz.0.623': attribute type 39 has an invalid length.
[  287.597211][ T8389] netlink: 48 bytes leftover after parsing attributes in process `syz.2.625'.
[  287.812805][ T8391] overlayfs: failed to resolve './file0': -2
[  289.101555][ T8404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.631'.
[  291.902547][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.4.639'.
[  291.962438][ T8431] netlink: 'syz.4.639': attribute type 2 has an invalid length.
[  292.008851][ T8431] netlink: 'syz.4.639': attribute type 2 has an invalid length.
[  292.033575][ T8431] netlink: 'syz.4.639': attribute type 1 has an invalid length.
[  292.054743][ T8431] netlink: 'syz.4.639': attribute type 1 has an invalid length.
[  293.006734][ T8457] FAULT_INJECTION: forcing a failure.
[  293.006734][ T8457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  293.091750][ T8459] netlink: 48 bytes leftover after parsing attributes in process `syz.2.648'.
[  293.607037][ T8457] CPU: 0 UID: 0 PID: 8457 Comm: syz.0.649 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  293.607064][ T8457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  293.607071][ T8457] Call Trace:
[  293.607077][ T8457]  <TASK>
[  293.607083][ T8457]  dump_stack_lvl+0x189/0x250
[  293.607102][ T8457]  ? __pfx____ratelimit+0x10/0x10
[  293.607126][ T8457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.607139][ T8457]  ? __pfx__printk+0x10/0x10
[  293.607150][ T8457]  ? __might_fault+0xb0/0x130
[  293.607169][ T8457]  should_fail_ex+0x414/0x560
[  293.607184][ T8457]  _copy_from_user+0x2d/0xb0
[  293.607197][ T8457]  blk_trace_setup+0xb9/0x1f0
[  293.607211][ T8457]  ? __pfx_blk_trace_setup+0x10/0x10
[  293.607227][ T8457]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  293.607242][ T8457]  blk_trace_ioctl+0x181/0x430
[  293.607254][ T8457]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  293.607265][ T8457]  ? vfs_write+0x8d8/0xa90
[  293.607294][ T8457]  blkdev_ioctl+0x416/0x6d0
[  293.607305][ T8457]  ? __pfx_blkdev_ioctl+0x10/0x10
[  293.607317][ T8457]  ? bpf_lsm_file_ioctl+0x9/0x20
[  293.607329][ T8457]  ? __pfx_blkdev_ioctl+0x10/0x10
[  293.607339][ T8457]  __se_sys_ioctl+0xfc/0x170
[  293.607353][ T8457]  do_syscall_64+0xfa/0x3b0
[  293.607362][ T8457]  ? lockdep_hardirqs_on+0x9c/0x150
[  293.607375][ T8457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.607385][ T8457]  ? clear_bhb_loop+0x60/0xb0
[  293.607396][ T8457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.607406][ T8457] RIP: 0033:0x7fb336f8e929
[  293.607416][ T8457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.607424][ T8457] RSP: 002b:00007fb337e52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.607436][ T8457] RAX: ffffffffffffffda RBX: 00007fb3371b5fa0 RCX: 00007fb336f8e929
[  293.607444][ T8457] RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
[  293.607450][ T8457] RBP: 00007fb337e52090 R08: 0000000000000000 R09: 0000000000000000
[  293.607456][ T8457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.607462][ T8457] R13: 0000000000000000 R14: 00007fb3371b5fa0 R15: 00007fff01e08f68
[  293.607477][ T8457]  </TASK>
[  293.830980][    C0] vkms_vblank_simulate: vblank timer overrun
[  293.845164][   T30] audit: type=1326 audit(1751369358.214:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8440 comm="syz.1.641" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13aeb8e929 code=0x0
[  294.818344][ T8473] loop0: detected capacity change from 0 to 32768
[  294.970618][ T8473] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  295.240981][   T44] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  295.251977][ T8486] netlink: 52 bytes leftover after parsing attributes in process `syz.0.654'.
[  295.280276][   T30] audit: type=1800 audit(1751369359.674:69): pid=8486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.654" name="file1" dev="loop0" ino=17058 res=0 errno=0
[  296.253185][ T8510] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  296.508586][ T8513] syz.4.664 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  296.552060][ T5832] (syz-executor,5832,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  296.577626][ T8513] netlink: 48 bytes leftover after parsing attributes in process `syz.4.664'.
[  296.613811][ T5832] ocfs2: Unmounting device (7,0) on (node local)
[  296.622882][ T8515] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  299.028676][ T8534] loop0: detected capacity change from 0 to 32768
[  299.042922][ T8534] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.665 (8534)
[  299.060031][ T8534] BTRFS info (device loop0): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  299.070375][ T8534] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  299.079763][ T8534] BTRFS info (device loop0): using free-space-tree
[  300.249407][ T5832] BTRFS info (device loop0): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  301.388591][ T8585] overlayfs: missing 'lowerdir'
[  301.540697][ T8587] loop0: detected capacity change from 0 to 512
[  301.596398][ T8587] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.683: bad orphan inode 15
[  301.628580][ T8587] ext4_test_bit(bit=14, block=5) = 0
[  301.728437][ T8587] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  301.800984][ T8594] overlayfs: failed to clone upperpath
[  302.825358][ T8601] EXT4-fs error (device loop0): __ext4_new_inode:1073: comm syz.0.683: reserved inode found cleared - inode=1
[  303.597680][ T8591] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7987 vs 220 free clusters
[  303.981116][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.141362][ T8609] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.688'.
[  304.150652][ T8609] netlink: zone id is out of range
[  304.155865][ T8609] netlink: zone id is out of range
[  304.160957][ T8609] netlink: zone id is out of range
[  304.166072][ T8609] netlink: get zone limit has 8 unknown bytes
[  305.888534][ T8637] autofs: Bad value for 'fd'
[  306.069614][ T8638] netlink: 24 bytes leftover after parsing attributes in process `syz.1.696'.
[  306.154162][ T8638] netlink: 24 bytes leftover after parsing attributes in process `syz.1.696'.
[  306.401666][ T8645] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.699'.
[  306.411072][ T8645] netlink: zone id is out of range
[  306.416307][ T8645] netlink: zone id is out of range
[  306.421444][ T8645] netlink: zone id is out of range
[  306.426981][ T8645] netlink: get zone limit has 8 unknown bytes
[  307.312078][ T8663] loop0: detected capacity change from 0 to 1024
[  307.321996][ T8666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.703'.
[  307.578029][ T8633] netlink: 36 bytes leftover after parsing attributes in process `syz.2.693'.
[  307.587092][ T8663] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  307.613385][ T8667] netlink: 'syz.3.706': attribute type 1 has an invalid length.
[  307.621561][ T8667] netlink: 4 bytes leftover after parsing attributes in process `syz.3.706'.
[  308.687327][ T8686] netlink: 32 bytes leftover after parsing attributes in process `syz.2.713'.
[  309.000382][ T8695] FAULT_INJECTION: forcing a failure.
[  309.000382][ T8695] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.041412][ T8695] CPU: 1 UID: 0 PID: 8695 Comm: syz.0.716 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  309.041437][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  309.041447][ T8695] Call Trace:
[  309.041454][ T8695]  <TASK>
[  309.041461][ T8695]  dump_stack_lvl+0x189/0x250
[  309.041489][ T8695]  ? __pfx____ratelimit+0x10/0x10
[  309.041515][ T8695]  ? __pfx_dump_stack_lvl+0x10/0x10
[  309.041536][ T8695]  ? __pfx__printk+0x10/0x10
[  309.041574][ T8695]  should_fail_ex+0x414/0x560
[  309.041600][ T8695]  _copy_to_user+0x31/0xb0
[  309.041623][ T8695]  simple_read_from_buffer+0xe1/0x170
[  309.041653][ T8695]  proc_fail_nth_read+0x1df/0x250
[  309.041675][ T8695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.041697][ T8695]  ? rw_verify_area+0x258/0x650
[  309.041718][ T8695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.041737][ T8695]  vfs_read+0x1fd/0x980
[  309.041765][ T8695]  ? __pfx___mutex_lock+0x10/0x10
[  309.041783][ T8695]  ? __pfx_vfs_read+0x10/0x10
[  309.041806][ T8695]  ? __fget_files+0x2a/0x420
[  309.041827][ T8695]  ? __fget_files+0x3a0/0x420
[  309.041842][ T8695]  ? __fget_files+0x2a/0x420
[  309.041867][ T8695]  ksys_read+0x145/0x250
[  309.041892][ T8695]  ? __pfx_ksys_read+0x10/0x10
[  309.041911][ T8695]  ? rcu_is_watching+0x15/0xb0
[  309.041936][ T8695]  ? do_syscall_64+0xbe/0x3b0
[  309.041954][ T8695]  do_syscall_64+0xfa/0x3b0
[  309.041969][ T8695]  ? lockdep_hardirqs_on+0x9c/0x150
[  309.041991][ T8695]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.042008][ T8695]  ? clear_bhb_loop+0x60/0xb0
[  309.042027][ T8695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.042042][ T8695] RIP: 0033:0x7fb336f8d33c
[  309.042055][ T8695] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  309.042068][ T8695] RSP: 002b:00007fb337e31030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  309.042086][ T8695] RAX: ffffffffffffffda RBX: 00007fb3371b6080 RCX: 00007fb336f8d33c
[  309.042097][ T8695] RDX: 000000000000000f RSI: 00007fb337e310a0 RDI: 0000000000000003
[  309.042106][ T8695] RBP: 00007fb337e31090 R08: 0000000000000000 R09: 0000000000000000
[  309.042116][ T8695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  309.042127][ T8695] R13: 0000000000000000 R14: 00007fb3371b6080 R15: 00007fff01e08f68
[  309.042155][ T8695]  </TASK>
[  311.253653][ T8704] loop0: detected capacity change from 0 to 1024
[  312.775475][ T8716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.720'.
[  312.785157][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  314.305291][   T10] usb 1-1: Using ep0 maxpacket: 16
[  316.500414][   T10] usb 1-1: device descriptor read/all, error -71
[  317.061817][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  317.215884][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  317.222578][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  317.315439][   T10] usb 1-1: device descriptor read/64, error -71
[  317.485533][   T10] usb usb1-port1: attempt power cycle
[  318.495275][   T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  319.515898][   T10] usb 1-1: device descriptor read/8, error -71
[  321.476877][   T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  322.581431][   T10] usb 1-1: device not accepting address 10, error -71
[  322.618842][   T10] usb usb1-port1: unable to enumerate USB device
[  328.697194][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.734'.
[  328.703249][ T8752] netlink: 'syz.0.733': attribute type 13 has an invalid length.
[  368.385874][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  368.406677][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  368.417107][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  369.405152][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  370.389278][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  372.528105][ T5155] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  373.500645][ T5155] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  373.518906][ T5155] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  373.531880][ T5155] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  373.540330][ T5155] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  374.546661][ T5155] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  375.525274][ T5848] Bluetooth: hci2: command tx timeout
[  375.555225][ T5155] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  375.564231][ T5155] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  375.572377][ T5155] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  376.557762][ T5155] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  376.565283][ T5155] Bluetooth: hci5: command tx timeout
[  378.573253][ T5846] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  378.580586][ T5848] Bluetooth: hci2: command tx timeout
[  378.590539][ T5846] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  378.605560][ T5846] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  379.605628][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  379.676966][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  379.685076][   T51] Bluetooth: hci5: command tx timeout
[  379.695997][ T5846] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  380.657893][   T51] Bluetooth: hci2: command tx timeout
[  380.657894][ T5846] Bluetooth: hci6: command tx timeout
[  381.689066][ T5846] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  382.665382][ T5846] Bluetooth: hci5: command tx timeout
[  383.655756][ T5846] Bluetooth: hci6: command tx timeout
[  383.661220][ T5155] Bluetooth: hci2: command tx timeout
[  384.705211][ T5155] Bluetooth: hci7: command tx timeout
[  384.726956][ T5846] Bluetooth: hci5: command tx timeout
[  385.690983][ T5846] Bluetooth: hci6: command tx timeout
[  387.678594][ T5846] Bluetooth: hci7: command tx timeout
[  388.725348][ T5155] Bluetooth: hci6: command tx timeout
[  388.767829][ T5155] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  388.778012][ T5155] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  389.770528][ T5155] Bluetooth: hci7: command tx timeout
[  389.776066][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  389.795661][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  389.804482][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  392.776615][   T51] Bluetooth: hci0: command tx timeout
[  392.783350][   T51] Bluetooth: hci7: command tx timeout
[  394.810746][   T51] Bluetooth: hci0: command tx timeout
[  397.785856][   T51] Bluetooth: hci0: command tx timeout
[  400.455905][   T51] Bluetooth: hci0: command tx timeout
[  418.827689][ T1144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  421.880495][ T5155] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  421.892063][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  422.858120][ T5155] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  422.867471][ T5155] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  422.877749][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  425.895692][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  426.862313][   T51] Bluetooth: hci1: command tx timeout
[  426.873693][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  426.883334][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  426.914722][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  428.657177][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  429.665137][   T51] Bluetooth: hci1: command tx timeout
[  431.675168][   T51] Bluetooth: hci2: command tx timeout
[  431.695373][   T51] Bluetooth: hci1: command tx timeout
[  432.705695][ T5155] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  433.663109][ T5155] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  433.690105][ T5846] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  433.697734][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  434.665246][ T5849] Bluetooth: hci2: command tx timeout
[  434.675210][ T5852] Bluetooth: hci1: command tx timeout
[  434.715333][ T5848] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  434.734174][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  434.741389][ T5846] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  435.662554][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  435.675648][ T5846] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  435.685067][   T51] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  435.695787][ T5846] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  436.662518][ T5846] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  436.677313][ T5846] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  436.701255][ T5846] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  437.655961][ T5852] Bluetooth: hci2: command tx timeout
[  437.698498][ T5846] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  438.675189][ T5852] Bluetooth: hci4: command tx timeout
[  439.675822][ T5846] Bluetooth: hci8: command tx timeout
[  439.685244][ T5846] Bluetooth: hci2: command tx timeout
[  440.676073][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  440.682414][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  440.725459][ T5846] Bluetooth: hci9: command tx timeout
[  441.705151][ T5848] Bluetooth: hci4: command tx timeout
[  441.705636][ T5852] Bluetooth: hci8: command tx timeout
[  443.772011][ T5852] Bluetooth: hci9: command tx timeout
[  443.772664][ T5846] Bluetooth: hci4: command tx timeout
[  443.777492][ T5852] Bluetooth: hci8: command tx timeout
[  443.802139][ T1144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.845248][ T5852] Bluetooth: hci4: command tx timeout
[  445.845286][   T51] Bluetooth: hci8: command tx timeout
[  445.905333][ T5846] Bluetooth: hci9: command tx timeout
[  448.255284][ T5846] Bluetooth: hci9: command tx timeout
[  449.969184][ T1144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.086289][ T1144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.085519][   T31] INFO: task syz.1.721:8707 blocked for more than 146 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  460.147117][   T31]       Not tainted 6.16.0-rc4-next-20250630-syzkaller #0
[  460.154264][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  461.896426][   T31] task:syz.1.721       state:D stack:26864 pid:8707  tgid:8707  ppid:5843   task_flags:0x400040 flags:0x00004004
[  462.845019][   T31] Call Trace:
[  462.848345][   T31]  <TASK>
[  462.851293][   T31]  __schedule+0x16f5/0x4d00
[  462.876630][   T31]  ? schedule+0x165/0x360
[  462.881016][   T31]  ? __pfx___schedule+0x10/0x10
[  463.847607][   T31]  ? schedule+0x91/0x360
[  463.851939][   T31]  schedule+0x165/0x360
[  463.856196][   T31]  schedule_preempt_disabled+0x13/0x30
[  463.861675][   T31]  __mutex_lock+0x724/0xe80
[  463.866233][   T31]  ? kasan_save_stack+0x4d/0x60
[  463.871107][   T31]  ? __mutex_lock+0x51b/0xe80
[  465.838515][   T31]  ? ima_file_free+0x16c/0x460
[  467.885040][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  467.890106][   T31]  ? locks_remove_file+0x344/0xea0
[  467.926621][   T31]  ima_file_free+0x16c/0x460
[  467.931281][   T31]  ? __pfx_ima_file_free+0x10/0x10